Tag Archives: hogan lovells

European Court Says Austrian DPA Not independent

According to hldataprotection.com, the European Court of Justice held on October 16, 2012 that Austria’s data protection authority is not sufficiently independent, and therefore fails to comply with the requirements of the European data protection directive. This is the second time that the European Court of Justice has found a data protection authority to lack independence. The first time involved Germany, where the European Court of Justice found that the regional data protection authorities were not sufficiently independent of their respective regional governments.

In its October 16 decision regarding Austria, the European Court of Justice found that the Austrian data protection authority, the DSK, had too many links to the Federal Chancellor’s office. First, the managing member of the DSK is in fact a government employee and therefore has some hierarchical links with the relevant ministry, and inevitably will be subject to the ministry’s influence. Austrian law provides that the members of the DSK shall not be subject to outside instructions. The court found, however, that as an employee of the government subject to performance reviews and promotion decisions, the managing member of the DSK will be implicitly influenced by the policies of his employer.

Second, the Federal Chancellery provides the office and staff for the DSK. Here, too, the court found that the government has an indirect influence over the DSK by virtue of the fact that the DSK staff are Chancellery employees.

Finally, the court criticized a provision in the Austrian law pursuant to which the Federal Chancellor benefits from a general right to information with regard to the DSK’s activities. The far-reaching and unconditional right to information “precludes the DSK from being capable of being regarded as operating, in all circumstances, above all suspicion of partiality.”

Read the whole story HERE.

New research shows that most Western governments have access in the cloud, not only the US government

In a White Paper (“A Global Reality: Governmental Access to Data in the Cloud”) published by Hogan Lowells, which you can find HERE, a not so surprising conclusion arises:

The White Paper reveals that every jurisdiction examined vests authority in the government to require a Cloud service provider to disclose customer data. It explains why the access provisions of the USA Patriot Act are narrower than commonly thought.

The White Paper also reveals that, unlike in the United States where the law specifically protects cloud data from access by the government without legal process, data stored in the Cloud may be disclosed to governmental authorities voluntarily in some jurisdictions, without legal process and protections.

You can find the original news HERE.

I have no idea if the US government had anything to do with this study, but it’s definitely worth to have a look into the White Paper. It is indeed the US government that most of the privacy aware individuals accuse of being over-intrusive, especially after the enactment of the Patriot Act. However, it comes with no surprise that other governments have wide access to data stored in Clouds.

On the other hand, it remains a fact that the US has no unitary legal mechanism for protection of personal data, unlike the European countries analyzed in this report, which are bound by several European Union directives and by Art. 8 of the Charter of Fundamental Rights of the European Union to protect the right to the protection of personal data. This right of course has its limitations, and public interest in various forms is the most important one. There are also exceptions regarding journalistic purposes or research purposes.

It should also be noted that the Obama administration has made some efforts into this direction, by publishing this year the Consumers Privacy Bill of Rights, even though its provisions are not directly applied in disputes but are meant to guide the enactment of further legislation in this field and self-regulatory statues of companies.