CIPP/E Notable Court Cases

The ruling in the Google Spain case established the right to be forgotten, which requires search engines to remove links and results related to a person's name, address, and information provided by third parties. This case specifically dealt with Google Spain and the right to privacy of individuals in the European Union. The ruling stated that search engines are responsible for the processing of personal data and must comply with requests to remove links and results that are outdated, irrelevant, or violate an individual's privacy rights.

Schrems is the correct answer because the court case known as Schrems v. Data Protection Commissioner invalidated the Safe Harbor framework, which was a legal mechanism used to transfer personal data from the European Union to the United States. The case was brought by Austrian privacy activist Max Schrems, who argued that the Safe Harbor framework did not adequately protect the privacy rights of European citizens. The European Court of Justice agreed with Schrems and declared the Safe Harbor framework invalid in 2015, leading to the development of a new framework called the EU-US Privacy Shield.

The correct answer is Digital Rights Ireland. The Digital Rights Ireland case ruled that the data retention directive was invalid based on articles 7, 8, and 11.

ANAF is the correct answer because it refers to the Romanian National Agency for Fiscal Administration. In 2018, the European Court of Justice ruled in the ANAF case that personal data cannot be transferred between public administrative bodies without individuals being informed. This decision reinforced the importance of transparency and informed consent in data transfers, ensuring that individuals have control over their personal information.

The court case that ruled that a CCTV recording the public does not fall under the household exemption is Rynes.

Weltimmo is the correct answer because the court case ruled that data protection laws apply in cross border situations. It established that even minimal activities in a member state can trigger the application of member states' data protection law.

The court case Tele2 Sverige and Tom Watson ruled that indiscriminate retention of data, even for fighting crime, is incompatible with the eprivacy directive.