Data

Subscribe to Data

On 27 November, the final text of the EU’s Data Act (the Act) was formally approved by the European Parliament and the European Council. 

It will enter into force 20 days after its publication in the EU’s official journal, which is expected in the coming days. However, the majority of its provisions will only apply 20 months after it enters into force.

Scope of the Act

The Act, which takes the form of a directly applicable EU regulation, has three central focuses:

  1. remove obstacles to the process of switching between providers of “data processing services”  and the
Continue Reading Final text of the EU’s Data Act approved

The Office of the Data Protection Commissioner (the ODPC) has released a guidance note on connected toys (the Guidance Note). The Guidance Note highlights the possible data protection issues that might occur when children and parents use toys with microphones and cameras that have an ability to connect to the internet.

The ODPC warns of certain potential issues with the personification of connected toys, in particular dolls. Some of these toys provide an interactive experience by reacting to selected words. This may give the impression of an emotional response to what the child says or does. In some instances, these toys are enabled to collect and record these “conversations” between the child and the connected toy on apps, smartphones or tablets. The ODPC cautions that some of these connected toys’ terms and conditions allow these potentially sensitive recordings to be shared with other companies and used for the basis of targeted advertising.Continue Reading Child’s Play: The Office of the Data Protection Commissioner releases Guidance Note on Connected Toys

The Office of the Data Protection Commissioner (ODPC) has contacted Dublin City Council in relation to its data protection concerns surrounding the City Council’s new anti-litter poster initiative. As part of the initiative the City Council had erected a billboard in the north inner city featuring CCTV images of 12 people who appear to be engaging in illegal dumping around the Amiens Street-Five Lamps area. Although the faces were slightly blurred due to the quality of the CCTV footage, the City Council stated that the people would be able to identify themselves from the images, as most likely
Continue Reading ODPC contacts Dublin City Council regarding anti-litter posters

Digital Rights Ireland (DRI) intend to serve legal proceedings on the Government in the coming days, claiming that the Office of the Data Protection Commissioner (ODPC) has acted in breach of EU law by failing to ensure that the Data Protection Commissioner (DPC) exercises her role independently. The High Court is to be asked to make a referral to the EU’s highest court for a ruling on whether the DPC is truly independent under EU law.
Continue Reading Independence of ODPC called into question

The Data Protection Commissioner (DPC) has published updated guidance on the use of CCTV, and new guidance on the use of Body Worn Cameras and Drones. While guidance issued by the DPC is not legally binding, it is regarded as best practice, and organisations should take steps to comply with same.Continue Reading DPC issues guidance on CCTV, Body Worn Cameras and Drones

In Barbulescu v Romania, a case concerning employees’ right to privacy, the European Court of Human Rights (ECHR) held that an employer could monitor and access personal messages sent by an employee during work hours from his Yahoo Messenger account. The decision, however, is not a precedent for unrestricted monitoring by employers of personal messages sent by employees during office hours.Continue Reading ECHR rules employer can monitor personal messages sent by employee

On 7 December 2015, the EU Council reached an informal agreement with the EU Parliament on the draft Network and Information Security (NIS) Directive.The draft Directive sets out cybersecurity obligations for operators of essential services in the healthcare, banking, energy and transport sectors, and also digital service providers (including e-commerce platforms, search engines, social networks, internet payment gateways, and cloud services). These operators will be required to take measures to manage cyber risks and report major security incidents.Continue Reading Agreement reached on first EU-wide cybersecurity legislation

Model Contracts are standard contractual clauses for the transfer of personal data outside the EU/EEA which have been approved by the European Commission.  They have been approved on the basis that they provide sufficient safeguards for privacy, fundamental rights and the exercise of those rights.  To date two sets of standard contractual clauses for the transfer of personal data outside the EU/EEA from data controllers to data controllers and one set for transfers from data controllers to data processors have been approved by the Commission.Continue Reading Transfer Tools Post Schrems: EU Data Protection Authorities’ Common Position on Model Contacts

The Office of the Data Protection Commissioner is to get a €1.2m increase in funding for 2016. Minister for European Affairs and Data Protection, Dara Murphy announced the measure, under Budget 2016, and said that the increased resources are bring provided to "ensure that Ireland continues to have an excellent regulatory and enforcement regime for data protection, and that we are fully equipped to adapt to the ever-increasing pace of change in the digital economy".Continue Reading Government announces €1.2m increase in funding for the Office of the Data Protection Commissioner