Abstract
Upon request of the Article 29 Working Party [in which the European Data Protection Authorities (DPAs) are assembled], the French Data Protection Authority, CNIL, led an investigation into Google’s new privacy policy that was followed by the DPAs publishing their common findings in October 2012. The recommendations, several of which are also supported by DPAs from other regions of the world, urged Google to take effective and public measures to update its privacy policy. This was the first co-ordinated action of this kind undertaken by European DPAs. This Chapter analyses several joint investigations by European and other DPAs. What are the common features of co-ordination and co-operation, what lessons can be learned, what best practices emerge? The results of joint investigations are set against future challenges in confronting big multinationals in regard to the new EU Data Protection Regulation. Several elements of the draft Regulation are examined, notably the consistency mechanism. Finally, suggestions are made to optimise future co-operation and co-ordination by the European DPAs.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
European Commission, Proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), COM(2012) 11 final, Brussels, 25 January 2012. http://ec.europa.eu/justice/data-protection/document/review2012/com_2012_11_en.pdf
- 2.
23rd International Conference of Data Protection and Privacy Commissioners, “The Common Position on Privacy Protection and Search Engines”, Resolution, Hong Kong , 15 April 1998.
- 3.
39th Meeting of the International Working Group on Data Protection in Telecommunications, Washington DC, 6–7 April 2006.
- 4.
- 5.
- 6.
Annex 2 to Opinion 1/2008 on data protection issues related to search engines
- 7.
- 8.
- 9.
- 10.
- 11.
http://www.cbpweb.nl/downloads_int/2009_10_23_letter_wp_google.pdf (respectively Microsoft and Yahoo!)
- 12.
Letter of 19 April 2010, signed by 10 data protection authorities, with seven from Europe, and three from Canada, New Zealand and Israel.
- 13.
- 14.
- 15.
Google Official Blog, 14 October 2011. http://googleblog.blogspot.nl/2011/10/fall-sweep.html. Google continued its social networking strategy with Google +.
- 16.
A media access control address (MAC address ) is a unique identifier a ssigned to network interfaces for communications on the physical network segment.
- 17.
Article 29 Data Protection Working Party, Opinion 13/2011 on Geolocation services on smart mobile devices, WP185, Brussels, Adopted on 16 May 2011, p. 11. http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2011/wp185_en.pdf
- 18.
Article 29 Data Protection Working Party, Opinion 5/2009 on online social networking , WP 163, Brussels, Adopted on 12 June 2009. http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2009/wp163_en.pdf
- 19.
- 20.
- 21.
- 22.
- 23.
- 24.
Opinion 02/2013, WP 202, on apps on smart devices. http://www.dutchdpa.nl/Pages/en_pb-20130314-wp29-opinion-on-mobile-apps
- 25.
- 26.
- 27.
A year later, however, the situation has changed. See Prigg, Mark, “Google Glass goes back on sale to the public (although it will still cost $1500)”, Daily Mail [UK], 14 May 2014. http://www.dailymail.co.uk/sciencetech/article-2627640/Google-Glass-goes-sale-public-cost-1500.html
- 28.
The recent announcement by Google that it will allow users to simply blink an eye to take a picture contradicts the earlier assurances that such actions would be very visible to people around a person wearing Google Glass . See: Google Blog, 17 December 2013. https://plus.google.com/+GoogleGlass/posts/Eg8PoXk6jXw?cfem=1
- 29.
The Echternach Procession is an annual Roman Catholic dancing procession held in Echternach, in eastern Luxembourg. According to Wikipedia, Echternach’s is the last traditional dancing procession in Europe.
- 30.
- 31.
- 32.
- 33.
Article 29 Data Protection Working Party, Opinion 01/2012 on the data protection reform proposals, WP 191, p. 9.
- 34.
Federal Trade Commission , “Protecting Consumer Privacy in an Era of Rapid Change”, Preliminary FTC Staff Report, December 2010. See also the likewise titled FTC Report of March 2012.
- 35.
Kamerstukken II 2011/2012, 32 761, nr 37.
- 36.
Hus tinx, Peter, European Data Protection Supervisor , Opinion of the European Data Protection Supervisor on the data protection reform package, Brussels, 7 March 2012, p. 18. http://www.europarl.europa.eu/meetdocs/2009_2014/documents/libe/dv/edpsopinion_/edpsopinion_en.pdf. See also the EDPS recommendations for a good result from the trialogue process. European Data Protection Supervisor, Opinion of 27 July 2015 – Europe’s big opportunity, EDPS recommendations on the EU’s options for data protection reform. https://secure.edps.europa.eu/EDPSWEB/edps/lang/en/Consultation /Reform_package
- 37.
