fbpx

Free tools and resources for Data Protection Officers!

Category Archives for "Court cases"

Europe’s Courts Decide: Does U.S. Spying Violate Europe’s Privacy?

In a long-awaited decision on whether and how Europeans’ private data can be protected from the roving eyes of the NSA, the Irish Commercial High Court this morning declared that “standard contractual clauses” —the procedure that tech companies like Facebook use to try to satisfy European privacy laws—should be reviewed by the European Union’s top court, the Court of Justice (CJEU).

Source: Europe’s Courts Decide: Does U.S. Spying Violate Europe’s Privacy?

Man Found Guilty Under UK Terrorism Laws After Refusing to Reveal Passwords

A man who refused to provide passwords to his electronic devices when stopped by British police was found guilty under terrorism laws at a court in London on Monday, in a case that campaigners say threatens personal privacy.

Source: Man Found Guilty Under UK Terrorism Laws After Refusing to Reveal Passwords | World News | US News

Monitoring employees’ communications: the final word

An employee had used his employer’s Yahoo! messenger service (intended for work use) for personal communications, including with his fiancé and brother. His employer monitored those communications and sacked him for misuse of its messenger service. Did that monitoring of his private communications breach his privacy rights under Article 8 ECHR? No, said the Romanian courts, and Strasbourg’s Fourth Chamber said likewise. But on a further appeal to the Grand Chamber of the ECHR, that assessment has been reversed: the last word is that Article 8 was indeed breached here.

Source: Monitoring employees’ communications: the final word – Panopticon Panopticon

European Court Proposes Criteria for Assessing Employee Monitoring Activities

On September 5, the European Court of Human Rights issued a ruling in the case of Bărbulescu v. Romania that affirms employees’ right to privacy in the use of communications tools in the workplace. Although the ruling is strict, it aligns with the positions taken by the national courts of certain European Union Member States (e.g., Germany) and guidance issued by data protection authorities. And the criteria that the ECHR adopts for assessing the lawfulness of monitoring generally aligns with the requirements under the General Data Protection Regulation, which takes full effect on May 25, 2018. In our post, we summarize the ruling and identify key takeaways for companies that monitor workforce use of information systems and tools in the EU.

Source: European Court Proposes Criteria for Assessing Employee Monitoring Activities | HL Chronicle of Data Protection

European Court to France: DNA Database Violates Fundamental Rights

The European Court of Human Rights decided on June 22, 2017 that France’s DNA database for convicted criminals disproportionately interferes with individuals’ privacy rights because of its one-size-fits-all retention period and the failure to include a procedure to request erasure.

Source: European Court to France: DNA Database Violates Fundamental Rights | HL Chronicle of Data Protection

Bărbulescu ruling: Workplace privacy is alive and kicking

On Sept. 5, the European Court of Human Rights handed down a landmark judgement about privacy and monitoring at the workplace. The court referred to a case of a Romanian citizen named Bogdan Mihai Bărbulescu who was fired 10 years ago for using a work messaging account to communicate for private purposes and was convicted of doing so through the monitoring of his communications. In a judgment of Dec. 7, 2007, the County Court rejected Bărbulescu’s application and confirmed that his dismissal had been lawful. Bărbulescu appealed to the Bucharest Court of Appeal and repeated his previous arguments and contended in addition that the court had not struck a fair balance between the interests at stake, unjustly prioritizing the employer’s interests.

Source: Bărbulescu ruling: Workplace privacy is alive and kicking

Key New Takeaways from Uber’s Privacy and Data Security Settlement with the FTC

On August 15, 2017, the Federal Trade Commission (FTC) announced that it had reached an agreement with Uber Technologies to settle allegations that the ride-sharing company had deceived consumers by failing to live up to its privacy and data security promises. 1 Specifically, the FTC levied two deception counts against Uber: (1) that the company had failed to consistently monitor and audit internal access to consumers’ personal information, despite public promises to do so; and (2) that the company had failed to provide reasonable security for consumers’ personal information stored in its databases, despite its security promises.

Source: Key New Takeaways from Uber’s Privacy and Data Security Settlement with the FTC

Lack of Injury Dooms Scottrade Data Breach Class Suit Appeal

US federal appeals court rejected class action over a 2013 data breach at that affected more than 4.6 million securities discount brokerage’s Scottrade Inc. customers on grounds that plaintiffs didn’t demonstrate they had suffered actual damages.

Source: Lack of Injury Dooms Scottrade Data Breach Class Suit Appeal | Bloomberg BNA

>