Bray District Court, yesterday, fined a firm of private investigators, and its two directors, €10,500 for unlawfully obtaining personal data.  The court found that the directors had used ‘subterfuge’ to unlawfully obtain the addresses of credit union clients in arrears. The directors posed as a VEC and hospital worker to obtain the information, via telephone calls, from employees at the Department of Social Protection (seven cases), and the Health Services Authority (HSE) (sixteen cases).Continue Reading Private Investigators fined €10,500 for unlawfully obtaining personal data

The Office of the Data Protection Commissioner (ODPC) recently released the results of the second Global Privacy Sweep. Twenty-six privacy enforcement authorities, including Ireland, participated in the Sweep, which examined 1,211 apps. The theme of the Sweep, Mobile Privacy, was chosen due to many privacy enforcement authorities having identified mobile apps as a key area of focus in light of the privacy implications for customers.Continue Reading Mobile Apps – Results of Global Privacy Sweep raise privacy concerns

The Office of the Data Protection Commissioner (ODPC) recently released the results of the second Global Privacy Sweep. Twenty-six privacy enforcement authorities, including Ireland, participated in the Sweep, which examined 1,211 apps. The theme of the Sweep, Mobile Privacy, was chosen due to many privacy enforcement authorities having identified mobile apps as a key area of focus in light of the privacy implications for customers.

The results of the Sweep provide an insight into the extent to which organisations are informing consumers about their privacy policies. The Sweep shows:-

·         Three-quarters of apps requested at least one permission, the most

Continue Reading Mobile Apps – Results of Global Privacy Sweep raise privacy concerns

The Article 29 Working Party (WP29), an independent European advisory on data protection and privacy, has published a statement in which it welcomes the ruling of the CJEU, of 8 April 2014, which invalidates the Data Retention Directive (2006/24/EC).  The CJEU found that the Directive entails a wide-ranging and particularly serious interference with the fundamental rights to privacy and to the protection of personal data, and fails to sufficiently circumscribe such interference to ensure that it is limited to what is strictly necessary for the purpose of fighting serious crime, thereby leaving it too open for Member States

Continue Reading Working Party publishes statement on CJEU ruling which invalidates Data Retention Directive

Following the referral of the High Court to the Court of Justice of the European Union (CJEU) in Schrems v Data Protection Commissioner (No.2) [2014] IEHC 351, as reported in two previous blogs, the plaintiff in that case, Max Schrems, has successfully signed up over 25,000 applicants to pursue a quasi "class action" suit against Facebook Ireland Limited in a civil case before the Commercial Court for Vienna.

The number of applicants was capped at 25,000 for practical reasons with the cap being reached within a week of its launch and as of Friday 8th August the number of applicants stood at over 45,000.Continue Reading Class action suit launched against Facebook Ireland in Austria

The ALS Association has filed two trademark applications with the US Patent and Trademark Office for "ice bucket challenge" and "ALS ice bucket challenge" for the purposes of charitable fundraising.   In recent weeks there has been a social media storm of people carrying out the challenge by pouring a bucket of iced water over their heads and making a donation to the ALS Association.

The ALS Association are claiming ownership of the phrases, despite not creating the idea. Permission from the original creators was given to the ALS Association prior to the registrations being made. Other charitable organisations

Continue Reading Ice Bucket “Challenge”

A photo taken in 2011 of a monkey grinning for the camera recently published by Wikipedia has sparked an interesting copyright debate. Although British photographer, David Slater, didn’t technically take the picture (the monkey did!) he does maintain that the picture is his property and that Wikipedia had no right to publish it. The publication of the picture by Wikipedia has apparently cost the photographer thousands of dollars in lost earnings.

Wikipedia, the free encyclopaedia that anyone can edit, only publish photos that are in the public domain as it is "a record of human knowledge, viewpoints and summaries that already exist and are expressed elsewhere". The photographer, spent time in Indonesia, followed the monkeys and set up the shot carefully so that the monkey could press the button and capture the picture. A spokesperson for Wikipedia has commented that nobody in fact owns the copyright as it can’t belong to the monkey and it has no human author in whom copyright is vested. Continue Reading Everyone is going bananas

The CJEU in Joined Cases C-141/12 and C-372/12 has clarified the scope of a data subject’s right of access to a copy of their personal data. The CJEU’s ruling may serve to lighten the burden of access requests on organisations. It confirms that the Data Protection Directive 1995 (the Directive) does not establish a right of access to any specific document or file in which personal data are listed or used, nor does it specify the material form in which personal data must be made accessible. Member States enjoy a margin of discretion to determine the form in which to make personal data accessible, so long as it is intelligible. Accordingly, the CJEU found that the Dutch authorities, in this case, had met their legal obligations under data protection law by extracting from the relevant documents the personal data relating to the data subject.Continue Reading CJEU clarifies scope of right of access to personal data

The CJEU in Joined Cases C-141/12 and C-372/12 has clarified the scope of a data subject’s right of access to a copy of their personal data.  The CJEU’s ruling may serve to lighten the burden of access requests on organisations. It confirms that the Data Protection Directive 1995 (the Directive) does not establish a right of access to any specific document or file in which personal data are listed or used, nor does it specify the material form in which personal data must be made accessible.  Member States enjoy a margin of discretion to determine the form in which to make personal data accessible, so long as it is intelligible. Accordingly, the CJEU found that the Dutch authorities, in this case, had met their legal obligations under data protection law by extracting from the relevant documents the personal data relating to the data subject.Continue Reading CJEU clarifies scope of right of access to personal data

The High Court in Schrems v Data Protection Commissioner (No.2) [2014] IEHC 351 has granted an order joining Digital Rights Ireland (DRI) as amicus curiae to the proceedings referred to the Court of Justice of the European Union (CJEU).

As reported in my earlier blog, the High Court has asked the CJEU whether the Data Protection Commissioner (DPC) is absolutely bound by the European Commission’s decision, that the Safe Harbour regime provides adequate protection for personal data, having regard to the subsequent entry into force of Articles 7 and 8 of the

Continue Reading High Court allows DRI to join as amicus curiae to Facebook Privacy case