Tuesday, 6 October 2015

European Court Finds Safe-Harbour Agreement Between US And EU Invalid

ECJ C - 362 / 14

The European Court of Justice has found the Safe-Harbour Agreement between the European Union and the United States to be invalid.
In its decision the court confirms the right and obligation of the national data protection agencies in the EU to probe any transfer of personnel data from the EU to the US. It holds that the EU Commission has no power to restrict the competency of the national data protection agencies in the EU. According to the court the Safe-Harbour rules contain no restrictions of the rights of US agencies to access and process the data. The Safe-Harbour agreement therefore does not prevent violation of basic rights of the affected individuals. It also provides no effective procedures for the individuals to seek legal protection.  

Thursday, 24 September 2015

Right To Forget Against Internet Archive

OLG Hamburg 7 U 29 / 12

The higher regional court of Hamburg, Germany, recently handed down a judgement that in its essential legal findings could well be adopted by courts across the EU in the future.

The court had to decide a case in which a national newspaper maintained on its website also an online archive containing articles of an older past. The plaintiff requested the deletion of an article in that archive about a closed investigation into a potential criminal offence by him, which  could be found by simply typing his name in an online search engine.

Weighing up the newspaper's protection under freedom of information and the plaintiffs right of privacy not to be infinitely associated with a potential crime the investigation into which had been closed by just typing his name into any online search engine the court found that both rights are protected if it is only possible and thereby permitted to find the article about the investigation by undertaking a much more detailed search online by place, date and other circumstances and not just by typing his name. 

Data Protection And ICO Transferred To Department For Culture, Media and Sport

The policy responsibility for data protection and the sponsorship of the UK Information Commissioner's Office ICO has been transferred to the Department for Culture, Media and Sport on 17th of September, previously held by the Ministry of Justice. The Information Commissioner commented that it made sense  for the ICO to be connected to debates around the digital economy for which the Department for Culture Media and Sport has responsibility.

Wednesday, 26 August 2015

ICO's First Enforcement Action Against Google for Right To Be Forgotten

The UK’s Information Commissioner’s Office (ICO) has made what appears to be its first "right to be forgotten enforcement action against Google Inc. The ICO issued the notice on 18 August 2015, ordering Google to remove nine links to news stories about an individual’s criminal offence committed almost a decade ago.
Google has 35 days from the date of the enforcement notice to remove the links from its search results when the individual’s name is searched, or, Google will face further enforcement action. Google has the right to appeal to the U.K.’s First-tier Tribunal (Information Rights) against the notice but, so far, the company has refused to comment on whether or not it will appeal.

Tuesday, 2 June 2015

Adblock Software Is Legal

District Court Hamburg 416 HK O 159 / 14District Court Munich 37 O 11637 / 14

The German Adblock Plus software of Eyo GmbH, which is freely downloadable from the internet and which enables the internet user to block advertisements of the website being visited, has caused major German media companies such as RTL, ProSieben Sat1, Axel Springer, Zeit Online or Handelsblatt to take legal actions at the district courts in Hamburg, Munich and Cologne. The legal issues mainly touch on unfair competition, copyright infringement and anti-trust violation. As these legal matters are quite similarly regulated across EU member states by EU law the decisions by the German courts and argumentations contained in them are of interest for English jurisdiction.

The Hamburg District Court went first and found that the company does not infringe the rules of fair competition because it allows the user of the software to freely decide by its setting options whether to block advertisements at all or particular ones. It is therefore the user who blocks the ad.

The Munich District Court followed the argument of the judges in Hamburg and added that the company does not take part in an infringement by the user of the website owner´s (plaintiffs´) copyrights. The mere visit of the free websites while using the adblock software does not constitute the infringing use of copyrights contained in the website. Also, the company does not violate anti-trust law because its software has not a major market share at this juncture. 

Wednesday, 29 April 2015

ECJ Confirms 210m Euros Fine Against LG Display For Pricing Cartel

ECJ C - 227 / 14 P

The European Court of Justice confirmed the fine of 210 million Euros issued by the European Commission against LG Display in 2010 for creating a pricing cartel for LCD panels in the years 2001 to 2006. 
One of the main questions in this proceeding was if LG Display, which was owned by LG Electronics and Philips, was only an entity of another group company and hence its sales to its mother companies for a fixed price was only an internal matter rather then the external creation of a pricing cartel.

