June 25, 2019

June 24, 2019

Subscribe to Latest Legal News and Analysis



Austrian Court Rejects Facebook Privacy Case

The Vienna Regional Court has found that a European “class action” against Facebook is not admissible on procedural grounds. Mr Schrems, an Austrian law student, is suing Facebook for €500 (US$557) in damages for each of the suit’s participants, for a total of €12.5 million in damages, arguing that Facebook has breached EU rules on data protection. The Vienna court stated that it didn’t have jurisdiction in the case because Mr Schrems used Facebook for professional reasons and therefore can’t be considered a consumer.

It also said the class-action-style lawsuit that he is planning can’t be brought before an Austrian court. Mr Schrems has announced that the case will be appealed to the Austrian Higher Regional Court. 


Belgian Constitutional Court Dismisses Data Retention

In a recent ruling, the Belgian Constitutional Court declared the Belgian law on data retention invalid. The law in question implemented the EU directive on data retention that was declared invalid by the European Court of Justice in 2014. The constitutional courts of Germany, Bulgaria and Netherlands have already dismissed similar national data retention laws.


China Adopts New Law on National Security

On July 1 2015, China’s top legislature adopted a new national security law highlighting cybersecurity and demanding the establishment of a coordinated, efficient crisis management system. The new law, which will be signed into force by President Xi Jinping on July 8, 2015, covers a wide spectrum of areas including defence, finance, science and technology, culture and religion. Outer space activities and assets, as well as those at ocean depths and in polar regions are also covered by the new legislation. The new law also includes a clause on cyberspace sovereignty, making the Internet and IT, infrastructure, information systems and data in key sectors “secure and controllable.”


Article 29 Data Protection Working Party Publishes Opinion on Utilisation of Drones

The Article 29 Data Protection Working Party has published an opinion, adopted on 16 June 2015, which provides guidelines to address the data protection rules in the context of drones. The opinion covers, amongst others, the risks in terms of safety, third party liability and privacy, the obligations which should be met before operating a drone and recommendations to European and national policy makers for the strengthening of a framework which guarantees respect for all fundamental rights at stake.

Member States Must Publish Lists of Beneficiaries of Agricultural Payments

According to new EU transparency rules that have been in force since 1 June 2015, EU Member States are obliged to publish lists of beneficiaries of agricultural payments. Such lists must be published by each Member State’s Ministry of Agriculture. They need to include the name of the beneficiary, the amount of the payments and a description of the project in question. These rules are part of the 2013 reform of the Common Agricultural Policy. They also belong to the broader objective of the Commission to improve transparency regarding the use of the EU budget. However, the transparency of agricultural payments must be balanced with the protection of the beneficiaries’ personal data, the Commission stated.


German Draft Law on Data Retention

As required by the Directive 98/34/EC, the German Federal Government has notified the draft law on data retention to the EU Commission. The draft stipulates that telecommunication providers must retain data like phone numbers, time and place of communication, and IP addresses for four or 10 weeks. After expiry of the retention period, the data retained must be deleted, according to the draft. The EU Commission and EU Member States can comment on the draft within three months (till 7 September 2015). Considering the ECJ ruling on data retention, critical statements on the draft can be expected.

In a joint resolution, German data protection officers took a critical stand towards the draft law. The officers expressed serious doubts whether the draft is compatible with German constitutional and EU law, particularly basic rights such as secrecy of telecommunication and privacy. The Conference suggests discussing the draft law in an open debate with broad public participation.

Hessian Privacy Commissioner Calls for Stricter Legislation on Data Fencing

The Hessian Privacy Commissioner, Eva Kühne-Hörmann, has criticized the federal draft law on the introduction of data fencing as a criminal offence for being too soft. According to Kühne-Hörmann, important elements of the Hessian legislative initiative like criminal penalties higher than two or three years of imprisonment are missing in the federal draft law. Kühne-Hörmann sees the need to react more decisively to the tendency that hacking becomes more and more international and professional. Citizens thus need to be better protected in areas like telecommunication, digital payment and social networks.

