With today’s date marking Data Privacy Day 2015, we look back on some of our top stories in the past year. We also glance forward to the coming 12 months and what they may hold for privacy law. It is important to point out that the last few years have unfolded to the backdrop of Edward Snowden’s allegations of mass surveillance and data collection. This is reflected, in some sense, in the court decisions and stories arising in that period. 2014 has been no exception.

Word from the top

The past year has seen a number of important decisions of Europe’s highest court – the CJEU – on data protection and privacy issues. This is not least in ‘Google Spain’ or what has been termed the ‘Right to be Forgotten’ case. The hotly-debated decision of the CJEU has since set in train a number of important changes in how people may control their data appearing on search engine results. The decision has also been followed by regulatory guidance on how the new rules are to be implemented, together with an example of its impact in the courts which saw the broadening of English jurisdictional rules

Human rights angle

Google Spain also saw the CJEU adopt a human rights-style approach to its decision-making. This was not an outlier case and the court also took a similar approach in the striking down of the Data Retention Directive and the recent interpretation of the ‘household exemption’. It is likely that this approach will continue into 2015 and that the CJEU will interpret challenges to the Data Protection Directive and other privacy-related legislation in light of EU residents’ fundamental rights and freedoms. We are also likely to see further scrutiny around data retention measures, such as those introduced in the UK by way of the Data Retention and Investigatory Powers Act.

Cross-border challenges

The on-going saga that is the Microsoft case is likely to be the standout court decision of 2015. This case epitomises the clash between government and security agencies on the one hand, and tech companies and their users on the other. The case ran throughout the majority of 2014, with Microsoft successively ramping up efforts to fight the US request for Dublin-based user data. The decision of the US Court of Appeals for the Second Circuit in New York is eagerly awaited worldwide and is likely to set a marker for extra-territorial requests for users’ private information.

EU regulators have their say

Europe’s Article 29 Working Party (the “WP”), which comprises the data protection authorities of each Member State, is likely to continue as an indicator of the sentiment of EU privacy regulators. The past year saw the WP publish a number of Opinions dealing with interesting issues such as device fingerprinting, the Internet of Things and privacy concerns over mobile apps.

The move towards hardware

One of the notable trends of 2015 is likely to be hardware, with focus slowly shifting from software and apps. This trend may also be mirrored in privacy concerns arising from these new technologies. Over the past 12 months we have posted on both the development of 3D printing and the self-driving car. With personal drones making a big hit in Christmas 2014, they, along with wearables and smart devices that make up the Internet of Things, are likely to be centre stage for all things privacy in 2015.