The court found that LG Display did not form a vertically integrated group company with LG Electronics and Philips as the various levels of production and sales were not integrated into one. The sales to those mother companies by LG Display were therefore to be seen as transactions with external parties which had to comply with unfair competition law.

Thursday, 9 April 2015

UK Serious Fraud Office Fined For Breach Of Data Protection

The Information Commissioner’s Office (ICO) has issued a fine of £180,000 against the Serious Fraud Office after a witness in a serious fraud, bribery and corruption investigation was mistakenly sent evidence relating to 64 other people involved in the case.
The Serious Fraud Office’s investigation focused on allegations that senior executives at BAE Systems had received payments, including two properties worth over £6 million, as part of an arms deal with Saudi Arabia. The case was closed in February 2010.

Friday, 3 April 2015

Non-Pecuniary Damages For Data Protection Violation

Google Inc. v. Vidal, Hann, Bradshaw [2015] EWCA Civ 311

The Court of Appeal had to decide whether individuals could claim compensation for damage and distress caused by Google's data protection violation. 
Three individuals complained that Google had collected private information about their internet usage without their knowledge or consent.

The Court held that Article 23 of the EU Directive 95/46/EC does not distinguish between pecuniary and non-pecuniary damage and therefore Section 13 of the Data Protection Act had to be interpreted accordingly. 

IPO Advice On Exhibition Of Protected Works

The UK Intellectual Property Office has published a guidance on the public exhibition of copyright works, aimed at libraries, museums, galleries and other institutions which may wish to exhibit works which are copyright protected.  The notice is informative and outlines the difference between having literary, dramatic, artistic or musical works on public display, a legitimate act not infringing copyright laws, and performing these works in public, which could constitute copyright infringement.

UK Government Report On Cyber Insurances

The UK Government published a report regarding the management and mitigation of cyber security risks with cyber insurance.

It details how insurers and insurance can play a role in reducing cyber security risks. The government report notes that there is a lack of awareness that insurance is available for cyber risk and recommends that firms review their cyber risk management to include a board-level assessment for cyber risk, and draw up recovery plans and use stress testing to confirm financial resilience against cyber threats. The report also gives details of its new industry supported scheme, Cyber Essentials, which was developed as part of the UK’s National Cyber Security Program and guides businesses in protecting themselves against cyber threats

2015 UK Budget To Fund Key Technologies

UK Chancellor George Osborne announced a number of measures affecting the digital and technology sectors in the Budget.
Among others the government plans to invest up to £600m to reallocate spectrum so as to open up the 700 MHz spectrum for further use in 4G networks, and to improve 4G coverage nationwide. Investment of £100m over five years in ‘intelligent mobility’, including driverless car technology, is planned which will be matched by the industry itself. An investment of £40m in research into the Internet of Things, which will provide a research incubator, demonstrator programmes to encourage new ideas, and research hubs. The research aims to focus in particular on IoT applications in health and smart cities. The UK also will apply anti-money laundering regulations to digital currencies.Funding for research into both the risks and opportunities of digital currencies will also be increased by £10m.

Friday, 20 March 2015

FCA Guidance On Financial Promotions On Social Media

The UK’s Financial Conduct Authority (FCA) has published a guidance on using social media for financial promotions.
The FCA made it clear that they understand the power of social media as a communication tool and the benefit it can have for both firms and their customers. It also emphasised that any communications via social media had to meet the FCA’s requirements of being, among other things, “fair, clear and not misleading” in exactly the same way as traditional media.
The guidance is a reminder that any communication, also on social media, is likely to be deemed a financial promotion if it includes any invitation or inducement to engage in financial activity. One of the challenges provided by social media, as opposed to the more traditional forms of communication, is that of controlling who receives any promotion.

Monday, 2 March 2015

1 Billion Data Records Compromised In 2014

Data breaches increased 49% with almost 1 billion data records compromised in 1,500 attacks in 2014 – a 78% increase in the number of data records either lost or stolen in 2013, a new report by leading digital security firm Gemalto reveals. The Netherlands-based firm said about 575 million records were compromised in 2013.

