On 2 February 2016, the EU-Commission and the United States have agreed on new framework for transatlantic data flows: the "EU-US Privacy Shield". This new framework will protect the fundamental rights of Europeans where their data is transferred to the United States and ensure legal certainty for businesses.
On 3 February 2016, the WP29 welcomed the "EU-U.S. Privacy Shield" and looks forward to receive the relevant documents in order to know precisely the content and the legal bindingness of the arrangement and to assess whether it can answer the wider concerns raised by Schrems judgment as regards international transfers of personal data.
Council, press release 951/15, 18 December 2015
Today, the Permanent Representatives Committee (Coreper) confirmed the final text for a Data Protection Regulation resulting from the trilogue between Council, Parliament and Commission on data protection reform. The agreement on the final text was a compromise reached on 15 December 2015. This agreement is in line with the request from the European Council for negotiations on data protection reform to be concluded by the end of 2015.
CJEU, C-362/14, 6 October 2015
On 6 October 2015, the CJEU declared that the EU-Commission’s US Safe Harbour Decision is invalid. The CJEU alone has jurisdiction to declare an EU act invalid and this decision in the case of Maximillian Schrems v Data Protection Commissioner (C-362/14) affects all transfer of personal data into the USA under the umbrella of the "Safe Harbor" principles. Furthermore, the CJEU strengthened the powers of national supervisory bodies: Where a claim is lodged with the national supervisory authorities they may, even where the EU-Commission has adopted a decision finding that a third country affords an adequate level of protection of personal data, examine whether the transfer of a person’s data to the third country complies with the requirements of the EU legislation on the protection of that data and, in the same way as the person concerned, bring the matter before the national courts, in order that the national courts make a reference for a preliminary ruling for the purpose of examination of that decision’s validity.
CJEU, Opinion of Advocate General Bot in case C-362/14, 23 September 2015
on 23 September 2015, the Advocate General Bot issued his Opinion in the case of Maximillian Schrems v Data Protection Commissioner (C-362/14) affecting all transfer of personal data into the USA under the umbrella of the "Safe Harbor" principles. According to his Opinion, the EU-Commission decision finding that the protection of personal data in the United States is adequate does not prevent national authorities from suspending the transfer of the data of European Facebook subscribers to servers located in the United States. Furthermore, the Opinion considers that the EU-Commission decision on "Safe Harbor" is invalid.
EASA, A-NPA 2015-10, 31 July 2015
On 31 July 2015, the European Aviation Safety Agency
) has published its Consultation Document for the "Introduction of a regulatory framework for the operation of drones" which had been eagerly anticipated in the comparative overview of regulatory developments on the "Commercial Use of Drones" by Hilf/Umbach, CRi 2015, pp. 65- 71
. The EASA
Consultation Document outlines a possible regulatory framework for drone operations as well as concrete proposals for the regulation of low-risk drone operations and is open to comments by any person or organisation suggesting the development of a new rule or an amendment thereto until 25 September 2015.
Online Trust Alliance, IoT Trust Framework - Discussion Draft, 11 August 2015
On 11 August 2015, the Online Trust Alliance (OTA) a non-profit organization with the mission to enhance online trust, released its "Internet of Things Trust Framework - Discussion Draft", the first global, multi-stakeholder effort to address IoT risks comprehensively. The suggested IoT Trust Framework presents guidelines for IoT manufacturers, developers and retailers to follow when designing, creating, adapting and marketing connected devices in two key categories: home automation and consumer health and fitness wearables. In the spirit of collaboration, OTA openly invites industry leaders to review the document and provide feedback.
IANA Stewardship Transition Proposal, 31 July 2015
On 31 July 2015, the IANA Stewardship Transition Coordination Group (ICG) released the Draft Proposal for the transition of the stewardship of the Internet Assigned Numbers Authority (IANA) functions from the U. S. Department of Commerce’s National Telecommunications and Information Administration (NTIA) to the global multistakeholder community and, on 3 August 2015, the Cross Community Working Group on Enhancing ICANN Accountability made its "CCWG-Accountability 2nd Draft Proposal on Work Stream 1 Recommendations" available for public comment. Both, the "IANA Stewardship Transition Proposal" and the "CCWG-Accountability 2nd Draft Proposal" are open to public comment for a period of 40-days. This presents a seminal opportunity for the public to evaluate the Draft Proposal as a whole and how it meets the criteria established by NTIA.
