Data

Subscribe to Data via RSS

There has been much debate during 2014 about the effectiveness of the US Safe Harbour regime. Many EU commentators have queried its effectiveness, pointing in particular to the lack of enforcement over the years by the Federal Trade Commission (FTC), the body which effectively is charged with dealing with complaints that companies are not in compliance with their public representations of adherence to the Safe Harbour principles.
Continue Reading SnapChat Signs Up to 20 Years of Data Protection Audits

On November 23rd, Symantec, the American antivirus company, announced the discovery of a piece of software called Regin, which it had found lurking on computers and stealing data in Ireland, Russia, Saudi Arabia and several other countries. Its sophistication and stealth led Symantec to conclude that it must have been created by a nation-state.

The Regin software appears to have been lurking on some computer systems from as long ago as 2008 and Symantec said it was unusually low-key, meaning it could be used on a target for several years before being noticed. Symantec have described the purpose of Regin

Continue Reading Regin – State Sponsored Hacking

Audit provisions are a common feature of a wide range of IP and technology agreements. They can be seen by those seeking the audit right as a practical way to monitor key aspects of a commercial deal. Security standards being applied to data, accuracy of billing, compliance with licence restrictions or, in some cases, general compliance with the agreed contract are often the subject of audit rights.

The general compliance audit right seems useful on the face of it. But a recent English High Court decision illustrates that a broad audit clause can raise more questions than it answers.

The
Continue Reading Audit Clauses in IT Contracts: The Broader the Better?

According to a survey recently published by Microsoft, a large proportion of Irish people think that online privacy is important and that people should not need to give up privacy and freedom for safety from crime and terrorism.

The survey published by Microsoft, and carried out by Amárach Consulting, focused on Irish peoples’ attitudes toward online and digital data privacy and security. Microsoft commissioned the survey as part of its on-going legal challenge to a US warrant which compels Microsoft to produce data held in a Microsoft data centre in Dublin. Continue Reading How important is online privacy?

Great day today attending the Health Informatics Society of Ireland 2014 Annual Conference.  In our Data Protection for Healthcare workshop together with Sarah Reade, Lead ICT Project Manager, Saint John of God Hospitaller Ministries and Jim Gregg, Irish Computer Society, we had a lively discussion on the data protection challenges faced by medical practitioners in the context of research and access requests. Continue Reading Health Informatics Society of Ireland 2014 Annual Conference

Apple Pay: an Introduction

One of the most exciting elements of the Apple iPhone 6 launch in September was the announcement by Apple of the Apple Pay feature. Apple Pay is a near field communication (NFC) based mobile payment system that comes pre-installed on the iPhone 6. NFC technology involves a short-range, low power wireless link evolved from radio-frequency identification technology that can transfer small amounts of data between two devices held a few centimetres from each other. It is the same technology that is behind the ‘tap and pay’ debit cards that have been rolled out by Irish banks in the last number of years.

While Apple Pay was launched with the iPhone 6 in the US, it has not yet been rolled out in Europe with rumours predicting an Apple Pay European launch in 2015.

It is clear that Apple Pay has the potential to be a ground breaking technology that may change the way that consumers use their phones and, indeed, how consumers pay for goods and services.Continue Reading Apple Pay – Challenges and Solutions

The Office of the Data Protection Commissioner (ODPC) recently released the results of the second Global Privacy Sweep. Twenty-six privacy enforcement authorities, including Ireland, participated in the Sweep, which examined 1,211 apps. The theme of the Sweep, Mobile Privacy, was chosen due to many privacy enforcement authorities having identified mobile apps as a key area of focus in light of the privacy implications for customers.Continue Reading Mobile Apps – Results of Global Privacy Sweep raise privacy concerns

The Office of the Data Protection Commissioner (ODPC) recently released the results of the second Global Privacy Sweep. Twenty-six privacy enforcement authorities, including Ireland, participated in the Sweep, which examined 1,211 apps. The theme of the Sweep, Mobile Privacy, was chosen due to many privacy enforcement authorities having identified mobile apps as a key area of focus in light of the privacy implications for customers.

The results of the Sweep provide an insight into the extent to which organisations are informing consumers about their privacy policies. The Sweep shows:-

·         Three-quarters of apps requested at least one permission, the most

Continue Reading Mobile Apps – Results of Global Privacy Sweep raise privacy concerns

Following the referral of the High Court to the Court of Justice of the European Union (CJEU) in Schrems v Data Protection Commissioner (No.2) [2014] IEHC 351, as reported in two previous blogs, the plaintiff in that case, Max Schrems, has successfully signed up over 25,000 applicants to pursue a quasi "class action" suit against Facebook Ireland Limited in a civil case before the Commercial Court for Vienna.

The number of applicants was capped at 25,000 for practical reasons with the cap being reached within a week of its launch and as of Friday 8th August the number of applicants stood at over 45,000.Continue Reading Class action suit launched against Facebook Ireland in Austria

The High Court, in Schrems v Data Protection Commissioner, 18 June 2014, has referred questions arising to the Court of Justice of the European Union (the CJEU). Judge Hogan has adjourned the High Court proceedings pending the reference to the CJEU. 

The Judge is asking the CJEU to examine two questions:

(1) Whether, as a matter of EU law, the Data Protection Commissioner (the DPC) is absolutely bound by the finding of the European Commission as manifested in Decision 2000/250/EC (i.e. that the Safe Harbour regime provides adequate protection for personal data), having regard to the subsequent entry into force of Articles 7 and 8 of the Charter of Fundamental Rights of the European Union (which provide, respectively, for the right to respect for private and family life, and to protection of personal data) notwithstanding the provisions of Article 25(6) of the Data Protection Directive?


(2) Or alternatively, whether the DPC may conduct his own investigation of the matter in light of the factual developments since that Commission Decision was first published (i.e. the Snowden revelations that data and communications were being intercepted by the NSA on a global scale).


The case is due to be mentioned in the High Court in two weeks before the matter is sent to the CJEU.Continue Reading Irish High Court refers Facebook Privacy case to European Court