This site would like to set some non-essential temporary cookies. Some cookies we use are essential to make our site work.
Others such as Google Analytics help us to improve the site or provide additional but non-essential features to you.
No behavioural or tracking cookies are used.
To change your consent settings, read about the cookies we set and your privacy, please see our Privacy Policy

Data Protection Leader

Volume: 11 Issue: 12
(December 2014)


The Article 29 Working Party (WP29) adopted, on 26 November 2014, a working document setting forth a cooperation procedure amongst data protection authorities (DPAs) on the use of model contractual clauses (‘the Working Document’). / read more

The United Nations (UN) adopted a Resolution, on 25 November 2014, on the protection of digital privacy (‘the Resolution’) which urges governments to offer redress to citizens targeted by mass surveillance. The Resolution, put forward by Brazil and Germany, is non-binding, however, it does carry political weight and helps shape the debate surrounding online privacy as a human right. / read more

New Zealand’s Privacy Commissioner (‘the Commissioner’) issued a policy (‘the Policy’), which took effect on 1 December 2014, outlining its willingness to routinely publish the names of ‘agencies’ following data breaches or non compliance with the law. Individuals, public bodies and private entities holding personal information are categorised as ‘agencies’ under the Privacy Act 1993 (‘the Act’) and could therefore be affected by the Policy. The Commissioner’s stated motivation for introducing the Policy is to become a ‘more effective regulator.’ / read more


You know a matter is serious when a top international tribunal takes upon itself to change the course of society. This year, three rulings of the Court of Justice of the European Union (‘the Court’), the highest judicial authority of the EU, show its grave concern for the data-hungry world in which we live and its desire to change it. Each of these rulings targets a different audience – the state, the corporate world and the citizen – but all of them uphold the role of privacy as a right that is threatened by our tech-driven existence. The effects of these decisions go beyond the pure legal technicalities of interpreting European data protection law because their consistent message is that society as a whole, in the EU and elsewhere, should be less tolerant of and more concerned about our dependence on data. / read more

Since the ruling of the European Court of Justice (CJEU) on 13 May 2014 in Google Spain SL, Google Inc. v Agencia Española de Protección de Datos, the privacy community has been discussing the controversies, practicalities and ramifications of the decision. Most recently, the Article 29 Working Party (WP29) adopted, on 26 November 2014, guidelines on the implementation of the decision, highlighting that in any case de-listing should also be effective on all relevant .com domains. Data Protection Law & Policy had the opportunity to speak with Joaquín Muñoz Rodriguez, Partner at Abanlex Abogados, who acted on behalf of Mario Costeja González and the lawyer behind this landmark decision. / read more

There has been an explosion of new data privacy regulation across the Asia Pacific region in recent years, and the challenge now facing multi-national businesses operating there, is to find practical compliance solutions to satisfy the myriad rules and requirements now in force across the region. Mark Parsons and Peter Colegate, Partner and Associate respectively at Hogan Lovells, Hong Kong, provide insight on recent legislative changes and the ways in which businesses can meet their compliance obligations. / read more

In 2006, professional model María Belén Rodríguez, claimed that Google and Yahoo! violated her right to privacy, her own image right, and that they were engaging in defamation, as her name was linked to web pages with sexual content. Francisco Arturo, Attorney at Brons & Salas Abogados, examines the recent decision from the Supreme Court of Argentina regarding search engines’ liability for unlawful third-party content appearing in search results. / read more

Matteo Colombo, President of ASSO DPO, the Italian Association of Data Protection Officers and external Data Protection Officer (‘DPO’) for a number of multinational companies, comments on his obligations, challenges and concerns as a DPO. This article forms part of a monthly feature for Data Protection Law and Policy, which provides an in-house perspective on privacy. / read more

In 2013, Eduardo Ustaran, Partner at Hogan Lovells LLP and Editor of Data Protection Law & Policy, published a book on The Future of Privacy, which discussed how the implications of devising an effective framework to regulate the use of personal information is crucial for the future of humanity, our freedoms and our economic wellbeing. Ustaran argued that in order to get the balance right, policy makers, regulators and organisations need to address the specific challenges presented by rapidly evolving technology, the increasing value of personal information and the globalisation of data-reliant activities. A year on, the power and value of Ustaran’s book has not diminished, particularly with the ongoing discussions at EU level about the data protection reform, the unresolved questions around Safe Harbor and the ever increasing data flows across the globe. Below is an extract from The Future of Privacy, which tackles the pertinent question of data globalisation, among others. / read more

In November 2014, the Connecticut Supreme Court decided in the case of Byrne v. Avery Center for Obstetrics and Gynecology, P.C. [2014] (the ‘Byrne Case’), that an action for negligence arising from health care providers’ breach of patient privacy is not preempted by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The decision reversed a previous trial court decision, which concluded that Ms Byrne’s state law claims for negligence and negligent infliction of emotional distress were preempted by HIPAA. Michael J. Kline and Elizabeth G. Litten, Partners at Fox Rothschild LLP, discuss the implications of the Supreme Court Decision that allowed HIPAA to be used as a basis for state negligence by a plaintiff. / read more

About Data Protection Leader:

The monthly law publication which covers all aspects of data protection and data privacy. Topics covered include data transfers and outsourcing, data localisation and retention, the EU General Data Protection Regulation (GDPR), the e-Privacy Directive, data security, marketing and behavioural advertising, consent, employee monitoring, privacy compliance, risk management, DPO responsibilities, accountability, Privacy by Design, acquisition and mergers, the Internet of Things, cloud computing and Big Data / read more

Search Publication Archives

Our publication archives contain all of our articles, dating back to 2004.
Can’t find what you are looking for?
Try an Advanced Search

Log in to data protection leader
Subscribe to data protection leader
Register for a Free Trial to data protection leader
data protection leader Pricing

Social Media

Follow data protection leader on TwitterView data protection leader LinkedIn Profiledata protection leader RSS Feed