Free tools and resources for Data Protection Officers!

Tag Archives for " court "

The GDPR is on its way towards implementation into French law following a constitutional challenge

Following on from the article published on the dataprotection.blog on 24 January 2018 “French GDPR Implementation Bill – for French Data Protection Authority (“CNIL”) it could not come soon enough!”, Charlotte Gerrish provides us with the latest update on the status of the French GDPR Implementation Bill which, after surviving an attack of “unconstitutionality” before the French Constitutional Council, is now on its way into force.

As we stated back in January 2018, the French legislature had been fairly slow in pushing forward with the implementation of the GDPR into French national law. The progress of the Bill had not been without issues. On 16 May 2018, just 9 days before the GDPR was due to come into force, at least 60 French senators referred the Bill to the Constitutional Council claiming that certain provisions were unconstitutional and therefore contrary to French law and public policy (Affaire No. 2018-765 DC).

Continue reading »

Dynamic IP address is personal data, rules CJEU

Yesterday (October 19, 2016) the Court of Justice of the European Union (CJEU) issued its judgment in case Patrick Breyer v. Bundesrepublik Deutschland, in which court recognizes that dynamic IP addresses registered by websites are personal data. CJEU followed the Opinion of the Advocate General delivered earlier this year.

In its decision CJEU concluded that website operators and other online services providers would have the means to identify the website user and that there is reasonable probability that such means be used, e.g. in case of cyber attacks. Therefore dynamic IP addresses shall be considered personal data.

Read press release and full text of judgement.

The geographical scope of application of the right to be forgotten

Michel Reymond has published a paper “Hammering Square Pegs into Round Holes: The Geographical Scope of Application of the EU Right to Be Delisted” where he explores the extraterritorial effects of the decision of Court of Justice of European Union (CJEU) in so called Google Spain case. In that case CJEU recognized  “right to be forgotten” or, according Michel Reymond, more precisely it would be “right to be delisted”. In the paper author, through a methodology inspired by private international law, examines the geographical reach of Data Protection Directive.

Download paper

Dynamic IP addresses as personal data

 

Question about IP addresses as personal data is bit tricky.

IP address (short for Internet Protocol address) is a unique numerical label assigned to an information technology device (e.g., a computer or smartphone) participating in a network using the Internet Protocol system to identify itself and communicate with other devices. IP addresses can be static or dynamic. Static IP addresses are assigned to device permanently while dynamic IP addresses is reassigned every time every time the device is booted. Today IP addresses are mostly assigned dynamically.

Continue reading »

>