4 4 April 2007

News:

UK Information Commissioner Richard Thomas has proposed new safeguards, including new inspection powers for the Information Commissioner's Office (ICO) and privacy impact assessments, after expressing concern about the dangers of 'excessive surveillance' of the public.

The selection of data from files held on a person is not necessarily 'processing' of personal data under the Data Protection Act (DPA), the Court of Appeal has held.

The Massachusetts Bankers Association (MBA) is being joined by at least two other groups in a class action lawsuit against global retailer, TJX Companies Inc., following a major data security breach.

Features:

It's happened again. The data protection world has just experienced what could be described as another Durant moment. The Court of Appeal has performed an earth-shattering analysis of data protection law that is likely to have substantial repercussions for the way in which this area of law is interpreted in the UK. In the meantime, our colleagues in other EU member states are likely to react with disbelief to the latest decision of the English courts affecting one of the core terms of our data protection legislation. If you thought that the creativity of the English courts in the field of data protection had ended with the famous Durant doctrine, here comes the appeal decision of Johnson v MDU to stir things up a bit.

Following its first report in 2003 which assessed the implementation of the Data Protection Directive across the EU, the European Commission has recently published a follow-up report assessing the present situation and the way forward for achieving and maintaining successful implementation in the future. In this article, Dr Antonis Patrikios an associate at Field Fisher Waterhouse LLP examines the report's findings.

European Union Member States have until 15 September to implement the Data Retention Directive into national law, however may postpone application of the Directive to the internet until 15 March 2009, a path the UK has chosen. In this article, Jeff Goodall of Kemp Little LLP provides a brief explanation of the key provisions of the Directive and examines its proposed transposition into UK law via the Data Retention (EC Directive) Regulations 2007.

The European Commission recently published its proposals for an RFID policy strategy after its earlier public consultation on the technology. Robert Bond, partner and head of IP, technology and commercial at Speechly Bircham LLP, sets out the Commission's proposals.

A report from the Department of Justice Inspector General found that the FBI has been using its ability to issue National Security Letters, administrative subpoenas that do not require the FBI to go to court or grand jury, to obtain customer records. Michael Vatis, a partner with Steptoe & Johnson LLP, explains that a Congressional inquiry and lawsuits could follow the DoJ's investigation, and assesses the possibility that the FBI's NSL powers could be reduced on privacy grounds.

The European Court of Human Rights recently ruled that the collection and storage of personal information relating to an employee's telephone, internet and email usage amounted to an interference with the right to respect for private life and correspondence under Article 8 of the Human Rights Convention. Bridget Treacy, a partner in the Global Privacy Practice at Hunton & Williams, examines the case and the implications it could have for workplace monitoring of employees.