Archives: Cookies, Tracking & Online Behavioral Advertising

Subscribe to Cookies, Tracking & Online Behavioral Advertising RSS Feed

Kids’ Smart Watchmaker Updates Privacy Practices at Safe Harbor’s Direction

On March 8th, the Children’s Advertising Review Unit (“CARU”), a FTC-approved safe harbor organization that monitors compliance with the Children’s Online Privacy Protection Act (“COPPA”), announced it had found TickTalkTickTalk––a children’s smart watchmaker and one of CARU’s member organizations—in violation of COPPA and CARU’s privacy guidelines.… Continue Reading

U.S. Data Privacy Compliance Roadmap for 2022

There’s no doubt 2022 will be a big year for data privacy compliance with three new laws going into effect in 2023. On January 1, 2023, the California Privacy Rights Act (CPRA) will replace and amend California’s most recent, comprehensive data privacy law, the California Consumer Privacy Act (CCPA), and Virginia’s first extensive privacy law, … Continue Reading

German court prohibits U.S. data transfers in “Cookiebot” decision: Why this decision is special and should alert, but not upset your organization

On December 1, 2021, in a much-noted decision, the Administrative Court of Wiesbaden (AC Wiesbaden) handed down a preliminary injunction dealing with international data transfers (case 6 L 738/21.WI, available in German here). In the specific case, there was no data transfer mechanism in place and thus the court ordered the defendant to stop using … Continue Reading

Get your Update on IT & Data Protection Law in our Newsletter (Summer 2021 Edition)

The Summer 2021 Edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released: English version German version In this edition we cover the following topics: Update on international data transfers State Labour Court of Baden-Württemberg: No claim for damages for transferring personal data to the United States on … Continue Reading

When are Reach Measurement Cookies exempt from the consent requirement?

After Germany became the last EU member state to transpose Article 5(3) of the Directive 2002/58/EC, amended by Directive 2009/136/EC (ePrivacy Directive) into national law, the use of cookies in the EU must meet one of the following requirements: The user’s consent, or The cookie must be strictly necessary in order to provide the service … Continue Reading

Get the latest updates on our Tech Law Talks podcast

Catch up on our Tech Law Talks podcast series for practical observations on technology and data legal trends. We cover product and technology development to operational and compliance issues that technology practitioners encounter every day. On this channel, we host regular discussions about the legal and business issues around data protection, privacy and security; data risk … Continue Reading

A new recipe for Cookies – The new German Telecommunications and Telemedia Data Protection Act

The German Federal Cabinet adopted the Telecommunications and Telemedia Data Protection Act (Telekommunikation-Telemedien-Datenschutzgesetz – TTDSG, available here) on February 10, 2021. The TTDSG, among other things, provides new rules on cookies and similar technologies (Cookies), introducing only two categories of Cookies: (1) strictly necessary Cookies and (2) consent-based Cookies. The legal basis of legitimate interests … Continue Reading

Cookies: CNIL provides clarification on its position through three major decisions impacting worldwide online service providers

The French data protection authority (CNIL) rendered three major decisions impacting worldwide online service providers following online controls and investigations performed on the companies’ websites. These decisions highlight the obligations of data controllers when using cookies and other trackers, notably regarding the way the user’s consent shall be collected, and the level of information that … Continue Reading

EDPB updates consent guidance to clarify its position on consent to the use of cookies

On 4 May 2020, the European Data Protection Board (EDPB) adopted an updated set of guidelines on consent (Guidelines) under the General Data Protection Regulation (GDPR). These updates were made to the original guidelines published by the Article 29 Working Party on 10 April 2018, which the EDPB endorsed at its first plenary meeting on … Continue Reading

The 7-Step Ad Tech Guide – New guidance issued by industry bodies on programmatic advertising

The Data & Marketing Association and the Incorporated Society of British Advertisers have published a “Seven-Step Ad Tech Guide” (the Guide) to help address the privacy challenges of Real Time Bidding (RTB) in programmatic advertising. RTB is an automated auction process that allows advertising space to be bought and sold on a per-impression basis. When … Continue Reading

#Ad #Germany – Update for influencers

On February 13, 2020, the German Federal Ministry of Justice and Consumer Protection (BMJV) published a proposal to soften the regulatory requirements for influencers for labeling their posts as advertising (Proposal). Under the Proposal, statements posted on social media about products for which no consideration was given – either in the form of monetary compensation or other … Continue Reading

