European Court Says Austrian DPA Not Independent

European Court Says Austrian DPA Not Independent

The European Court of Justice held on October 16, 2012 that Austria’s data protection authority is not sufficiently independent, and therefore fails to comply with the requirements of the European data protection directive. This is the second time that the European Court of Justice has found a data protection authority to lack independence.

CNIL Vs. Google, Act IV: Google Against the Rest of the World of the Data Protection Regulators

We have previously reported on the different requests and repeated questionnaires the Commission nationale de l’informatique et des libertés (CNIL) has sent to Google over the past few months regarding the evaluation of Google’s compliance with applicable European Data Protection Regulation

The European Court of Justice Rules That Austria’s Data Protection Authority is Not Sufficiently Independent

By | Inside Privacy | October 18, 2012

On 16 October 2012, the Court of Justice of the European Union (“CJEU”) ruled in favour of the European Commission in its claim against Austria that the Austrian Data Protection Authority, the Datenschutzkommission (“DSK”), was not independent from the Austrian government as required under Article 28 of the EU’s Data Protection Directive.

CNIL and Article 29 Working Party Release Report On Google Privacy Policy

By | Inside Privacy | October 17, 2012

BOn 16 October, 2012, the French data protection authority, the CNIL, released a report on behalf of the Article 29 Working Party that examines Google’s compliance with European data protection law.  The report marks a new stage in an investigation which began nine months ago, when Google announced that it intended to change its online privacy policy. 

EU Regulation: Reding Says Right to Be Forgotten Must Be Balanced; EP Committee Calls for Enhanced Extraterritoriality

EU Regulation: Reding Says Right to Be Forgotten Must Be Balanced; EP Committee Calls for Enhanced Extraterritoriality

In a June 18 speech in Luxembourg, European Commissioner for Justice Viviane Reding discussed the much-maligned proposal for a “right to be forgotten” in the recently proposed EU Data Protection Regulation, admitting that “you cannot enforce an absolute right to be forgotten on the internet.”  She stressed that the right to forgotten “like the general right to privacy . . . needs to be reconciled with other rights which are also protected by the EU’s Charter of Fundamental Rights.” 

Is Data Breach Notification Compulsory Under French Law?

By | Privacy Law Blog | June 20, 2012

On May 28th, the Commission nationale de l’informatique et des libertés (“CNIL”), the French  authority responsible for data privacy, published guidance on breach notification law affecting electronic communications service providers.   The guidance was issued with reference to European Directive 2002/58/EC, the e-Privacy Directive, which imposes specific breach notification requirements on electronic communication service providers.