Header graphic for print
Global Media and Communications Watch The International Legal Blog for the Tech, Media and Telecoms Industry

Eduardo Ustaran

Posts by Eduardo Ustaran
Posted in International/EU privacy Eduardo Ustaran

AG Says ePrivacy Applies to Government Access to Communications Data

On  January 15, the Court of Justice of the European Union’s (CJEU) Advocate General (AG) Manuel Campos Sánchez-Bordona delivered his Opinion on four references for preliminary rulings on the topic of retention of and access to communications data.

Of the four references, two originated from France, one from Belgium, and one from the Investigatory Powers Tribunal (IPT) in the United … Continue Reading

Posted in International/EU privacy Eduardo Ustaran

Getting Cookie Consent Right

One could be forgiven for thinking that knowing how to comply with a legal obligation that has been in place for nearly a decade would be clear cut. However, widespread practice tells us that this is far from the truth. In November 2009, as part of wider reforms to the European telecommunications regulatory framework, the European Union introduced various amendments … Continue Reading

Posted in International/EU privacy, Policy & Regulation, privacy and security litigation Eduardo Ustaran

Hogan Lovells calls for an alternative approach to regulating privacy in the digital economy

LONDON, 25 November 2019 – Hogan Lovells has published a study evaluating the ongoing legislative proposal for a new ePrivacy Regulation, a law aimed at updating the current ePrivacy framework in the EU.

After nearly three years of debates and negotiations, the European Union is nowhere near agreeing a position on how to achieve the right balance between the need … Continue Reading

Posted in International/EU privacy Eduardo UstaranKatie McMullan

CJEU: Consent on the Internet Means ‘Opt-In’

On 1 October 2019, the Court of Justice of the European Union (CJEU) handed down a crucial decision impacting the way that consent is obtained on the internet. The judgment relates to Case C-673/17 (Planet49 – a previous post outlining the background can be found here).

In the Planet49 case, the German Federal Court referred a number of questions … Continue Reading

Posted in Data Protection & Privacy, International/EU privacy Eduardo Ustaran

The EDPB’s Narrow View of Contractual Necessity

The European Data Protection Board (EDPB) has adopted the narrowest possible interpretation of ‘contractual necessity’ as a ground for processing of personal data. The Guidelines 2/2019 on the processing of personal data under Article 6(1)(b) GDPR in the context of the provision of online services to data subjects (adopted on April 9, 2019 and open for consultation until May 24, … Continue Reading

Posted in Data Protection & Privacy, Policy & Regulation, privacy and security litigation Eduardo Ustaran

EDPB Joins the Dots of ePrivacy and GDPR

On 12 March 2019 at its Eighth Plenary Session, the European Data Protection Board (“EDPB”) adopted its Opinion 5/2019 on the interplay between the ePrivacy Directive (“ePD”) and the General Data Protection Regulation (“GDPR”). The Belgian Data Protection Authority had, on 3 December 2018, requested that the EDPB examine the overlap between the two laws and in particular the … Continue Reading

Posted in Data Protection & Privacy Eduardo Ustaran

Who Will Get the First Big GDPR Fine and How to Avoid It?

In July, Eduardo Ustaran spoke at Privacy Laws & Business’ International Conference in Cambridge about the sort of activities likely to prompt regulators into exercising their increased fining powers under the EU GDPR. A link to the video of his presentation can be found here and a detailed report of the presentation is available here.… Continue Reading

Posted in Data Protection & Privacy Christine GateauWinston MaxwellEduardo Ustaran

The General Data Protection Regulation timidly opens the doors to data class actions in Europe

More than 15 years after the adoption of the Data Protection Directive1, the European Commission noticed that the current legislative framework on data protection did not adequately deal with the risks associated with online activity2.

Acknowledging this, the General Data Protection Regulation (GDPR)3 was finally adopted by the European Parliament on 14 April 2016, entering … Continue Reading

Posted in Data Protection & Privacy Christine GateauWinston MaxwellEduardo Ustaran

Four key lessons when facing data class actions in Europe

Could the GDPR give rise to forum shopping and are there any pre-litigation strategies that should be considered? Here, we review four key elements that should be kept in mind in respect of data class actions in the EU.

Damages

In the US, many class actions are dismissed for lack of ‘standing’, i.e. because the litigants do not demonstrate that … Continue Reading

Posted in Data Protection & Privacy Winston MaxwellHarriet PearsonJohn SalmonEduardo Ustaran

Getting to data nirvana – a user’s guide to data lakes and GDPR

A data lake is an infrastructure that permits different data sets from within a group to be combined and analysed together.

To analyse a data lake under GDPR, it is helpful to think of a data lake in two phases, which we analyse in our user guide.

