A Garda has alleged that his data protection rights were breached when a representative of his Credit Union showed his father his confidential financial statements, which indicated difficulties with his loans.

The man is seeking an order that the Data Protection Commissioner (DPC) conduct an oral hearing into his complaint. Mr Justice Séamus Noonan has granted the man judicial review of the DPC’s refusal of an oral hearing. Continue Reading Man sues DPC for failing to conduct an oral hearing

The Court of Justice of the European Union (CJEU) is due to hear questions concerning the validity of the Safe Harbour regime today, Tuesday 24 March 2015, in Maximillian Schrems v Data Protection Commissioner (Case C-362/14).

As the Safe Harbour regime allows U.S. companies to self-certify that they meet EU data protection rules on the processing of personal data, the case will have important practical implications for companies transferring data to the U.S.Continue Reading European Court considers safety of Safe Harbour

This morning, EU Ministers from the 28 EU countries debated and reached agreement on the proposed "one-stop shop" mechanism at a meeting of the Council of Ministers in Brussels. 

The draft Regulation originally proposed that, a business operating across the EU, would only have to deal with the data protection regulatory authority of the member country where it has its headquarters.Continue Reading EU Ministers agree on “one-stop shop” mechanism

On 25 February 2015, the Department for Culture, Media and Sport announced that it is changing the laws with regard to nuisance calls. 

The Information Commissioner’s Office (ICO) currently has the power to impose heavy fines of up to £500,000 on companies that make marketing calls or messages if the ICO can prove that these unwanted calls or messages caused, or had the potential to cause, ‘substantial damage or distress’. However, from 6 April 2015, this requirement will be removed, allowing the ICO to intervene in more cases and penalise those companies that are breaching the Privacy and Electronic Communications Regulations but fall below the current legal threshold. Continue Reading UK Government announces changes in law in a bid to crack down on nuisance callers

The political machinations continue at EU level and predictions for publication of a final form Data Protection Regulation increasingly refer to 2016 as the likely date. But to read behind the headlines continues to be a useful exercise for corporates who need to give real consideration now to what their regulatory landscape might look like in the not too distant future.

A key issue will be determining the place of “main establishment” which in turn will determine the appropriate lead authority.

If that isn’t clear, or there is disagreement, it is being proposed that an EU Data Protection Board (EDPB) would have power to make a binding determination.Continue Reading Data Protection Reform – One Stop Shop Complexity

On 3 February 2015, the Securities and Exchange Commission (the "SEC") and the Financial Industry Regulatory Authority ("FINRA") both issued cybersecurity reports to the US securities industry. The SEC is the US Federal Government’s securities regulatory agency, while FINRA is a private company that acts as a self-regulatory organisation for US securities firms. The publications highlight the increased US regulatory focus in this area.

SEC: Risk Alert – Cybersecurity Examination Sweep Summary

The Risk Alert summarises the SEC’s findings following its examination of 57 broker-dealers’ and 49 investment advisers’ controls regarding cybersecurity preparedness. Notable statistics from the firms examined include:

       88% of broker-dealers and 74% of investment advisers have experienced cyberattacks either directly or through one of their vendors. The majority of the cyberattacks involved the use of malware and fraudulent emails but no single loss exceeded $75,000;

       93% of broker-dealers and 83% of investment advisers have written information security policies in place, of those, 89% of broker-dealers and 57% of investment advisers periodically audit policy compliance;

       58% of broker-dealers and 21% of investment advisers maintain cybersecurity insurance, however, only one broker-dealer and one investment adviser reported that they had filed claims; and

       Only 15% of broker-dealers and 9% of investment advisers offer security guarantees to protect their clients against cyber related loss.Continue Reading Two US regulatory bodies simultaneously publish cybersecurity reports

Last month, the Court of Appeal of England and Wales handed down its judgment in the highly publicised legal battle between pop star Rihanna, and fashion giant Topshop and its parent company Arcadia Group Brand Ltd (Topshop).  The Court of Appeal upheld the High Court’s July 2013 decision that Topshop’s sale of t-shirts showing a photograph of Rihanna – without her consent – constituted passing off.Continue Reading Rihanna v Topshop – UK Court of Appeal upholds decision in landmark passing off judgment

This decision confirms that it is sufficient that the allegedly infringing content is accessible online from a certain Member State, for the courts situated in that territory to have jurisdiction.

In Pez Hejduk v EnergieAgentur, NRW GmbH, Case C-441/13 (22 January 2015) the CJEU considered the question as to where a copyright owner can bring proceedings for infringement when a third party makes work available online for viewing and downloading without consent.Continue Reading Online copyright infringement – where can you sue?

The Data Protection Commissioner, Helen Dixon, spoke at the Society for Computers and Law’s ‘The Evolution and Reform of Data Protection’ event this morning. The Commissioner gave an overview of the activities of the Office of the Data Protection Commissioner (ODPC) in 2014 and set out the aims of the ODPC for the year ahead.Continue Reading Data Protection Commissioner reviews 2014 and sets out plans for 2015

The Department of Education and Skills is currently creating an individualised database of primary school students; the Primary Online Database (POD). The POD will gather personal data and sensitive personal data about pupils, such as information about ethnic and cultural background, religion, medical conditions, students with special needs and students’ Personal Public Service Numbers (PPSN). The POD will be shared with other state bodies, including the Central Statistics Office, the Department of Social Protection, the Department of Public Expenditure and Reform and the Revenue Commissioners. Continue Reading A permanent record (or at least until you turn 30)