Monitoring employees’ communications: the final word

September 5th, 2017 by Robin Hopkins

In January 2016, Panopticon brought you a post entitled “Employer was entitled to access employee’s private Yahoo! messages (and to sack him)”. It concerned an eye-catching judgment of the Fourth Section of the European Court of Human Rights in the case of Barbulescu v Romania (application 61496/08).

In a nutshell: the applicant had used his employer’s Yahoo! messenger service (intended for work use) for personal communications, including with his fiancé and brother. His employer monitored those communications and sacked him for misuse of its messenger service. Did that monitoring of his private communications breach his privacy rights under Article 8 ECHR? No, said the Romanian courts, and Strasbourg’s Fourth Chamber said likewise (a victory for common sense, said many employers!). But on a further appeal to the Grand Chamber of the ECHR, that assessment has been reversed: the last word is that Article 8 was indeed breached here (what now, ask many employers?). Read more »


Brexit and Data Protection

August 24th, 2017 by Christopher Knight

Data protection lawyers and specialists have long been used to their area of expertise being treated as a rather mould-infested and irritating area of the law, like champerty but with more Schedules. Amongst other things, Brexit seems to have caused a bit of an upsurge in interest in how cross-border data flows are going to be managed in the brave new world. (Panopticon has seen articles in the last few months mentioning the GDPR and data protection after Brexit in the LRB and Private Eye, which is a bit like unexpectedly finding your girlfriend on page 3 of the Sun and the New Left Review on the same day.) HM Government have also recognised the importance of the issue, and have today published their position paper entitled ‘The exchange and protection of personal data’. Read more »


The Wages of Sin is: the Ability to Rely on Section 12

August 24th, 2017 by Christopher Knight

What happens when your FOIA request to a public authority is met with the response that it would breach the cost limits set under section 12 to respond to the request because the authority’s record keeping systems are in a particular (i.e. poor) state? In a word: tough. Read more »


Government publishes data protection bill proposals

August 7th, 2017 by Anya Proops QC

For those of you champing at the bit to learn of the Government’s plans for domesticating the GDPR, I have some good news. The Government has today, in the personage of Matt Hancock MP, Digital Minister, published its ‘statement of intent’ in respect of the new data protection bill – see here. Some key highlights of the proposals include the following: Read more »


Brussels Update: Exams and Data Transfers

July 31st, 2017 by Christopher Knight

It is worth noting a couple of data protection developments from our European neighbours from the last week or so. First, Advocate General Kokott has handed down an Opinion in Case C-434/16 Nowak v Data Protection Commissioner (ECLI:EU:C:2017:582) about examination scripts. Second, the CJEU has delivered itself of Opinion 1/15 (ECLI:EU:C:2017:592) on the compatibility with Charter rights of the envisaged agreement between the EU and Canada on Passenger Name Record data. Read more »


A global right to be forgotten?

July 24th, 2017 by Robin Hopkins

In its (in)famous Google Spain judgment in 2014, the CJEU breathed life into the right to be forgotten. That right – explicitly preserved in the GDPR – is one of the more divisive limbs of EU data protection law: it is good for privacy, but it can be very bad for freedom of expression. That concern is drawn out sharply in current litigation between Google and the French data protection authority, Commission Nationale Informatique et Libertes (CNIL). The crux of the dispute is this: does your EU-given right to be forgotten apply across the whole world? Read more »