Case C-192/15, Rease – secretly spied on, medical data leaked, and left unprotected by the Dutch regulator

Can the Dutch Data Protection Agency exert any control over companies based in the UK and the USA which conduct covert surveillance on Dutch territory? And in the event of an individual’s data processing law rights under Dutch law being breached, what is to be done where the internal rules of the Dutch Data Protection Agency mean that the Agency will never ever act on a complaint coming from an individual?

Continue reading

Case C-230/14, Weltimmo – regulatory competence over websites

If a Slovakian company runs a website that advertises Hungarian homes for sale, and Hungarian residents submit their personal data to the company’s website server, then in the event of the Slovakian company breaching data protection laws, does the Hungarian Data Protection Authority retain any regulatory competence to ensure that Hungarian data protection law is complied with? Or should the Hungarian Authority simply have requested its Slovakian counterpart to take action against the Slovakian company?

Continue reading

Case C-212/13, Ryneš – data from private CCTV cameras overlooking public spaces and private homes

Does a home owner’s camera security-system bring him within the scope of the EU’s data processing Directive 95/46/EC? And does it matter that the CCTV camera not only captures images of his home but also of who happens to be passing by in the street outside, and it even records who is going into a home on the opposite side of the street?

Continue reading

Case C-46/13, H – challenging more of the EU’s data retention Directive

When you use a telephone or go onto the internet a company registers and stores data about you. Companies are obliged to do this not for billing purposes but because of the EU’s data retention Directive 2006/24/EC. Can you access this ‘retention data’, and if not, is this compatible with the EU Charter?

Continue reading