Earlier this week, the Court of Justice of the European Union delivered its judgement on the legality of the UK & Swedish data retention and surveillance laws. They confirmed their ruling from 2015 that general monitoring is illegal, that retention must be specific and is only allowed to combat serious crimes, that access to surveillance records must be authorised by independent authorities and that EU data subjects must be have access to legal remediation if their rights to privacy are breached. The Guardian report on it here, the Independent here ,the Register here and even the Daily Mash comments here. The UK’s Investigatory Powers Act also gives the government the right to mandate backdoors in UK operated communications products; these powers may also fall foul of the prohibition on general monitoring and the need for independent review. While the ruling is specific to the UK’s DRIPA law, which has now been replaced by the Investigatory Powers Act, it poses a clear challenge to the legality of the new Law.
Monthly Archives: December 2016
In a blog at my employer’s site I looked at how to become compliant with the EU’s General Data Protection Regulation. Regulations are the Law in all the member states, and members of the European Economic Area. The article looks at the issues of consent, the new data subject rights, privacy by design, the meaning of adequate protection and new public accountability via the duty to report breaches and to appoint a professional data protection officer.