5 3 March 2008

News:

The Paris Tribunal de Grande Instance (TGI) ordered note2be.com, a website allowing pupils to evaluate their teachers, to suspend the automated processing of personal data about professors.

Germany's Federal Constitutional Court has annulled a NorthRhine Westphalia law which granted intelligence agencies broad powers to monitor the online behaviour of suspects during criminal investigations, finding that it violated the German Constitution.

The UK Information Commissioner's Office (ICO) has launched its strategy paper, setting out how it will promote good industry practice and minimise data protection risk.

Features:

Will privacy laws ever catch up with the internet? Since its early days as a communication and information channel, the internet has created tough challenges for lawyers and law makers. Do you remember when some astute individuals started registering domain names with famous brands and demanding money for them? At first, it was not clear whether trademark law would be good enough to protect brand owners in this situation. What about when internet service providers (ISPs) got into all sort of trouble as a result of defamatory statements made online by their users? Many ISPs were made responsible for such actions despite their lack of knowledge. Eventually, these legal puzzles were resolved, but somehow the internet remains a very slippery ground for current privacy concepts and principles.

Regulators in the US have taken a proactive approach to protecting child privacy online, culminating in an agreement between fifty state Attorneys General and MySpace. Lindsey Tonsager, an Associate with Covington & Burling LLP, highlights federal and state developments.

The European Court of Justice has recently ruled that Member States are not required to issue legislation requiring the communication of personal data in the context of civil proceedings. However, the ruling also confirmed that under European law, there is no impediment to such legislation being enacted, as long as it strikes a fair balance between the fundamental rights at stake. Bridget Treacy, a Partner at Hunton & Williams, assess the implications of the Promusicae judgment for rights holders, ISPs and individuals.

Facebook has faced criticism that its privacy policies should comply with European data protection law, especially now that it has established offices in EU Member States. Simon McGarr, a Solicitor with McGarr Solicitors, highlights some of the difficulties that Facebook will have to tackle in order to ensure compliance.

While there is no specific law addressing data protection and privacy in Turkey, general data protection principles are protected by existing legislation. Emre Berk, an Attorney with Bener Law Office, explains how data protection and privacy are safeguarded through the constitution, the civil code and other legislation, explaining government plans for a draft law on data processing.

In the third part of a series of articles, Stewart Room, a Partner at Field Fisher Waterhouse LLP, examines data breach notification obligations, setting out that the UK Data Protection Act, despite lacking a specific breach notification obligation, does contain provisions which are consistent with it, as well as assessing wider developments at national and EU level.

The recent 'Yorkshire Forward' case, where the Information Tribunal overturned an ICO decision to reject a FOI request on the grounds that the information constituted 'personal data', is significant because the Tribunal followed the principles set out in Durant, and not the ICO's own guidance on what constitutes personal data. Sue Cullen, a Solicitor at Pinsent Masons LLP, examines the decision and its implications for enforcement of data protection law in the UK.