The Office of the Data Protection Commissioner (ODPC) recently released the results of the second Global Privacy Sweep. Twenty-six privacy enforcement authorities, including Ireland, participated in the Sweep, which examined 1,211 apps. The theme of the Sweep, Mobile Privacy, was chosen due to many privacy enforcement authorities having identified mobile apps as a key area of focus in light of the privacy implications for customers.Continue Reading Mobile Apps – Results of Global Privacy Sweep raise privacy concerns

The Office of the Data Protection Commissioner (ODPC) recently released the results of the second Global Privacy Sweep. Twenty-six privacy enforcement authorities, including Ireland, participated in the Sweep, which examined 1,211 apps. The theme of the Sweep, Mobile Privacy, was chosen due to many privacy enforcement authorities having identified mobile apps as a key area of focus in light of the privacy implications for customers.

The results of the Sweep provide an insight into the extent to which organisations are informing consumers about their privacy policies. The Sweep shows:-

·         Three-quarters of apps requested at least one permission, the most

Continue Reading Mobile Apps – Results of Global Privacy Sweep raise privacy concerns

The CJEU in Joined Cases C-141/12 and C-372/12 has clarified the scope of a data subject’s right of access to a copy of their personal data.  The CJEU’s ruling may serve to lighten the burden of access requests on organisations. It confirms that the Data Protection Directive 1995 (the Directive) does not establish a right of access to any specific document or file in which personal data are listed or used, nor does it specify the material form in which personal data must be made accessible.  Member States enjoy a margin of discretion to determine the form in which to make personal data accessible, so long as it is intelligible. Accordingly, the CJEU found that the Dutch authorities, in this case, had met their legal obligations under data protection law by extracting from the relevant documents the personal data relating to the data subject.Continue Reading CJEU clarifies scope of right of access to personal data

The High Court, in Schrems v Data Protection Commissioner, 18 June 2014, has referred questions arising to the Court of Justice of the European Union (the CJEU). Judge Hogan has adjourned the High Court proceedings pending the reference to the CJEU. 

The Judge is asking the CJEU to examine two questions:

(1) Whether, as a matter of EU law, the Data Protection Commissioner (the DPC) is absolutely bound by the finding of the European Commission as manifested in Decision 2000/250/EC (i.e. that the Safe Harbour regime provides adequate protection for personal data), having regard to the subsequent entry into force of Articles 7 and 8 of the Charter of Fundamental Rights of the European Union (which provide, respectively, for the right to respect for private and family life, and to protection of personal data) notwithstanding the provisions of Article 25(6) of the Data Protection Directive?


(2) Or alternatively, whether the DPC may conduct his own investigation of the matter in light of the factual developments since that Commission Decision was first published (i.e. the Snowden revelations that data and communications were being intercepted by the NSA on a global scale).


The case is due to be mentioned in the High Court in two weeks before the matter is sent to the CJEU.
Continue Reading Irish High Court refers Facebook Privacy case to European Court

Election candidates in the upcoming May local and European Parliament Elections have all recently received correspondence from the Data Protection Commissioner reminding them of their obligations with regards to communicating with the electorate.  Candidates were made aware that should any complaints be received by the office of the Data Protection Commissioner they will be investigated, with appropriate action taken.

Candidates and political parties must adhere to the clear statutory guidelines as set out the in the European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011, particularly in relation to the use of SMS, phone and e-mail in sending electoral messages. Continue Reading Restrictions on electronic direct marketing- politically correct?

On 12 March 2014, the European Parliament voted in favour of the revised draft EU Data Protection Regulation.  To become law the proposed Regulation must be adopted by the EU Council using the "ordinary legislative procedure".  The EU Council is due to meet in June 2014.

Background

The proposed Regulation was originally presented by the European Commission on 25 January 2012.  It has been the subject of voracious debate both in Brussels and across the EU, and has been subject to much re-drafting.   
 Continue Reading European Parliament Approves Draft EU Data Protection Regulation