Skip to content

cearta.ie

the Irish for rights

Menu
  • About
  • Privacy Policy
  • Disclaimer
  • Contact
  • Research

Category: Privacy

We’ve reached peak GDPR when Ross O’Carroll-Kelly gets fired for a data breach

2 June, 201828 January, 2019
| 1 Comment
| GDPR, Privacy

In today’s Irish Times, this week’s instalment (audio here) in the ongoing mis-adventures of Ross O’Carroll-Kelly (pictured left) intersected with this blog. Ross is a hapless dad and clueless (if ruthless) estate-agent,

New politics and the digital age of consent

17 May, 201831 May, 2018
| 2 Comments
| GDPR, Privacy

New politics certainly make for interesting times. Minority governments are no strangers to defeats, even to two defeats in one day, but yesterday marked another milestone, when the government lost not merely two votes, but votes on two successive legislative amendments. They both related to the protection of children in the Data Protection Bill, 2018. The first will make it an offence to process the personal data of a child for the purposes of direct marketing, profiling or micro-targeting; the second will set the digital age of consent at 16. In fact, seeing the writing on the wall, rather than suffer the indignity – surely unique, even in this era of new politics – of four defeats in one evening, the Minister accepted a third amendment and declined to press a fourth of his own. The third amendment that he accepted will permit not-for-profit bodies to seek damages on behalf of data subjects; and the amendment that he withdrew would have undercut the effect of the third successful amendment. (The three successful amendments are amendments 14, 15 and 115 here (pdf), amending this version (pdf) of the Bill, and debated here). Earlier versions of all three successful amendments had been defeated by the government at every previous stage of the Bill.…

Read More »

From Mute to Dysaguria

16 February, 201819 August, 2019
| 1 Comment
| Dysaguria, Privacy

Alexander Skarsgard in MutePictured left is Alexander Skarsgård (imdb | wikipedia) in the new Duncan Jones (imdb | wikipedia | blog) movie Mute (imdb | Netflix).

Skarsgård plays Leo, a mute bartender searching for girlfriend who has inexplicably disappeared in Berlin in 2052. In an interview in last Sunday’s Observer, he takes up the story:

… [Leo’s] search takes him deep into a neon-saturated underworld, populated by gangsters and a pair of anarchic American field surgeons (Paul Rudd and Justin Theroux) … “It’s very dystopian, but not that far-fetched unfortunately, because it’s a society run by corporations,” says Skarsgård. “You subscribe to a corporation and then they will provide everything for you – housing, healthcare, food – but they basically own you. …”. …

So we could be looking at the future then? Skarsgård looks a little traumatised and then sighs: “Hopefully not.”

I’m looking forward to the movie; but I’m not sure I agree that the best adjective to describe it is “dystopian”. It is entirely appropriate when a state goes bad; but it is not a good adjective to describe “a society run by corporations”. In fact, we don’t have a word for when a corporate society goes bad, so I’ve suggested “dysaguria”, as a noun meaning “frightening company”, and “dysagurian” as the adjective to describe that frightening company and the associated society run by frightening companies (see here | here | here).…

Read More »

Compensation for breach of the proposed ePrivacy Regulation [Ongoing updates]

29 September, 20177 June, 2018
| 1 Comment
| ePrivacy, Privacy

Last major update: 15 January 2018

Note: a line was added at the end on 7 June 2018.

Compensation and ePrivacy (via edri)Parallel to my interest in compensation for breach of the General Data Protection Regulation [GDPR; Regulation (EU) 2016/679], I am also interested in the question of compensation for breach of the proposed ePrivacy Regulation (hereafter: pePR; see, eg, the EU Commission’s proposal for a Regulation on Privacy and Electronic Communications; on which see Flash Eurobarometer 443 Report on e-Privacy (pdf download)).

Article 22 of the Commission’s proposal provides:

Any end-user of electronic communications services who has suffered material or non-material damage as a result of an infringement of this Regulation shall have the right to receive compensation from the infringer for the damage suffered, unless the infringer proves that it is not in any way responsible for the event giving rise to the damage in accordance with Article 82 of Regulation (EU) 2016/679.

The emphasised words appear in exactly the same form in Article 82(1) GDPR. The remainder of Article 82 provides circumstances where an infringer is not responsible for the event giving rise to the damage and thus not liable for breach of the GDPR, and those circumstances apply mutatis to an infringer who would not be liable for breach of the pePR.…

Read More »

The UK’s Data Protection Bill 2017: repeals and compensation – updated

14 September, 201729 September, 2017
| 2 Comments
| GDPR, Privacy

UK Data Protection image, via UK gov websiteIn the UK, the Department of Digital, Culture, Media and Sport (DCMS) has today published the Data Protection Bill 2017, to incorporate the General Data Protection Regulation (GDPR) and to implement the Police and Criminal Justice Authorities Directive (PCJAD) (respectively: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC; and Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA; aka the Law Enforcement Directive). The progress of the Bill through Parliament can be tracked here.