Identity theft was by far the largest type of attack, with 54% of the breaches involving the theft of personal data, up from 23% in 2013.
Among the largest data thefts incurred by companies in 2014 were retail chain Home Depot with 109 million records containing email addresses stolen in a hacker attack, financial service provider Morgan Stanley suffered an identity theft with 83 million records being stolen and online market place Ebay lost 145 million records in an identity theft.
In Europe the UK was affected by the majority of incidents with 109 breaches. In comparison Germany incurred only 7 recorded data breaches.

Wednesday, 25 February 2015

UK Investigatory Powers Tribunal Declares Activities Regarding Prism/Upstream Intelligence Programs Legal

Investigatory Powers Tribunal:  [2014] UKIPTrib 13_77-H and [2015] UKIPTrib 13_77-H

The Investigatory Powers Tribunal of the UK is a court which investigates and determines complaints of unlawful use of covert techniques by public authorities infringing individuals' right to privacy and claims against intelligence or law enforcement agency conduct which breaches a wider range of human rights.

The Tribunal has handed down judgement in relation to the regime governing the soliciting, receiving, storing and transmitting by UK authorities of private communications in a case brought by human rights groups like Liberty, Privacy International and Amnesty International against the intelligence agencies in respect of alleged interception activity involving UK and US access to communications, the NSA "Prism" and "Upstream" programmes, as mainly revealed by the former member of the US intelligence services, Edward Snowden. 

The Court held that those alleged interception activities are compliant with Articles 8 and 10 of the European Convention of Human Rights from the time of the trial but not before it. It argued that in principle the activities have been compliant with the legal requirements with the one exception of the need to provide a sufficiently accessible indication to the public of the legal framework and any safeguards. The disclosures made by the authorities in this public trial fulfilled that obligation to the satisfaction of the court. 

Tuesday, 24 February 2015

Google Agrees With ICO Further Changes To Its Privacy Policy

The Information Commissioner's Office has required Google to sign a formal undertaking to improve the information it provides to people about how it collects personal data in the UK. The ICO found that the search engine was too vague when describing how it uses personal data gathered from its web services and products combined.

Google introduced a new privacy policy in March 2012 combining around 70 existing policies for various services, but the group of the national data protection officers in the EU ruled that the new policy did not include sufficient information for service users as to how and why their personal data was being collected.
For the UK Google has now signed an undertaking committing with the ICO to make further changes to the privacy policy to ensure it meets the requirements of the Data Protection Act and to take steps to ensure that future changes to its privacy policy comply, including user testing.

Tuesday, 17 February 2015

Final Report By Advisory Council To Google On Right To Be Forgotten

Google has published the report of the findings by its Advisory Council on the right to be forgotten. The core of the report is a catalogue of criteria that Google is advised to apply when an individual asks for links to be removed from the search engine index. It does not contain any guidance though how to rank and prioritize those criteria. The EU is currently working on a Regulation to address this subject. Link

PAC Resolution Against Mass Surveillance by US and UK

The Parliamentary Assembly of the European Council, a statutory organ of the European Council which among others selects the Secretary General of the European Council and the judges of the European Court of Human Rights, has issued a resolution against mass surveillance by countries such as the "five eyes" partners US, UK, Canada, Australia and New Zealand. Such practice would jeopardize basic human rights. 

The resolution bases its conclusion mainly on findings triggered by the revelations of the former member of the US Intelligence Edward Snowden. It holds that mass surveillance by those countries has not efficiently prevented terrorist attacks or organised crime. But the collected information has been abused for terrorist attacks, business espionage and massive violation of citizens' privacy. It demands modification of national laws and international treaties on the gathering of intelligence.

Monday, 16 February 2015

Dismissal For Private Tweets

Dismissal for gross misconduct by an employer where an employee has posted offensive  tweets on their private Twitter account was backed by the Employment Appeals Tribunal (Mr. Laws ./. Game Retail Ltd.). The EAT did not  believe that the employee in this case could ever have considered his offensive tweets to be  private, given that he knew that he was followed by many co-employees by their Twitter  accounts which again were followed by customers of the employer. 

UK Government Reviews Driverless Cars

The government wants the UK to become a leading country in driverless technology.

It will publish a code of practice in spring which will allow the testing of autonomous cars to go ahead. Changes to road regulations and car maintenance checks will be necessary to accommodate driverless cars on the roads of the UK, a Department of Transport report has confirmed. Self-drive pods that will be tested in Milton Keynes and Coventry have been unveiled for the first time.

A full review of necessary legislative changes is to be undertaken by 2017.