July 23, 2018

July 23, 2018

Subscribe to Latest Legal News and Analysis

July 20, 2018

Subscribe to Latest Legal News and Analysis

Weekly Data Privacy Alert – 4 September 2017


The European Court of Human Rights (ECtHR) Finds That Monitoring and Accessing an Employee’s Electronic Communications is in Violation of Article 8 of the  European Convention

On 5 September 2017, the ECtHR ruled that the Romanian courts had failed to protect an employee’s right to a private life when he was dismissed for using company resources for personal purposes without being informed in advance of the extent and nature of his employer’s monitoring, nor of the possibility that the employer might have access to the actual contents of his message. It was found that the Romanian courts had not examined the scope of the monitoring and the degree of the intrusion into the employee’s privacy nor whether the aim pursued by the employer could have been achieved by less intrusive methods. These points, amongst others, led the ECtHR to conclude that there had been a violation of Article 8 of the European Convention (right to respect for private and family life, the home and correspondence).


The CNIL Publishes the List of Registration Formalities Completed Since 1979

The CNIL has published on its website lists of all registration formalities carried out by data controllers since 1979, which are updated weekly. It was previously only possible to find a limited number of the formalities carried out on Légifrance, mainly those for which processing requires prior authorisation from the CNIL. For any other formality carried out by a data controller, one had to request this information from the CNIL. From now on, this information is publicly available. However, these lists do not contain all the information provided by the controller in the course of his registration or application for authorisation.

This may be an opportunity for some data controllers to verify their state of compliance and whether all required registrations have been carried out. Once the GDPR comes into force in May 2018, most of these formalities will no longer be required and will be replaced by accountability obligations. However, a grace period will be put in place for processing activities for which the formalities have been completed (and which comply with the GDPR), as is the case for those that will require a Data Protection Impact Assessment, possibly followed by a consultation with the CNIL.


Brexit: The EU Data Protection Package

The European Union Committee of the UK’s House of Lords published its paper earlier this summer, Brexit: the EU data protection package. This paper urges the UK government to implement its goal to maintain unhindered and uninterrupted data flows between the UK and EU after Brexit, and examines the options available to ensure that this occurs. It warns that data flows have become very valuable to cross-border business and that it is important to establish an adequate framework in order to ensure the success of EU-UK trade.

© Copyright 2018 Squire Patton Boggs (US) LLP


About this Author

Philip Zender, Technology Transactions, Brands Management, Intellectual Property, Squire Patton Boggs, San Fransisco

Philip R. Zender is the US practice group leader of the Technology Transactions and Brands Management groups within the firm’s Intellectual Property & Technology Practice, as well as the Media & Brands Industry Group. He also co-leads the firm’s global Data Privacy & Cybersecurity group.

415 393 9827
Francesca Fellowes, Squire Patton Boggs, intellectual property attorney, multi-jurisdictional project lawyer, commercial business regulatory legal counsel
Senior Associate

Francesca Fellowes’ practice covers both commercial and intellectual property work. She has substantial experience in all aspects of non-contentious commercial work and specialises in both contentious and non-contentious intellectual property work.

She also has a specialist knowledge of data protection law and in particular, advising on the compliance aspects of and project-managing multijurisdictional projects for global clients.

Francesca trained at a media and entertainment law firm in London and has been at Squire Patton Boggs since qualification in 2001.

Of Counsel

Stéphanie Faber specialises in international business law, commercial law, data protection and consumer law. With 20 years of experience, Stéphanie’s legal practice encompasses advising on, drafting and negotiating contracts in the following areas:

  • Commercial contracts including distribution agreements, services and supply agreements, advertising agreements, logistic agreements, general conditions of sales and sponsoring agreements;

  • Joint ventures, transfer of businesses, assets or licenses;

33 1 5383 7400
Annette Demmel, Information Technology Attorney, Squire Patton Boggs Law Firm

Dr. Annette Demmel is a partner in our Data Privacy & Cybersecurity Practice Group in Berlin. For 20 years, Annette has advised national and international businesses in privacy law, technology law, telecommunications law, intellectual property law, media law and competition law.

In particular, she leads the implementation of privacy compliance programs and centralized software systems, and provides advice on policy and regulatory issues arising in the electronic communications and internet sectors. Annette also advises clients on legal...

+49 30 72616 8226
Caroline Egan, Squire Patton, Data Protection Lawyer, Privacy Matters Attorney

Caroline has extensive experience in commercial and information technology matters. Her particular specialism is UK and cross-jurisdictional data protection and privacy law and UK freedom of information law. She regularly advises global clients on international transfers of data, and UK clients on complex and sensitive data protection and freedom of information issues. She also advises on major IT procurement and outsourcing projects.

44 121 222 3386