This site would like to set some non-essential temporary cookies. Some cookies we use are essential to make our site work.
Others such as Google Analytics help us to improve the site or provide additional but non-essential features to you.
No behavioural or tracking cookies are used.
To change your consent settings, read about the cookies we set and your privacy, please see our Privacy Policy

Data Protection Law & Policy

Current Issue (May 2015)

Volume: 12 Issue: 5



Recent Searches:
Switzerland   FATCA   Austin   governance   included   obtain   litigation   offers   intensive   telemarketing  

Popular Searches:
France   cookie   trust   EU   filed   internet   protection   issues   asia   draft  

About Data Protection Law & Policy:

The monthly law journal which covers all aspects of data protection and data privacy: data transfer & outsourcing, marketing and e-marketing, freedom of information (FOI), employee monitoring, privacy compliance, online data acquisition and consent, personal data, website compliance and emerging technologies such as behavioural advertising, cloud computing and smart grids. / read more

A credible strategy for One Stop Shop


It’s been said before but the Court of Justice of the European Union’s (CJEU) decision in the Google Spain v. AEPD case was a real game changer. Every law student on the planet learns that there are a number of sources that contribute to the legal system of a given jurisdiction. First and foremost are the statutes adopted by - in the best of cases - democratically elected parliaments. Then there are a myriad of legal obligations that arise from various sources ranging from regulatory guidance to market practices. Ultimately, the most authoritative source is the case law that is constantly emerging from courts’ decisions. Data protection law is no exception and the CJEU has emerged as the ultimate interpreter of the legislator’s will.

Arguably, the most influential element of the entire Google Spain decision is the novel interpretation of the 20 year old criteria to determine the applicability of EU data protection law. The CJEU took the view that a non-EU based data controller is subject to European data protection law if a local EU establishment of that controller is involved in some way in the activities of the controller, even if that establishment is not actually dealing with the data at issue. The aim behind this reasoning is simply to bring within the scope of application of European law any organisation that may not have physical data operations in the EU, but has some kind of presence connected to its use of personal data.

Perhaps unsurprisingly, this interpretation has not just been embraced but stretched to the limit by some EU data protection authorities. Barely a year on since the famous decision, EU authorities across Member States are confidently claiming their competence over data handling activities that not so long ago would have been off-limits. The boldest claim to date has come from the Belgian Privacy Commission, which has stated that it is ‘undeniable’ that it has the competence to take measures against the processing of personal data of Belgian individuals by Facebook, irrespective of Facebook’s acknowledgment that the controllership of all of its European users’ data rests with its Irish entity. In a nutshell, the long accepted view that a data controller established in an EU Member State and operating on a pan-European basis was only subject to the law of that state and the scrutiny of that state's regulator is being blown out of the water.

Click here to read more.


Search Journal Archives

Our publication archives contain all of our articles, dating back to 2004.
Can’t find what you are looking for?
Try an Advanced Search

Log in to Data Protection Law & Policy
Subscribe to Data Protection Law & Policy
Register for a Free Trial to Data Protection Law & Policy
E-Law Alerts
Data Protection Law & Policy Pricing
Cookie Consent Guide - DataGuidance

Social Media

Follow Data Protection Law & Policy on TwitterView Data Protection Law & Policy LinkedIn ProfileData Protection Law & Policy RSS Feed