Companies have been challenged with respect to their cookie policies and their implementation due to the entry into force of the GDPR earlier than the proposed ePrivacy Regulation
Given the delay in the adoption of an EU-wide regulation on e-privacy, national data protection authorities have taken the initiative in publishing guidelines on cookies requirements. The…
With all the focus on Brexit and the California Consumer Privacy Act (CCPA), there has not been much published about the draft e-Privacy regulation recently. Readers will remember that there had been plans to implement this companion legislation (which covers specific issues regarding cookies and direct marketing among other things), at the same time as the General Data Protection Regulation (GDPR). However, since the draft proposals proved (rightly) so controversial, this did not happen and the drafts have been chugging their way through compromise debates and revisions ever since.
Although some have begun to think that we may never see the legislation come to fruition, in fact there has been quite a lot of progress in the last six months. It is possible that a draft could be finalised by the EU Council by the summer (although it will still then need finalising with the EU Parliament and input from the European Commission).…
It has been reported that the Information Commissioner’s Office (ICO) has issued the US-based Washington Post newspaper with a warning about how it obtains consent for cookies from website visitors.
According to a report in The Register, the ICO stated that the Washington Post’s online subscription options do not allow users to opt out of cookies and other trackers free of charge. Such functionality is only possible as part of the newspaper’s premium paid subscription service. The browsing options offered by the Washington Post are:
(i) free access to a limited number of articles dependent on consent to the use of cookies and tracking for personalised advertisements;
(ii) a basic subscription that provides paid access to an unlimited number of articles but which also requires consent to the use of cookies and other tracking; and
(iii) a more expensive premium subscription option that gives users access to an unlimited number of articles, free of advertising and ad tracking.
The ICO views this as a contravention of the EU’s General Data Protection Regulation (GDPR). Article 7(4) GDPR states that “When assessing whether consent is freely given, utmost account shall be taken of whether, inter alia, the performance of a contract, including the provision of a service, is conditional on consent to the processing of personal data that is not necessary for the performance of that contract”. In failing to provide a free alternative to accepting cookies, the ICO appears to have determined that consent cannot be freely given by users, and is therefore invalid.…
Continue Reading ICO warns that the Washington Post offers invalid cookie consent under the GDPR
The governments of Switzerland and the United States finalised the Swiss-U.S. Privacy Shield Framework on 11 January. The Framework is similar in many respects to the EU-U.S. Privacy Shield, and replaces the U.S.-Swiss Safe Harbor Framework with immediate effect.
Background…
Continue Reading Switzerland and the United States Agree Privacy Shield Framework
On 10 January, the EU Commission proposed a new Regulation on Privacy and Electronic Communications (“proposed Regulation”) to replace Directive 2002/58 (known as the “ePrivacy Directive”).
The proposed Regulation
The proposed Regulation aims to align the rules that apply to electronic communications services with the forthcoming General Data Protection Regulation (GDPR).
Continue Reading EU Commission publishes its proposals for new e-Privacy Regulation
