The (uncertain) future of online data privacy
Vol. 9No. 1 (2015)
In this article I will address a somewhat eclectic selection of data privacy topics that I think are of particular significance, including:
- Some international developments in the data privacy law area;
- Extraterritoriality issues including the ‘jurisdictional lasagne’;
- The recently decided Court of Justice of the European Union (CJEU) case on the so-called ‘right to be forgotten’;
- ‘Big Data’ and the Internet of Things; and
- The concept of ‘consent’.
Data Privacy, Data Protection, Privacy, Extraterritoriality, Google Spain, Right to be forgotten, Big Data, Internet of Things, Consent
Advocate General Trstenjak 2010, Opinion of Advocate General Trstenjak delivered on 18 May, Case C-585/08 Peter Pammer v Reederei Karl Schlüter GmbH & Co KG and Case C-144/09 Hotel Alpenhof GesmbH v Oliver Heller, 18 May, <http://curia.europa.eu/juris/document/document_print.jsf?doclang=EN&docid=79076&cid=594463>.
Article 29 Data Protection Working Party 2014, Guidelines on the implementation of the Court of Justice of the European Union judgment on “Google Spain and inc v. Agencia Española de Protección de Datos (AEPD) and Mario Costeja González” c-131/121, 26 November, <http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp225_en.pdf>.
Bogdan, M 2005, ‘Is there a curricular core for the trans-national lawyer?’ Journal of Legal Education, vol. 55, pp. 484-87.
Council of the European Union 2014, proposal for a regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) – Partial General Approach on Chapter 5, 28 May.
European Commission 2014, Progress on EU data protection reform now irreversible following European Parliament vote, memo/14/186, Strasbourg, 14 March <http://europa.eu/rapid/press-release_MEMO-14-186_en.htm>.
European Data Protection Supervisor 2012, Opinion of the European Data Protection Supervisor on the data protection reform package, 7 March, <http://www.europarl.europa.eu/document/activities/cont/201205/20120524ATT45776/20120524ATT45776EN.pdf>.
European Parliament legislative resolution of 12 March 2014 on the proposal for a regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of
personal data and on the free movement of such data (General Data Protection Regulation) (COM(2012)0011 – C7-0025/2012 – 2012/0011(COD))
Executive Office of the President 2014, Big Data: Seizing Opportunities, Preserving Values, 1 May <http://www.whitehouse.gov/sites/default/files/docs/big_data_privacy_report_may_1_2014.pdf>.
Google Spain SL, Google Inc. v Agencia Española de Protección de Datos (AEPD), Mario Costeja González (2014) Case C-131/12.
Greenleaf, G 2014, ‘South Korea’s innovations in data privacy principles: Asian comparisons’, Computer Law&Security Review, vol. 30, p. 492-505 https://doi.org/10.1016/j.clsr.2014.07.011">https://doi.org/10.1016/j.clsr.2014.07.011
Kelion, L 2014, Google told to expand right to be forgotten, BBC News Online, viewed 5 January 2015, <http://www.bbc.com/news/technology-30212927>.
Kuner, C, Cate, FH, Millard, C & Svantesson D 2012, ‘Editorial: The Challenge of “Big Data” for Data Protection’, International Data Privacy Law, vol. 2, no. 2, pp. 47-9. https://doi.org/10.1093/idpl/ips003">https://doi.org/10.1093/idpl/ips003
Proposal for a Regulation of the European Parliament and of the Council on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data (General Data Protection Regulation) 25.01.2012. COM(2012) 11 <http://eur-lex.europa.eu/legalcontent/en/TXT/?uri=CELEX:52012PC0011>.
Reed, C 2012, Making Laws for Cyberspace, Oxford University Press, Oxford.
Reding, V (European Commission Vice President, EU Justice Commissioner) 2014, The EU data protection Regulation: promoting technological innovation and safeguarding citizens’ rights, Intervention
at the Justice Council, European Commission, Brussels, 4 March <http://www.google.com.au/url?sa=t&rct=j&q=&esrc=s&frm=1&source=web&cd=1&cad=rja&uact=8&ved=0CB0QFjAA&url=http%3A%2F%2Feuropa.eu%2Frapid%2Fpressrelease_SPEECH-14-175_en.pdf&ei=dXqPVMbDJOfDmAXvjoGwBQ&usg=AFQjCNFaKeWXeENxaXcG8YamoqhkayhGcQ&bvm=bv.81828268,d.dGY>.
Svantesson, D 2011, ‘Pammer and Hotel Alpenhof – ECJ decision creates further uncertainty about when e-businesses “direct activities” to a consumer’s state under the Brussels I Regulation’, Computer Law & Security Review, vol. 27, no. 3, pp. 298-304. https://doi.org/10.1016/j.clsr.2011.03.003">https://doi.org/10.1016/j.clsr.2011.03.003
Svantesson, D 2012, Online workplace surveillance—the view from down under, Privacy in the Workplace, Pécs Hungary, April, <http://pawproject.eu/en/sites/default/files/page/12_svantesson_workplace_surveillance.pdf>.
Svantesson, D 2013a, Extraterritoriality in Data Privacy Law, Ex Tuto Publishing, Copenhagen.
Svantesson, D 2013b, ‘A “layered approach” to the extraterritoriality of data privacy laws’, International Data Privacy Law, vol. 3, no. 4, pp. 278-86. https://doi.org/10.1093/idpl/ipt027">https://doi.org/10.1093/idpl/ipt027
Svantesson, D 2014a, Innocence or arrogance? US court oversteps on internet regulation, The Conversation, 7 April <https://theconversation.com/innocence-or-arrogance-us-courtoversteps-on-internet-regulation-25215>.
Svantesson, D 2014b, The Canadian ‘Google case’ – B.C. imperialism or a legitimate response to a difficult issue? LinkedIn article, 28 August <https://www.linkedin.com/pulse/20140828080321-308862488-thecanadian- google-case-b-c-imperialism-or-a-legitimate-response-to-adifficult-issue>.