In July 2019, the UK privacy regulator, the Information Commissioner’s Office (ICO) issued a warning about the privacy implications of automated facial recognition technology (AFR). The ICO was concerned that AFR “represent[s] the widespread processing of biometric data of thousands of people as they go about their daily lives.” The UK High Court recently handed … Continue Reading
The Summer 2019 Edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released: English version German version In this edition we cover the following topics: ECJ and GDPR: Another decision hitting social media activities by companies EDPB does not opt for changes to EU standard contractual clauses EU … Continue Reading
In its recent decision of 11 June 2019 (docket no.: 4 U 760/19, available here), the Dresden Court of Appeals (Oberlandesgericht Dresden – Court of Appeals) had to decide on claims for damages under Article 82 GDPR with regard to minor violations of the GDPR. Background The defendant, the provider of a social network, had … Continue Reading
Rack Room Shoes, Inc. (Rack Room) has agreed to pay up to nearly $26 million to settle a class action lawsuit alleging violations of the Telephone Consumer Privacy Act (TCPA). The lawsuit, Goldschmidt v. Rack Room Shoes, Inc., centers on claims that defendant Rack Room violated the TCPA when it initiated a text message campaign … Continue Reading
The Spring 2019 Edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released. We provide updates on cookies and tracking tools, Facebook fan pages, fines under GDPR, influencer marketing, email encryption, platform provider obligations, framing, the new German Trade Secrets Act, and more. The newsletter also includes multiple … Continue Reading
“The internet’s not written in pencil, it’s written in ink.” Advocate General (AG) Szpunar commenced his opinion dated 4 June 2019 in Case C-18/18 (Opinion, available here) with the above quote from the movie The Social Network. In the Opinion the AG analysed the substantive scope of injunctions, in particular if social network providers “may … Continue Reading
Addressing an issue of first impression, the Pennsylvania Superior Court ruled last week that a venue analysis dating to 1967 focusing on the location of dissemination of allegedly defamatory newspapers applied to online defamation suits as well. As a result, the proper venue for Pennsylvania defamation suits based on website content is any county where … Continue Reading
The recent case of Green v. Group Ltd and others [2019] EWHC 954 (Ch) dealing with Cambridge Analytica’s insolvency has clarified the approach that administrators should take when subject access requests are made to the companies over which they are appointed. A failed administration… In the aftermath of the notorious data analytics activities of Cambridge … Continue Reading
The Supreme Judicial Court of Massachusetts issued two rulings last week addressing law enforcement access to and use of cell phone location data. In the first, the court found that pinging a cell phone’s real-time location constitutes a search in the constitutional sense. In the second, the court held that warrantless location tracking was an … Continue Reading
Procedural laws and principles contain a clear concept regarding which party must present and prove what information in court proceedings. Claimants in employment proceedings currently try to use the right to access of data subjects under Article 15 GDPR to shake this concept up. Judgment of the Higher Labour Court of Baden-Württemberg On 20 December … Continue Reading
On 21 March 2019, Advocate General Maciej Szpunar (“AG”) delivered an opinion on cookie consent, information obligations regarding cookies and consent bundling (Case C-673/17, Planet49 GmbH v. Bundesverband der Verbraucherzentralen und Verbraucherverbände – Verbraucherzentrale Bundesverband e.V.). In the case at issue, users entering into a promotional lottery were confronted with two checkboxes: A checkbox obtaining … Continue Reading
In a recent request for a preliminary ruling in a case concerning Amazon, the Advocate General Pitruzzella (AG) has given his opinion that the Consumer Rights Directive (2011/83/EU) (CRD) requires traders to offer their consumers a choice of means of communication, but this is not confined to the trader’s telephone number. The CRD includes the … Continue Reading
The Winter 2019 edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released. We provide updates on Facebook Custom Audiences, social plug-ins, influencer advertising, withdrawal right information, the EU copyright law reform and more. The newsletter also includes multiple recommended reads on the GDPR. We hope you enjoy … Continue Reading
Germany is a leading jurisdiction for patent litigation, yet it is still not popular for those bringing trade secrets disputes. Frankfurt partner Dr Anette Gärtner has published a case comment, “German Federal Supreme Court: Hohlfasermembranspinnanlage II — Enforcement of Claims for Misuse of Trade Secrets”, looking at the recent Supreme Court decision regarding the misappropriation … Continue Reading
The Fourth Amendment right of the people “to be secure in their persons, houses, papers, and effects” has been center stage in debates over technology that scarcely could have been imagined at the time it was written. See, e.g., Carpenter v. United States, 138 S. Ct. 2206 (2018); United States v. Jones, 565 U.S. 400 … Continue Reading
On 19 December 2018, the Advocate General (AG) delivered an opinion in a case concerning Fashion ID and Facebook, which considered the parties’ status as joint controllers, under the Data Protection Directive 95/46/EC (DP Directive), when a social plug-in had been embedded. Fashion ID’s website inserted Facebook’s ‘Like’ button as a plug-in, allowing personal data, … Continue Reading
After another statement by the German Data Protection Authorities (German DPAs) of 5 September 2018 (Statement, available in English here), stating that the operation of a fan page as offered by Facebook was illegal, Facebook reacted “overnight” and released a co-controller agreement, the “Page Insights Controller Addendum” (Insights Addendum, available here). In a press release … Continue Reading
The Fall 2018 edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released. We provide updates on Facebook fan pages, the right to be forgotten, cease and desists by competitors under GDPR, spamming and customer satisfaction surveys, the German Network Enforcement Act, and more. The newsletter also includes … Continue Reading
An attempt to bring legal action against Google for its alleged tracking of an estimated 4.4 million iPhone users in 2011 and 2012 has been blocked by the UK High Court (the court). Campaign group “Google You Owe Us” brought the claim as a representative action on behalf of the affected individuals (the class) in … Continue Reading
On October 24, 2018, the Florida Court of Appeal for the Fourth District ruled that the state could not compel the production of a defendant’s iPhone passcode and iTunes password because doing so would violate the Fifth Amendment’s protection against self-incrimination. The ruling in G.A.Q.L. v. State of Florida is encouraging for privacy advocates but … Continue Reading
On 22 October 2018, the supermarket chain Morrisons lost its appeal to the High Court ruling that it is liable for a data breach that resulted in thousands of its employees’ personal data being posted online. The Court of Appeal’s (CoA) judgment can be found here. Over 5,000 Morrisons’ employees brought a class action in … Continue Reading
The German regulatory practice has been to treat bitcoin as a unit of account and thus a financial instrument. Consequently, commercial services involving bitcoin and other cryptocurrencies (including trading, brokerage, operating exchanges, investment advisory ) are regulated activities, requiring the relevant authorisation of Germany’s Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht, or BaFin). On 25 September … Continue Reading
On 13 September 2018, the European Court of Human Rights (ECtHR) issued a much anticipated judgment in Big Brother Watch and others v. United Kingdom (Applications nos. 58170/13, 62322/14 and 24960/15) [2018] ECHR 722. This judgment, the first mass electronic surveillance case against the UK, addressed the proportionality of bulk interception of communications. This ruling … Continue Reading
In the recent case of Sabados v Facebook Ireland [2018], the English High Court ordered Facebook to disclose the identity of a mystery individual who requested that the platform delete the profile of a deceased user of the platform. Around six months after the death of Mr Mirza Krupalija, Facebook received a request from an … Continue Reading
