Photo of Davinia Brennan

The CJEU has once again been asked to consider the meaning of “communication to the public” within Article 3(1) of the Copyright Directive.

In Stichting Brein v Ziggo BV, XS4ALL Internet BV (Case C‑610/15), the CJEU has been asked to identify  the scope of liability for copyright infringement committed by ‘card providers,’ namely sites such as The Pirate Bay, where files containing music and films are shared free of charge, and usually in breach of copyright.

On 8 February, 2017, the Attorney General (AG) delivered an Opinion advising the CJEU to find copyright infringement where a website (such as The Pirate Bay) indexes content available on peer-to-peer (P2P) networks, even where there is no actual content on the website.  However the AG found copyright infringement will only occur where the website operator has actual knowledge of the illegality and takes no action. Accordingly, if copyright holders notify a site’s operators of the illegal nature of information appearing on the site, and they fail to take action to make access to that work impossible, then the site operator may be held liable.

Continue Reading AG advocates finding of copyright infringement by The Pirate Bay

Photo of Davinia Brennan

The European Commission has published its draft e-Privacy Regulation which, if adopted, will replace the existing e-Privacy Directive.  The Regulation broadens the scope of the Directive, enhances the confidentiality of communications, and simplifies the rules on cookies and unsolicited electronic marketing.


The Regulation expands the scope of the e-Privacy Directive, which only applies to traditional telecoms providers.  It is proposed that the Regulation will apply to any business that provides any form of online communication service, so all internet based voice and messaging services, will be subject to the new rules.  The Regulation calls these providers “over-the-top communications service providers”. So Skype, WhatsApp, Facebook Messenger, Gmail, Viber and so forth, will all come within the Regulation’s remit. This will ensure that these services guarantee the same level of confidentiality of communications as traditional telecoms operators.


Continue Reading The e-Privacy Regulation – What’s new?

Photo of Daniel Harrington

EU consumers of online content services such as Netflix, Spotify or Sky Sports will soon be able to access their subscriptions while on holiday in or when otherwise visiting another Member State, due to the lifting of existing restrictions by a proposed new EU Regulation.

Continue Reading No Frontiers! – EU Consumers to enjoy cross-border access to online content services

Photo of Aoibheann Duffy

January 28th was European Data Protection Day and we marked the event by attending the 9th Annual Data Protection Conference which was held in the Aviva Conference Centre.

The two-day conference featured interactive workshops on the first day on ‘Privacy by Design’ and ‘Conducting a Data Protection Audit’. The second day included a line-up of notable speakers who spoke on topics related to the theme of the conference; “GDPR – It’s here, what’s next”. Dara Murphy, Minister of State for European Affairs, EU Digital Single Market and Data Protection spoke about his department’s work in preparing for GDPR and the importance of having a strong, well-resourced Office of the Data Protection Commissioner (ODPC). The Minister also announced plans for a data summit in June this year.

A&L Goodbody’s Claire Morrissey presented on “Legal Aspects of the GDPR” and took part in a lively Q&A session. Claire highlighted some of the key changes that the GDPR will bring including the need to demonstrate compliance, the new right of data portability, the new security reporting obligations and the ability for individuals to recover financial and non-financial loss (such as damages for distress or embarrassment in the event of inadvertent disclosure of personal data). She also offered some practical tips for ways in which businesses can prepare for the GDPR (some of which are available here).

Continue Reading 9th Annual Data Protection Conference

Photo of nghrada

The Office of the Data Protection Commissioner (the ODPC) has released a guidance note on connected toys (the Guidance Note). The Guidance Note highlights the possible data protection issues that might occur when children and parents use toys with microphones and cameras that have an ability to connect to the internet.

The ODPC warns of certain potential issues with the personification of connected toys, in particular dolls. Some of these toys provide an interactive experience by reacting to selected words. This may give the impression of an emotional response to what the child says or does. In some instances, these toys are enabled to collect and record these “conversations” between the child and the connected toy on apps, smartphones or tablets. The ODPC cautions that some of these connected toys’ terms and conditions allow these potentially sensitive recordings to be shared with other companies and used for the basis of targeted advertising.

