Skip to main content
SpringerLink
Log in
Book cover

Enforcing Privacy pp 455–472Cite as

Getting Our Act Together: European Data Protection Authorities Face Up to Silicon Valley

  • Chapter
  • First Online:

Part of the book series: Law, Governance and Technology Series ((ISDP,volume 25))

Abstract

Upon request of the Article 29 Working Party [in which the European Data Protection Authorities (DPAs) are assembled], the French Data Protection Authority, CNIL, led an investigation into Google’s new privacy policy that was followed by the DPAs publishing their common findings in October 2012. The recommendations, several of which are also supported by DPAs from other regions of the world, urged Google to take effective and public measures to update its privacy policy. This was the first co-ordinated action of this kind undertaken by European DPAs. This Chapter analyses several joint investigations by European and other DPAs. What are the common features of co-ordination and co-operation, what lessons can be learned, what best practices emerge? The results of joint investigations are set against future challenges in confronting big multinationals in regard to the new EU Data Protection Regulation. Several elements of the draft Regulation are examined, notably the consistency mechanism. Finally, suggestions are made to optimise future co-operation and co-ordination by the European DPAs.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   149.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   199.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   199.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    European Commission, Proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), COM(2012) 11 final, Brussels, 25 January 2012. http://ec.europa.eu/justice/data-protection/document/review2012/com_2012_11_en.pdf

  2. 2.

    23rd International Conference of Data Protection and Privacy Commissioners, “The Common Position on Privacy Protection and Search Engines”, Resolution, Hong Kong , 15 April 1998.

  3. 3.

    39th Meeting of the International Working Group on Data Protection in Telecommunications, Washington DC, 6–7 April 2006.

  4. 4.

    www.privacyconference.2006.org

  5. 5.

    http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2008/wp148_en.pdf

  6. 6.

    Annex 2 to Opinion 1/2008 on data protection issues related to search engines

  7. 7.

    http://ec.europa.eu/justice_home/fsj/privacy/workinggroup/index_en.htm

  8. 8.

    http://ec.eurropa.eu/justice/policies/privacy/news/docs/pr_12_02_09_en.pdf

  9. 9.

    http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/others/2010_05_26_letter_wp_federal_trade_commission.pdf

  10. 10.

    http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/others/2010_05_26_letter_wp_vpreding.pdf

  11. 11.

    http://www.cbpweb.nl/downloads_int/2009_10_23_letter_wp_google.pdf (respectively Microsoft and Yahoo!)

  12. 12.

    Letter of 19 April 2010, signed by 10 data protection authorities, with seven from Europe, and three from Canada, New Zealand and Israel.

  13. 13.

    http://www.scribd.com/fullscreen/31056661?access_key=key-np9r7ignhiwjhw2x2i2

  14. 14.

    http://www.ftc.gov/news-events/press-releases/2011/03/ftc-charges-deceptive-privacy-practices-googles-rollout-its-buzz

  15. 15.

    Google Official Blog, 14 October 2011. http://googleblog.blogspot.nl/2011/10/fall-sweep.html. Google continued its social networking strategy with Google +.

  16. 16.

    A media access control address (MAC address ) is a unique identifier a ssigned to network interfaces for communications on the physical network segment.

  17. 17.

    Article 29 Data Protection Working Party, Opinion 13/2011 on Geolocation services on smart mobile devices, WP185, Brussels, Adopted on 16 May 2011, p. 11. http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2011/wp185_en.pdf

  18. 18.

    Article 29 Data Protection Working Party, Opinion 5/2009 on online social networking , WP 163, Brussels, Adopted on 12 June 2009. http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2009/wp163_en.pdf

  19. 19.

    http://ec.europa.eu/digital-agenda/sites/digital-agenda/files/sn_principles.pdf

  20. 20.

    http://www.cbpweb.nl/Pages/med_20100513_facebook.aspx

  21. 21.

    http://dataprotection.ie/viewdoc.asp?DocID=1182

  22. 22.

    http://ec.europa.eu/justice/data-protection/article-29/documentation/otherdocument/files/2012/20121016_letter_to_google_en.pdf

  23. 23.

    http://www.cbpweb.nl/Pages/pb_20130128-whatsapp.aspx and www.priv.gc.ca

  24. 24.

    Opinion 02/2013, WP 202, on apps on smart devices. http://www.dutchdpa.nl/Pages/en_pb-20130314-wp29-opinion-on-mobile-apps

  25. 25.

    http://ec.europa.eu/justice/data-protection/article-29/documentatio/other-document/files/2013/20130618_letter_to_google_glass_en.pdf

  26. 26.

    http://www.priv.gc.ca/media/nr-c/2013/let_130627_google_e.asp

  27. 27.

