Life With GDPR: Cathay Pacific Enforcement Action
Life With GDPR: Episode 30- British Airways Data Breach Enforcement Action
E18: ICANN Loses First GDPR Court Ruling in Germany
FTC Announces Proposed Settlement with Software Provider to Settle Allegations that its Inadequate Security Safeguards Led to Cyberattack - On February 1, 2024, the Federal Trade Commission (“FTC”) announced a proposed...more
The UK Information Commissioner’s Office recently reported that it is continuing its review of website cookie banners. It had expressed concern late last year that these banners were not giving “fair choices” because they did...more
On 18 January 2023, the European Data Protection Board (the “EDPB”) announced the adoption of a report on the work undertaken by the Cookie Banner Task Force (the “Task Force”). The Task Force was formed in September 2021 for...more
The European Data Protection Board (EDPB) adopted a draft report of the work undertaken by the Cookie Banner Taskforce (the Report). The Report describes how regulators apply cookie legislation in handling certain types of...more
On 16 June 2022, the UK government’s Department for Digital, Culture, Media and Sport (“the DCMS”) published its response to its Data Reform consultation. The response sets out the UK government’s key data protection reform...more
What does the U.K. Information Commissioner’s Office have to say about what it takes for adtech initiatives to be compliant with data protection? “There is an opportunity for market participants to move towards developing...more
The UK’s Information Commissioner’s Office (ICO) is taking on cookie banners. The office will call on fellow G7 data protection and privacy authorities to work together to overhaul cookie consent pop-ups in favor of...more
Following its Guidance issued on April 6, 2020, the Irish Data Protection Commission signaled its intent to begin enforcement against companies who fail to adhere to the Commission’s guidelines on the use and management of...more
The legal requirements for the use of cookies have been subject to discussion over the last few years, with little to no enforcement and guidance from European data protection authorities (DPAs). That has changed recently....more
The Information Commissioner’s Office or the “ICO” is the British supervisory authority charged with enforcing GDPR. The Commission Nationale de l’informatique et des libertes (the “CNIL”) is the French supervisory authority....more
In its long-awaited judgment, the European Court of Justice (CJEU) decided the data protection requirements for obtaining consent when using cookies. The court held that “passive” acceptance of cookies through prechecked...more
BREXIT: DEAL OR NO-DEAL? DATA IS THE QUESTION - With the Brexit deadline looming ahead on 31 October 2019, the situation seemingly reaches new levels of uncertainty every day. Last week, the U.K. Supreme Court’s eleven...more
On October 1, the European Court of Justice (the “ECJ”) confirmed recent guidance from the UK and CNIL regulators in finding that the use of pre-checked boxes does not constitute consent for processing of personal information...more
UK data protection regulator demands companies in the RTB ecosystem re-evaluate privacy notices, use of personal data, and lawful basis. The UK Information Commissioner’s Office’s (ICO’s) latest report into adtech and real...more
The guidance provides general requirements for obtaining valid consent and details conditions under which audience management cookies may be exempt. On 4 July 2019, one day after the UK Information Commissioner’s Office...more
Data protection authorities (DPAs) in the European Union (EU) continue to scrutinize practices in the adtech sector for compliance with the EU’s General Data Protection Regulation (GDPR) and local data protection and...more
Probably not. A data subject’s consent to the use of analytics or behavioural cookies must be a valid “affirmative act.” While it may be argued that the data subject is indeed performing an “affirmative act” by continuing...more
Probably not. A cookie can qualify as “personal data” under GDPR when it can be linked to an individual person. Even in instances where a cookie cannot be linked, it is still governed by the ePrivacy Directive and...more
Strict is for cookie, that’s good enough for me. The United Kingdom’s Information Commissioner’s Office highlights “strictly necessary” cookies: Strictly necessary cookies are cookies which are essential, not just nice...more
Analytics cookies in the crossfire. Different approaches set forth in the CNIL Guidance and in the ICO cookie guidance. CNIL – Set list of terms to qualify for an exemption from the need to obtain consent....more
The guidance clarifies the interplay between the PECR and GDPR and provides practical steps to achieving cookie compliance. The UK’s data protection supervisory authority, the Information Commissioner’s Office (ICO),...more
The UK Data Protection Authority, the Information Commissioner’s Office (ICO), has published an update report on privacy issues around real-time bidding (RTB) and programmatic advertising. ...more