Conseil d’Etat requests preliminary ruling from CJEU on Right to be Forgotten

The right to be forgotten has been judicially recognized by the CJEU with the Google Spain judgment  (Case C-131/12). According to the judgement, Europeans have the right to disappear from search engine’s results under certain conditions. The National Commission of Information Technologies and Liberties (CNIL), Commission nationale de l’informatique et des libertés, rejected some complaints […]

Tags: ,

Mass publication of personal tax information can be banned, the ECHR holds

On June 27, 2017, the Grand Chamber of the European Court of Human Rights (“ECHR”) issued its judgment in the case of Satakunnan Markkinapörssi Oy and Satamedia Oy v. Finland (application no. 931/13) holding that the publication of personal tax information does not violate Article 10 (freedom of expression) of European Convention on Human Rights. […]


Italian court voids share purchase agreement due to unauthorized use of digital signature

On December 20, 2016, the Tribunale di Roma held the unauthorized use of a digital signature smart card could nullify an electronically signed agreement. In this case the Plaintiff had denied the digital subscription of an agreement that transferred stock ownership. Since the share transfer agreement was signed electronically, the judge found that the Codice dell’Amministrazione […]

Criminal defendants don’t have an absolute right to have their data omitted from published decisions, Italian Supreme Court held

On February 15, 2017, the Corte di Cassazione, the Italian Supreme Court, refused to hold that every criminal defendant has a right to have his or her personal data deleted from a published decision. The court must evaluate each case to determine if it is appropriate to omit certain personal data. The Supreme Court clarified the terms under which […]


Facebook user ordered by DPA to remove posts referring to judgments containing data of minor

On February 23, 2017, the Garante per la Protezione dei Dati Personali, the Italian Data Protection Authority (DPA), ordered a mother to delete from her Facebook feed posts containing two  judgments that include private aspects of her family’s life and most of all her daughter’s life. The DPA noted that the posted judgments allowed the identification of the […]


Canadian privacy law (PIPEDA) applies extraterritorially, Federal Court of Canada holds

On January 30, 2017, the Federal Court of Canada found, a Romanian based website and its sole owner and operator, in violation of the Personal Information Protection and Electronic Documents Act (PIPEDA). By way of background, the Romanian based website indexed and reposted Canadian court and tribunal decisions that were also available on Canadian legal […]


ECJ holds dynamic IP addresses are personal data if additional information allowing user identification can reasonably be obtained from third parties

On October 19, 2016, the European Court of Justice (“ECJ”) presented its conclusions in Patrick Breyer v. Bundesrepublik Deutschland (case C‑582/14). According to the ECJ The dynamic internet protocol address of a visitor constitutes personal data, with respect to the operator of the website, if that operator has the legal means allowing it to identify […]

Tags: , ,

Italian DPA issues fines totaling 11 million to group for a data breach

In February 2017, the Italian Data Protection Authority (Garante per la protezione dei Dati Personali)  fined five companies over 11 million euros for the unlawful processing of personal data. The companies, which operate in the money transfer field, unlawfully processed the personal data of over 2 millions people. To avoid money laundering legislation, the companies would use […]


Data controllers have no duty to disclose data enabling an aggrieved party to bring a suit, the Advocate General opines

European Court of Justice — Case C‑13/16 On January 26, 2017, the Advocate General (AG) to the Court of Justice of the European Union (CJEU) Mr. Bobek opined that there is no legal obligation for a data controller under EU data protection law to disclose data enabling the identification of a person allegedly responsible for an administrative offence. In […]

Tags: ,

1 2 3 8