Tag Archives: cookies

Cookie fines in France in January 2022: is it the beginning of a “Cookie Gate”?

By Daniel Kadar, Laetitia Gaillard and Sarah O'Brien on Posted in Privacy & Data Protection
In January 2022, several decisions by the French data protection regulator (“CNIL”) were published regarding the implementation of French cookie requirements, sending out a strong signal to website operators targeting French users. On 6 January 2022, the CNIL issued fines totalling 150 million euros and 60 million euros, to Google and Facebook respectively, for violations … Continue Reading

When are Reach Measurement Cookies exempt from the consent requirement?

By Dr. Andreas Splittgerber, Daniel Kadar, Laetitia Gaillard, Sven Schonhofen and Stéphanie Abdesselam on Posted in Cookies, Tracking & Online Behavioral Advertising, Privacy & Data Protection, Regulatory
After Germany became the last EU member state to transpose Article 5(3) of the Directive 2002/58/EC, amended by Directive 2009/136/EC (ePrivacy Directive) into national law, the use of cookies in the EU must meet one of the following requirements: The user’s consent, or The cookie must be strictly necessary in order to provide the service … Continue Reading

Get your Update on IT & Data Protection Law in our Newsletter (Spring 2021 Edition)

By Dr. Andreas Splittgerber and Sven Schonhofen on Posted in In the Courts, Intellectual Property, Privacy & Data Protection, Regulatory, Social, Mobile, Analytics & Cloud (SMAC)
The Spring 2021 Edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released: English version German version In this edition we cover the following topics: New cookie rules in Germany will apply as of December 1, 2021 German data protection authorities conduct coordinated audits on international data transfers … Continue Reading

Get the latest updates on our Tech Law Talks podcast

By Sarah Bruno, Anthony Diana, LiLing Poh, Dr. Andreas Splittgerber, Catherine Castaldo, Ramona Kimmich, Christian Leuthner and Trevor Satnick on Posted in Cookies, Tracking & Online Behavioral Advertising, Data & Cyber Security, Privacy & Data Protection, Regulatory
Catch up on our Tech Law Talks podcast series for practical observations on technology and data legal trends. We cover product and technology development to operational and compliance issues that technology practitioners encounter every day. On this channel, we host regular discussions about the legal and business issues around data protection, privacy and security; data risk … Continue Reading

A new recipe for Cookies – The new German Telecommunications and Telemedia Data Protection Act

By Dr. Andreas Splittgerber and Sven Schonhofen on Posted in Cookies, Tracking & Online Behavioral Advertising, Privacy & Data Protection, Regulatory
The German Federal Cabinet adopted the Telecommunications and Telemedia Data Protection Act (Telekommunikation-Telemedien-Datenschutzgesetz – TTDSG, available here) on February 10, 2021. The TTDSG, among other things, provides new rules on cookies and similar technologies (Cookies), introducing only two categories of Cookies: (1) strictly necessary Cookies and (2) consent-based Cookies. The legal basis of legitimate interests … Continue Reading

Get your Update on IT & Data Protection Law in our Newsletter (Winter 2021 Edition)

By Dr. Andreas Splittgerber and Sven Schonhofen on Posted in In the Courts, Intellectual Property, Privacy & Data Protection, Regulatory, Social, Mobile, Analytics & Cloud (SMAC)
The Winter 2021 Edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released: English version German version In this edition we cover the following topics: Strengthening fair competition – changes to the law against unfair competition Cologne Regional Court on the broad concept of the right to access … Continue Reading

Cookies: CNIL provides clarification on its position through three major decisions impacting worldwide online service providers

By Daniel Kadar, Stéphanie Abdesselam and Laetitia Gaillard on Posted in Cookies, Tracking & Online Behavioral Advertising
The French data protection authority (CNIL) rendered three major decisions impacting worldwide online service providers following online controls and investigations performed on the companies’ websites. These decisions highlight the obligations of data controllers when using cookies and other trackers, notably regarding the way the user’s consent shall be collected, and the level of information that … Continue Reading

Get your Update on IT & Data Protection Law in our Newsletter (Summer 2020 Edition)