Google Europe Blog, 30 July 2015
On 30 July 2015, Google's Global Privacy Council, Peter Fleischer
, has posted that Google
respectfully disagrees with the assertion that the "Right to be Forgotten" would have to be implemented globally. Following the Practical Guidelines issued by the Article 29 Data Protection Working Party
in November 2014, the French Data Protection Authority (i.e. “Commission National de l’Informatique et des Libertés”, CNIL
) had issued in May 2015 a formal notice requesting Google Inc. to apply delisting globally on all domain names of the search engine because the various geographical top Level domains used by Google Inc.
merely represented different technical access paths to its central data processing (see Cullaffroz-Jover, CRi 2015, 126
European Council, 564/15, 8 July 2015
On 8 July 2015, the Member States gathered at the Permanent Representatives Committee approved the deal with the EU Parliament on ending mobile roaming charges and introducing first EU-wide rules to safeguard open internet access (= net neutrality).
EU Commission, MEMO/15/5275 of 30 June 2015
On 30 June 2015, the EU Commission has made available a fact sheet concerning roaming charges and open Internet: explaining in Q&A-form what the agreement reached on 15 June 2015 between EU Parliament, EU Council and EU Commission on key elements for a single market in telecoms is about. Certain seem two things:
- First: The end roaming charges when travelling in the EU in June 2017 and
- Second: The introduction of rules safeguarding the open Internet in the EU.
The Regulation also increases related consumer protection. It notably ensures that users are informed about their roaming rights and consumption and that they are empowered to detect possible breaches of open Internet rules.
EU Council, 9565/15, 15 June 2015
On 15 June 2015, the EU-Council reached a general approach on the general data protection regulation that establishes rules adapted to the digital era. The twin aims of this regulation are to enhance the level of personal data protection for individuals and to increase business opportunities in the Digital Single Market. This general approach means that the EU-Council has a political agreement on the basis of which it can now begin negotiations with the EU-Parliament with a view to reaching overall agreement on new EU data protection rules. A first trilogue with the EU-Parliament is planned for 24 June 2015.
UN Human Rights Council, A/HRC/29/32, 22 May 2015
On 22 May 2015, the United Nation's "Special Rapporteur on the Promotion and Protection of the Right to Freedom of Opinion and Expression", David Kaye, made available his first annual Report adressing the use of encryption and anonymity in digital communications. Drawing from research on international and national norms and jurisprudence, and the input of States and civil society, the Report concludes that encryption and anonymity enable individuals to exercise their rights to freedom of opinion and expression in the digital age and, as such, deserve strong protection. The Report will be presented at the 29th session of the Human Rights Council on 15 June - 3 July 2015.
EU Commission, Communication COM(2015) 192, 6 May 2015
On 6 May 2015, the EU Commission has adopted the Communication "A Digital Single Market Strategy for Europe" in which its detailed plans to create a Digital Single Market are unveiled.
EU-Council, Press Release 114/15 v. 13.3.2015
On 13 March 2015, the EU Council of Ministers reached a partial general approach on specific issues of the draft regulation setting out a general EU framework for data protection, on the understanding that nothing is agreed until everything is agreed. The partial general approach includes the chapters and the recitals concerning the "one-stop-shop" mechanism (chapters VI and VII) as well as the chapter and the recitals relating to the principles for protecting the personal data (chapter II).
US Supreme Court: Petition by Google (6 October 2014) and Opposition by Oracle (8 December 2014)
On 8 December 2014, Oracle has filed its Brief in Opposition to the Supreme Court of the United States against Google in a copyright dispute concerning 37 packages of computer source code written by the predecessor of Oracle America, Inc.in Java programming language.
Art. 29 Data Protection Working Party, WP 225, adopted on 26 November 2014
European Parliamentary Research Service, Study "III Digital Single Market", 3 October 2014
On 3 October 2014, the EU-Parliament has published part III of its study "The Cost of Non-Europe" (CoNE) analysing the "Digital Single Market" (DSM). The study focusses is on the gaps in EU legislation which may constrain the functioning of the DSM and, to a certain extent on informational gaps and shortcomings in the implementation of existing EU-level legislation that can significantly hamper the functioning of the DSM.
EUROPOL, iOCTA 2014, 29 September 2014
On 29 September 2014, The European Cybercrime Centre (EC3) of the European Police Office (EUROPOL) has published its 2014 Internet Organised Crime Threat Assessment (iOCTA). the 2014 iOCTA describes an increased commercialisation of cybercrime.
