On February 13, 2020, the German Federal Ministry of Justice and Consumer Protection (BMJV) published a proposal to soften the regulatory requirements for influencers for labeling their posts as advertising (Proposal). Under the Proposal, statements posted on social media about products for which no consideration was given – either in the form of monetary compensation
The Regional Court of Berlin held in a judgment of 16 January 2018 (docket no. 16 O 341/15, German language version of the judgment available here) that Facebook’s default privacy settings and parts of their terms and conditions were invalid. This judgment provides important guidance on consent and transparency.
The Federation of German Consumer Organizations (Federation) sued Facebook and requested cease and desist regarding some of its default settings and terms and conditions.
The Federation argued that Facebook’s default settings violated the requirement of explicit consent. For example, the default settings included a location service in Facebook’s mobile app revealing the location of the person that the user is chatting to. In addition, boxes were pre-activated allowing search engines to link to the user’s timeline.
The Federation also argued that various clauses in the terms and conditions of Facebook were invalid, including clauses that provide consent of the user (i) to transferring personal data to and processing personal data in the U.S. and (ii) using the name and profile picture of the user for commercial, sponsored or related content.…
On 11 December 2017, the Article 29 Working Party (Art 29 WP) published its draft guidance on transparency. The guidelines are open for consultation until 23 January 2018.
The Art 29 WP analyse the elements of transparency required by the General Data Protection Regulation (GDPR). They also provide further details on the information that data controllers must provide to data subjects, specifically in relation to Articles 12 and 13.
1. The concept of transparency
Transparency is a key concept of the GDPR. It is fundamentally linked to the GDPR’s central principles of fairness and accountability.
Under Article 4(2) of the GDPR, data controllers must be able to demonstrate that the personal data they process is processed transparently.
2. The elements of transparency
Article 12(1) requires that any information that is given to data subjects is provided:
- in a concise, transparent, intelligible and easily accessible form;
- using clear and plain language;
- in writing, or by other means;
- where requested by the data subject, orally; and
- free of charge.
The Art 29 WP analyse each of these elements.
Continue Reading Article 29 Working Party releases guidelines on transparency under the GDPR
This post was written by Daniel Kadar.
French health care companies have faced hard times over the past months with their new transparency obligations. They have been required to declare the equivalent of 18 months (!) of agreements and benefits in a very short period of time.
They were scheduled to disclose this information…
In an effort to enhance transparency in government and end financial corruption, the Mexican Congress has approved a draft amendment bill that will reform the Mexican Constitution by requiring all government entities to publicly report their finances and expenditures. The lower chamber of the Mexican Congress, the Chamber of Deputies, voted 424 to 16 in…
This post was written by Cynthia O’Donoghue.
The UK Committee of Advertising Practise (CAP), which writes and maintains the UK Advertising Codes, has introduced new rules for organisations conducting online behavioural advertising (OBA), to provide greater transparency and choice to consumers. The new rules will be incorporated into the UK Code of Non-broadcast Advertising,…
This post was also written by Chris Cwalina, Nick Tyler and Frederick Lah.
Consumers increasingly demand transparency into how companies use their personal information. We’ve seen a number of responses to this. One has been legislative; for example, the accounting requirement under the Dodd-Frank Act and California’s Shine the Light Act. For our…
This post was written by Nick Tyler.
In a recent speech, Viviane Reding, the EU Commissioner with responsibility for European Union data protection policy identified ‘four pillars’ upon which the privacy rights of EU citizens “need to be built” so that individuals’ have more control over their personal data in today’s online world.
Reforming EU data protection is Commissioner Reding’s “top legislative priority” and the new proposals are expected this summer.
The ‘four pillars’ are:
- The right to be forgotten,
- Privacy by default, and
- Protection regardless of geographic location.