The Finnish presidency of the Council of the EU (Finnish Presidency) released an updated draft of the Regulation on Privacy and Electronic Communications (ePrivacy Regulation) on October 30, 2019 (available here). The Working Party on Telecommunications and Information Society (WP TELE) will discuss the new draft at its meeting on November 7, 2019. Amendments put … Continue Reading
In its judgment of 1 October 2019, the European Court of Justice (ECJ) decided on cookie consent requirements under the General Data Protection Regulation 2016/679/EU (GDPR) and the Cookie Directive 2002/58/EC (Cookie Directive) (Case C-673/17, Planet49 GmbH v. Bundesverband der Verbraucherzentralen und Verbraucherverbände – Verbraucherzentrale Bundesverband e.V. (the Judgment)). The ECJ set clear requirements on what cookie … Continue Reading
In its response dated 3 July 2019 (Response; file no. 19/11351, available in German here) to an inquiry by members of the German parliament (Inquiry), the German government took stand on the current draft Regulation on Privacy and Electronic Communications (ePrivacy Regulation), and particularly on “tracking”. The German government summarises its assessment of the ePrivacy … Continue Reading
On July 3, 2019 the Information Commissioner’s Office (ICO) published an updated guidance on the use of cookies. Although the guidance confirms requirements of which most data practitioners already comply, it outlines steps for non-compliant companies. Now that the ICO has confirmed its regulatory expectations and detailed immediate enforcement, companies need to take action to … Continue Reading
On June 20, 2019 the Information Commissioner’s Office (ICO) published an Update Report on real-time bidding (RTB). Following the recent GDPR one-year anniversary of implementation, the ICO has made adtech a focus for the upcoming year. Although RTB has not been made obsolete, the report denotes all current RTB practices as non-compliant with the GDPR, … Continue Reading
The Spring 2019 Edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released. We provide updates on cookies and tracking tools, Facebook fan pages, fines under GDPR, influencer marketing, email encryption, platform provider obligations, framing, the new German Trade Secrets Act, and more. The newsletter also includes multiple … Continue Reading
With all the focus on Brexit and the California Consumer Privacy Act (CCPA), there has not been much published about the draft e-Privacy regulation recently. Readers will remember that there had been plans to implement this companion legislation (which covers specific issues regarding cookies and direct marketing among other things), at the same time as … Continue Reading
On 21 March 2019, Advocate General Maciej Szpunar (“AG”) delivered an opinion on cookie consent, information obligations regarding cookies and consent bundling (Case C-673/17, Planet49 GmbH v. Bundesverband der Verbraucherzentralen und Verbraucherverbände – Verbraucherzentrale Bundesverband e.V.). In the case at issue, users entering into a promotional lottery were confronted with two checkboxes: A checkbox obtaining … Continue Reading
The Bavarian Data Protection Authority (‘Bavarian DPA’) audited major Bavarian websites for their use of tracking tools on Safer Internet Day. It calls its findings “desolate”. None of the tracking tools were implemented in a compliant manner. Audit by the Bavarian DPA Tracking and the requirements for using cookies have been a highly debated topic … Continue Reading
It has been reported that the Information Commissioner’s Office (ICO) has issued the US-based Washington Post newspaper with a warning about how it obtains consent for cookies from website visitors. According to a report in The Register, the ICO stated that the Washington Post’s online subscription options do not allow users to opt out of … Continue Reading
The Summer 2018 Edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released. We provide updates on Facebook fan pages, cookie consent, influencer marketing, liability of platform providers, framing and more. The newsletter also includes multiple recommended reads on the GDPR. We hope you enjoy reading it.… Continue Reading
On 5 June 2018, the Court of Justice of the European Union (CJEU) handed down its long-awaited Facebook fan page judgement (Case C-210/16), holding that the operator of a fan page on Facebook is jointly responsible with Facebook for processing the data of visitors to the page. Only a day later, the Conference of German … Continue Reading
