The plaintiffs’ bar has added a new tool to its arsenal to target cookies, pixels, and similar online tracking tools and the businesses that use them: the California Song-Beverly Credit Card Act of 1971 (“Act”). This...more
Today, the cell phone has become ubiquitous. It likely goes where you go — to the office, to the grocery store, to the gym. Your favorite restaurant. Your doctor’s appointment. Your house of worship. While it’s almost always...more
Following the positions expressed by the Austrian, German, and French supervisory authorities, the Italian Supervisory Authority (Garante per la Protezione dei Dati Personali)(Garante) published on 9 June 2022 a specific...more
If you use a U.S.-based sub processor (even for data processed in the EU), you lose, the German administrative court of Wiesbaden said in an interim decision. No transfer. No worries. TIA anyway...more
Hong Kong proposes to widen the current definition of “personal data” to cover not just “identified” persons but also “identifiable” persons. The amendment is expected to cover the use of online tracking technologies such as...more
The California Consumer Privacy Act ("CCPA") was enacted in early 2018 as a political compromise to stave off a poorly drafted, and plaintiff’s friendly ballot initiative. Although the CCPA is scheduled to go into force in...more
Companies that do business in California know that it is a magnet for class action litigation. The California Consumer Privacy Act ("CCPA"), a new privacy law that applies to data collected about California residents, will...more
On October 19, the Court of Justice of the European Union (CJEU) ruled that dynamic IP addresses may qualify as “personal data” under EU privacy law. As we covered here on the blog a few months ago, this decision is...more
On 19 October 2016, the European Court of Justice (ECJ) held (Case C-582/14 – Breyer v Federal Republic of Germany) that dynamic IP addresses may constitute personal data. The ECJ also held that a website operator may collect...more
In a key decision, the European Court of Justice has ruled that dynamic IP addresses may qualify as personal data in certain circumstances—ending years of uncertainty about whether such fundamental building blocks of the...more
In a ruling with significant potential impact, the Court of Justice of the European Union (CJEU) has ruled that a dynamic internet protocol (IP) address may constitute "personal data" under EU Data Protection Directive...more
In a decision that could have significant impact for online companies that have European operations, the European Union’s (EU) top court ruled that Internet Protocol addresses (IP addresses) could, under certain...more
Privacy Shield – An Early Reflection - EU law generally prohibits the transfer of personal data from the European Economic Area to the U.S., unless the transfer is made in accordance with an authorized data transfer...more
On October 19, 2016, the Court of Justice of the European Union (CJEU) issued a judgment determining that dynamic Internet protocol (IP) addresses may constitute “personal data” subject to protection under the EU’s Data...more
On October 19, 2016, the Court of Justice of the European Union (CJEU) issued a ruling on the question of whether IP addresses constitute personal data. The ruling has direct implications on the general question of when data...more
Today, the European Court of Justice (ECJ) issued its long-awaited decision in Breyer v. Germany. Breyer addresses the question of whether IP addresses are “personal data” for purposes of EU data protection law. As is...more
Last month, one of the Advocate Generals (“AG”) of the Court of Justice of the European Union (“CJEU”), Manuel Campos Sánchez-Bordona, issued an opinion suggesting that dynamic IP addresses should be recognized as “personal...more