On 25 May the Grand Chamber of the European Court of Human Rights, (ECtHR) ruled that the UK’s surveillance regime of bulk interception of online communications violated the European Convention on Human Rights (Convention) in the case of Big Brother Watch v United Kingdom. According to the ECtHR this regime breached the rights to privacy and freedom of expression enshrined within Article 8 and 10 of the Convention, a ruling that will have significant implications for state surveillance across Europe.
Continue Reading Big Brother was watching: ECHR Grand Chamber rules that UK bulk interception surveillance regime violates human rights
EDPB adopts Guidelines on “Relevant and Reasoned” Objections
The European Data Protection Board (EDPB) recently published new Guidelines (09/2020) on the meaning of and interpretation of a “relevant and reasoned objection” under Article 60(3) of the GDPR.
The Guidelines relate to the cooperation and consistency provisions set out in Chapter VII of the GDPR, under which a lead supervisory authority (LSA) has a duty to cooperate with other concerned supervisory authorities (CSAs) in order to reach a consensus on cases with a cross-border component. The so-called one-stop-shop (OSS) mechanism.
Continue Reading EDPB adopts Guidelines on “Relevant and Reasoned” Objections
EDPB issues statement on restrictions on data subject rights during the Covid-19 crisis
The European Data Protection Board (EDPB) has adopted a statement on restrictions on data subject rights in connection with the state of emergency in Member States. The EDPB emphasises that, despite the international crisis, the GDPR remains applicable and allows an efficient response to the pandemic, while still protecting fundamental rights and freedoms.
The EDPB’s statement was made in response to a Hungarian government decree dated 4 May 2020. The decree sets out certain derogations from the GDPR and, in particular, allows data controllers involved in Covid-19 related data processing to suspend the fulfilment of data subjects’ requests under Articles 15-22 GDPR (such as the right of access or erasure) until the state of emergency is revoked in Hungary. The decree does not indicate any time limit in respect of the state of emergency.
Belgian DPA issues €50,000 fine for DPO’s conflicting company roles
The Belgian Data Protection Authority (Belgian DPA) recently imposed a €50,000 fine on a large telecommunications operator (the company), for failing to comply with the GDPR in relation to the appointment of their Data Protection Officer (DPO). The Belgian DPA decided that the DPO’s tasks and duties under the GDPR conflicted with its role as Head of Audit, Risk and Compliance.
Continue Reading Belgian DPA issues €50,000 fine for DPO’s conflicting company roles