Cyber Risk & Data Privacy

Subscribe to Cyber Risk & Data Privacy via RSS

The European Commission has released the legal texts that will constitute the EU-US Privacy Shield which will replace the Safe Harbour framework, which was declared invalid by the Court of Justice (CJEU) last October.  Unlike its predecessor, the Privacy Shield includes not only commitments in the commercial sector, but also access to personal data by public authorities for national security purposes.

The documents released include the draft “adequacy decision”, the Privacy Shield Principles which will apply to all US companies providing services on the EU market, as well as written commitments by the US Government on the enforcement of the Privacy Shield, including safeguards and limitations concerning access to data by US national intelligence agencies. 

The Privacy Shield aims to provide European citizens with more transparency about transfers of their personal data to the US and stronger obligations on US companies to protect their data. It requires stronger monitoring and enforcement by the US Department of Commerce (DoC) and the Federal Trade Commission (FTC), including through increased cooperation with European Data Protection Authorities (DPAs).  It also provides several redress possibilities for individuals in case of complaints either directly with companies, or with the help of their local DPA.Continue Reading The European Commission releases EU-US Privacy Shield

The Information Commissioner’s Office (ICO) in the UK has published guidance for organisations providing WiFi services to their staff and customers.  The guidance considers how WiFi operators can use location and other analytics information in a manner that complies with data protection laws. As the core data protection principles in the UK and Irish Data Protections Acts are the same, the guidance is also of interest to Irish businesses.

The guidance highlights that it is possible for WiFi operators to collect data from devices covertly, and therefore it is vital that individuals are warned that their data may be collected.  This can be done by installing clear signage at the entrance to and throughout WiFi zones, on websites and in WiFi sign-up or registration pages, notifying device users of the potential processing of their data.Continue Reading WiFi operators urged to install WiFi signage

On 24 February 2016, the European Commissioner, Věra Jourová, announced the signing of the Judicial Redress Act by President Obama. The Act aims to: (i) address the concerns expressed by the Court of Justice of the European Union (CJEU) when it overturned the Safe Harbor Agreement last October 2015 regarding the lack of judicial redress by EU citizens in the US and (ii) facilitate data exchange between the US and EU.

The Act purports to give EU citizens the same rights to judicial redress under the US Privacy Act of 1974 that US citizens have, by allowing them to bring civil actions in U.S. courts against US law enforcement agencies which misuse their personal data.

Whilst the Act gives the US Department of Justice authority to determine which US agencies are within its scope, potentially limiting the reach of the Act, it nonetheless represents a welcome step forward by the US government. Continue Reading Commissioner Věra Jourová announces signing of Judicial Redress Act by President Obama

The Data Protection Commissioner (DPC) has published new guidance on ‘Data sharing in the public sector’ following the decision of the CJEU in Bara (C-201/14) (see our previous blog on the Bara judgment).

The Bara judgment serves as a reminder that any decision by public bodies to share personal data bodies should not be taken lightly, and only the minimum amount of personal data should be shared. It shows the importance of public bodies informing individuals as to how their personal data is used, for what purpose, and who has access to it.Continue Reading DPC publishes guidance on data sharing in the public sector

Following the CJEU decision in the Schrems Case on 6 October 2015 invalidating the Safe Harbour regime, the Article 29 Working Party (the group comprised of representatives of European national data protection authorities (Article 29WP)) gave the EU and US a three month timeline in which to agree a political solution to replace Safe Harbour. Following intense negotiations, political agreement on the core elements of a new EU/US Privacy Shield was announced yesterdayContinue Reading Safe Harbour will be replaced by an EU/US Privacy Shield – will it withstand Article 29 Working Party scrutiny?

Europe is today celebrating Data Protection Day, with this year’s celebrations coinciding with the recent political agreement for the finalised text of the new General Data Protection Regulation (GDPR) (for further information – see our earlier blog post). One of the many events organised across Europe in conjunction with Data Protection Day was the National Data Protection Conference, which took place over the course of yesterday and today. Continue Reading Data Protection Day – National Data Protection Conference

Digital Rights Ireland (DRI) intend to serve legal proceedings on the Government in the coming days, claiming that the Office of the Data Protection Commissioner (ODPC) has acted in breach of EU law by failing to ensure that the Data Protection Commissioner (DPC) exercises her role independently. The High Court is to be asked to make a referral to the EU’s highest court for a ruling on whether the DPC is truly independent under EU law.
Continue Reading Independence of ODPC called into question

The Department of Justice yesterday published the Criminal Justice (Offences Relating to Information Systems) Bill 2016. The Bill, which is long overdue, will replace some of the existing patchwork of cybercrime legislation.

The primary purpose of the Bill is to transpose the European Directive 2013/40 or the Cybercrime Directive as it is more commonly known. The Cybercrime Directive is aimed at harmonising Member States’ criminal law in the area of cybercrime by creating minimum rules for the definition of cybercrime offences and the relevant sanctions and to improve cooperation between competent authorities.Continue Reading The Cybercrime Bill is here