By Dr. Andreas Splittgerber, Sven Schonhofen and Arne Senger on Posted in In the Courts, Privacy & Data Protection, Regulatory, Social, Mobile, Analytics & Cloud (SMAC)
The Summer 2020 Edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released: English version German version In this edition we cover the following topics: Access rights vs. data backup Cookie update: Planet49 and cookie walls Double opt-in required under GDPR Update on influencer advertisement German Supreme Court: … Continue Reading

EDPB updates consent guidance to clarify its position on consent to the use of cookies

By Cynthia O’Donoghue, Katalina Bateman and Sarah O'Brien on Posted in Cookies, Tracking & Online Behavioral Advertising
On 4 May 2020, the European Data Protection Board (EDPB) adopted an updated set of guidelines on consent (Guidelines) under the General Data Protection Regulation (GDPR). These updates were made to the original guidelines published by the Article 29 Working Party on 10 April 2018, which the EDPB endorsed at its first plenary meeting on … Continue Reading

The 7-Step Ad Tech Guide – New guidance issued by industry bodies on programmatic advertising

By Cynthia O’Donoghue and Nadia Avraham on Posted in Cookies, Tracking & Online Behavioral Advertising
The Data & Marketing Association and the Incorporated Society of British Advertisers have published a “Seven-Step Ad Tech Guide” (the Guide) to help address the privacy challenges of Real Time Bidding (RTB) in programmatic advertising. RTB is an automated auction process that allows advertising space to be bought and sold on a per-impression basis. When … Continue Reading

It’s time to reassess cookie compliance in France

By Daniel Kadar and Stéphanie Abdesselam on Posted in Cookies, Tracking & Online Behavioral Advertising, Privacy & Data Protection, Regulatory
Companies have been challenged with respect to their cookie policies and their implementation due to the entry into force of the GDPR earlier than the proposed ePrivacy Regulation  Given the delay in the adoption of an EU-wide regulation on e-privacy, national data protection authorities have taken the initiative in publishing guidelines on cookies requirements. The … Continue Reading

Get your Update on IT & Data Protection Law in our Newsletter (Winter 2019 Edition)

By Dr. Andreas Splittgerber and Sven Schonhofen on Posted in In the Courts, Privacy & Data Protection, Regulatory, Social, Mobile, Analytics & Cloud (SMAC)
The Winter 2019 Edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released: English version German version In this edition we cover the following topics: ECJ decision on the use of cookies (“Planet49”) does not provide clarity ECJ: Global take-down duties of hosting providers ECJ on the territorial … Continue Reading

Updated draft of ePrivacy Regulation – Finnish presidency of the Council of the EU aims for final text by the end of the year

By Sven Schonhofen, Dr. Thomas Fischl and Arne Senger on Posted in Cookies, Tracking & Online Behavioral Advertising, Privacy & Data Protection, Social, Mobile, Analytics & Cloud (SMAC)
The Finnish presidency of the Council of the EU (Finnish Presidency) released an updated draft of the Regulation on Privacy and Electronic Communications (ePrivacy Regulation) on October 30, 2019 (available here). The Working Party on Telecommunications and Information Society (WP TELE) will discuss the new draft at its meeting on November 7, 2019. Amendments put … Continue Reading

Compliant use of cookies in the EU is still a secret recipe: ECJ decides on Planet49, but does not provide clarity

By Dr. Andreas Splittgerber, Cynthia O’Donoghue, Ramona Kimmich and Daniel Millard on Posted in Cookies, Tracking & Online Behavioral Advertising, In the Courts, Privacy & Data Protection, Social, Mobile, Analytics & Cloud (SMAC)
In its judgment of 1 October 2019, the European Court of Justice (ECJ) decided on cookie consent requirements under the General Data Protection Regulation 2016/679/EU (GDPR) and the Cookie Directive 2002/58/EC (Cookie Directive) (Case C-673/17, Planet49 GmbH v. Bundesverband der Verbraucherzentralen und Verbraucherverbände – Verbraucherzentrale Bundesverband e.V. (the Judgment)). The ECJ set clear requirements on what cookie … Continue Reading

Update on ePrivacy Regulation: “Current draft does not guarantee high level of protection and cannot be supported”, German government states

