Key developments
- ⚖️ The Court of Justice of the European Union (CJEU) rules in Maximilian Schrems v Facebook Ireland Limited (C-498/16) on 25 January 2018.
- 🇪🇺 The General Data Protection Regulation (GDPR) becomes applicable on 25 May 2018.
- The European Economic Area (EEA) Joint Committee adopts a decision on 6 July 2018 allowing for the incorporation of the GDPR in Norway, Iceland and Liechtenstein. The decision also states that ‘data protection is a fundamental right protected in various international human rights agreements’.
- In March 2018, Carole Cadwalladr and Emma Graham-Harrison publish ‘Revealed: 50 million Facebook profiles harvested for Cambridge Analytica in major data breach‘ (The Guardian).
Also this year
- 🇪🇺 Regulation (EU) 2018/1725 is adopted: Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC, OJ L 295, 21.11.2018, 39-98.
- 🇪🇺 Regulation (EU) 2018/1807 is adopted: Regulation (EU) 2018/180 of the European Parliament and of the Council of 14 November 2018 on a framework for the free flow of non-personal data in the EU, OJ L 303, 28.11.2018, 59–68.
- ⚖️ The Court of Justice of the European Union also decides in Wirtschaftsakademie Schleswig-Holstein (C‑210/16) on 5 June 2018, in Jehovan todistajat (C-25/17) on 10 July 2018, and in Ministerio Fiscal (C-207/16), on 8 October 2018.
- 🇪🇺 The European Commission publishes:
- Communication Stronger protection, new opportunities – Commission guidance on the direct application of the General Data Protection Regulation as of 25 May 2018, COM(2018) 43 final, 24.1.2018;
- Communication Towards a common European data space, COM(2018) 232 final, 25.4.2018;
- Report on the second annual review of the functioning of the EU-U.S. Privacy Shield, COM(2018) 860 final, 19.12.2018.
- On 25 May 2018, the NGO noyb files complaints against Google LLC (with the French Data Protection Authority (DPA)), Instagram (Facebook Ireland Ltd) (with the Belgian DPA), WhatsApp Ireland Ltd, with the Hamburg DPA, and Facebook Ireland Ltd (with the Austrian DPA), concerning the ways in which they rely on ‘consent’ as lawful ground for processing personal data.
- At the Council of Europe: Protocol amending the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (CETS No. 223) opens for signature.
- ⚖️ The European Court of Human Rights (ECtHR) decides in Ben Faiza v France, on 8 February 2018, in Libert v France, on 22 February 2018, in Benedik v Slovenia, on 24 April 2018.
- 🇪🇺 The European Parliament adopts the Resolution of 5 July 2018 on the adequacy of the protection afforded by the EU-US Privacy Shield.
- 🇩🇿 Algeria adopts the Loi n° 18-07 du 25 Ramadhan 1439 correspondant au 10 juin 2018 relative à la protection des personnes physiques dans le traitement des données à caractère personnel.
Watch
- 🎬 The feeling of being watched, US film by Assia Boundaoui.
Literature
- Ausloos, Jef, and Pierre Dewitte (2018), ‘Shattering one-way mirrors – data subject access rights in practice‘, International Data Privacy Law, 8(1), 4–28.
- De Terwangne, Cécile and Karen Rosier (2108), Le règlement général sur la protection des données (RGPD/GDPR): Analyse approfondie, Larcier.
- EU Fundamental Rights Agency (2018), The Handbook on European data protection law (2018 edition).
- Feiler, Lukas, Nikolaus Forgó and Michaela Weigl (2018), The EU General Data Protection Regulation (GDPR): A Commentary, Globe Law and Business.
- Hartzog, Woodrow (2018), Privacy’s Blueprint: The Battle to Control the Design of New Technologies, Harvard University Press.
- Igo, Sarah E. (2018), The Known Citizen: A History of Privacy in Modern America, Harvard University Press.
- Loughnane, Christopher, and William Aspray (2018), ‘Rethinking the call for a US national data center in the 1960s: Privacy, social science research, and data fragmentation viewed from the perspective of contemporary archival theory‘, Information & Culture 53(2), 203-242.
- Martínez López-Sáez, Mónica, Una revisión del derecho fundamental a la protección de datos de carácter personal: Un reto en clave de diálogo judicial y constitucionalismo multinevel en la Unión Europea, Tirant Lo Blanch.
- Marsch, Nikolaus (2018), De europäische Datenschutzgrundrecht, Mohr Siebeck.
- Noble, Safiya Umoja (2018), Algorithms of Oppression: How Search Engines Reinforce Racism, NYU Press.
- O’Leary, Siofra (2018), ‘Balancing Rights in a Digital Age’, Irish Jurist 59, 59-92.
- Stenberg, Sten-Åke (2018), Born in 1953: The story about a post-war Swedish cohort, and a longitudinal research project, Stockholm University Press.
- Tamò-Larrieux, Aurelia (2018), Designing for privacy and its legal framework: Data Protection by Design and Default for the Internet of Things, Springer.
- Thouvenin, Florent, et al. (2018), Remembering and forgetting in the digital age, Springer.
- van der Sloot, Bart and Aviva de Groot (eds.) (2018), The Handbook of Privacy Studies: An Interdisciplinary Introduction, Amsterdam University Press.
- Vedaschi, Arianna (2018), ‘The European Court of Justice on the EU-Canada Passenger Name Record Agreement‘, European Constitutional Law Review 14(2), 410-429.
- Von Grafenstein, Maximilian (2018), The Principle of Purpose Limitation in Data Protection Laws: The Risk-based Approach, Principles, and Private Standards as Elements for Regulating Innovation, Nomos.
- Waldman, Ari Ezra (2018), Privacy as trust: Information privacy for an information age, Cambridge University Press.
Music
- 🎵 Cardi B ‘Thru your phone‘ (from Invasion of privacy, Atlantic, 2018).
In the media
- ‘GDPR: Tech firms struggle with EU’s new privacy rules’, BBC News, 24 May 2018.
- Krzistetzko, Leonie, ‘Volkszählungen: “Es gibt keine harmlosen Daten“‘, Spiegel, 19 September 2018.