A stricter regime for profiling07 June 2016
EU High Court Grants “Right to Be Forgotten” and Expands Privacy Jurisdiction Over Foreign Companies: What Should Businesses Operating Outside of Europe Do Now?
The ECJ also extended jurisdiction under European data protection law to include non-EU companies that have a branch or subsidiary in the European Union and that collect data in the context of business activities in the European Union. The effect of this jurisdictional ruling on web-based business activity is potentially sweeping. Under the ruling, non-EU businesses potentially need to conform their websites to comply with EU privacy laws — including adopting cookie consent mechanisms and revamping their privacy policies — just because they have a physical presence in Europe.
The case started when a Spanish individual, invoking his “right to be forgotten,” lodged a complaint with the Spanish Data Protection Authority (the AEPD) against both a newspaper that published an article about him on its website and Google, which indexed the article in its search results. The AEPD upheld the complaint against Google Spain and Google Inc., requiring them to delete the data from their index and to render future access to the newspaper articles impossible.
Google appealed the AEPD’s decision to a Spanish court, which referred a number of important questions to the ECJ.
Click here for a detailed analysis of the ECJ decision and its impact on companies outside the EU.
The Regulation aims to strengthen the rights of individuals. It does so by retaining rights that already exist under the Data Protection Directive and introducing the new rights of data...06 June 2016
Grounds for processing03 June 2016