September 18, 2021

Volume XI, Number 261


September 17, 2021

Subscribe to Latest Legal News and Analysis

September 16, 2021

Subscribe to Latest Legal News and Analysis

Weekly Data Privacy Alert – 4 September 2017


The European Court of Human Rights (ECtHR) Finds That Monitoring and Accessing an Employee’s Electronic Communications is in Violation of Article 8 of the  European Convention

On 5 September 2017, the ECtHR ruled that the Romanian courts had failed to protect an employee’s right to a private life when he was dismissed for using company resources for personal purposes without being informed in advance of the extent and nature of his employer’s monitoring, nor of the possibility that the employer might have access to the actual contents of his message. It was found that the Romanian courts had not examined the scope of the monitoring and the degree of the intrusion into the employee’s privacy nor whether the aim pursued by the employer could have been achieved by less intrusive methods. These points, amongst others, led the ECtHR to conclude that there had been a violation of Article 8 of the European Convention (right to respect for private and family life, the home and correspondence).


The CNIL Publishes the List of Registration Formalities Completed Since 1979

The CNIL has published on its website lists of all registration formalities carried out by data controllers since 1979, which are updated weekly. It was previously only possible to find a limited number of the formalities carried out on Légifrance, mainly those for which processing requires prior authorisation from the CNIL. For any other formality carried out by a data controller, one had to request this information from the CNIL. From now on, this information is publicly available. However, these lists do not contain all the information provided by the controller in the course of his registration or application for authorisation.

This may be an opportunity for some data controllers to verify their state of compliance and whether all required registrations have been carried out. Once the GDPR comes into force in May 2018, most of these formalities will no longer be required and will be replaced by accountability obligations. However, a grace period will be put in place for processing activities for which the formalities have been completed (and which comply with the GDPR), as is the case for those that will require a Data Protection Impact Assessment, possibly followed by a consultation with the CNIL.


Brexit: The EU Data Protection Package

The European Union Committee of the UK’s House of Lords published its paper earlier this summer, Brexit: the EU data protection package. This paper urges the UK government to implement its goal to maintain unhindered and uninterrupted data flows between the UK and EU after Brexit, and examines the options available to ensure that this occurs. It warns that data flows have become very valuable to cross-border business and that it is important to establish an adequate framework in order to ensure the success of EU-UK trade.

© Copyright 2021 Squire Patton Boggs (US) LLPNational Law Review, Volume VII, Number 256

About this Author

Philip Zender, Technology Transactions, Brands Management, Intellectual Property, Squire Patton Boggs, San Fransisco

Philip R. Zender is the US practice group leader of the Technology Transactions and Brands Management groups within the firm’s Intellectual Property & Technology Practice, as well as the Media & Brands Industry Group. He also co-leads the firm’s global Data Privacy & Cybersecurity group.

415 393 9827
Francesca Fellowes Data Privacy & Cybersecurity Attorney Squire Patton Boggs Leeds, UK

Francesca Fellowes is a director in our Data Privacy & Cybersecurity team based in our Leeds office. She has a wealth of experience in advising on a wide spectrum of data privacy issues, including managing large-scale projects involving multiple data flows and advising on commercial arrangements involving complex issues of data ownership and use.

She is particularly experienced in managing cross-jurisdictional data privacy compliance projects for multinational clients, which deal with the compliance required throughout the client’s group, relating for example, to global HR...

44 113-284-7459
Stephanie Faber International Business Attorney Squire Patton Boggs Paris, France
Of Counsel

Stephanie Faber heads the Data Privacy & Cybersecurity Practice and the Intellectual Property & Technology Practice in the Paris office. She specialises in international business law, with more than 20 years of experience. Her legal practice encompasses business transactions and operations, as well regulatory and compliance work.

In relation to the Data Privacy & Cybersecurity Practice, Stephanie advises on:

  • GDPR gap assessment and compliance programs
  • Data breach management and notification
  • Database creation, international...
33 1-5383-7400
Dr. Annette Demmel Data Privacy & Cybersecurity Attorney Squire Patton Boggs Berlin, Germany

Dr. Annette Demmel is a partner in our Data Privacy & Cybersecurity Practice Group in Berlin. For 20 years, Annette has advised national and international businesses in privacy law, technology law, telecommunications law, intellectual property law, media law and competition law.

In particular, she leads the implementation of privacy compliance programs and centralized software systems, and provides advice on policy and regulatory issues arising in the electronic communications and internet sectors. Annette also advises clients on legal issues relating to profiling and online...

49 30-72616-8226
Caroline Egan Lawyer Squire Patton Data Protection

Caroline has extensive experience in commercial and information technology matters. Her particular specialism is UK and crossjurisdictional data protection and privacy law and UK freedom of information law. She regularly advises global clients on international transfers of data, and UK clients on complex and sensitive data protection and freedom of information issues. She also advises on major IT procurement and outsourcing projects.

Caroline lectures on domestic and cross-jurisdictional data protection issues, and was named a notable...