Modernised Council of Europe Convention 108 sets the pace

We give headline attention to the newly adopted EU-US Privacy Shield (p.1) because of the economic importance of these EU-US transfers of personal data, although it will be subject to legal challenge (p.3). However, themes developed on other pages may have more significance in the long term, as they relate to the future development of data protection laws around the world.

The strengthening of Council of Europe Convention 108 by attracting countries from outside Europe willing to accept its new stronger provisions influenced by the EU Data Protection Regulation (p.14), indicates a growing influence of the law-based approach.

The US-based tech companies win some, for example, Facebook in Belgium (p.21) and lose some, for example, Microsoft in France (p.19). But the facts can equally be interpreted as Microsoft’s willingness to make changes to its Windows 10 privacy policy to protect its reputation, and therefore, achieve a Public Relations win. Meanwhile, Google makes its case for more effective user control (p.20).

The interaction of tech developments and privacy norms is well illustrated by the example of Barcelona Football Club’ smart vests with implications for everyone’s fitness apps (p.18). Leadership sometimes comes from the smaller jurisdictions. The meticulous gathering of forensic digital evidence by ILITA, Israel’s Data Protection Authority, led to the rare example on the international data protection scene of a prison sentence in Israel (p.21). The Catalan Data Protection Authority in Spain organised a privacy competition to encourage innovation. The prize went to a web browser extension to reset the balance between ad blocking and preserving the economic basis of the Internet (p.27).

Privacy Laws & Business is running a one day conference in Birmingham on 28 September with a revised title to reflect the new developments: EU Data Protection Regulation: Time to get organised in the UK – or The Great Escape? 

Many of the articles in this edition are based on sessions at Great Expectations, PL&B’s 29th Annual International Conference in early July. As a subscriber, you can access video clips. 


Stewart Dresner, Publisher

International Report 142

Lead story:

Privacy Shield adopted but likely to face legal challenge

Improvements to the first version include better data retention provisions and an independent Ombudsman, but DPAs are still
cautious. Laura Linkomies reports.

Contents also include:

  • Comment: Nowhere to hide if you are an international company
  • Next steps for the EU GDPR
  • Will Canada stay an ‘adequate’ jurisdiction under the EU GDPR?
  • Can data protection be combined with competition law?
  • New Zealand’s Chief Privacy Officer: What does he do?
  • Renewing Convention 108: The CoE’s ‘GDPR Lite’ initiatives
  • Risk-based approach to data security to continue under GDPR
  • Wearable technology slashes injury risks at FC Barcelona
  • Google steps up users’ control of personal data
  • Privacy focussed identity scheme
  • CJEU Amazon decision
  • EU DPAs call for e-Privacy law
  • EU Cyber Security Directive is adopted
  • CNIL gets results from formal notice to Microsoft
  • Belgian appeal court: Ireland’s DPA has Facebook jurisdiction
  • 18 months in jail for personal data theft in Israel
  • Schrems case aftermath scheduled for 2017 in Ireland
  • FTC fines Singapore-based company $950,000
  • MyTrackingChoices wins Catalan privacy award
  • EDPS: e-Privacy needs clarity and enforcement