Federal States Testing Police Body Cameras

In a press release, the Rheinland-Pfalz Ministry of the Interior announced that the use of open body cameras (bodycams) by specially trained policemen will be tested from 1 July 2015. According to the Ministry, this pilot project shall find a solution for the growing violence against policemen. Bodycams are supposed to be a preventive and de-escalating measure particularly in inspections. Rheinland-Pfalz is the second Federal State after Hessen to introduce police bodycams. The implications for data privacy law are yet to be seen.


Information Commissioner’s Office Publishes Annual Report for 2015

The Information Commissioner’s Office published their latest annual report on 1 July 2015. In the report, Information Commissioner Christopher Graham points to the strengthening of his regulatory powers to show how data protection legislation continues to develop. The report focuses on what the ICO has achieved in the past year, including being given powers to compulsorily audit NHS bodies for their data handling, making it an offence to force a potential employee to make a subject access request and changing the law to make it easier to issue fines to companies behind nuisance calls and texts.

© Copyright 2019 Squire Patton Boggs (US) LLP


About this Author

Mark Gleeson, Data Protection, Privacy, attorney, Squire Patton Boggs law firm

Mark is a partner in London specialising in data protection, privacy and freedom of information.

Mark has considerable experience of advising leading private and public sector organisations, both nationally and internationally, on information law. He advises on both a compliance and strategic basis. 

He has advised on and managed a large number of multi-jurisdictional data projects. 

He has particular expertise in advising on the exploitation and monetisation of information including the use of data including behavioural and location information....

+44 20 7655 1465
Annette Demmel, Information Technology Attorney, Squire Patton Boggs Law Firm

Dr. Annette Demmel is a partner in our Data Privacy & Cybersecurity Practice Group in Berlin. For 20 years, Annette has advised national and international businesses in privacy law, technology law, telecommunications law, intellectual property law, media law and competition law.

In particular, she leads the implementation of privacy compliance programs and centralized software systems, and provides advice on policy and regulatory issues arising in the electronic communications and internet sectors. Annette also advises clients on legal issues relating to profiling and online marketing business models.

She often acts as an external data protection officer. She also represents our clients in both in court and out-of-court disputes, often in matters involving cross-country issues.

  • Advising a multinational company on the outsourcing of the group IT services; negotiations with local Works Councils regarding privacy and co-determination rights with regard to cloud services and centrally managed solutions.
  • Project management for a multinational company on the implementation of privacy compliance solutions involving newly acquired companies in 20+ countries.
  • Advising a major international advertising holding on business models based on profiling and behavioral targeting.
  • Implementing cloud-based HR solutions in various international groups in more than 40 countries; leading negotiations with local data protection authorities and Works Councils.
  • Providing ongoing monitoring and analysis for a global communications provider, covering a broad range of telecommunications regulatory and competition law issues, including BNetzA market reviews and implementation of SMP obligations, abuse of dominance proceedings, spectrum policy, net neutrality and e-privacy.
  • Advising a US-based marketing company with one of the world’s largest databases for consumer marketing on data protection and serving as an external data protection officer for their German enterprise.
  • Advising an international electronics group on legal aspects of data security and data breaches.
  • Moderating roundtable discussions for the social media strategy and implementation in one of the world's best-known companies.
  • Structuring innovative e-business and entertainment platforms, and advising on internet-related data protection issues.
  • Defending an architect's copyright on a striking, contemporary building in Germany.
  • Representing a former state-owned company in several judicial IT legal matters.
+49 30 72616 8226
Anthony Van der Hauwaert, Squire Patton Boggs, Finance Transactions

Anthony Van der Hauwaert heads the Belgian practice of Squire Patton Boggs, and concentrates on corporate and finance transactions, with particular experience in cross-border and domestic mergers and acquisitions, private equity and project finance transactions. Anthony has also significant commercial real estate and employment law expertise. 

322 627 11 20