On February 3, 2015, the Article 29 Working Party published a report on a sweep of 478 websites across eight EU Member States (Czech Republic, Denmark, France, Greece, the Netherlands, Slovenia, Spain and the United Kingdom). The sweep was conducted to assess compliance with Article 5.3 of the e-Privacy Directive 2002/58/EC, as amended by 2009/136/EC.
Continue Reading

On May 13, 2014, the European Court of Justice (the “ECJ”) rendered its judgment in Google Spain S.L. and Google Inc. v Agencia Española de Protección de Datos (Case C-131/12, “Google v. AEPD” or the “case”). The case concerns a request made by a Spanish individual, Mr. Costeja, to the Spanish Data Protection Authority (Agencia Española de Protección de Datos or “AEPD”) to order the removal of certain links from Google’s search results. The links relate to an announcement in an online newspaper of a real estate auction for the recovery of Mr. Costeja’s social security debts. The information was lawfully published in 1998, but Mr. Costeja argued that the information had become irrelevant as the proceedings concerning him had been fully resolved for a number of years. The AEPD upheld the complaint and ordered Google Spain S.L. and Google Inc. (“Google”) to remove the links from their search results. Google appealed this decision before the Spanish High Court, which referred a series of questions to the ECJ for a preliminary ruling. The ECJ ruled as follows:

Continue Reading

On June 25, 2013, the Advocate-General of the EU Court of Justice delivered his Opinion in a case against Google that questioned whether individuals have a right to have search result links about them erased. This blog entry provides further details on the case and the Advocate-General’s Opinion that individuals have no such right under existing law.
Continue Reading

On December 12, 2012, the Centre for Information Policy Leadership released an accountability self-assessment tool designed to help organizations evaluate their internal privacy programs and practices. The tool is the product of the Global Accountability Project for which the Centre serves as Secretariat.
Continue Reading

On January 14, 2011, the European Network and Information Security Agency published a report compiling input on EU breach notification procedures provided by regulatory authorities, telecommunication service providers and legal and industry experts.

Continue Reading