Tagged: Data Protection

Joined Cases C-446/12 – 449/12 Willems: The CJEU washes its hands of Member States’ fingerprint retention

By Eduardo Gill-Pedro

When is the Charter of Fundamental Rights of the EU applicable to a Member State measure? In C-446/12 – 449/12 Willems the CJEU held that a Member State which stores and uses fingerprint data, originally collected in compliance with Regulation No 2252/2004, but which the Member State then uses for purposes other than those stipulated in the Regulation, is not acting within the scope of EU law, and therefore is not bound by the Charter. This case appears to indicate a retreat by the Court from the expansive interpretation of the scope of application of the Charter which it had previously laid down in C-617/10 FranssonContinue reading

Top 10 Most Read Posts of the Year

With the end of the third year of operation of the European Law Blog approaching, it is once again time to take a brief look back at the most popular posts of the year. Based on our Google Analytics statistics and keeping in mind that there is a certain bias in favour of older posts which have had more time to become popular, we receive the following little tour d’horizon of EU law… Continue reading

Walking the Data Protection Tightrope: The Google Privacy Policy Investigations

On 2 April 2013, Data Protection Authorities (DPAs) in six EU Member States (France, Germany, Italy, the Netherlands, Spain and the United Kingdom) announced the launch of an official investigation regarding the compliance of Google’s revamped privacy policy with national data protection rules.

This announcement came over one year after the EU’s advisory body on data protection – the Article 29 Working Party – first contacted Google regarding the changes to its privacy policy which came into force on 1 March 2012. Since this first contact, Google formally responded to two questionnaires sent on behalf of the Article 29 Working Party and based on its responses, the Working Party sent Google a letter attaching its main findings and recommendations in October of last year.

Google’s new privacy policy effectively merges the individual privacy policies which were previously in place for Google services. Therefore, rather than having separate privacy policies for services such as Gmail, Google +, Google Maps and YouTube, users of Google services can now access one comprehensive document outlining Google’s privacy policy for all services. ‘Sounds wonderful’ you may be thinking: however, not so, according to national DPAs in the EU. This amalgamated privacy policy may be problematic from a data protection perspective for two (overlapping) reasons: its alleged lack of transparency and the data pooling it facilitates. Continue reading