Topic: Privacy

Supreme Court of Canada’s “expectation of privacy” analysis in R. v. Jarvis

 Canada’s Supreme Court laid out a highly nuanced, heavily contextualized framework for determining when and where a reasonable expectation of privacy exists. On February 14, 2019, the Supreme Court of Canada decided yet another criminal law decision that will likely have broader ramifications for privacy law. In R. v. Jarvis, the Supreme Court of Canada builds …

Continue reading

The impact of the GDPR on Malaysian businesses

The GDPR has a far-reaching impact, but is it applicable to Malaysian companies? Introduction It has been more than a year since the General Data Protection Regulation (“GDPR”) came into force on 25 May 2018. The GDPR was described by the Information Commissioner as a game-changer as it sought to raise the standards of personal …

Continue reading

Interplay between the ePrivacy Directive and the GDPR

Europe’s Data Protection Board has issued guidance on whether personal data processing triggers the material scopes of both the GDPR and ePrivacy Directive (2002/58/EC). The European Data Protection Board recently published an opinion on the interplay between the EU Directive on Privacy and Electronic Communications (“ePrivacy Directive”) and the General Data Protection Regulation (“GDPR”) to …

Continue reading

Hard to prove harm: Google wins lawsuit over facial recognition

As new privacy laws attempt to address the different ways that companies collect, store and use biometric data, it’s also important to keep an eye on how the courts are interpreting and applying legislation. In a recent court case, a federal judge ruled against a claim that Google had violated Illinois privacy laws by using uploaded …

Continue reading

Privacy risks for customers and workers in the gig economy

In the modern “gig economy”, workers and customers frequently rely on websites and phone apps to schedule, track and evaluate services.  The data gathered and shared through these platforms can contribute to convenience, trust, and the overall customer experience. However, whether you access these platforms as a worker or a customer, it’s important to understand …

Continue reading

Australia passes encryption law, raising privacy and legal concerns

Earlier this month, the Australian government passed a controversial new law that would allow law enforcement and government agencies to demand access to encrypted communications.  Under the new legislation, companies who fail to comply with requests could face fines up to $10 million (AUD), and individuals could face fines up to $50,000 (AUD). The legislation includes powers …

Continue reading

New data privacy rules for EU institutions, agencies and bodies

Regulation (EU) 2018/1725 on the processing of personal data by the EU institutions, bodies, offices and agencies comes into force today. The way EU institutions, agencies and bodies deal with personal data has just changed. These changes are introduced by the new data protection Regulation for EU institutions, agencies and bodies (Regulation 2018/1725), applicable as …

Continue reading

Data breach laws: would you know if your personal information was compromised?

If your personal information was involved in a data breach, would you know?  While it’s unfortunately become the norm to see data breaches announced in the headline, it’s not always clear who has been impacted by a breach and what specific data was lost, stolen or compromised. As consumers, patients and citizens, we may expect …

Continue reading

Facebook page admin jointly responsible for data processing

The administrator of Facebook fan page shall jointly be responsible with Facebook for the data processing of its visitors. The Court of Justice of the European Union has held that a Facebook page administrator must be regarded as a controller jointly responsible, within the EU, together with Facebook for the processing of that data. Such …

Continue reading

Answers and comments in professional examination constitutes personal data

Written answers submitted at a professional examination and any related comments of the examiner constitute a candidate’s personal data to which he has, in principle, a right of access In a judgment delivered yesterday, the European Court of Justice stated, firstly, that a candidate at a professional examination is a natural person who can be identified, either directly, through his name, or indirectly, through an identification number, these being located either on the examination script itself or its cover sheet. Secondly, the Court determined that the written answers provided by a candidate at a professional examination, and any comments made by an examiner with respect to those answers, constitute information relating to that candidate. The Court further clarified that the question of whether written answers submitted by a candidate at a professional examination, and any comments made by the examiner with respect to those answers, should be classified as personal data cannot be affected by the fact that the consequence of that classification is, in principle, that the candidate has rights of access and rectification. An examination candidate has, inter alia, a legitimate interest, based on the protection of his private life, in being able to object to the processing of the answers submitted by him at that examination and of the examiner’s comments with respect to those answers outside the examination procedure and, in particular, to their being sent to third parties, or published, without his permission. The Court further found that the rights of access and rectification, provided for in the directive, may also be asserted in relation to the written answers submitted by a candidate at a professional examination and to any comments made by an examiner with respect to those answers. In so far as the written answers submitted by a candidate at a professional examination, and any comments made by an examiner with respect to those answers, are liable to be checked for, in particular, their accuracy and the need for their retention, the Court held that to give a candidate a right of access to those answers and to those comments serves the purpose of the directive of guaranteeing the protection of that candidate’s right to privacy with regard to the processing of data relating to him, irrespective of whether that candidate does or does not also have such a right of access under the national legislation. To learn more about this case, please visit this link.

Load more items ...