IAPP Global Privacy Summit Recap, Big Questions, and Indiana Jones Analogies
By its much anticipated judgment of 4 May 2023, the European Court of Justice (CJEU) specified the requirements under which data subjects affected by a breach of the GDPR can claim for compensation of non-material damages...more
On 18 January 2023, the European Data Protection Board ("EDPB") published a report on the work undertaken by its Cookie Banner Task Force to ensure a uniform approach regarding a number of cookie-banner-related complaints...more
The Data Act Proposal aims to provide fairness to data access and proposes new rules on who can use and access data generated in the EU across all economic sectors. It creates the obligation for manufacturers and designers to...more
UK government sets out ambitious proposal for reforming the UK data protection landscape. On 17 June 2022, the Department for Culture, Media and Sport (DCMS) published its response to its consultation “Data: a new...more
European regulators unofficially announced the major theme of this new year, through the release of several decisions pertaining to cookies and other tracking technologies in the first 10 days of 2022. As the General Data...more
Since the General Data Protection Regulation (GDPR) was enacted a little over 3 years ago in May 2018, many organizations that collect personal data of individuals in the European Union (EU) have enhanced their data privacy...more
Die Datenschutzorganisation noyb droht mit über 10.000 Beschwerden wegen möglicher rechtswidriger Verwendung von Cookies. Am 31. Mai 2021 startete die Datenschutzorganisation noyb (die Abkürzung steht für „none of your...more
The regulation of cookies and similar tracking technologies is rapidly evolving, not only in the European Union and United Kingdom but also in the United States and globally. If you have visited a website recently, you might...more
On 10 February 2021, over two and a half years after the anticipated adoption of the e-Privacy Regulation, European Member States have agreed to a revised text. Portending a potential break in the three-year impasse, the...more
The Council of the European Union (Council) released a new draft of the ePrivacy Regulation (Council doc. 5642/21) on January 5, 2021. Various versions of the ePrivacy Regulation have been under consideration in the Council...more
On 13 January 2021, the Advocate General (AG) of the Court of Justice of the European Union (CJEU) issued an important opinion in the case of Facebook Belgium v Gegevensbeschermingsautoriteit (C-645/19) which considers the...more
The Situation: On October 6, 2020, the Court of Justice of the European Union ("CJEU") held that the national security laws of the United Kingdom, France, and Belgium, which each require that providers of electronic...more
Last November, the Spanish Data Protection Authority (Spanish DPA) published its new Guidelines on the Use of Cookies within the framework of the GDPR and Spanish E-privacy rules. ...more
On June 19, 2020, the Conseil d’Etat, the highest administrative court in France, annulled in part the cookie guidelines issued by the CNIL (the French data protection authority). The court ruled that the CNIL did not have...more
Across the world, large retail stores and small businesses alike are shutting their doors. International flights and sporting events, conferences and concerts (and everything in between) are being cancelled. ...more
On January 15, the Court of Justice of the European Union’s (CJEU) Advocate General (AG) Manuel Campos Sánchez-Bordona delivered his Opinion on four references for preliminary rulings on the topic of retention of and access...more
On 10 January 2017, the European Commission issued a proposal for a new ePrivacy Regulation (ePR) triggering a legislative process that is still ongoing. The proposed ePR was intended to replace the existing ePrivacy...more
The Information Commissioner’s Office or the “ICO” is the British supervisory authority charged with enforcing GDPR. The Commission Nationale de l’informatique et des libertes (the “CNIL”) is the French supervisory authority....more
EU Court Allows Class Action to Proceed, Sets Precedent for Future Data Breach Class Actions - A class action brought against Google will be allowed to move forward after the plaintiff’s appeal was permitted, allowing him to...more
In this month's edition of our Privacy & Cybersecurity Update, we examine the California attorney general's draft regulations on the California Consumer Privacy Act, the CJEU's clarified rulings on the use of cookies, the...more
In its long-awaited judgment, the European Court of Justice (CJEU) decided the data protection requirements for obtaining consent when using cookies. The court held that “passive” acceptance of cookies through prechecked...more
On 19 July the French Data Protection Authority (the “CNIL”) published new guidelines on cookies and trackers. These replace the existing Recommendation No. 2013-378 of 5 December 2013, are intended to be in line with...more
It’s no secret that a hot topic, perhaps the hot topic, in the European data protection world at present is the interplay between the GDPR and the e-Privacy Directive, in particular how it affects online advertising involving...more
The closure of four cases involving targeted advertising provides lessons for navigating compliance standards under the GDPR. The recent closure of cases brought by the French Data Protection Authority (CNIL) against four...more
On 12 March 2019 at its Eighth Plenary Session, the European Data Protection Board (“EDPB”) adopted its Opinion 5/2019 on the interplay between the ePrivacy Directive (“ePD”) and the General Data Protection Regulation...more