Recommending a review article by Peter Hustinx, 15 September 2014
On 15 September 2014 the European Data Protection Supervisor (EDPS) has made available the thourough data protection review article entitled "EU Data Protection Law: The Review of Directive 95/46/EC and the Proposed General Data Protection Regulation" by Peter Hustinx which is based on a course given at the European University Institute's Academy of European Law in July 2013.
Council of Europe, DGI(2014)12, 22 - 26 June 2014
During the ICANN50 meeting in London that took place from 22 - 26 June 2014, Dr Monika Zalnieriute and Thomas Schneider presented their Report on "ICANN’s procedures and policies in the light of human rights, fundamental freedoms and democratic values" the preparation of which had been facilitated by the Council of Europe. The opinions expressed in this Report are the opinions of the experts and do not engage the responsibility of the Council of Europe. The Report aims at catalysing community discussion on human rights and internet governance.
Council of the EU, 2013/0027 (COD), 16 May 2014
On 16 May 2014 the Council of the EU has published its Draft Progress Report about a "Proposal for a Directive concerning measures to ensure a high common level of network and information security across the Union" (NIS Directive). The Draft Progress Report sets out the work done so far in the Council's preparatory bodies, gives an account of the state of play in the examination of the above mentioned proposal and sets out orientations with a view to the preparation of negotiations with the EP in due course.
Human Rights Committee, Concluding observations, Adopted on10–28 March 2014
On 26 March 2014, the Human Rights Committee adopted its "Concluding observations on the fourth report of the United States of America". On page 9 at 22., the Human Rights Committee expresses its concerns about the surveillance of communications in the interests of protecting national security, conducted by the National Security Agency (NSA).
ECHR, Bucur and Toma v. Romania, Judgement of 8 January 2013 - 40238/02
On 8. January 2013, the European Court of Human Rights (ECHR) handed down judgement in the case of Bucur and Toma v. Romania (40238/02) finding a violation of Article 10 ECHR in the criminal conviction of an ex-member of the Romanian Intelligence Service who had made public irregular telephone tapping procedures. The ECHR held that the interference with the whistleblower's freedom of expression, and in particular with his right to impart information, had not been necessary in a democratic society.
Brick Court Chambers, 22 January 2014
On 22 January 2014, Jemima Stratford QC and Tim Johnston delivered their wide-ranging legal opinion (32 pages long) concerning the lawfulness of the UK government’s interception, use and transfer of intelligence data to Tom Watson, chair of the All Party Parliamentary Group on Drones. The opinion not only raises serious questions about whether or not the security services are acting within the scope of the law, but also questions whether the law itself (the Regulation of Investigatory Powers Act 2000) is in line with the European Convention on Human Rights.
Report and Recommendations of 12 December 2013
On 12 December 2013, the President's Review Group revealed its Report and Recommendations entitled "Liberty and Security in a Changing World". Looking at past and current practices of national security against threats of international terrorism, the proliferation of weapons of mass destruction, and cyber espionage and warfare, the Report aknowledges a robust foreign intelligence collection capability and aims to harmonize it with the committment to the protection of privacy and civil liberties ("fundamental values that can be and at times have been eroded by excessive intelligence collection"). Against this background, 46 recommendations are developed to change US intelligence collection activities.
Report by EU-Co-Chairs of 27. November 2013
On 27 November, the EU-Commission and the EU-Presidency Council have published as Co-Chairs their "Report on the Findings of the EU Co-Chairs of the Ad Hoc EU-US Working Group on Data Protection". The purpose of this Working Group was to establish the facts about US surveillance programmes and their impact on fundamental rights in the EU and personal data of EU citizens. The summary of the main findings is provided here:
On 23 September 2013, the US state California amended its the California Online Privacy Protection Act ("CalOPPA") to include a section titled “Privacy Rights for California Minors in the Digital World.”
On 9 September 2013, the Organization for Economic Cooperation and Development (OECD) published its revised Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data (2013 Guidelines).
On 9 August 2013, the U.S. National Security Agency (NSA) has published a Paper called "The National Security Agency: Missions, Authorities, Oversight and Partnerships" aimed at providing a succinct description of the NSA's mission, authorities, oversight and partnerships.