It’s time to reassess cookie compliance in France

Companies have been challenged with respect to their cookie policies and their implementation due to the entry into force of the GDPR earlier than the proposed ePrivacy Regulation  Given the delay in the adoption of an EU-wide regulation on e-privacy, national data protection authorities have taken the initiative in publishing guidelines on cookies requirements. The … Continue Reading

2020 could be a monumental year for adtech

With the California Consumer Privacy Act (CCPA) coming into effect on January 1 and the announcement on 14 January from Google that it will be phasing out third party cookies within the next two years, it seems that 2020 will be a significant year for the adtech industry as industry players react with solutions and … Continue Reading

Updated draft of ePrivacy Regulation – Finnish presidency of the Council of the EU aims for final text by the end of the year

The Finnish presidency of the Council of the EU (Finnish Presidency) released an updated draft of the Regulation on Privacy and Electronic Communications (ePrivacy Regulation) on October 30, 2019 (available here). The Working Party on Telecommunications and Information Society (WP TELE) will discuss the new draft at its meeting on November 7, 2019. Amendments put … Continue Reading

Compliant use of cookies in the EU is still a secret recipe: ECJ decides on Planet49, but does not provide clarity

In its judgment of 1 October 2019, the European Court of Justice (ECJ) decided on cookie consent requirements under the General Data Protection Regulation 2016/679/EU (GDPR) and the Cookie Directive 2002/58/EC (Cookie Directive) (Case C-673/17, Planet49 GmbH v. Bundesverband der Verbraucherzentralen und Verbraucherverbände – Verbraucherzentrale Bundesverband e.V. (the Judgment)). The ECJ set clear requirements on what cookie … Continue Reading

Update on ePrivacy Regulation: “Current draft does not guarantee high level of protection and cannot be supported”, German government states

In its response dated 3 July 2019 (Response; file no. 19/11351, available in German here) to an inquiry by members of the German parliament (Inquiry), the German government took stand on the current draft Regulation on Privacy and Electronic Communications (ePrivacy Regulation), and particularly on “tracking”. The German government summarises its assessment of the ePrivacy … Continue Reading

Check your compliance to the updated ICO guidance on cookies

On July 3, 2019 the Information Commissioner’s Office (ICO) published an updated guidance on the use of cookies. Although the guidance confirms requirements of which most data practitioners already comply, it outlines steps for non-compliant companies. Now that the ICO has confirmed its regulatory expectations and detailed immediate enforcement, companies need to take action to … Continue Reading

Advocate General’s opinion on social networks’ obligations on (worldwide) deletion of illegal content

“The internet’s not written in pencil, it’s written in ink.” Advocate General (AG) Szpunar commenced his opinion dated 4 June 2019 in Case C-18/18 (Opinion, available here) with the above quote from the movie The Social Network. In the Opinion the AG analysed the substantive scope of injunctions, in particular if social network providers “may … Continue Reading

ICO investigates adtech awareness through fact finding forum

The Information Commissioner’s Office (ICO) recently published a summary report of its fact finding forum on data protection issues arising from advertising technology (adtech). Adtech is a term commonly used to refer to all technologies, software and services used for delivering and targeting online advertisements. The ICO compiled responses from over 2,300 participants in an … Continue Reading

Planet49: Advocate General’s opinion on cookies and consent bundling

On 21 March 2019, Advocate General Maciej Szpunar (“AG”) delivered an opinion on cookie consent, information obligations regarding cookies and consent bundling (Case C-673/17, Planet49 GmbH v. Bundesverband der Verbraucherzentralen und Verbraucherverbände – Verbraucherzentrale Bundesverband e.V.). In the case at issue, users entering into a promotional lottery were confronted with two checkboxes: A checkbox obtaining … Continue Reading

UK regulator to focus on ad-tech

On 6 March 2019, the Information Commissioner’s Office (ICO) will host a fact-finding forum in central London. The aim of this forum is to facilitate a dialogue between ad-tech stakeholders. The ICO wants to understand the complexities of ad-tech practices. Why ad-tech? ‘Ad-tech’ is the product of technology’s transformation of the advertising industry. It uses … Continue Reading

German supervisory authority audited 40 websites on the use of tracking tools – and none of them was compliant

The Bavarian Data Protection Authority (‘Bavarian DPA’) audited major Bavarian websites for their use of tracking tools on Safer Internet Day. It calls its findings “desolate”. None of the tracking tools were implemented in a compliant manner. Audit by the Bavarian DPA Tracking and the requirements for using cookies have been a highly debated topic … Continue Reading
LexBlog