Today, the European Court of Justice (ECJ) handed down its decision in Google v. CNIL, dealing with the remit of the ‘right to be forgotten’ (RTBF). In short, the ECJ held that the operator of a search engine is not required to carry out de-referencing on all domain extensions of its search engine when dealing … Continue Reading
On 12 September 2018, complaints were filed with the UK Information Commissioner’s Office and the Irish Data Protection Commissioner regarding the “wide scale and systemic breaches of the data protection regime” by Google and others in the online advertising industry (the Complaints). The Complaints The Complaints were submitted by Brave, an ad blocking web browser, … Continue Reading
On 13 April 2018, the High Court, in NT1 & NT2 v Google LLC [2018] EWHC 799 (QB), ruled against Google, in favour of two businessmen advocating for the right to be forgotten. You can find the full judgment here, but in this blog we explore the reasoning behind the Court’s decision. Right to be … Continue Reading
In 2007, Google bought online ad network DoubleClick, which uses cookies to collect and store data about Google users from their browsing history, to best place clients’ ads. This past June, Google revised its privacy policy to state that users’ activities on other sites tracked by DoubleClick “may be associated with [their] personal information.” This … Continue Reading
On 27 January, the High Court of Northern Ireland granted British MP George Galloway leave to serve proceedings on Google Inc. out of the jurisdiction. The application was based on a variety of claims including libel, harassment, misuse of private information, and unlawful data processing under the Data Protection Act 1998 (the Act). The claims … Continue Reading
On October 16, the Second Circuit ruled that Google’s scanning of millions of books without the copyright holders’ permission, for use in its “Google Books” database, is permissible under the fair use doctrine. Google Books enables members of the public to search for terms within these books and view snippets of machine-readable text containing their search … Continue Reading
The UK’s Information Commissioner’s Office (‘ICO’) has published what appears to be its first public enforcement notice based upon “the right to be forgotten” against Google Inc. The “right to be forgotten” was introduced by the ECJ last year when it held that data subjects have a right to compel search engines to remove results … Continue Reading
On 30 January 2015, Google signed an Undertaking with the Information Commissioner’s Office (ICO) to improve and amend the Privacy Policy it adopted 1 March 2012. Among other things, the modifications to the Privacy Policy allowed Google to combine personal data across all services and products. For example, personal data collected through YouTube could now … Continue Reading
The Hong Kong Privacy Commissioner of Personal Data (the “Commissioner”) ended 2014 with a special interest in mobile applications (“apps”). In a media statement published 15 December 2014, the Commissioner reported that versions 4.3 and earlier of Google’s Android operating system contained a flaw that allowed others to read shared memory in mobile devices without … Continue Reading
The Dutch data protection authority, College Bescherming Persoonsgegevens (CBP), released a cease and desist order requiring Google to pay €60,000 per day, up to a maximum of €15 million, for violating Dutch data protection law, Wet bescherming persoonsgegevens(Wbp). Google has until the end of February 2015 to change the way it handles personal data. The … Continue Reading
In November, the Article 29 Data Protection Working Party (Working Party) released guidelines as to how the Data Protection Authorities (DPAs) assembled in the Working Party intend to implement the judgment of the Court of Justice of the European Union (CJEU) in the case of Google Spain SL and Google Inc. v Agencia Española de … Continue Reading
In July 2014, the High Court (the ‘Court’) considered for the first time the implications of the landmark decision in Google Spain, when delivering an interim judgment in the case of Hegglin v Persons Unknown [2014] EWHC 2808 (the ‘Judgment’). Mr Hegglin (the ‘Claimant’), a businessman who lived in London but now resides in Hong … Continue Reading
The Dutch data protection authority, the College Bescherming Persoonsgegevens (CBP), has released a report following a seven-month investigation examining Google’s changes to its privacy policy. CBP’s report condemns Google for violating Dutch data protection law, the Wet bescherming persoonsgegevens (Wbp). Controversially in March 2012, Google made changes to its privacy policy (GPP2012) to allow the … Continue Reading
After almost two years of back and forth with Google, the French CNIL has, similarly to the Spanish Data Protection authority (€900,000 fine), sanctioned Google with a €150,000 fine, as Google refused to review its integrated platform and to modify its privacy policy as requested by the Working Party 29. In addition to this fine, … Continue Reading
This post was written by Cynthia O’Donoghue. The "right to be forgotten" is a hot topic of discussion in the context of imminent EU Data Protection Reform. Article 17 of the new EU General Data Protection Regulation will give data subjects the “right of erasure” to request that data controllers delete any personal data relating … Continue Reading
This post was written by Cynthia O’Donoghue. An action against the California-based Internet giant, Google, was recently brought in the English courts. The individuals, supported by the campaign group known as Safari Users Against Google’s Secret Tracking, claim that the search engine provider bypassed the security settings on their Apple iPhones and Mac computers in … Continue Reading
According to a press release Monday, the Hamburg Officer for Data Protection and Freedom of Information issued a fine in the amount of €145,000 against Google Inc. for illegal recording of information from Wi-Fi networks. While Google’s cars roamed the streets in Germany during the years 2008-2010, they not only took pictures of houses and … Continue Reading
Pursuant to their common decision 26 February 2013 to engage action in order to penalize Google Inc. for refusing to revise its global privacy policy, six of the European Working Party 29 regulators, led by the French CNIL, have now jointly started to act in their respective jurisdictions and according to their national laws against … Continue Reading
Three senior Google executives, given six month suspended jail sentences in Italy in 2010 for data protection breaches relating to the content of a video post by a user in 2006, have been acquitted by an appellate court in Milan. The Google executives, including Google’s chief privacy officer, were convicted following a trial which related … Continue Reading
This post was also written by Frederick H. Lah. Last week, the U.S. District Court approved the $22.5 million civil penalty against Google for violating a consent order. Yesterday, FTC Director of the Bureau of Consumer Protection David Vladeck released a statement about the Court’s approval, calling the consent order “a clear victory for consumers and … Continue Reading
We have previously reported on the different requests and repeated questionnaires the Commission nationale de l’informatique et des libertés (CNIL) has sent to Google over the past few months regarding the evaluation of Google’s compliance with applicable European Data Protection Regulation concerning its new integrated privacy policy, as well as the new integrated platform launched … Continue Reading
This post was also written by Frederick Lah. Recently, Facebook announced a proposed settlement of a national class action in the United States District Court for the Northern District of California. Fraley, et al. v. Facebook, Inc., 5:11-cv-01726. This settlement has been described by some as settlement of a “privacy lawsuit.” See, e.g., “Facebook to Settle Privacy … Continue Reading
We have previously reported that the French Data Protection Authority (DPA), the CNIL, had sent to Google 19 March 2012, a 12-page questionnaire divided in not less than 69 main questions on Google’s new privacy policy. The CNIL has been designated by the Working Party 29 to evaluate the compliance to applicable data protection regulation … Continue Reading
Google’s CEO, Larry Page, now belongs to the happy few who enjoy direct and regular contact with the CNIL’s president, Mrs. Falque-Pierrotin: he received on 19 March another letter from the French Data Protection Authority’s president pursuant to Google’s decision to launch its new integrated platform 1 March, despite the CNIL’s strong warning to postpone … Continue Reading