Over the last 2 years we have seen a trend towards increased regulation, more enforcement action and a greater focus on privacy rights across the world. This trend appears to be continuing in France where we have seen a €100,000 fine issued against Google Inc over the "Right to be Forgotten". The Portuguese Data Protection Authority, in its plan of activities for 2016 also emphasises enforcement, as well as preparation for the GDPR, and in Romania we see an exercise of rebalancing between privacy and security with interceptions made by intelligence services being deemed unconstitutional as they did not have an appropriate legislative basis for collecting personal information.
In addition, we have seen the Czech Republic's data protection authority following the example of the UK's ICO, which has traditionally been more ready than other European data protection authorities to embrace new technologies, with its focus on the use of cloud computing, CCTV and drones.
March also saw a case in Germany on an employer's data protection obligations in respect of its employees' private use of work emails and the internet.
For those organisations that have an international presence, a decision from the Spanish Supreme Court reinforces the position under the Germany establishment case we reported on this month, with Google Inc being declared the sole data controller of Spanish data and not Google Spain.
And, closer to home, the Irish Office of the Data Protection Commissioner has published a guide on data sharing arrangements in the public sector.