- 38.
- 39.
See Kuner, Christopher, “The European Commission’s Proposed Data Protection Regulation: A Copernican Revolution in European Data Protection Law”, BNA Bloomberg Privacy and Security Law Report, 6 Feb 2012, pp. 1–15. http://www.kuner.com/my-publications-and-writing/untitled/kuner-eu-regulation-article.pdf
- 40.
15 March 2012, TK 2011–2012 32761 no. 22.
- 41.
Article 29 Data Protection Working Party, Opinion 01/2012 on the data protection reform proposals, Brussels, on 23 March 2012, pp. 18, 24. http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2012/wp191_en.pdf
References
23rd International Conference of Data Protection and Privacy Commissioners, “The Common Position on Privacy Protection and Search Engines”, Resolution, Hong Kong, 15 April 1998.
39th Meeting of the International Working Group on Data Protection in Telecommunications, Washington, DC, 6–7 April 2006.
Article 29 Data Protection Working Party, Opinion 5/2009 on online social networking, WP 163, Brussels, Adopted on 12 June 2009. http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2009/wp163_en.pdf
Article 29 Data Protection Working Party, Opinion 1/2008 on data protection issues related to search engines.
Article 29 Data Protection Working Party, Opinion 13/2011 on Geolocation services on smart mobile devices, WP185, Brussels, Adopted on 16 May 2011, p. 11. http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2011/wp185_en.pdf
Article 29 Data Protection Working Party, Opinion 01/2012 on the data protection reform proposals, Brussels, on 23 March 2012. http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2012/wp191_en.pdf
Dutch Data Protection Authority (College bescherming persoonsgegevens), Opinion 02/2013, WP 202, on apps on smart devices. http://www.dutchdpa.nl/Pages/en_pb-20130314-wp29-opinion-on-mobile-apps
European Commission, Proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), COM(2012) 11 final, Brussels, 25 January 2012. http://ec.europa.eu/justice/data-protection/document/review2012/com_2012_11_en.pdf
European Data Protection Supervisor, Opinion of 27 July 2015 – Europe’s big opportunity, EDPS recommendations on the EU’s options for data protection reform. https://secure.edps.europa.eu/EDPSWEB/edps/lang/en/Consultation/Reform_package
Federal Trade Commission, “Protecting Consumer Privacy in an Era of Rapid Change”, Preliminary FTC Staff Report, December 2010. See also the likewise titled FTC Report of March 2012.
Google Official Blog, 14 October 2011. http://googleblog.blogspot.nl/2011/10/fall-sweep.html
Google Blog, 17 December 2013. https://plus.google.com/+GoogleGlass/posts/Eg8PoXk6jXw?cfem=1
Hustinx, Peter, European Data Protection Supervisor, Opinion of the European Data Protection Supervisor on the data protection reform package, Brussels, 7 March 2012, p. 18. http://www.europarl.europa.eu/meetdocs/2009_2014/documents/libe/dv/edpsopinion_/edpsopinion_en.pdf
Kamerstukken II 2011/2012, 32 761, nr 37.
Kuner, Christopher, “The European Commission’s Proposed Data Protection Regulation: A Copernican Revolution in European Data Protection Law”, BNA Bloomberg Privacy and Security Law Report, 6 Feb 2012, pp. 1–15. http://www.kuner.com/my-publications-and-writing/untitled/kuner-eu-regulation-article.pdf
Prigg, Mark, “Google Glass goes back on sale to the public (although it will still cost $1500)”, Daily Mail [UK], 14 May 2014. http://www.dailymail.co.uk/sciencetech/article-2627640/Google-Glass-goes-sale-public-cost-1500.html
Acknowledgement
The author acknowledges with thanks the contributions from Pauline Hoefer-van Dongen and Dominique Hagenauw in the preparation of this chapter.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Kohnstamm, J. (2016). Getting Our Act Together: European Data Protection Authorities Face Up to Silicon Valley. In: Wright, D., De Hert, P. (eds) Enforcing Privacy. Law, Governance and Technology Series(), vol 25. Springer, Cham. https://doi.org/10.1007/978-3-319-25047-2_19
Download citation
DOI: https://doi.org/10.1007/978-3-319-25047-2_19
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-25045-8
Online ISBN: 978-3-319-25047-2
eBook Packages: Law and CriminologyLaw and Criminology (R0)