This site would like to set some non-essential temporary cookies. Some cookies we use are essential to make our site work.
Others such as Google Analytics help us to improve the site or provide additional but non-essential features to you.
No behavioural or tracking cookies are used.
To change your consent settings, read about the cookies we set and your privacy, please see our Privacy Policy

Data Protection Leader

Volume: 6 Issue: 8
(August 2009)


Germany's Federal Council (Bundesrat) passed an amendment, on 10 July, to the German Federal Data Protection Act (Bundesdatenschutzgesetz) that introduces an obligation for data controllers to notify data breaches to the individuals involved and to the relevant authorities. In particular, the notification obligation applies to sensitive data, data subject to professional secrecy, bank account and credit card information, and data relating to criminal and administrative offences. The notification obligation, however, only applies where the data breach poses an 'imminent threat' to customers. The Act will come into force on 1 September. / read more

The high level of scrutiny that 118 800 has been put under caused Connectivity Limited to suspend a beta version of its mobile phone directory service while improvements are made. "The website was only a beta version and we expected to be able to make running changes whilst the site was operational", said a 118 800 spokesperson. / read more

The French data protection authority (CNIL) has authorised the Graduate Management Admission Council (GMAC) to collect 'palm vein' biometric data to verify the identity of French candidates sitting the Graduate Management Admission Test (GMAT) - an international exam used by almost 2,000 business schools. GMAC's PalmSecure device uses veins under the palm to verify the identity of candidates against other personal data. / read more


"I have never given my consent" is the type of quote that has appeared in the media in recent weeks alongside stories about things like the new 118 800 mobile directory service and Phorm. Guess what? 99.9% of all uses made of our data are without our consent. We'd better get over it. This does not mean that we do not have any choice, but the fact is that our personal information is collected, shared and used on a daily basis at the speed of light and we do not even notice it - let alone consent to it. Every website, every CCTV camera, every credit card purchase, every tube journey and every e-mail we send. Every interaction in today's world involves at least one use of our information, but we are hardly ever given the opportunity to consent to it. / read more

Under the Freedom of Information Act (FOI), information regarding UK MPs' expenses was recently disclosed. It was claimed that it was necessary to black out details of some of the expenses claims to comply with the Data Protection Act (DPA). However, a UK newspaper published details of the expenses claims. Anne Conaty, a lawyer specialising in financial services and technology, examines the relationship between the FOI and the DPA in this case. / read more

A recent case between two political opponents relating to information published in an election campaign leaflet raised interesting questions about the application of the Data Protection Act 1998 (DPA) to the publication of political opinions. Francis Aldhouse, a Consultant with Bird & Bird and former Deputy UK Information Commissioner, examines how the High Court resolved a literal application of the DPA, which would have required politicians to obtain consent before publishing the political views of their opponents if they are held to be personal data within section 2 of the DPA. / read more

The German Federal Council (Bundesrat) recently passed an amendment to its Federal Data Protection Act that introduces an obligation for data controllers to notify data breaches to the individuals involved and to the relevant German authorities. Dr. Jochen Lehmann, a Partner at German law firm Goerg, examines the most significant changes to the Act and what companies must do to comply with them. / read more

The European Commission published several recommendations on Radio Frequency Identification (RFID) that EU Member States must show they have implemented within two years from 12 May. Rohan Massey, a Partner in the IPMT group at McDermott Will & Emery UK LLP, examines the recommendations and the history of Commission action in response to privacy concerns over the use of RFID. / read more

In June, Christopher Graham, a former BBC Journalist and Director General of the Advertising Standards Authority, took over from Richard Thomas to become the new UK Information Commissioner. Phil Lee, a Senior Solicitor at Osborne Clarke, discusses the hot topics that may be on Graham's agenda now he has taken office. / read more

About Data Protection Leader:

The monthly law publication which covers all aspects of data protection and data privacy. Topics covered include data transfers and outsourcing, data localisation and retention, the EU General Data Protection Regulation (GDPR), the e-Privacy Directive, data security, marketing and behavioural advertising, consent, employee monitoring, privacy compliance, risk management, DPO responsibilities, accountability, Privacy by Design, acquisition and mergers, the Internet of Things, cloud computing and Big Data / read more

Search Publication Archives

Our publication archives contain all of our articles, dating back to 2004.
Canít find what you are looking for?
Try an Advanced Search

Log in to data protection leader
Subscribe to data protection leader
Register for a Free Trial to data protection leader
data protection leader Pricing

Social Media

Follow data protection leader on TwitterView data protection leader LinkedIn Profiledata protection leader RSS Feed