In Ireland, when the Department of Justice published the the General Scheme of the Data Protection Bill 2017 (scheme (pdf)), I expressed two concerns, both of which are equally applicable to the UK Bill.…

Read More »

Compensation for breach of the General Data Protection Regulation

22 August, 2017
| 2 Comments
| GDPR, General, Privacy

I have just posted a paper on SSRN entitled “Compensation for breach of the General Data Protection Regulation”; this is the abstract:

Article 82(1) of the General Data Protection Regulation (GDPR) provides that any “person who has suffered material or non-material damage as a result of an infringement of this Regulation shall have the right to receive compensation from the controller or processor for the damage suffered”. As a consequence, compliance with the GDPR is ensured through a mutually reinforcing combination of public and private enforcement that blends public fines with private damages.

After the introduction, the second part of this article compares and contrasts Article 82(1) GDPR with compensation provisions in other EU Regulations and Directives and with the caselaw of the CJEU on those provisions, and compares and contrasts the English version of Article 82(1) GDPR with the versions of that Article in the other official languages of the EU, and concludes that at least 5 of the versions of Article 82(1) GDPR are unnecessarily ambiguous, though the CJEU (eventually, if and when it is asked) is likely to afford it a consistent broad interpretation. However, the safest course of action at this stage is to provide expressly for a claim for compensation in national law.

…

Read More »

What is the current status of GDPR incorporation in the EU’s 28 Member States? [Ongoing updates]

27 July, 201711 September, 2019
| 8 Comments
| GDPR, Privacy

Last updated: 7 May 2018

GDPR incorporationHaving looked, in my previous post, at what Article 82(1) of the General Data Protection Regulation says and means in each of the EU’s 24 official languages, I’m interested in this post in the related question of the current status of incorporation* of the GDPR in each of the EU’s 28 Member States. I am interested in particular in whether provision has been made in any incorporating* legislation or draft for an express claim for compensation or damages to give effect to Article 82 GDPR. The list below is the current state of play so far as I have been able to find out. I would be grateful if you correct any errors and help me fill in the blanks – via the comments below, via email, or via the contact page on this blog – I would very grateful indeed.

Complete incorporation: Legislation to incorporate* the GDPR has been enacted in Austria, Belgium (though a further Bill is pending), Germany, Poland, Slovakia and Slovenia (a French Act anticipated some of its requirements, though a full incorporation Bill is pending). About half of the Member States are likely to complete the process before 25 May 2018.…

Read More »

What is the literal meaning of Article 82(1) GDPR in each of the EU’s 24 official languages?

18 July, 201719 August, 2017
| 15 Comments
| GDPR, Privacy

GDPRI’m trying to work out what Article 82(1) of the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC) says and means in each of the 24 official languages of the EU institutions, and I’d be very grateful for your help. In English, Article 82(1) GDPR provides

Any person who has suffered material or non-material damage as a result of an infringement of this Regulation shall have the right to receive compensation from the controller or processor for the damage suffered.

As I have said before on this blog (here, here, here), I think that this formulation is rather odd. It does not provide, in the present tense, that a person whose rights have been infringed “has” the right to receive compensation. Instead, it provides, in a much more congtingent fashion, that a plaintiff “shall have” such a right, which seems to imply that there is something more to be done in national law before plaintiffs actually have the claim.…

Read More »

Posts navigation

Previous 1 2 3 4 … 19 Next

Welcome

Me in a hat

Hi there! Thanks for dropping by. I’m Eoin O’Dell, and this is my blog: Cearta.ie – the Irish for rights.


“Cearta” really is the Irish word for rights, so the title provides a good sense of the scope of this blog.

In general, I write here about private law, free speech, and cyber law; and, in particular, I write about Irish law and education policy.


Academic links
Academia.edu
ORCID
SSRN
TARA

Subscribe

  • RSS Feed
  • Twitter
  • LinkedIn

Recent posts

  • Some of #RushdiesWords on free speech from Joseph Anton
  • Some practical perspective on the recovery of misdirected payments
  • It’s good to TalkTalk – Part 2: negligence claims for data breaches
  • It’s good to TalkTalk – Part 1: misuse of private information claims for data breaches
  • Political expression, autonomous communication, and anti-social behaviour orders: a note on Tallon v DPP [2022] IEHC 322 (31 May 2022)
  • On the Internet, does Article 17 know you’re a dog?
  • The nutty wing of the Originalist camp is now in the SCOTUS ascendency – is it the death knell for tiers of scrutiny, especially in the First Amendment context?

Archives by month

Categories by topic

Recent tweets

Tweets by @cearta

Licence

Creative Commons License

This blog is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License. I am happy for you to reuse and adapt my content, provided that you attribute it to me, and do not use it commercially. Thanks. Eoin

Credit where it’s due

Some of those whose technical advice and help have proven invaluable in keeping this show on the road include Dermot Frost, Karlin Lillington, Daithí Mac Síthigh, and
Antoin Ó Lachtnáin. I’m grateful to them; please don’t blame them :)

Thanks to Blacknight for hosting.

Feeds and Admin

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

© cearta.ie 2022. Powered by WordPress