By Arne Senger, Friederike Wilde-Detmering and Sven Schonhofen on Posted in Cookies, Tracking & Online Behavioral Advertising, Privacy & Data Protection, Social, Mobile, Analytics & Cloud (SMAC)
In its response dated 3 July 2019 (Response; file no. 19/11351, available in German here) to an inquiry by members of the German parliament (Inquiry), the German government took stand on the current draft Regulation on Privacy and Electronic Communications (ePrivacy Regulation), and particularly on “tracking”. The German government summarises its assessment of the ePrivacy … Continue Reading

Check your compliance to the updated ICO guidance on cookies

By Elle Todd on Posted in Cookies, Tracking & Online Behavioral Advertising, Privacy & Data Protection
On July 3, 2019 the Information Commissioner’s Office (ICO) published an updated guidance on the use of cookies. Although the guidance confirms requirements of which most data practitioners already comply, it outlines steps for non-compliant companies. Now that the ICO has confirmed its regulatory expectations and detailed immediate enforcement, companies need to take action to … Continue Reading

Your next steps following the ICO update on real-time bidding and adtech

By Elle Todd on Posted in Privacy & Data Protection
On June 20, 2019 the Information Commissioner’s Office (ICO) published an Update Report on real-time bidding (RTB). Following the recent GDPR one-year anniversary of implementation, the ICO has made adtech a focus for the upcoming year. Although RTB has not been made obsolete, the report denotes all current RTB practices as non-compliant with the GDPR, … Continue Reading

Get your Update on IT & Data Protection Law in our Newsletter (Spring 2019 Edition)

By Dr. Andreas Splittgerber and Sven Schonhofen on Posted in In the Courts, Intellectual Property, Privacy & Data Protection, Regulatory, Social, Mobile, Analytics & Cloud (SMAC)
The Spring 2019 Edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released. We provide updates on cookies and tracking tools, Facebook fan pages, fines under GDPR, influencer marketing, email encryption, platform provider obligations, framing, the new German Trade Secrets Act, and more. The newsletter also includes multiple … Continue Reading

Five things we still don’t know about the e-Privacy regulation (which are getting very annoying!)

By Elle Todd on Posted in Privacy & Data Protection, Regulatory
With all the focus on Brexit and the California Consumer Privacy Act (CCPA), there has not been much published about the draft e-Privacy regulation recently. Readers will remember that there had been plans to implement this companion legislation (which covers specific issues regarding cookies and direct marketing among other things), at the same time as … Continue Reading

Planet49: Advocate General’s opinion on cookies and consent bundling

By Cynthia O’Donoghue and Sven Schonhofen on Posted in Cookies, Tracking & Online Behavioral Advertising, In the Courts, Privacy & Data Protection, Social, Mobile, Analytics & Cloud (SMAC)
On 21 March 2019, Advocate General Maciej Szpunar (“AG”) delivered an opinion on cookie consent, information obligations regarding cookies and consent bundling (Case C-673/17, Planet49 GmbH v. Bundesverband der Verbraucherzentralen und Verbraucherverbände – Verbraucherzentrale Bundesverband e.V.). In the case at issue, users entering into a promotional lottery were confronted with two checkboxes: A checkbox obtaining … Continue Reading

German supervisory authority audited 40 websites on the use of tracking tools – and none of them was compliant

By Dr. Philipp Süss, Dr. Thomas Fischl, Dr. Andreas Splittgerber and Sven Schonhofen on Posted in Cookies, Tracking & Online Behavioral Advertising, Regulatory, Social, Mobile, Analytics & Cloud (SMAC)
The Bavarian Data Protection Authority (‘Bavarian DPA’) audited major Bavarian websites for their use of tracking tools on Safer Internet Day. It calls its findings “desolate”. None of the tracking tools were implemented in a compliant manner. Audit by the Bavarian DPA Tracking and the requirements for using cookies have been a highly debated topic … Continue Reading

ICO warns that the Washington Post offers invalid cookie consent under the GDPR

By Cynthia O’Donoghue and John O'Brien on Posted in Cookies, Tracking & Online Behavioral Advertising
It has been reported that the Information Commissioner’s Office (ICO) has issued the US-based Washington Post newspaper with a warning about how it obtains consent for cookies from website visitors. According to a report in The Register, the ICO stated that the Washington Post’s online subscription options do not allow users to opt out of … Continue Reading
LexBlog