On 24 July 2013, the European Commission has published a Document by DG Home dating from March this year and called "Evidence for necessity of data retention in the EU" collating evidence provided to the Commission on the necessity of data retention including case studies from across the EU.
European Court of Human Rights
On 16 July 2013, the European Court of Human Rights (ECHR) has issued a Chamber judgment (not final) in the case of Wegrzynowski and Smolczewski v. Poland (application no. 33846/07) and found, unanimously, that a newspaper was not obliged to completely remove from its Internet archive an article found by a court to be inaccurate because there had been no violation of Article 8 (right to respect for private and family life) of the European Convention on Human Rights.
On 10 July 2013, the EU-Parliament's Civil Liberties Committee has agreed on the next steps to be taken in its surveillance inquiry into alleged spying by the US and EU countries. On 4 July 2013, the EU-Parliament had adopted a Resolution on the US National Security Agency surveillance programme, surveillance bodies in various Member States and their impact on EU citizens' privacy (2013/2682(RSP))
which instructed the Committee on Civil Liberties, Justice and Home Affairs to conduct an in-depth inquiry into the matter in collaboration with national parliaments and the EU-US expert group set up by the Commission and to report back by the end of the 2013 (see Nr. 16 of the Resolution). The Civil Liberties Committee will hold hearings with their authorities, legal and IT experts, NGOs, data protection authorities, national parliaments following this issue and private firms involved in data transfers. The first hearing takes place on 5 September 2013.
On 9 July 2013, The EU-Parliament's Legal Affairs Committee has unanimously adopted a Report on a proposal for a Directive "on collective management of copyright and related rights and multi-territorial licensing of rights in musical works for online uses in the internal market". Under the rules approved the Legal Affairs Committee, online music service providers will get licenses more easily and musicians will receive royalties more quickly, enabling consumers to enjoy a wider range of music online.
On 17 April 2013, the UN Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, Frank La Rue, has submitted his Report analysing the implications of States’ surveillance of communications on the exercise of the human rights to privacy and to freedom of opinion and expression of the in accordance with Human Rights Council resolution 16/4. While considering the impact of significant technological advances in communications, the Report underlines the urgent need to further study new modalities of surveillance and to revise national laws regulating these practices in line with human rights standards.
On 31 May 2013, the Council of the European Union sitting in configuration of Justice and Home Affairs has released a draft Compromise Text responding to the European Commission’s proposed General Data Protection Regulation (the “Proposed Regulation”). The compromise text narrows the scope of the Proposed Regulation and seeks to move from a detailed, prescriptive approach toward a risk-based framework.
CJEU, 30 May 2013, C-270/11
On 30 May 2013, the Court of Justice for the European Union (CJEU) has ordered Sweden to make a lump sum payment of €3 000 000 for its delay in transposing the Data Retention Directive into national law. Given that the Directive is intended to ensure that electronic communications data are available for the purpose of the investigation, detection and prosecution of serious crime, any delay in its transposition is liable to have consequences for public and private interests.
On 13 May 2013, the European Data Protection Authorities, assembled in the Article 29 Data Protection Working Party, have adopted an "Advice Paper on Essential Elements of a Definition and a Provision on
Profiling within the EU General Data Protection Regulation" arguing for clear limits to profiling.
On 10 May 2013, the US Court of Appeals for the Federal Circuit has issued its ruling in CLS Bank International v. Alice Corporation on the patent-eligibility of method and computer-readable medium claims. Though the Court holds that the method and computer readable medium claims before it do not recite patent-eligible subject matter under 35 U.S.C. § 101, the ten judges of this decision formed no less than six different opinions on the matter.
On 8 May 2013, the Queen's speech also announced that "a draft Bill will be published establishing a simple set of consumer rights to promote competitive markets and growth." The purpose of this Consumer Rights Bill is to:
- Give consumers clearer rights in law and to make sure that consumer rights keep pace with technological advances.
- Provide important new protections for consumers alongside measures to reduce regulation for business, all with the aim of making markets work better.
On 19 April 2013, the European data protection authorities, assembled in the Article 29 Working Party (WP29), have adopted an Explanatory Document on Binding Corporate Rules for Processors (Processor BCR) in order to further explain the principles and elements to be found in Processor BCR set out in the Working Document 02/2012 (WP195) adopted on 6 June 2012.
