Google and Data Protection – Again!

By Professor Lorna Woods A new reference has landed on the ECJ’s desk: Google Spain and Google (Case C-131/12) from the Audiencia Nacional in Spain. The ECJ official website is a bit thin on details, but this seems to be the same case reported by Reuters. That case concerns the right to be forgotten – … Continue reading

Negotiation of Agreement on Data Transfers

The transfer of individuals’ personal data between authorities in the EU and third countries, particularly the USA, in the name of the fight against terrorism has given rise to a number of difficulties – as the process in agreeing the SWIFT and PNR agreements shows. Particularly since Lisbon, the European Parliament has sought to exercise … Continue reading

Privacy problems for Facebook – Canada

Here’s a link to a newspaper report in Canada concerning the Canadian Privacy Commissioner’s response to news reports at the weekend stating that Facebook apps have been sending personal data to adverting companies. Problems with Facebook apps have already been noted on this blog. As regards this current claim, its seems the problem in Canada … Continue reading

Commission sues UK over Phorm

In 2006 and 2007, BT used a technology called Phorm on users of its internet service for a trial period without informing them what it was doing. Phorm was a form of behavioural advertising technology which analyses internet use, so as to deliver users advertising that matched the users’ respective Internet use. When this was … Continue reading

Digital Economy Act

The controversial Digital Economy Bill was enacted in the run up the the general election, a fact which in itself drew the ire of some. The matter is not closed, however, as some ISPs are mounting a judicial review challenge to the act, or at least some of its provisions. It was initially unclear the … Continue reading

Irish High Court Refers Data Retention Case

The Irish High Court has (at last!) referred the case brought by Digital Rights Ireland challenging Irish data retention law to the European Court of Justice. The case has been before the Court since 2006 and follows national litigation in Bulgaria, Germany and Romania. See for more details, and various posts on

German Opposition to Data Retention

German civil society is moving to end all communications data retention: More than 40 organisations and associations yesterday asked the German Federal Minister of Justice to “push for the abolition of EU telecommunications data retention requirements” which compel phone and Internet companies to collect data about their customers’ communications. According to the letter, data retention … Continue reading

Data Protection – independence of regulatory authorities

Last week the ECJ handed down a judgment on what Art 28 of the Data Protection Directive meant. The directive requires member states to set up regulatory authorities who are to ‘act with complete independence in exercising the functions entrusted to them’. The Commission (and European Data Protection Supervisor) took a broader view of this … Continue reading

German Law Journal on Data Retention

[This is a cross-post from Human Rights in Ireland] The latest issue of the German Law Journal contains what may be the first academic analysis of the Bundesverfassungsgericht decision in the data retention case – previously discussed below. The article, entitled ‘Pitting Karlsruhe Against Luxembourg? German Data Protection and the Contested Implementation of the EU … Continue reading

Death of a Directive: EU Data Retention?

The Data Retention Directive was adopted in the aftermath of the public transport attacks in London in July 2005. It requires telecommunications service providers to retain user traffic data for all telecommunications users for a period of six months to two years. The Directive has been highly criticised for requiring generalised data surveillance within the … Continue reading