Learning from the British Airways and Marriott International fines: What does the GDPR standard of “Appropriate Technical and Organisational Measures” actually mean? Part 2 – Ashley Hurst and Nina Lazic

30 08 2019

The first part of this article detailed the baseline technical measures that companies should be taking in order to remain GDPR compliant. Alongside these technical measures, it is equally important to ensure that robust organisational measures are in place. Read the rest of this entry »





Data privacy rules in the EU may leave the US behind – Thomas Holt

3 02 2019

File 20190123 135145 1gurwfy.jpg?ixlib=rb 1.1

France made headlines on 21 January 2019 for fining Google US$57 million – the first large fine to be issued for violations of the European Union’s newly implemented General Data Protection Regulations. GDPR, as it’s called, is meant to ensure consumers’ personal information is appropriately used and protected by companies. It also creates procedures to sanction companies who misuse information. Read the rest of this entry »





GDPR: ground zero for a more trusted, secure internet – Bill Buchanan

26 05 2018

File 20180525 51102 a4jra3.jpg?ixlib=rb 1.1Most of us have been bombarded recently by a barrage of emails from companies begging us to “stay in touch” or “opt in” or informing us of a “policy update”. On May 25, an historic date for the internet, the EU’s General Data Protection Regulation (GDPR) comes into force. For some, it is the start of a more citizen-focused world, for others it will see the collapse of their digital marketing strategy. Read the rest of this entry »





Compensation for breach of the General Data Protection Regulation – Eoin O’Dell

8 09 2017

I have recently posted a paper on SSRN entitled “Compensation for breach of the General Data Protection Regulation”; this is the abstract: Read the rest of this entry »





Case Law, Strasbourg: Bogomolova v. Russia, Publication of picture of 3 year old “orphan” violated Article 8 – Ingrida Milkaite

25 07 2017

The case of Bogomolova v. Russia concerns the use of an unauthorised photograph of a minor’s face on the front page of a booklet promoting adoption and help for orphans. It proves that the publication of pictures of children without parental consent may have a significant social impact on the family and may violate Article 8 of the European Convention of Human Rights (ECHR), protecting the right to private and family life. Read the rest of this entry »





The GDPR and National Legislation: Relevant Articles for Private Platform Adjudication of “Right to Be Forgotten” Requests – Daphne Keller

5 05 2017

In a recent blog post, I discussed the role of EU Member State laws in defining and enforcing the “Right to Be Forgotten” (RTBF) under the EU’s new General Data Protection Regulation (GDPR). I consider these GDPR provisions in more detail in my forthcoming article. Because in the future RTBF may be applied to hosting services like Facebook or Dailymotion, I discuss potential consequences for them as well as search engines. Read the rest of this entry »





The “Right to Be Forgotten” and National Laws Under the GDPR – Daphne Keller

4 05 2017

The EU’s new General Data Protection Regulation (GDPR) will come into effect in the spring of 2018, bringing with it a newly codified version of the “Right to Be Forgotten” (RTBF).  Depending how the new law is interpreted, this right could prove broader than the “right to be de-listed” established in 2014’s Google Spain case. Read the rest of this entry »





Final Draft of Europe’s “Right to be Forgotten” Law – Daphne Keller

20 12 2015

data-protectionThe probably-really-almost-totally final 2016 General Data Protection Regulation (GDPR) is here!  Lawyers around the world have been hunkered down, analyzing its 200-plus pages. In the “Right to Be Forgotten” (RTBF) provisions, not much has changed from prior drafts. The law still sets out a notice and takedown process that strongly encourages Internet intermediaries to delete challenged content, even if the challenge is legally groundless. Read the rest of this entry »





News: EU agrees final text of General Data Protection Regulation

19 12 2015

Data Protection ReformOn 15 December 2015 it was announced that the EU Council, Commission and Parliament had finally agreed the text of the General Data Protection Regulation (“GDPR”) [pdf]. Read the rest of this entry »





Intermediaries and Free Expression Under the GDPR, in Summary – Daphne Keller

10 12 2015

data_protection (1)Europe’s pending General Data Protection Regulation (GDPR) threatens free expression and access to information on the Internet.  The threat comes from erasure requirements that work in ways the drafters may not have intended — and that are not necessary to achieve the Regulation’s data protection purposes. Read the rest of this entry »