On 26 April 2018, the Conference of German Data Protection Authorities (German DPAs) released a highly criticised position paper on the applicability of the German Telemedia Act (TMA) after 25 May 2018 (Position Paper, available in German here). The Position Paper clearly states that tracking and profiling cookies now require informed prior opt-in consent. Position … Continue Reading
The Winter 2018 edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released. We cover new case law on marketing consent, cookie consent, the liability of platform providers, employee data protection, sales of address data and the right to be forgotten. The newsletter also includes multiple recommended reads … Continue Reading
The General Data Protection Regulation (“GDPR”) will enter into force 25 May 2018, and will provide new general data protection standards. In its draft ePrivacy Regulation of 10 January 2017 (“ePrivacy Regulation”), which includes specific provisions for electronic communications, the European Commission sought to ensure that both sets of rules will enter into force at … Continue Reading
The Spanish Data Protection Authority (AEPD) has imposed a fine of €1.2 million against Facebook following its investigation into whether Facebook’s data processing activities were in accordance with the Spanish Data Protection Act (Law 15/1999) (the Act). In its decision, the AEPD concluded that Facebook had committed serious breaches of the Act, as discussed further … Continue Reading
On 8 September 2017, the European Council published its first revisions (“Revised Draft”) to the draft EU ePrivacy Regulation (version COM(2017) 10 of 10 January 2017, “ePrivacy Regulation”). The Revised Draft is based on the discussions held in previous meetings of the European Union’s Working Party for Telecommunications and Information Society (“WP TELE”), and on comments … Continue Reading
On 10 January, the EU Commission proposed a new Regulation on Privacy and Electronic Communications (“proposed Regulation”) to replace Directive 2002/58 (known as the “ePrivacy Directive”). The proposed Regulation The proposed Regulation aims to align the rules that apply to electronic communications services with the forthcoming General Data Protection Regulation (GDPR).… Continue Reading
Exploiting loopholes in Internet users’ cookie-blocking settings while claiming to protect them from cookies is a serious and deceitful invasion of privacy, the Third Circuit held November 10. Ruling on an appeal from consumer plaintiffs, whose multi-district litigation against Google and several other companies that run Internet advertising businesses was dismissed in Delaware District Court, … Continue Reading
In May, the Intermediate People’s Court of Nanjing City, Jiangsu Province, published its civil judgment ruling that the search engine Baidu’s use of cookies, used to personalise advertisements aimed at consumers when they enter onto certain third-party websites, does not infringe an individual’s right to privacy. The case involved Internet user Ms. Zhu Ye, who … Continue Reading
On 3 February, the Article 29 Data Protection Working Party published its ‘Cookie Sweep Combined Analysis – Report’. The sweep was undertaken by the WP29 in partnership with eight of the European data protection regulators, including the UK’s ICO, France’s CNIL and Spain’s AEPD, in order to assess the current steps taken by website operators … Continue Reading
The Article 29 Data Protection Working Party (Working Party) released Opinion 9/2014 on ePrivacy Directive 2002/58/EC (amended in 2009), stating that the consent and transparency mechanisms apply to digital fingerprinting of devices (Opinion). The Working Party issued the opinion to clarify that consent was required and to end “surreptitious tracking” of users in light of … Continue Reading
This post was also written by Matthew N. Peters. In early May the Italian data protection authority (“Garante”) issued “Simplified Arrangements to Provide Information and Obtain Consent Regarding Cookies” (“Guidelines”). These are intended to provide clarity on the application of Legislative Decree No. 69/2012 (the “2012 Act”), which implemented the EU Cookie Directive in Italy. The … Continue Reading
The Spanish data protection authority, the AEPD, has issued the first European cookie fine for the violation of Article 22.2 of Spain’s Information Society Services and Electronic Communications Law 34/2002 (Spanish E-Commerce Act), as amended by Royal Decree Law 13/2012 which implements the e-Privacy Directive (Directive 2002/58). On 29 April 2013, the AEPD issued guidelines … Continue Reading
