The Data Protection Commission (DPC) has published the results of the annual Global Privacy Sweep for 2018, which examined how well organisations are implementing the concept of accountability.  The Global Privacy Enforcement Network members made contact with 356 organisations in 18 countries during the Sweep. It found that while there were examples of good practice reported, a number of organisations had no processes in place to deal with complaints and queries raised by data subjects,…

By any measure, 2018 was a historic year for data protection law with the coming into effect of the GDPR on 25 May 2018.  Ireland plays an important role in the regulation and enforcement of data protection law and decisions of the Irish courts have had a disproportionate impact on European data protection jurisprudence. With the introduction of the one-stop-shop mechanism under the GDPR it is to be expected that this trend will continue in the…

The European Parliament, Council and Commission have reached a compromise on the text of the new Copyright Directive (previously discussed here).  The proposed Directive targets digital use of press publications by information society service providers, such as news aggregators and media monitoring services. As discussed below, the two most controversial provisions are Articles 11 and 13, known respectively as the “link tax” and “upload filtering” provisions. The Commission has issued a press release, but…

The EDPB has published information notes on Data Transfers under the GDPR in the Event of a No-Deal Brexit, and on BCRs for Companies Which Have ICO as BCR Lead Supervisory Authority to help organisations prepare for a no-deal Brexit. The information notes build on guidance already issued by the UK ICO and Irish Data Protection Commission (discussed here). The Information Note on Data Transfers warns that, in the event of a no-deal Brexit, the…

The European Data Protection Board (EDPB) has published its work program for the next two years. The program lists the guidelines, consistency opinions, and other types of activities the EDPB intends to carry out. The program is based on the needs identified by the EDPB as priority for individuals, stakeholders, as well as the EU legislator planned activities. The Guidelines due to be published over the coming two years include: Guidelines on reliance on Art.…

The European Data Protection Board (EDPB) has adopted an Opinion (3/2019) on the interplay between the EU Clinical Trials Regulation (536/2014) (CTR) and the GDPR, following a request from the European Commission to review its Q&A on the topic. The CTR, which is expected to enter into force in 2020, aims to harmonise the rules for conducting clinical trials throughout the EU. It does not contain any derogations from the GDPR and will therefore apply…

The European Commission has published an infographic on compliance with and enforcement of the GDPR since from May 2018 to January 2019. The infographic reveals some interesting statistics, including: 95,180 complaints have been made to EU national data protection authorities (DPAs) by individuals who believe their rights under the GDPR have been violated. The majority of these complaints concerned telemarketing, promotional emails, and video surveillance/CCTV.…