If a Slovakian company runs a website that advertises Hungarian homes for sale, and Hungarian residents submit their personal data to the company’s website server, then in the event of the Slovakian company breaching data protection laws, does the Hungarian Data Protection Authority retain any regulatory competence to ensure that Hungarian data protection law is complied with? Or should the Hungarian Authority simply have requested its Slovakian counterpart to take action against the Slovakian company?
Continue readingTag Archives: privacy
Case C-362/14, Schrems – does a ‘safe harbour’ shelter states that deprive EU citizens of their EU Charter rights?
If the EU Commission deems a non-EU state to be a ‘safe harbour’ for the purposes of data processing, then personal data about EU citizens can be sent to companies in that non-EU state. This is not new. For example, in 2000 the EU Commission had decided that the USA was a ‘safe harbour’. However, in 2013 Edward Snowden made a series of revelations concerning the USA’s blanket interception of Internet and telecoms systems. These revelations have generated a question of EU law. Namely, can an EU Member State’s national data protection regulator now disregard the EU Commission’s finding that the USA is a ‘safe harbour’, and do so on the basis that the USA’s laws and practices do not adequately protect and respect an EU citizen’s EU Charter rights to privacy and data protection?
Continue readingCase C-362/14, Schrems – does a ‘safe harbour’ shelter states that deprive EU citizens of their EU Charter rights?
If the EU Commission deems a non-EU state to be a ‘safe harbour’ for the purposes of data processing, then personal data about EU citizens can be sent to companies in that non-EU state. This is not new. For example, in 2000 the EU Commission had decided that the USA was a ‘safe harbour’. However, in 2013 Edward Snowden made a series of revelations concerning the USA’s blanket interception of Internet and telecoms systems. These revelations have generated a question of EU law. Namely, can an EU Member State’s national data protection regulator now disregard the EU Commission’s finding that the USA is a ‘safe harbour’, and do so on the basis that the USA’s laws and practices do not adequately protect and respect an EU citizen’s EU Charter rights to privacy and data protection?
Continue readingCase C-46/13, H – challenging more of the EU’s data retention Directive
When you use a telephone or go onto the internet a company registers and stores data about you. Companies are obliged to do this not for billing purposes but because of the EU’s data retention Directive 2006/24/EC. Can you access this ‘retention data’, and if not, is this compatible with the EU Charter?
Continue readingCase C-449/12, van Luijk – No fingerprints? No Dutch passport.
Are the Dutch rules requiring passport applicants to be fingerprinted and to have their biometric data stored initially in local registers, and then in a central register, compatible with EU law?
Continue readingCase C-447/12, Kooistra – No fingerprints? No Dutch ID card.
Are the Dutch rules that require four fingerprints to be taken from people wishing to have a Dutch identity card compatible with EU privacy law?
Continue readingCase C-446/12, Willems – No fingerprints? No Dutch passport. No travel outside the EU.
Are the Dutch rules requiring the fingerprinting of all applicants for a Dutch passport compatible with EU law?
Continue readingCase C-291/12, Michael Schwarz – No fingerprints? No passport. An invalid EC Regulation?
Is the EU’s biometric data Regulation 2252/2004 invalid because it is a disproportionate infringement of a person’s fundamental rights to privacy and data processing?
Continue reading