On 2 April 2013, the Article 29 Data Protection Working Party has adopted its opinion 03/2013 in which the European data protection authorities assess and clarify the principle of purpose limitation with the aim to offer guidance on its practical application under the current and under proposed future legal framework (WP203).
In March 2013, the WIPO Arbitration and Mediation Center has presented a Report with the results of its International Survey on Dispute Resolution in Technology Transactions (Survey). The Survey had been designed to assess the current use in technology-related disputes of Alternative Dispute Resolution (ADR) methods as compared to court litigation, including a qualitative evaluation of these dispute resolution options and the results of this Survey provide a statistical basis to identify trends in the resolution of technology-related disputes as well as emerging best practices as potential guidance for intellectual
property stakeholders in their dispute resolution strategies.
In March 2013, the Federal Trade Commission (FTC) has published a Staff Report "Paper, Plastic ... or Mobile?" on mobile payment. The Staff Report discusses the emerging options and concerns for consumers using mobile payment and highlights those areas where staff believes continued monitoring and attention are warranted. In the end, it is clear that building a framework for mobile payments that keeps the consumer experience in mind will go a long way towards developing consumer trust and widespread adoption of these new products and services.
In February 2013, the World Economic Forum has published a report on "Unlocking the Value of Personal Data: From Collection to Usage" prepared in collaboration with the Boston Consulting Group. The Report examines the need for new approaches in the policies which enable the managing of personal data in ways that are flexible, adaptive and contextually driven. The report highlights outcomes from a nine month, multistakeholder, global dialogue on how the principles for using personal data may need to be refreshed to ensure they protect the rights of individuals, unlock socio-economic value and are fit for the complexities of a hyperconnected world.
In January 2013, the Califonia Attorney General’s Privacy Enforcement and Protection Unit has published "Privacy on the Go: Recommendations for the Mobile Ecosystem" for the mobile app industry. The aim of these recommendations is to help educate this industry and to promote privacy best practices by encouraging app developers and other players in the mobile sphere to consider privacy at the outset of the design process.
On 20 November 2012, the European Network and Information Security Agency (ENISA) published its report "The Right to be Forgotten - Between Expectations and Practice" authored by Peter Druschel, Michael Backes and Rodica Tirtea. The Report aims to cover the technical means to enforce or support "the right to be forgotten" in information systems and explores its obstacles and limitations.
On 5 September 2012, the Congress Research Service (CRS) published its report "The Trans-Pacific Partnership Negotiations and Issues for Congress" authored by Ian F. Fergusson (Coordinator Specialist in International Trade and Finance), William H. Cooper (Specialist in International Trade and Finance), Remy Jurenas (Specialist in Agricultural Policy) and Brock R. Williams (Analyst in International Trade and Finance). The CRS-Report examines the Trans-Pacific Partnership agreement (TPP) within the broader context of multilateral and bilateral trade relations and international market access and compares the TPP to the Anti-Counterfeiting Trade Agreement (ACTA) among other free trade agreements (FTAs) the USA has signed with other nations that carry provisions increasing the enforcement of intellectual property rights abroad.
On 29 June 2012, the Canadian Bill C-11 received Royal Assent and is, therefore, about to introduce fundamental changes into the Canadian Copyright Act. Aim of Bill C-11 is to update the rights and protections of copyright owners to better address the challenges and opportunities of the Internet, so as to be in line with international standards.
On 23 February 2012, the Obama administration released the white paper "Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy". the white paper proposes an elaborate framework for protecting privacy in the digital age.
On 25 January 2012, the European Commission has proposed a comprehensive reform of the EU's 1995 data protection rules to strengthen online privacy rights and boost Europe's digital economy.
On 23 January 2012, the International Chamber of Commerce (ICC) has posted a "Data Protection Principle of Accountability Discussion Paper". This Discussion Paper provides an overview of current global discussions of the data protection principle of accountability.
On 20 October 2011, the International Chamber of Commerce has published a Discussion Paper on "Approaching Shortages of Mobile Broadband Spectrum Threaten to Limit Broadband Deployment and Economic Growth". This Discussion Paper informs governments and regulators about the economic benefits of taking action now to ensure that sufficient spectrum is available to support the increasing demands following current and expected data traffic trends.
On 15 November 2010, U.S. Participants in the Anti-Counterfeiting Trade Agreement (ACTA) negotiations announced published the finalised text of the Agreement, after resolving the few issues that remained outstanding after the final round of negotiations in Tokyo.