The Summer 2017 Edition of the quarterly IT & Privacy Newsletter by Reed Smith Germany has just been released. We cover the German GDPR Implementation Act, new case law on processing on the basis of legitimate interests, marketing consent, and provider liability, as well as the paper on Google Analytics by the Hamburg data protection … Continue Reading
On 10 January, the EU Commission proposed a new Regulation on Privacy and Electronic Communications (“proposed Regulation”) to replace Directive 2002/58 (known as the “ePrivacy Directive”). The proposed Regulation The proposed Regulation aims to align the rules that apply to electronic communications services with the forthcoming General Data Protection Regulation (GDPR).… Continue Reading
Responding to news reports that journalists were able to purchase advertising on Facebook targeted to ethnic groups, Facebook announced several new changes to the company’s advertising products. The move highlights heightened scrutiny of advertising practices surrounding the increasing use of big data in many aspects of marketing and advertising. Facebook’s response grew out of a … Continue Reading
On October 27, 2016, the FCC adopted a new set of privacy and data security regulations applicable to “broadband service providers and other telecommunications carriers.” The rules place new restrictions on internet service providers’ (“ISPs”) ability to use and share their customers’ data. The Commission established two data classifications: (1) sensitive information, and (2) non-sensitive … Continue Reading
In 2007, Google bought online ad network DoubleClick, which uses cookies to collect and store data about Google users from their browsing history, to best place clients’ ads. This past June, Google revised its privacy policy to state that users’ activities on other sites tracked by DoubleClick “may be associated with [their] personal information.” This … Continue Reading
This month, the Indianapolis Colts, app developer Yinzcam, Inc., and ultrasonic technology provider Lisnr, Inc., were hit with a federal class action lawsuit in Pennsylvania for violating the Electronic Communications Privacy Act by allegedly allowing the Colts fan app to listen in on users’ personal phone conversations, and use that information for advertising purposes without … Continue Reading
In a sign of the continuing significance of the U.S. Supreme Court’s recent ruling in Spokeo v. Robins, 136 S. Ct. 1540 (May 24, 2016), another federal court has cited that ruling in dismissing claims for lack of Article III standing. In Gubula v. Time Warner Cable, Inc., No. 15-cv-1078 (E.D. Wis. June 17, 2016), … Continue Reading
The European Commission (the executive of the EU) recently published the initial findings of its e-commerce inquiry, an investigative process conducted to determine whether and to what extent competition is being restricted or distorted in the sector. The inquiry focused on geo-blocking, a commercial practice whereby online providers block user access to the purchasing of … Continue Reading
The Federal Trade Commission is currently the most aggressive enforcement agency on privacy and data security. The agency kicked off 2016 with PrivacyCon on January 14, which put the spotlight on academic research on consumer privacy and security. The conference, which drew 400 attendees to Southwest D.C. and 1,500 more streaming online, showcased 19 papers … Continue Reading
Exploiting loopholes in Internet users’ cookie-blocking settings while claiming to protect them from cookies is a serious and deceitful invasion of privacy, the Third Circuit held November 10. Ruling on an appeal from consumer plaintiffs, whose multi-district litigation against Google and several other companies that run Internet advertising businesses was dismissed in Delaware District Court, … Continue Reading
On 3 February, the Article 29 Data Protection Working Party published its ‘Cookie Sweep Combined Analysis – Report’. The sweep was undertaken by the WP29 in partnership with eight of the European data protection regulators, including the UK’s ICO, France’s CNIL and Spain’s AEPD, in order to assess the current steps taken by website operators … Continue Reading
The Article 29 Data Protection Working Party (Working Party) released Opinion 9/2014 on ePrivacy Directive 2002/58/EC (amended in 2009), stating that the consent and transparency mechanisms apply to digital fingerprinting of devices (Opinion). The Working Party issued the opinion to clarify that consent was required and to end “surreptitious tracking” of users in light of … Continue Reading
This post was also written by Matthew N. Peters. In early May the Italian data protection authority (“Garante”) issued “Simplified Arrangements to Provide Information and Obtain Consent Regarding Cookies” (“Guidelines”). These are intended to provide clarity on the application of Legislative Decree No. 69/2012 (the “2012 Act”), which implemented the EU Cookie Directive in Italy. The … Continue Reading
On June 17, 2014, Magistrate Judge Laurel Beeler of the Northern District of California denied class certification for the proposed class of Hulu and Facebook users alleging that their personal information was transmitted to Facebook in violation of the Video Privacy Protection Act (VPPA). We’ve written about this VPPA case before. At the end of … Continue Reading
The Federal Communications Commission (FCC) yesterday announced the largest Do-Not-Call settlement it has ever reached. Under that settlement, a major telecommunications company will pay $7.5 million for the mobile wireless company’s alleged failure to honor consumer requests to opt out of phone and text marketing communications. In addition, the company has agreed to take a … Continue Reading
On May 15, 2014, Maneesha Mithal, Associate Director of the Division of Privacy and Identity Protection at the Federal Trade Commission (“FTC” or “Commission”) testified, on behalf of the FTC, before the U.S. Senate Committee on Homeland Security and Governmental Affairs addressing the Commission’s work regarding three consumer protection issues affecting online advertising: (1) privacy, … Continue Reading
At the end of April, the French data protection authority (CNIL) released its inspection schedule for 2014 (the Schedule), promising to carry out some 550 inspections over the course of the year. Approximately 350 inspections are expected to be on-site, a quarter of which will focus on CCTV/video surveillance, and 200 will be carried out … Continue Reading
The Spanish data protection authority, the AEPD, has issued the first European cookie fine for the violation of Article 22.2 of Spain’s Information Society Services and Electronic Communications Law 34/2002 (Spanish E-Commerce Act), as amended by Royal Decree Law 13/2012 which implements the e-Privacy Directive (Directive 2002/58). On 29 April 2013, the AEPD issued guidelines … Continue Reading
The ‘Future of the Cookie Working Group’, established by the International Advertising Bureau (IAB) in 2012, has published a white paper titled ‘Privacy and Tracking in a Post-Cookie World’, which addresses the limitations of the traditional cookie. The Future of the Cookie Working Group takes issue with the fact that the cookie often forms the … Continue Reading
The ICO has had a busy January with some key updates to note for the start of 2014. The ICO has produced a series of quarterly reports: Spam text messages The main three topics for the subject of unsolicited marketing text messages were found to be debt management, payday loans and payment protection insurance. Enforcement … Continue Reading
This post was also written by Frederick Lah. The Online Interest-Based Advertising Accountability Program Council issued its first ever compliance warning about the omission of notices of data collection for online behavioral advertising, which are required under the Self-Regulatory Principles for Online Behavioral Advertising. Enforcement actions against first parties failing to provide such notice has been delayed … Continue Reading
This post was written by Joshua B. Marker. The Digital Advertising Alliance released its self-regulatory principles for advertising in the mobile environment yesterday. While the guidance is ostensibly focused on advertising, it incorporates many important privacy principles regarding the collection, use, and sharing of data through mobile applications, and should be reviewed by any company … Continue Reading
The Spanish data protection authority, Agencia Española de Protección de Datos (AEPD), has issued three new guidance documents dealing with (1) the use of cookies, (2) cloud computing from a customer perspective and (3) cloud computing from a service provider perspective. The guides provide useful information on how to use modern IT solutions in conjunction … Continue Reading
The UK Information Commissioner’s Office (ICO) has published a report detailing compliance and consumer concerns about use of cookies, following the changes under Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 (PECR), which require consent, more transparent notice and opt-out. In response to more than 550 consumer complaints about implied consent mechanisms and the … Continue Reading
