European Union negotiations with the US government for an international data protection framework agreement in the law enforcement area have been finalised. The "Umbrella Agreement" provides that personal data transferred between EU and US law enforcement authorities, such as names, addresses, and criminal records, can only be shared for the purpose of prevention, detection, investigation and prosecution of criminal offences, including terrorism. It must not be used for further incompatible purposes. In cases where a US authority intends to transfer the data further, to a third country or international organisation, it will first have to obtain the consent of the law enforcement authority in the EU which originally transferred the data to the US.Continue Reading EU-US Umbrella Agreement finalised

The High Court, in In the Matter for Mount Carmel Medical Group (South Dublin) Ltd (In Liquidation) [2015] IEHC 450 considered the issue of who is a data controller under data protection law in respect of data held by a company in liquidation. 

The Court refused to grant the declarations sought by the liquidators of Mount Carmel Hospital, that the statutory role of data controller was transferred to St. James Hospital (SJH) along with transfer of the patient’s records to SJH, and that the liquidators could have access to the patient data insofar as necessary for the purposes of the liquidation. 

Keane J. held that there was "a clear danger of overlapping and unworkable jurisdictions" if he granted the declarations sought, as it would deprive data subjects of any meaningful right in the future to complain to the Data Protection Commissioner (the DPC) about any data processing activities carried out by Mount Carmel Hospital. 

The decision shows that in the event of a dispute arising as to who is the data controller of records under a contract,  the courts will give limited weight to any contractual provisions designing a particular party as data controller, and will instead focus on who, in fact, exercises control over the personal data concerned.  Continue Reading Court refuses to grant declaration as to identity of the data controller

The European Data Protection Supervisor (EDPS) has launched a free app which allows you to compare the latest proposed texts of the draft EU Data Protection Regulation from the European Commission, the European Parliament and the Council. Continue Reading Mobile App compares latest texts of Data Protection Regulation

The Data Protection Commissioner’s (DPC) Annual Report provides an insight into the approach of her Office to resolving data protection problems.Continue Reading DPC’s Annual Report 2014 – What insight does it provide into regulation by the Irish DPC?

The Data Protection Commissioner (DPC), Helen Dixon, has published her Annual Report for 2014. As usual, the Report reveals some interesting trends, statistics and case studies.Here’s a few we think are worth noting…Continue Reading Annual Report of the Data Protection Commissioner for 2014

On 15 June 2015, the European Council of Ministers reached agreement on its version of the draft Data Protection Regulation .  Trilogue negotiations between the Council, the European Parliament and the EU Commission will start next week on 24 June, witht he aim of reaching a final agreement by the end of 2015.Continue Reading Council of Ministers reaches agreement on proposed Data Protection Regulation