    A year later, however, the situation has changed. See Prigg, Mark, “Google Glass goes back on sale to the public (although it will still cost $1500)”, Daily Mail [UK], 14 May 2014. http://www.dailymail.co.uk/sciencetech/article-2627640/Google-Glass-goes-sale-public-cost-1500.html

  28. 28.

    The recent announcement by Google that it will allow users to simply blink an eye to take a picture contradicts the earlier assurances that such actions would be very visible to people around a person wearing Google Glass . See: Google Blog, 17 December 2013. https://plus.google.com/+GoogleGlass/posts/Eg8PoXk6jXw?cfem=1

  29. 29.

    The Echternach Procession is an annual Roman Catholic dancing procession held in Echternach, in eastern Luxembourg. According to Wikipedia, Echternach’s is the last traditional dancing procession in Europe.

  30. 30.

    See www.privacyenforcement.net

  31. 31.

    http://www.prov.gc.ca/media/nr-c/2013/nr-c_130813_e.asp

  32. 32.

    https://privacyconference2013.org/web/pageFiles/kcfinder/files/5.%20International%20law%20resolution%20EN%281%29.pdf

  33. 33.

    Article 29 Data Protection Working Party, Opinion 01/2012 on the data protection reform proposals, WP 191, p. 9.

  34. 34.

    Federal Trade Commission , “Protecting Consumer Privacy in an Era of Rapid Change”, Preliminary FTC Staff Report, December 2010. See also the likewise titled FTC Report of March 2012.

  35. 35.

    Kamerstukken II 2011/2012, 32 761, nr 37.

  36. 36.

    Hus tinx, Peter, European Data Protection Supervisor , Opinion of the European Data Protection Supervisor on the data protection reform package, Brussels, 7 March 2012, p. 18. http://www.europarl.europa.eu/meetdocs/2009_2014/documents/libe/dv/edpsopinion_/edpsopinion_en.pdf. See also the EDPS recommendations for a good result from the trialogue process. European Data Protection Supervisor, Opinion of 27 July 2015 – Europe’s big opportunity, EDPS recommendations on the EU’s options for data protection reform. https://secure.edps.europa.eu/EDPSWEB/edps/lang/en/Consultation /Reform_package

  37. 37.

    http://europa.eu/rapid/press-release_SPEECH-13-269_en.htm

  38. 38.

    http://ec.europa.eu/justice/newsroom/data-protection/news/120125_en.htm

  39. 39.

    See Kuner, Christopher, “The European Commission’s Proposed Data Protection Regulation: A Copernican Revolution in European Data Protection Law”, BNA Bloomberg Privacy and Security Law Report, 6 Feb 2012, pp. 1–15. http://www.kuner.com/my-publications-and-writing/untitled/kuner-eu-regulation-article.pdf

  40. 40.

    15 March 2012, TK 2011–2012 32761 no. 22.

  41. 41.

    Article 29 Data Protection Working Party, Opinion 01/2012 on the data protection reform proposals, Brussels, on 23 March 2012, pp. 18, 24. http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2012/wp191_en.pdf

References

Download references

Acknowledgement

The author acknowledges with thanks the contributions from Pauline Hoefer-van Dongen and Dominique Hagenauw in the preparation of this chapter.

Author information

Authors and Affiliations

  1. Dutch Data Protection Authority, 93374, 2500 AJ, The Hague, The Netherlands

    Jacob Kohnstamm

Authors
  1. Jacob Kohnstamm
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jacob Kohnstamm .

Editor information

Editors and Affiliations

  1. Trilateral Research, London, United Kingdom

    David Wright

  2. Vrije Universiteit Brussel Law, Science, Technology & Society (LSTS), Brussels, Belgium

    Paul De Hert

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this chapter

Cite this chapter

Kohnstamm, J. (2016). Getting Our Act Together: European Data Protection Authorities Face Up to Silicon Valley. In: Wright, D., De Hert, P. (eds) Enforcing Privacy. Law, Governance and Technology Series(), vol 25. Springer, Cham. https://doi.org/10.1007/978-3-319-25047-2_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-25047-2_19

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-25045-8

  • Online ISBN: 978-3-319-25047-2

  • eBook Packages: Law and CriminologyLaw and Criminology (R0)

Publish with us

Policies and ethics

Search

Navigation