Tag Archives: consent

Get your update on IT and data protection law in our newsletter

The Winter 2018 edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released. We cover new case law on marketing consent, cookie consent, the liability of platform providers, employee data protection, sales of address data and the right to be forgotten. The newsletter also includes multiple recommended reads … Continue Reading

German court issues important judgment on consent and transparency in Facebook case

The Regional Court of Berlin held in a judgment of 16 January 2018 (docket no. 16 O 341/15, German language version of the judgment available here) that Facebook’s default privacy settings and parts of their terms and conditions were invalid. This judgment provides important guidance on consent and transparency. Background The Federation of German Consumer … Continue Reading

Article 29 Working Party releases guidelines on consent under the GDPR

On 28 November 2017, the Article 29 Working Party (“WP29”) published its guidelines on consent under the General Data Protection Regulation (“GDPR”). The guidelines are open for public consultation until 23 January 2018. They provide an analysis of the concept of consent. They also provide practical guidance for organisations on the requirements to obtaining and … Continue Reading

Spanish DPA fines Facebook €1.2 million for data protection infringements

The Spanish Data Protection Authority (AEPD) has imposed a fine of €1.2 million against Facebook following its investigation into whether Facebook’s data processing activities were in accordance with the Spanish Data Protection Act (Law 15/1999) (the Act). In its decision, the AEPD concluded that Facebook had committed serious breaches of the Act, as discussed further … Continue Reading

Lyft Faces Second Wave of TCPA Litigation for Sending Autodialed Texts

Lyft, Inc. – the popular ride hailing service featuring the iconic pink moustache – is facing a second class action lawsuit in California alleging violations under the Telephone Consumer Protection Act (“TCPA”). This alleges that Lyft sent unwanted and unsolicited text messages to cellphones using an automated dialing system without first obtaining express written consent … Continue Reading

Optical Express appeal highlights the need for caution over third-party marketing lists

In a decision of 31 August 2015, the First-Tier Tribunal provided important clarification on the use of third-party mailing lists. Optical Express v Information Commissioner (EA/2014/0014) is significant for organisations that use or are considering using such lists. The case was concerned with an appeal by Optical Express (‘OE’) against an Enforcement Notice issued by … Continue Reading

EU Art. 29 Confirms Cookie Rules Apply to Digital Fingerprinting

The Article 29 Data Protection Working Party (Working Party) released Opinion 9/2014 on ePrivacy Directive 2002/58/EC (amended in 2009), stating that the consent and transparency mechanisms apply to digital fingerprinting of devices (Opinion). The Working Party issued the opinion to clarify that consent was required and to end “surreptitious tracking” of users in light of … Continue Reading

Italian Data Protection Authority issues new EU guidelines

This post was also written by Matthew N. Peters. In early May the Italian data protection authority (“Garante”) issued “Simplified Arrangements to Provide Information and Obtain Consent Regarding Cookies” (“Guidelines”).  These are intended to provide clarity on the application of Legislative Decree No. 69/2012 (the “2012 Act”), which implemented the EU Cookie Directive in Italy. The … Continue Reading

Japan promotes the use of Big Data

This post was also written by Taisuke Kimoto. On May 10, the Japanese Government released a report regarding the use of personal information in Big Data applications. This comes just months after Japan announced plans to provide guidance on data anonymisation as part of the ‘Japan Revitalisation Acceleration Programme’ (see our related blog). The report was … Continue Reading

Art. 29 Working Party seeks refined definition of ‘personal data’ in the proposed General Data Protection Regulation

This post was written by Cynthia O’Donoghue. In its second opinion on the proposed Data Protection Regulation, the Article 29 Working Party suggests that a natural person can be considered identifiable when, within a group of persons, he or she can be distinguished from other members of the group and consequently be treated differently. They … Continue Reading

Privacy International publishes its analysis of the European Commission’s proposal for a General Data Protection Regulation

This post was written by Cynthia O’Donoghue. On 25 January 2012 the EC proposed a uniform legal framework for providing legal certainty on data protection. The most notable proposed change is that from a European Directive to a Regulation (the Proposed Regulation) to ensure directly enforceable implementation across all Member States. The Proposed Regulation sets … Continue Reading

France: The CNIL amends its regulation concerning the processing of client/prospect data and imposes differentiated data retention periods

This post was written by Daniel Kadar. A new regulation of the CNIL, dated 12 June 2012 and published on 13 July 2012, modifies the ways and means of collecting and processing client/prospect-related data. The regulation, issued as an amendment to the “Simplified Norm No. 48” [http://www.cnil.fr/en-savoir-plus/deliberations/deliberation/delib/184/], broadens the possibility for data controllers to make … Continue Reading

The ICC publishes its ‘UK Cookie Guide’ on 2 April 2012 to provide guidance to website operators and website users alike.

On 2 April, 2012, after almost a year of preparation, the International Chamber of Commerce UK (“ICC”) launched its UK Cookie Guide designed to help website operators and website users comply with new EU rules on the use of cookies. The ICC hopes that if the Guide becomes widely adopted by website operators, then users will … Continue Reading

A Seasonal Reminder for Your New Year’s To-Do List – Implement Your Cookie Action Plan for a “Good Enough” Solution!

This post was also written by Nick Tyler. On Christmas Day, organisations operating in the UK will have just five months to get their act together and comply fully with the new EU-wide rules on cookies. See earlier Client Alerts:  ‘What Cookies Are In Your Jar?’ – ICO’s guidance on compliance with new EU cookie law … Continue Reading