After another statement by the German Data Protection Authorities (German DPAs) of 5 September 2018 (Statement, available in English here), stating that the operation of a fan page as offered by Facebook was illegal, Facebook reacted “overnight” and released a co-controller agreement, the “Page Insights Controller Addendum” (Insights Addendum, available here). In a press release … Continue Reading
On 10 July 2018, the Council of the European Union has published a draft of revisions to the proposed ePrivacy Regulation (ePR). The ePR is likely to come into force in 2019. The ePR will repeal and replace the Privacy and Electronic Communications Directive 2002/58/EC. The ePR will align Europe’s ePrivacy regime more closely with … Continue Reading
On 5 June 2018, the Court of Justice of the European Union (CJEU) handed down its long-awaited Facebook fan page judgement (Case C-210/16), holding that the operator of a fan page on Facebook is jointly responsible with Facebook for processing the data of visitors to the page. Only a day later, the Conference of German … Continue Reading
On 26 April 2018, the Conference of German Data Protection Authorities (German DPAs) released a highly criticised position paper on the applicability of the German Telemedia Act (TMA) after 25 May 2018 (Position Paper, available in German here). The Position Paper clearly states that tracking and profiling cookies now require informed prior opt-in consent. Position … Continue Reading
The GDPR is just around the corner and will be effective in less than three months – on 25 May 2018. Organizations are therefore in the midst of preparations to comply with the new Regulation in order to avoid the potentially high fines. Non-EU organizations have to assess whether the GDPR is applicable to them … Continue Reading
On October 30, 2017, Sears Holding Management Corporation (“Sears”) petitioned the Federal Trade Commission (“FTC”) to reopen and modify the settlement to which they agreed in 2009. At that time, Sears agreed to a consent order to resolve the FTC’s complaint that Sears allegedly did not adequately disclose the scope of its collection of “online … Continue Reading
We are only eight months away from the new EU data protection regime entering into force. In addition to the General Data Protection Regulation (“GDPR”), which includes the general data protection provisions, the ePrivacy Regulation shall provide specific rules for electronic communications. However, the legislative process of the ePrivacy Regulation is still in its early … Continue Reading
The Better Business Bureau’s Online Interest-Based Advertising Accountability Program has cracked down on two digital advertising companies for allegedly violating the industry’s self-regulatory principles concerning interest-based advertising. In the case of Exponential Interactive, the accountability program decision reminds third-party advertisers, as defined in the Digital Advertising Alliance Self-Regulatory Principles, that they are obliged to provide … Continue Reading
The Summer 2017 Edition of the quarterly IT & Privacy Newsletter by Reed Smith Germany has just been released. We cover the German GDPR Implementation Act, new case law on processing on the basis of legitimate interests, marketing consent, and provider liability, as well as the paper on Google Analytics by the Hamburg data protection … Continue Reading
On 10 January, the EU Commission proposed a new Regulation on Privacy and Electronic Communications (“proposed Regulation”) to replace Directive 2002/58 (known as the “ePrivacy Directive”). The proposed Regulation The proposed Regulation aims to align the rules that apply to electronic communications services with the forthcoming General Data Protection Regulation (GDPR).… Continue Reading
Responding to news reports that journalists were able to purchase advertising on Facebook targeted to ethnic groups, Facebook announced several new changes to the company’s advertising products. The move highlights heightened scrutiny of advertising practices surrounding the increasing use of big data in many aspects of marketing and advertising. Facebook’s response grew out of a … Continue Reading
On October 27, 2016, the FCC adopted a new set of privacy and data security regulations applicable to “broadband service providers and other telecommunications carriers.” The rules place new restrictions on internet service providers’ (“ISPs”) ability to use and share their customers’ data. The Commission established two data classifications: (1) sensitive information, and (2) non-sensitive … Continue Reading
In 2007, Google bought online ad network DoubleClick, which uses cookies to collect and store data about Google users from their browsing history, to best place clients’ ads. This past June, Google revised its privacy policy to state that users’ activities on other sites tracked by DoubleClick “may be associated with [their] personal information.” This … Continue Reading
This month, the Indianapolis Colts, app developer Yinzcam, Inc., and ultrasonic technology provider Lisnr, Inc., were hit with a federal class action lawsuit in Pennsylvania for violating the Electronic Communications Privacy Act by allegedly allowing the Colts fan app to listen in on users’ personal phone conversations, and use that information for advertising purposes without … Continue Reading
In a sign of the continuing significance of the U.S. Supreme Court’s recent ruling in Spokeo v. Robins, 136 S. Ct. 1540 (May 24, 2016), another federal court has cited that ruling in dismissing claims for lack of Article III standing. In Gubula v. Time Warner Cable, Inc., No. 15-cv-1078 (E.D. Wis. June 17, 2016), … Continue Reading
The European Commission (the executive of the EU) recently published the initial findings of its e-commerce inquiry, an investigative process conducted to determine whether and to what extent competition is being restricted or distorted in the sector. The inquiry focused on geo-blocking, a commercial practice whereby online providers block user access to the purchasing of … Continue Reading
Some of you may remember that back in early November 2015, I wrote about a then little-noticed provision slipped into the Bipartisan Budget Act of 2015. That provision, designed to find more revenues to offset government spending (and thus help to reduce the federal deficit), created an exemption from the Telephone Consumer Protection Act (TCPA) … Continue Reading
The Federal Trade Commission is currently the most aggressive enforcement agency on privacy and data security. The agency kicked off 2016 with PrivacyCon on January 14, which put the spotlight on academic research on consumer privacy and security. The conference, which drew 400 attendees to Southwest D.C. and 1,500 more streaming online, showcased 19 papers … Continue Reading
As 2015 draws to a close, the UK’s Data Protection Regulator, the Information Commissioner’s Office (‘ICO’), is making sure it ends the year with a bang. The past few months have seen a significant increase in enforcement action, a theme which seems to be common for the regulator at this time of year because of … Continue Reading
Exploiting loopholes in Internet users’ cookie-blocking settings while claiming to protect them from cookies is a serious and deceitful invasion of privacy, the Third Circuit held November 10. Ruling on an appeal from consumer plaintiffs, whose multi-district litigation against Google and several other companies that run Internet advertising businesses was dismissed in Delaware District Court, … Continue Reading
Anyone paying attention to goings-on in Washington last month might have heard a loud, bipartisan sigh of relief when both the House and the Senate passed a budget deal that temporarily averted another government shutdown or even a near-term showdown, and could possibly clear the way for a little less gridlock — at least until … Continue Reading
Automated dialing systems are back – temporarily – like never before. The new Budget Act provision makes “robocalls” to mobile phones a nonissue when used to collect money owed to the United States government. Following this release, Sen. Ed Markey spoke out and is reportedly preparing a “Hang Up Act” aimed at repealing this robocall … Continue Reading
In its July 10, 2015 TCPA Omnibus Declaratory Ruling and Order, the Federal Communications Commission unfairly lumps legitimate businesses in with the telemarketing abusers that the Telephone Consumer Protection Act (TCPA) was intended to deter. Highlights within the ruling include: An Expansive Definition of “Automatic Telephone Dialing System” or “Autodialer” Liability for Calling Reassigned/Wrong Wireless … Continue Reading
Reactiv Media has found itself facing a 50% increase in the fine it was attempting to overturn after an appeal to the First-Tier Information Rights Tribunal. The UK Information Rights Tribunal hears appeals against decisions of the Information Commissioner’s Office actions relating to data protection, privacy electronic communications, freedom of information and environmental information. The … Continue Reading
