Data protection

Since about 2017,-mails are flowing in my inbox announcing the update of privacy statements (under any name) and also asking for my consent to continue keeping my data, sending me newsletters etc. – the reason is the GDPR, which entered into force in 2018, after two years of preparatory period. Also, “wherever I go, whatever I do”, I have to sign consent forms. Some of these are justified, but the sheer volume of consent I have to give makes me suspicious. And not by chance: consent is but one of the possible legal bases for processing personal data, and apparently not the soundest one, however sure it seems to be: if the data subject consents, who can complain? - thought some. Lawyers giving this latter advice were warned  as  early  as March 2019. Let’s jump in time: the 30th  July the Hellenic Data Protection Authority fined   PWC   for processing their employees’ data based on consent, at least telling the employees so. The summary of the decision can b...

And here is already Schrems-II. The background of both “Schrems” cases are the Snowden revelations showing that U.S. government agencies are involved in an indiscriminate mass surveillance of European subjects whose data are transferred to the U.S. Therefore Maximilian Schrems holds that the U.S. does not ensure adequate protection and it was on this basis that the “Safe Harbour” was invalidated. The target is Facebook, but not its own shady data usage practices, just the possibility of the data being requested and obtained by U.S. authorities. It has to be mentioned that the U.S. government tried to get access– in individual cases, based on concrete suspicion of crimes – to data stored in the EU from Microsoft and Google. At the moment, Microsoft succeeded – based on its statement that the data are stored in the EU – to avoid it while Google – as it stated that data may not be stored in the U.S. but it is not known where they are – failed. Now, the question is whether Facebook has a ...

It is a little more than one year that the General Data Protection Regulation entered into force. The 22 nd May 2019, three days before the first anniversary, a press release [i] by the European Commission summarised certain statistical data [ii] on the year, including a Eurobarometer survey [iii] and the most important indicators of compliance, complaints and data breach notifications. Just two months later, the Commission has adopted the Communication on its session the 24 th July [iv] entitled: “Data protection rules as a trust - enabler in the EU and beyond – taking stock”. In this Communication, significant thought is given to the international dimension. On the other hand, some new judicial developments also concern the international dimension, mainly transfer of personal data to the United States. The new, clearer and somewhat stricter data protection rules in Europe exert an important influence on international relations, they are sometimes accused of enabling protect...