With the onslaught of new privacy, AI and cyber legislation coupled with promises for enforcement and class action litigation, running a well-functioning and flexible privacy and cyber program is increasingly a critical...more
1/29/2025
/ Consumer Privacy Rights ,
Cookies ,
Cyber Incident Reporting ,
Data Breach ,
Data Privacy ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Privacy Laws ,
Risk Management ,
Security and Privacy Controls ,
Sensitive Personal Information ,
State Privacy Laws
On March 18, 2024, the Office of Civil Rights (“OCR”) within the Department of Health and Human Services (“HHS”) updated prior guidance concerning the use of online tracking technologies, including cookies, by Covered...more
5/31/2024
/ Business Associates ,
Cookies ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Guidance Update ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Mobile Apps ,
OCR ,
PHI ,
Popular ,
Tracking Systems ,
Web Tracking
The use of online tracking technologies for online behavioral advertising, analytics and related activities has come under increasing scrutiny by regulators in the U.S., Europe and elsewhere. The obligations under various...more
11/7/2023
/ Advertising ,
Behavioral Advertising ,
Cookie Banners ,
Cookies ,
Do Not Sell ,
EU ,
Opt-In ,
Opt-Outs ,
Privacy Laws ,
State Privacy Laws ,
Targeted Digital Advertising ,
Web Tracking
In recent months, organizations have been dealing with an emerging wave of lawsuits from an unexpected source: the VPPA. The Video Privacy Protection Act (“VPPA”), originally intended to prevent “wrongful disclosures” of...more
7/26/2023
/ Class Action ,
Cookies ,
Data-Sharing ,
Defense Strategies ,
Online Videos ,
Personally Identifiable Information ,
Privacy Policy ,
Third-Party Service Provider ,
Video Recordings ,
VPPA ,
Web Tracking ,
Websites
When the CCPA was enacted last year, BCLP published a Practical Guide to help companies reduce the requirements of the Act into practice. Following publication of the Guide, we wrote a series of articles that addressed...more
3/11/2020
/ Advertising ,
Behavioral Advertising ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cookie Banners ,
Cookies ,
Opt-Outs ,
Personal Information ,
Private Right of Action ,
Statutory Penalties ,
Websites
To help identify trends in privacy representations, BCLP reviewed the websites and privacy notices of Fortune 500 companies identified as primarily engaged in the banking and financial service sectors.
The following...more
2/28/2020
/ Adtech ,
Banks ,
Behavioral Advertising ,
California Consumer Privacy Act (CCPA) ,
Cookies ,
Data Privacy ,
Data-Sharing ,
Financial Services Industry ,
Opt-In ,
Right to Delete ,
Surveys
Likely not.
While the UK’s Privacy and Electronic Communications Regulation suggests that, in some circumstances, consent may be inferred when a subscriber amends or sets controls in an internet browser, the ICO has...more
No.
The English supervisory authority, the ICO, has stated that consent requests must be “clearly distinguishable from other matters” and that bundling consent as part of terms and conditions in impermissible. According to...more
The Information Commissioner’s Office or the “ICO” is the British supervisory authority charged with enforcing GDPR. The Commission Nationale de l’informatique et des libertes (the “CNIL”) is the French supervisory authority....more
So far, the German, French and British supervisory authorities have released guidance specifically addressing cookies in 2019. The German guidance was published in April 2019...more
On October 1, the European Court of Justice (the “ECJ”) confirmed recent guidance from the UK and CNIL regulators in finding that the use of pre-checked boxes does not constitute consent for processing of personal information...more
10/3/2019
/ CNIL ,
Consent ,
Cookies ,
Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
EU ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Lottery ,
Online Advertisements ,
Personal Information ,
Sweepstakes ,
UK ,
Websites
Maybe.
The GDPR does purport to allow data subjects to bring private rights of action. Likewise, certain implementations of the ePrivacy Directive, like the Privacy and Electronic Communications Regulations, allow for...more
Yes, provided that the “opt-out” selection is the default when the banner loads and no behavioural or analytics cookies load prior to an “opt-in” by the data subject.
A data subject’s consent to the use of analytics or...more
Probably not.
A data subject’s consent to the use of analytics or behavioural cookies must be a valid “affirmative act.” While it may be argued that the data subject is indeed performing an “affirmative act” by continuing...more
Likely no.
The placement of analytics or behavioural advertising cookies can only be accomplished when the basis for the placement of the cookies is the data subject’s consent. In order for consent to comply with the...more
Yes.
European data privacy law distinguishes between session cookies that, for example, allow a website to function properly, and behavioural advertising cookies that are unnecessary for the functioning of the website. ...more
7/30/2019
/ Advertising ,
Behavioral Advertising ,
Cookies ,
Data Protection ,
EU ,
General Data Protection Regulation (GDPR) ,
Opt-In ,
Personal Data ,
Prior Express Consent ,
Privacy Laws ,
Web Browsers ,
Websites
Yes.
European data privacy law distinguishes between session cookies that, for example, allow a website to function properly, and analytics cookies that are unnecessary for the functioning of the website. With respect to...more
Probably not.
A cookie can qualify as “personal data” under GDPR when it can be linked to an individual person. Even in instances where a cookie cannot be linked, it is still governed by the ePrivacy Directive and...more
7/24/2019
/ Consent ,
Cookie Banners ,
Cookies ,
e-Privacy Directive ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Personal Data ,
Popular ,
Prior Express Consent ,
Privacy and Electronic Communications Regulation 2003 (PECR). ,
UK
The term “cookie banner” refers to a banner, or splash page, deployed on a website to inform visitors that the website uses cookies. There is little standardization concerning how cookie banners are deployed. Different...more
Generally speaking, cookies simply are data files saved to a user’s computer. Certain cookies may qualify as “personal information” under the CCPA, since the CCPA defines “unique personal identifiers,” to include “cookies”...more