fbpx

Download free GDPR compliance checklist!

Tag Archives for " CJEU "

Court says all EU states can take data cases against Facebook

On January the 13th, the Advocate General of the Court of Justice of the European Union (CJEU) has delivered his opinion in the case opposing Facebook and the Belgian Data Protection Authority.

According to his opinion, which reiterates the principle defended by the Belgian DPA, the one-stop shop mechanism established by the GDPR does not prevent supervisory authorities from bringing proceedings to court before a national judge as long as it is in situations specifically provided for in the GDPR.

If upheld, the advocate general’s opinion, issued on Wednesday, would mean any of the 27 member states’ data authorities could take action against the social media giant headquartered in Dublin, potentially unleashing a flood of complaints against big tech companies.

Source: Court says all EU states can take data cases against Facebook

Irish murderer appeals conviction on grounds of EU data law breach

When Graham Dwyer was convicted of murder in 2015 it was a triumph for Ireland’s police and judicial system. Phone data helped clinch murder conviction for Graham Dwyer in 2015.

Five years later, however, the conviction risks unravelling over the use of phone data – a twist that could see Dwyer walk free, and also have an impact on data privacy rules across Europe. Dwyer has now appealed on the grounds the retention and accessing of his mobile phone data breached EU law.

Court of Justice of European Union (CJEU) has ruled in recent cases involving Belgium, France and the UK that governments and service providers do not have broad rights to retain data on citizens, and legal experts expect the Dwyer decision to follow that pattern.

Source: Irish murderer appeals conviction on grounds of EU data law breach | Ireland | The Guardian

Senate Commerce Committee Holds Hearing on the Invalidation of the EU-U.S. Privacy Shield and the Future of Transatlantic Data Flows

On December 9, 2020, the Senate Committee on Commerce, Science and Transportation held a hearing on the Invalidation of the EU-U.S. Privacy Shield and the Future of Transatlantic Data Flows.

The hearing explored the policy issues that led to the Court of Justice of the European Union’s (CJEU) invalidation of the Privacy Shield framework in the Schrems II ruling. The hearing also discussed effects of the CJEU’s decision on U.S. businesses and what steps the U.S. government may take to develop a successor data transfer framework, including comprehensive federal privacy legislation.

Source: Senate Commerce Committee Holds Hearing on the Invalidation of the EU-U.S. Privacy Shield and the Future of Transatlantic Data Flows | Privacy & Information Security Law Blog

Facebook, Belgian Data-Protection Watchdog Face Off at EU High Court

The European Union faced some tough questions as it defended Facebook at the EU high court Monday, in a case over which country’s data-protection agency can go after the social media giant.

The Court of Justice of the European Union heard arguments Monday on whether Belgium can go after social media giant Facebook for data privacy violations. The Belgian Data Protection Authority wants Facebook to stop tracking Belgians via cookies, but both the EU and Facebook argued the agency doesn’t have the right to do so.

Source: Facebook, Belgian Data-Protection Watchdog Face Off at EU High Court

CJEU ruling puts in danger EU-UK adequacy talks

This week, the CJEU issued a ruling that could spring a leak and potentially sink adequacy negotiations between the U.K. and EU.

CJEU ruled to restrict surveillance activities on phone and internet data by EU member states but specifically to regimes in Belgium, France and the U.K. The decision means governments have limited grounds for mass data retention unless they face a “serious threat to national security.” Additionally, access to phone and internet data, as well as the duration of that access, should be determined based on necessity.

The U.K. is chief among those affected by the court’s ruling as the clock winds down on its Brexit transition period, which is set to expire with or without an adequacy decision from the EU December 31. Doubts about an adequacy agreement already loomed, but the latest CJEU ruling further clouds a potential deal.

Source: CJEU throws wrinkle into EU-UK adequacy talks

Europe’s top court confirms no mass surveillance without limits

Europe’s top court has delivered another slap-down to indiscriminate government mass surveillance regimes.

In a ruling the CJEU has made it clear that national security concerns do not exclude EU Member States from the need to comply with general principles of EU law such as proportionality and respect for fundamental rights to privacy, data protection and freedom of expression.

However the court has also allowed for derogations, saying that a pressing national security threat can justify limited and temporary bulk data collection and retention — capped to ‘what is strictly necessary’.

Source: Europe’s top court confirms no mass surveillance without limits | TechCrunch

Belgian DPA asks EU court for permission to take regulatory action against Facebook

The Belgian Data Protection Authority (DPA) is appearing at the Court of Justice of the European Union (CJEU) in Luxemburg in a bid to gain regulatory action against Facebook.

The Belgian privacy watchdog is seeking agreement from the court that the local DPA has the regulatory authority under GDPR to rule on violations against Facebook users in Belgium.

Source: Belgian DPA asks EU court for permission to take regulatory action against Facebook

EDPB Creates Taskforces on Complaints and Supplementary Measures for Data Transfers Following Schrems II Decision

On September 4, 2020, the European Data Protection Board (EDPB) announced that it established two taskforces following the judgment of the Court of Justice of the European Union (CJEU) in the Schrems II case.

The first taskforce will process and uniformly respond to complaints received by data protection authorities following the Schrems II judgment. The second taskforce will prepare recommendations to assist data controllers and processors with their duty to identify and implement appropriate supplementary measures to ensure the adequate protection of EU personal data when transferring data to third countries.

Source: EDPB Creates Taskforces on Complaints and Supplementary Measures for Data Transfers Following Schrems II Decision

Facebook sues EU antitrust regulator for excessive data requests

Facebook is suing EU antitrust regulators for seeking information beyond what is necessary, including highly personal details, for their investigations into the company’s data and marketplace.

In addition to the two lawsuits against the Commission, Facebook is also seeking interim measures at the Luxembourg-based General Court, Europe’s second-highest, to halt such data requests until judges rule, according to a court filing.

Source: Facebook sues EU antitrust regulator for excessive data requests – Reuters

What Privacy Shield organizations should do in the wake of ‘Schrems II’

The Court of Justice of the European Union issued its decision in “Schrems II” Thursday, a landmark decision that invalidates the EU-U.S. Privacy Shield arrangement.

Fortunately, the CJEU did not invalidate the European Commission’s standard contractual clauses for transfers to data processors. However, the rationale behind the court’s ruling on Privacy Shield (which focused on concerns about U.S. law and practice on government surveillance) would suggest that companies will need to evaluate their use of SCCs.

So, what now?

Full article: What Privacy Shield organizations should do in the wake of ‘Schrems II’

1 2 3 10
>