The European Court of Human Rights, in Defli AS v Estonia, has upheld unanimously a finding of liability against an Internet news portal regarding offensive comments that were posted online by one of its readers. The Court held that making Defli AS liable for the comments was a justified and proportionate interference with its right to freedom of expression and thta there was no violation of Article 10 (freedom of expression)

The facts of the case date back to 2006, when Delfi AS, one of Estonia’s largest internet news sites published an article relating to a ferry company and its decision to change some of its routes to certain islands. This change subsequently damaged ice roads considered to be a cheaper alternative to the ferry services. This led to an outcry of abusive and potentially defamatory online comments about the owner of the ferry company underneath the article.Continue Reading Website found liable for online commentary

A singer/songwriter is suing RTÉ and comedian Andy Quirke for alleged trade mark infringement over their use of the name, ‘Damo’ in a TV show.

According to the Irish Patents Office, Dubliner Damien O’Regan registered the name ‘Damo’ in relation to entertainment services, music and lyrics he provides. Mr O’Regan told the High Court that the use of the name Damo is a clear breach of his trade mark and said he had not given his consent for its use by Mr Quirke. Continue Reading What’s in a name? Singer sues RTÉ for use of his name

The Office of the Data Protection Commissioner (the DPC) recently volunteered to participate in the Global Privacy Enforcement Network’s (GPEN) internet privacy sweep along with other privacy enforcement authorities in Australia, Canada, Estonia, Finland, France, Germany, Hong Kong, Macao, New Zealand, Norway, UK, & USA.

The privacy sweep carried out by the DPC entailed an audit of 79 organisations in an effort to assess their privacy practices, as outlined in the privacy policies on their websites or within their mobile applications. Continue Reading Data Protection Commissioner carries out Privacy Sweep

On the 25 August 2013, the new rules setting out the circumstances in which Telcos and ISPs need to report personal data breaches, and the information they must share in those reports, came into effect. The Regulation sets out specific rules for the notification of data security breaches under the e-privacy Directive 2002/58/EC which was transposed into Irish law by Statutory Instrument No. 336/2011.  See my earlier blog for more information on the Regulation.

A secure online form is available, on the Data Protection Commissioner’s website, for Telcos and ISPs to make the data security breach notification.  Click here to

Continue Reading Notification of Data Breaches by Telcos and ISPs

The Office of the Data Protection Commissioner has this week made informal contact with The National Maternity Hospital over a potential personal data security breach. An earlier media publication had reported that the hospital has carried out the first termination under the Protection of Life During Pregnancy Bill 2013.

The Data Protection Acts 1988 and 2003 impose obligations on all data controllers to process personal data entrusted to them in a manner that respects the rights of data subjects. Where personal data has been put at risk of unauthorised disclosure, loss, destruction or alteration, data controllers must give immediate consideration to inform those that have been affected.Continue Reading Respecting the Rights of Data Subjects

Name: Conor McEneaney
Title: Assistant
Email: cmceneaney@algoodbody.com 

Conor McEneaney is an Assistant Solicitor in the IP & Technology Group at A&L Goodbody. Conor is a Solicitor in our group with a Bachelor of Laws degree in Law and European Studies from the University of Limerick. Conor has experience in a wide range of IP and technology matters and advises clients on both contentious and non-contentious matters including in the area of IT outsourcing contracts, trademarks, patents, copyright and data protection.  Conor’s recent contentious experience includes assisting with a multi-jurisdictional patent case which came before the Commercial Court and a

Continue Reading About Conor McEneaney

Name: Kate Gorey
Title: Associate
Email: kgorey@algoodbody.com

Kate Gorey is an Associate in the IP & Technology Group at A&L Goodbody. Kate has experience in both contentious and non-contentious aspects of intellectual property, information technology and data protection matters. Her contentious experience includes a recent injunction hearing before the High Court and her non-contentious experience includes advising clients on advertising campaigns and promotions, data protection issues and commercial contracts. Kate holds a Bachelor of Civil Law Degree from UCD, where she studied IP/IT law at undergraduate level as part of her degree.Continue Reading About Kate Gorey

The Supreme Court, in EMI Records (Ireland) Ltd & Ors v Data Protection Commissioner and Eircom Ltd [2013] IESC 34, 3 July 2013, has confirmed that an Enforcement Notice issued by the Data Protection Commissioner (DPC) will be invalid if reasons are not given for same.  The decision also shows when judicial review, rather than statutory appeal, of a decision of the DPC may be permissible. 

The Facts

The applicants, music record companies, had brought earlier proceedings against Eircom (the notice party), arising out of alleged unauthorised and unlawful sharing of copyright material facilitated by internet services provided by Eircom. Those proceedings were settled, but the DPC claimed that implementation of the settlement agreement might breach data protection law. The parties to the settlement applied to the court for a ruling on the consistency of the settlement with data protection law, which the DPC declined to participate in. The High Court ruled that implementation of the settlement would not be in breach of any relevant law.Continue Reading Enforcement Notice invalid due to absence of reasons

On 26 June 2013, a new Commission Regulation on what precisely telecommunications operators (telcos) and Internet Service Providers (ISPs) should do if their customers’ personal data is lost, stolen or otherwise compromised was published in the Official Journal of the EU. The purpose of the new rules is to ensure businesses, operating in more than one EU country, can take a pan-EU approach in the event of a data breach. 

Since 2011, telecos and ISPs have had a mandatory obligation under the e-Privacy Regulations 2011 (S.I. 336/2011) to notify national data protection authorities, and any individuals adversely affected, about breaches of personal data. However the 2011 Regulations do not prescribe specific timeframes for breach notification.Continue Reading New Rules on Breach Notification by Telcos and ISPs