Continue Reading Child’s Play: The Office of the Data Protection Commissioner releases Guidance Note on Connected Toys

Photo of Davinia Brennan

The Article 29 Working Party (WP29) has released its Action Plan for 2017, setting out its priorities and objectives in the context of implementation of the EU GDPR for the year ahead. It has committed to finalize its work on topics undertaken in 2016 including guidelines on:

  • Certification;
  • Processing likely to result in a high risk & Data Protection Impact Assessments (DPIAs);
  • Administrative fines;
  • Setting up the European Data Protection Board (EDPB) structure;
  • Preparation of the one stop shop, and
  • The EDPB consistency mechanism.

The WP29 also intends to start work in 2017 on guidelines on:

  • Consent;
  • Profiling, and
  • Transparency.

At the same time, the WP29 intends to work on the update of already existing opinions and referentials on data transfers to third countries and data breach notifications.

Last December 2016, the WP29 also issued on data portability, lead authority, and Data Protection Officers.  See our blog for more information.

Photo of Alison Quinn

In an earlier blog, we outlined that the UK confirmed its intention to ratify the International Agreement on a Unified Patent Court. In December 2016, the UK government proceeded to sign the Protocol on Privileges and Immunities of the Unified Patent Court.  The Protocol provides EU privileges and immunities to the judges of the Unified Patent Court necessary for the exercise of its functions.  The Protocol is required in the individual countries hosting divisions of the court, one of which is in London.  This positive step would suggest that the UK is moving closer towards ratification.

Photo of Davinia Brennan

The Article 29 Working Party has issued a press release and three sets of guidelines and FAQs on implementation of some key issues under the GDPR:


It welcomes any comments from stakeholders on the guidelines until end January 2017. Guidelines on Data Privacy Impact Assessments and Certification are promised for 2017.

The guidance provides some interesting insights and should help organisations to comply with their new obligations under the GDPR.  The guidelines on the Lead Supervisory Authority highlight that there will be more than one lead supervisory authority, where a company carries out several cross-border activities and the decisions on the means and purposes of processing are taken in different establishments. This means that companies will have to consider organising decision-making powers in respect of personal data processing activities in a single location, in order to avail of the “one-stop shop” mechanism. Continue Reading GDPR guidance on Data Portability, DPOs & Lead Supervisory Authority

Photo of Davinia Brennan

The ODPC has published guidance, The GDPR and You – Preparing for 2018, to help organisations prepare for the GDPR. It contains a checklist to provide companies with a practical starting point to ensure full compliance by May 2018. It is important for organisations to start taking steps to prepare now, to ensure that adequate policies and procedures are in place to deal with the new rules when they come into force.  Organisations will face hefty fines for non-compliance, and the risk of individuals bringing private claims for breach of their data privacy rights.

The Article 29 Working Party (consisting of representatives of national data protection authorities) is also expected to shortly issue guidance at European level on Data Protection Officers, Data Portability, and Designation of Lead Supervisory Authority.

Photo of Davinia Brennan

The Department of Justice and Equality have published a policy document on amending the law relating to the interception of communications. The purpose of interception legislation is to assist in the fight against organised crime and to protect the security of the State.

Irish legislation relating to interception is out-of-date and needs to be amended to provide for lawful interception of email and other forms of communication over the internet. Interception is controlled, to a limited extent, by the Postal and Telecommunications Services Act 1983, and the Interception of Postal Packets and Telecommunications (Regulation) Act 1993. That legislation is restricted to Telecoms and Postal Service providers (i.e. voice calls, text messages and postal packets). 

The Government intends to introduce approximately 50 amendments to the current regime, with the primary aim of ensuring that communications services delivered over the internet are covered by our lawful interception legislation.  Accordingly, the definition of “information society services” will be amended to cover “internet referencing services, social media“, and “any other entity providing a publicly available means of communication over an electronic communications network.” The definition of “interception” will also be amended to reflect modern communications characteristics.  It will essentially be “an action, the effect of which is to make some or all of the content of a communication available to a person“. 

Continue Reading New legislation on interception of communications