On July 27, 2021, the Spanish Data Protection Authority (the “AEPD”) imposed a €2,520,000 fine on Spanish supermarket chain Mercadona, S.A. for unlawful use of a facial recognition system.
Continue Reading Spanish DPA Fines Supermarket Chain 2,520,000 EUR for Unlawful Use of Facial Recognition System
Spain
Spanish DPA Publishes Report on Data Processing Activities in Relation to COVID-19
The Spanish Data Protection Authority recently published a report on data processing activities carried out by data controllers in the private and public sectors in connection with the spread of COVID-19.
Continue Reading Spanish DPA Publishes Report on Data Processing Activities in Relation to COVID-19
CIPL to Hold Next GDPR Implementation Workshop in Madrid
On March 6 and 7, 2017, the Centre for Information Policy Leadership at Hunton & Williams LLP and over 100 public and private sector participants in CIPL’s GDPR Implementation Project will convene in Madrid, Spain, for CIPL’s third major GDPR implementation workshop.
Continue Reading CIPL to Hold Next GDPR Implementation Workshop in Madrid
CJEU Declares the Commission’s U.S. Safe Harbor Decision Invalid
On October 6, 2015, the Court of Justice of the European Union issued its judgment in the Schrems v. Facebook case that empowers the national data protection authorities to investigate and suspend international data transfers, and concludes that the Safe Harbor Decision is invalid. …
Continue Reading CJEU Declares the Commission’s U.S. Safe Harbor Decision Invalid
Article 29 Working Party Reports on Cookie Sweep Results
On February 3, 2015, the Article 29 Working Party published a report on a sweep of 478 websites across eight EU Member States (Czech Republic, Denmark, France, Greece, the Netherlands, Slovenia, Spain and the United Kingdom). The sweep was conducted to assess compliance with Article 5.3 of the e-Privacy Directive 2002/58/EC, as amended by 2009/136/EC.
Continue Reading Article 29 Working Party Reports on Cookie Sweep Results
Article 29 Working Party Issues Opinion on the Implementation of the CJEU Ruling in Costeja
On November 26, 2014, the Article 29 Working Party published an Opinion setting out guidelines on the implementation of the Court of Justice of the European Union ruling in Costeja, and common criteria for the handling of related complaints by European data protection authorities.
Continue Reading Article 29 Working Party Issues Opinion on the Implementation of the CJEU Ruling in Costeja
CJEU Upholds Right to Erasure in Google Search Case
On May 13, 2014, the European Court of Justice (the “CJEU”) rendered its judgment in Google Spain S.L. and Google Inc. v Agencia Española de Protección de Datos (Case C-131/12, “Google v. AEPD” or the “case”). The case concerns a request made by a Spanish individual, Mr. Costeja, to the Spanish Data Protection Authority (Agencia Española de Protección de Datos or “AEPD”) to order the removal of certain links from Google’s search results. The links relate to an announcement in an online newspaper of a real estate auction for the recovery of Mr. Costeja’s social security debts. The information was lawfully published in 1998, but Mr. Costeja argued that the information had become irrelevant as the proceedings concerning him had been fully resolved for a number of years. The AEPD upheld the complaint and ordered Google Spain S.L. and Google Inc. (“Google”) to remove the links from their search results. Google appealed this decision before the Spanish High Court, which referred a series of questions to the ECJ for a preliminary ruling. The ECJ ruled as follows:
…
Continue Reading CJEU Upholds Right to Erasure in Google Search Case
EU Court of Justice Advocate-General Issues Opinion in Google Search Case
On June 25, 2013, the Advocate-General of the EU Court of Justice delivered his Opinion in a case against Google that questioned whether individuals have a right to have search result links about them erased. This blog entry provides further details on the case and the Advocate-General’s Opinion that individuals have no such right under existing law.
Continue Reading EU Court of Justice Advocate-General Issues Opinion in Google Search Case
Centre Releases Accountability Self-Assessment Tool to Help Organizations Evaluate Their Privacy Programs
On December 12, 2012, the Centre for Information Policy Leadership released an accountability self-assessment tool designed to help organizations evaluate their internal privacy programs and practices. The tool is the product of the Global Accountability Project for which the Centre serves as Secretariat.
Continue Reading Centre Releases Accountability Self-Assessment Tool to Help Organizations Evaluate Their Privacy Programs
Mexico Hosts 33rd International Conference of Data Protection and Privacy Commissioners
On November 2-3, 2011, Mexico’s Federal Institute for Access to Information and Data Protection will host the 33rd International Conference of Data Protection and Privacy Commissioners in Mexico City.
Continue Reading Mexico Hosts 33rd International Conference of Data Protection and Privacy Commissioners