The Irish Data Protection Commissioner has been forced to step in after it was revealed that a government online portal exposed citizens’ personal information, potentially putting it in the hands of identity fraudsters. The irishgenealogy.ie site inadvertently allowed users to build up detailed profiles of citizens free of charge and in just a few clicks – perfect fodder for cybercriminals.
We will talk with France about how we can maintain a high level of data protection. Above all, we will discuss which European providers we have who offer security to citizens. So that you don't have to cross the Atlantic with emails and other things, but also can build up communication networks within Europe, said Merkel.
A group of experts will develop a catalogue of surveillance technologies purchased by Polish public institutions and list of companies delivering them. The experts will also analyse existing legal framework and verify whether Polish public institutions acted lawfully or not. Finally, there will be a comparison between the results of this research and the reports documenting security-industrial complex in other countries.
As previously reported in the EDRi-gram, the Romanian Constitutional Court (CCR) ruled in its decision no. 440 on 8 July 2014 that the second Romanian data retention law (no. 82/2012) was not constitutional. The full reasoning for this was published in the Official Journal on 4 September 2014 in Romanian. EDRi-member ApTI is working on the translation of the text, and an English version will follow soon.
The French data protection authority (CNIL) released - on 19 May 2014 - its 2013 Annual Report, detailing its activities for the past year. Additionally, the CNIL published its 2014 strategy on 29 April 2014, outlining the key focus areas in the year ahead. The CNIL stated that it aims to increase privacy audits from 414 in 2013 to 550 in 2014 - an increase of 33%.
The judgment of the Court of Justice of European Union (CJEU) of 13 May 2014 Google Spain SL and Google Inc. v Agencia Española de Protección de Datos (AEPD) and Mario Costeja González (C-131/12) sets a milestone for EU data protection in respect of search engines and, more generally, in the online world.
It grants the possibility to data subjects to request to search engines, under certain conditions, the delisting of links appearing in the search results based on a person’s name.
On Wednesday 26 November, the European data protection authorities assembled in the Article 29 Working Party (WP29) have adopted guidelines on the implementation of the CJEU’s judgment. These guidelines contain the common interpretation of the ruling as well as the common criteria to be used by the data
protection authorities when addressing complaints.