This site would like to set some non-essential temporary cookies. Some cookies we use are essential to make our site work.
Others such as Google Analytics help us to improve the site or provide additional but non-essential features to you.
No behavioural or tracking cookies are used.
To change your consent settings, read about the cookies we set and your privacy, please see our Privacy Policy

Data Protection Leader

Volume: 6 Issue: 3
(March 2009)


The Council of the European Union rejected moves to extend the scope of a proposed EU security breach notification law beyond telecoms companies, in its amendment to the Privacy and Electronic Communications Directive 2002/58/EC (ePrivacy Directive), published on 16 February. The European Parliament (EP), backed by the European Data Protection Supervisor (EDPS), called for the change when it adopted its Opinion on the Directive on 24 September 2008. The Council's amendments were published as part of its Common Position with a view to the adoption of a Directive amending the ePrivacy Directive, the Universal Services Directive 2002/22/EC and the Regulation on consumer protection cooperation (EC) No 2006/2004. / read more

The Health Information Trust Alliance (HITRUST) - a coalition of healthcare companies and technology vendors, including Johnson & Johnson and Cisco Systems - released a Common Security Framework designed to safeguard electronic health information, on 2 March. The Framework was published in light of increased regulatory requirements placed on health organisations which encourages a shift from the use of paper medical records to electronic medical records, through the enactment of the American Recovery and Reinvestment Act of 2009 (ARRA). / read more

Social networking site Facebook announced that it will submit its new terms and conditions to users' revision and feedback on 26 February. Facebook will publish two documents - the Facebook Principles and the Statement of Rights and Responsibilities. / read more


If you are about to embark on a binding corporate rules (BCR) project, look away now. If you are a European data protection authority, please read on. The whole BCR concept is at risk and you must do something about it. Whilst much progress has been made since the BCR model was put forward as a suitable way to overcome the limitations affecting data transfers, particularly during the past nine to 12 months, the moment of truth is here. Both the European Commission and the Article 29 Working Party have repeatedly said that BCR provide a credible framework for safe transfers of data. BCR are, in fact, the Commission's great white hope for European-style data protection beyond the handful of countries that are regarded as 'adequate'. So now is the time to demonstrate that the EU data protection authorities are truly committed to the BCR idea. / read more

The Spanish data protection agency (AEPD) stated - in two recent cases - that capturing and recording images of individuals has an impact on individuals' fundamental right to the protection of personal data. Isabela Crespo Victorique, a Laywer at Gómez-Acebo & Pombo, analyses the AEPD's position on the recording or capturing of images and outlines how such data should be processed, and the consent that is required for such processing. / read more

The European Court of Justice has provided guidance to a Finnish court that the derogation in Article 9 of the Data Protection Directive that applies to journalistic freedom of expression, applies only where the sole object of publication is disclosure to the public of information. Francis Aldhouse, Russell Williamson and Kaisa Keski-Vähälä,of Bird & Bird, examine the case and its implications. / read more

Serbia's new Law on Protection of Personal Data entered into force on 1 January, and includes new requirements to submit information on the processing of personal data to authorities, as well as increased fines for non-compliance. Uros Popovic, an Associate with Bojovic Dasic Kojovic Advokati, examines the new legislation and the history of data protection in Serbia, which led to the need to update the law. / read more

Finland was recently found to be in breach of its obligations under Article 8 of the Convention for the Protection of Human Rights and Fundamental Freedoms by failing to provide effective protection of a child's rights, after a child's details were posted online in a false advertisement claiming he was looking for a sexual relationship. Francis Aldhouse, Russell Williamson and Kaisa Keski-Vähälä of Bird & Bird LLP, examine the ECHR's ruling and its potential implications. / read more

The Information Commissioner's Office recently released guidance on dealing with information requests under the Freedom of Information Act 2000 and the Environmental Information Regulations 2004. Grant S. Campbell, a Partner at Brodies LLP, outlines the key messages of the guidance, including how to deal with unclear requests for information. / read more

The US Department of Education recently issued new regulations on the Family Educational Rights and Privacy Act - in light of events which led to the killings of students at an American university - to give schools more flexibility about disclosing students' information from education records to deal with threats to the health or safety of students. Kirk J. Nahra and Kimberly L. Sikora Panza of Wiley Rein LLP, discuss the implications the new regulations will have on educational institutions. / read more

About Data Protection Leader:

The monthly law publication which covers all aspects of data protection and data privacy. Topics covered include data transfers and outsourcing, data localisation and retention, the EU General Data Protection Regulation (GDPR), the e-Privacy Directive, data security, marketing and behavioural advertising, consent, employee monitoring, privacy compliance, risk management, DPO responsibilities, accountability, Privacy by Design, acquisition and mergers, the Internet of Things, cloud computing and Big Data / read more

Search Publication Archives

Our publication archives contain all of our articles, dating back to 2004.
Canít find what you are looking for?
Try an Advanced Search

Log in to data protection leader
Subscribe to data protection leader
Register for a Free Trial to data protection leader
data protection leader Pricing

Social Media

Follow data protection leader on TwitterView data protection leader LinkedIn Profiledata protection leader RSS Feed