15th Newsletter -> 15 - 21 October 2016

CJEU Defines Personal Data in the “Breyer” Case Ruling

The Court of Justice of the European Union (CJEU) issued its judgement in the Case C‑582/14 also known as the “Breyer” case, where the Court was deciding on whether a dynamic IP address could be personal data. The case was referred to the CJEU by the German Courts and the core of the dispute was the fact that the public websites of many German federal institutions store information on all access operations in log files, which is not necessarily deleted after the access is terminated. The purpose of storage of such log files is to prevent cyber-attacks.

Probably the most important preliminary questions that the CJEU answered was whether a dynamic Internet Protocol address (IP address) can be deemed personal data. An IP address is a sequence of numbers assigned by an internet service provider (ISP) to each computer that accesses the internet. IP address can be either static (permanently assigned) or dynamic, which are only temporary assigned and are quickly reassigned. Due to their nature dynamic IP addresses cannot be used to directly identify the computer from which access had been sought.

In its judgement the CJEU noted that in the event of a cyberattack the German law appears to provide an option for website operators to contact the appropriate authorities, who might then take the steps necessary to obtain information from ISPs and bring criminal proceedings. The CJEU thus concluded that dynamic IP addresses can fall under the scope of personal data if website operators have legal means that enable the identification of the person associated with the IP address with the help of additional information which that person’s internet service provider has.

Read more HERE

Read the ECJ Judgement HERE

_______________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________

EDPS Issues New Opinion on Online Identities

The European Data Protection Supervisor Giovanni Buttarelli this week issued his Opinion on Personal Information Management Systems (PIMS). The General Data Protection Regulation (GDPR) gives individuals an option to increase their control over how their personal data is collected and used online with its provisions on increased transparency, rights of access and data portability. But the EDPS is of the opinion that more should be done to help individuals because the data collected online can be used to build increasingly complete individual profiles and this presents an obstacle for individuals to exercise their rights or manage their personal data online.

The PIMS should allow individuals to store their personal data in secure, online storage systems and decide when and with whom to share it. Presently due to its novelty a variety of PIMS designs and business models exist. PIMS technology may help to give individuals and consumers more control over their personal data and the EDPS encourages the EU Commission to support the development of innovative digital tools such as this and take policy initiatives that inspire the development of economically viable business models to facilitate their use. Effective implementation of data protection requires technological, economical and legal initiatives, which will help us to take back control of our online identities.

Read the EDPS Statement on his Opinion HERE

Read the Full Opinion HERE

Compiled by Jernej Mavrič, email: jm@dp-recruitment.com

Dedicated to the International Data Protection recruitment market

DPR are international leaders in data privacy lawyer and practitioner recruitment

Our consultants have been leading the way in data privacy/protection recruitment since the earlier years of data protection legislation

Credible, experienced, friendly and well connected data protection market specialists

Specialists in data protection recruitment for all sectors and all international geographies

We hire privacy focused law graduates and CIPP qualified candidates for our own in-house research team.

DPR have market-leading data protection and information governance recruitment experience, and always provide a professional efficient and friendly service.

Head of Data Protection Consulting.

Hugo at DPR who manages the team has been the leading name in data privacy/protection recruitment from the beginning, DPR is the leading company in data privacy recruitment and they deliver on UK and international vacancies efficiently and effectively.

Deputy Chief Privacy Officer

If you need to recruit additional support or leadership within your organisation, or if you are interested in developing your own data protection career, then I highly recommend Data Privacy Recruitment Ltd.

Senior Executive, International Data Privacy

Data Privacy recruitment provided in-depth information about the UK privacy legal services market both in-house and private practice, their knowledge of the market is outstanding. For me it was their professionalism and support that really made the difference, I would highly recommend to any lawyer who is looking to further develop their career in the privacy market