Tagged: Article 29 Working Party

A FRAGMENTATION OF EU/ECHR LAW ON MASS SURVEILLANCE: INITIAL THOUGHTS ON THE BIG BROTHER WATCH JUDGMENT

By Theodore Christakis

Last week, the European Court of Human Rights (ECtHR) issued an important, highly anticipated judgment, condemning the United Kingdom for its mass surveillance program.

Following Edward Snowden’s revelations regarding the United States-United Kingdom intelligence surveillance and intelligence sharing programme, 16 organizations and individuals (including the NGO Big Brother Watch) filed an application against the United Kingdom before the ECtHR. The 212page-long judgment published on September 13, 2018 is rich and deals with a great variety of important issues. Several among them are directly linked to some major legal questions examined in the past by the Court of Justice of the European Union (CJEU) or currently pending before it – not to mention the ongoing debate about whether the EU-US data transfer agreement known as Privacy Shield provides an “adequate level of protection”. The objective of this piece is to provide some first thoughts focusing on the strategic place of this judgment in the European legal landscape. Continue reading

Walking the Data Protection Tightrope: The Google Privacy Policy Investigations

On 2 April 2013, Data Protection Authorities (DPAs) in six EU Member States (France, Germany, Italy, the Netherlands, Spain and the United Kingdom) announced the launch of an official investigation regarding the compliance of Google’s revamped privacy policy with national data protection rules.

This announcement came over one year after the EU’s advisory body on data protection – the Article 29 Working Party – first contacted Google regarding the changes to its privacy policy which came into force on 1 March 2012. Since this first contact, Google formally responded to two questionnaires sent on behalf of the Article 29 Working Party and based on its responses, the Working Party sent Google a letter attaching its main findings and recommendations in October of last year.

Google’s new privacy policy effectively merges the individual privacy policies which were previously in place for Google services. Therefore, rather than having separate privacy policies for services such as Gmail, Google +, Google Maps and YouTube, users of Google services can now access one comprehensive document outlining Google’s privacy policy for all services. ‘Sounds wonderful’ you may be thinking: however, not so, according to national DPAs in the EU. This amalgamated privacy policy may be problematic from a data protection perspective for two (overlapping) reasons: its alleged lack of transparency and the data pooling it facilitates. Continue reading