The GDPR is still eight months away from coming into force, but – as with any such sea-change – it is informing much of our data protection thinking already. In its recent judgment in the Barbulescu case about monitoring employee communications, for example, the European Court of Human Rights cited provisions of the GDPR. Here are some substantive recent developments illustrating the direction of travel in contentious data protection. Continue reading
Monitoring employees’ communications: the final word
In January 2016, Panopticon brought you a post entitled “Employer was entitled to access employee’s private Yahoo! messages (and to sack him)”. It concerned an eye-catching judgment of the Fourth Section of the European Court of Human Rights in the case of Barbulescu v Romania (application 61496/08).
In a nutshell: the applicant had used his employer’s Yahoo! messenger service (intended for work use) for personal communications, including with his fiancé and brother. His employer monitored those communications and sacked him for misuse of its messenger service. Did that monitoring of his private communications breach his privacy rights under Article 8 ECHR? No, said the Romanian courts, and Strasbourg’s Fourth Chamber said likewise (a victory for common sense, said many employers!). But on a further appeal to the Grand Chamber of the ECHR, that assessment has been reversed: the last word is that Article 8 was indeed breached here (what now, ask many employers?). Continue reading
Brexit and Data Protection
Data protection lawyers and specialists have long been used to their area of expertise being treated as a rather mould-infested and irritating area of the law, like champerty but with more Schedules. Amongst other things, Brexit seems to have caused a bit of an upsurge in interest in how cross-border data flows are going to be managed in the brave new world. (Panopticon has seen articles in the last few months mentioning the GDPR and data protection after Brexit in the LRB and Private Eye, which is a bit like unexpectedly finding your girlfriend on page 3 of the Sun and the New Left Review on the same day.) HM Government have also recognised the importance of the issue, and have today published their position paper entitled ‘The exchange and protection of personal data’. Continue reading
The Wages of Sin is: the Ability to Rely on Section 12
What happens when your FOIA request to a public authority is met with the response that it would breach the cost limits set under section 12 to respond to the request because the authority’s record keeping systems are in a particular (i.e. poor) state? In a word: tough. Continue reading
Government publishes data protection bill proposals
For those of you champing at the bit to learn of the Government’s plans for domesticating the GDPR, I have some good news. The Government has today, in the personage of Matt Hancock MP, Digital Minister, published its ‘statement of intent’ in respect of the new data protection bill – see here. Some key highlights of the proposals include the following: Continue reading
Brussels Update: Exams and Data Transfers
It is worth noting a couple of data protection developments from our European neighbours from the last week or so. First, Advocate General Kokott has handed down an Opinion in Case C-434/16 Nowak v Data Protection Commissioner (ECLI:EU:C:2017:582) about examination scripts. Second, the CJEU has delivered itself of Opinion 1/15 (ECLI:EU:C:2017:592) on the compatibility with Charter rights of the envisaged agreement between the EU and Canada on Passenger Name Record data. Continue reading