The infrastructure phase

Here, the guide covers:

  • Identify the entity that is
Continue Reading
Posted in Data Protection & Privacy, Policy & Regulation Winston MaxwellHarriet PearsonJohn SalmonEduardo Ustaran

Getting to data nirvana – regulatory silo-busting to optimize risk management

“Getting to Data Nirvana” is our four-step approach to help you integrate your legal, regulatory and compliance work streams into your organisation’s overall data strategy.

The job of the legal and compliance teams is to make sure that their company’s data projects do not breach applicable laws.

Their task is not easy because the number of laws regulating the processing … Continue Reading

Posted in Data Protection & Privacy Eduardo Ustaran

The Future of International Data Transfers

With the current focus on the coming into effect of the EU General Data Protection Regulation (GDPR), one could (almost) be forgiven for forgetting about the question of international data flows. However, given the political and legal developments currently affecting the future of international data transfers, that would be a very serious strategic mistake. Legitimising data globalisation remains a top … Continue Reading

Posted in Data Protection & Privacy Eduardo Ustaran

Cookie Consent Is the New Panic

Judging by the number of calls and the intensity of the discussions about how to comply with the cookie consent requirement in a post-GDPR world, this issue has become a top worry for organisations and data protection officers. Partly due to the visibility of the mechanisms used to collect this consent, and partly due to the potential implications of operating … Continue Reading

Posted in Data Protection & Privacy, Policy & Regulation Winston MaxwellHarriet PearsonJohn SalmonEduardo Ustaran

Getting to data nirvana – using the GDPR to create data value

“Getting to Data Nirvana” is our four-step approach to help you integrate your legal, regulatory and compliance work streams into your organisation’s overall data strategy.

The job of the legal and compliance teams is to make sure that their company’s data projects do not breach applicable laws.

Their task is not easy because the number of laws regulating the processing … Continue Reading

Posted in Data Protection & Privacy, Policy & Regulation Winston MaxwellHarriet PearsonJohn SalmonEduardo Ustaran

Getting to data nirvana – understanding data value and ownership

“Getting to Data Nirvana” is our four-step approach to help you integrate your legal, regulatory and compliance work streams into your organisation’s overall data strategy.

The job of the legal and compliance teams is to make sure that their company’s data projects do not breach applicable laws.

Their task is not easy because the number of laws regulating the processing … Continue Reading

Posted in Data Protection & Privacy Eduardo Ustaran

The True Global Effect of the GDPR

“European data protection rules will become a trademark people recognise and trust worldwide”. That is how, in January 2012, Viviane Reding – then Vice-President of the European Commission and EU Justice Commissioner – ended her announcement of the widest reform of privacy and data protection law ever attempted. Six years later, this ambitious aim is becoming a reality. Organisations from … Continue Reading

Posted in Data Protection & Privacy Eduardo Ustaran

Is Artificial Intelligence the Ultimate Test for Privacy?

Nothing challenges the effectiveness of data protection law like technological innovation. You think you have cracked a technology neutral framework and then along comes the next evolutionary step in the chain to rock the boat. It happened with the cloud. It happened with social media, with mobile, with online behavioural targeting and with the Internet of Things. And from the … Continue Reading

Posted in Data Protection & Privacy Eduardo Ustaran

ICO Turns Spotlight on Data Broker Industry

Data brokers are organisations that obtain data from a variety of sources and then sell or license it to third parties. Many trade in personal data, which is purchased by their customers for several purposes, most commonly to support marketing campaigns. In 2012, data brokers’ trade in personal data was reported to have generated over $150 billion in revenue.

The … Continue Reading

Posted in Data Protection & Privacy Eduardo Ustaran

New Notice and Consent Rules under Proposed EU e-Privacy Regulation

The European Commission has released its proposal for a new EU e-Privacy Regulation that will replace the existing e-Privacy Directive.  The high level aim of the draft e-Privacy Regulation is to harmonise the specific privacy framework relating to electronic communications within the EU and ensure consistency with the GDPR. Compared to the existing Directive, the draft e-Privacy Regulation has broader … Continue Reading

Posted in Data Protection & Privacy Eduardo UstaranVictoria Hordern

The CJEU Gives the UK Government Another Brexit Dilemma

In yet another key case dealing with the balance between citizens’ privacy and the ability of the state to intrude into it, the Court of Justice of the European Union (CJEU) has ruled on the compatibility with European Union law of legislation that authorises the retention of communications data, which includes personal data. The reference from the UK Court of … Continue Reading

Posted in Data Protection & Privacy, Policy & Regulation Eduardo UstaranSam Choi

Triple GDPR Guidance Issued by Article 29 Working Party

No one could accuse the EU Article 29 Working Party (WP29) of not delivering as promised.  Following its recently held December plenary meeting, the WP29 has released three separate guidelines with their interpretation of some key aspects of the General Data Protection Regulation, namely:

  • data portability,
  • data protection officers (DPOs), and
  • lead supervisory authorities.

At the same time, the WP29 … Continue Reading