On March 6 and 7, 2017, the Centre for Information Policy Leadership at Hunton & Williams LLP and over 100 public and private sector participants in CIPL’s GDPR Implementation Project will convene in Madrid, Spain, for CIPL’s third major GDPR implementation workshop.
Continue Reading CIPL to Hold Next GDPR Implementation Workshop in Madrid

On October 6, 2015, the Court of Justice of the European Union issued its judgment in the Schrems v. Facebook case that empowers the national data protection authorities to investigate and suspend international data transfers, and concludes that the Safe Harbor Decision is invalid.
Continue Reading CJEU Declares the Commission’s U.S. Safe Harbor Decision Invalid

On February 3, 2015, the Article 29 Working Party published a report on a sweep of 478 websites across eight EU Member States (Czech Republic, Denmark, France, Greece, the Netherlands, Slovenia, Spain and the United Kingdom). The sweep was conducted to assess compliance with Article 5.3 of the e-Privacy Directive 2002/58/EC, as amended by 2009/136/EC.
Continue Reading Article 29 Working Party Reports on Cookie Sweep Results

On November 26, 2014, the Article 29 Working Party published an Opinion setting out guidelines on the implementation of the Court of Justice of the European Union ruling in Costeja, and common criteria for the handling of related complaints by European data protection authorities.
Continue Reading Article 29 Working Party Issues Opinion on the Implementation of the CJEU Ruling in Costeja

On May 13, 2014, the European Court of Justice (the “ECJ”) rendered its judgment in Google Spain S.L. and Google Inc. v Agencia Española de Protección de Datos (Case C-131/12, “Google v. AEPD” or the “case”). The case concerns a request made by a Spanish individual, Mr. Costeja, to the Spanish Data Protection Authority (Agencia Española de Protección de Datos or “AEPD”) to order the removal of certain links from Google’s search results. The links relate to an announcement in an online newspaper of a real estate auction for the recovery of Mr. Costeja’s social security debts. The information was lawfully published in 1998, but Mr. Costeja argued that the information had become irrelevant as the proceedings concerning him had been fully resolved for a number of years. The AEPD upheld the complaint and ordered Google Spain S.L. and Google Inc. (“Google”) to remove the links from their search results. Google appealed this decision before the Spanish High Court, which referred a series of questions to the ECJ for a preliminary ruling. The ECJ ruled as follows:

Continue Reading EU Court of Justice Upholds Right to Erasure in Google Search Case

On June 25, 2013, the Advocate-General of the EU Court of Justice delivered his Opinion in a case against Google that questioned whether individuals have a right to have search result links about them erased. This blog entry provides further details on the case and the Advocate-General’s Opinion that individuals have no such right under existing law.
Continue Reading EU Court of Justice Advocate-General Issues Opinion in Google Search Case

On December 12, 2012, the Centre for Information Policy Leadership released an accountability self-assessment tool designed to help organizations evaluate their internal privacy programs and practices. The tool is the product of the Global Accountability Project for which the Centre serves as Secretariat.
Continue Reading Centre Releases Accountability Self-Assessment Tool to Help Organizations Evaluate Their Privacy Programs

On November 2-3, 2011, Mexico’s Federal Institute for Access to Information and Data Protection will host the 33rd International Conference of Data Protection and Privacy Commissioners in Mexico City.
Continue Reading Mexico Hosts 33rd International Conference of Data Protection and Privacy Commissioners

On January 14, 2011, the European Network and Information Security Agency published a report compiling input on EU breach notification procedures provided by regulatory authorities, telecommunication service providers and legal and industry experts.

Continue Reading European Network and Information Security Agency Publishes Report on Data Breach Notification in the EU