Episode 315 - Boeing Pays $51 Million for ITAR Violations
On April 29, Michigan Attorney General (AG) Dana Nessel filed a lawsuit against Roku, Inc. (Roku), the smart TV and device provider and streaming service, alleging that Roku collects and monetizes personal data from children...more
The plaintiffs’ bar has added a new tool to its arsenal to target cookies, pixels, and similar online tracking tools and the businesses that use them: the California Song-Beverly Credit Card Act of 1971 (“Act”). This...more
The French Data Protection Authority (CNIL) recently imposed a EUR 310,000 fine, representing 1% of its turnover, on FORIOU, a telemarketing company promoting loyalty programs. The fine stemmed from FORIOU’s use of...more
The French Data Protection Authority announced a €600,000 fine against Groupe Canal+ over concerns with the media company’s direct marketing activities. According to the CNIL, the company sent users email marketing without...more
The French data privacy authority (DPA) announced that it will fine Discord, Inc. 800,000 euros under the General Data Protection Regulation (GDPR). Discord is a social messaging platform popular with gamers, technology...more
The Federal Trade Commission (FTC) issued a press release on March 15, 2022, stating that it was taking action against CafePress “over allegations that it failed to secure consumers’ sensitive personal data and covered up a...more
Die Latham DSGVO-Schadensersatztabelle gibt einen Überblick über aktuelle Entscheidungen deutscher Gerichte zu Schmerzensgeldern nach der EU-Datenschutz-Grundverordnung (DSGVO). Die Tabelle fasst Urteile übersichtlich...more
In early October, the Data Protection Authority in Hamburg, Germany announced that the clothing retailer H&M committed severe violations of its employees’ privacy. Because of these European General Data Protection Regulations...more
On October 14, 2020, the French Administrative Supreme Court (Conseil d’Etat) published its decision in a lawsuit requesting that the French health data platform (Health Data Hub) be suspended for breach of the GDPR in light...more
CYBERSECURITY - City of Hartford Hit with Ransomware Attack, Causing School Delay - Cyber-attackers know that city and town officials have been gearing up for the start of school and the potential for remote learning,...more
The CNIL has imposed a €250,000 fine on an online retailer for GDPR infringements in cooperation with other EU supervisory authorities. Founded in 2006 and headquartered in France, Spartoo SAS (Spartoo) is one of the...more
The Council decision contains useful considerations and clarifications on the “one-stop shop” mechanism, transparency obligations, and consent for targeted advertising. On 19 June 2020, France’s Highest Administrative...more
On January 21, 2019, the CNIL (the French data protection authority) issued a fine of €50 million to Google under the General Data Protection Regulation (the “GDPR”) for its failure to (1) provide notice in an easily...more
The decision to appeal a regulatory finding is never taken lightly. By the time a regulator has completed its investigation and notified a company of its intention to fine, the company will have invested significant time and...more
States Consider Privacy and Data Security Legislation - It’s that time of year again, when we see a flood of legislative activity at the state level on privacy and data security laws. A couple of recent examples are below....more
EU Court Allows Class Action to Proceed, Sets Precedent for Future Data Breach Class Actions - A class action brought against Google will be allowed to move forward after the plaintiff’s appeal was permitted, allowing him to...more
The Data Protection Supervisory Authority for the state of Berlin (Die Berliner Beauftragte für Datenschutz und Informationsfreiheit, “Supervisory Authority”) recently issued a fine for GDPR violations against Germany’s...more
The Ninth Circuit has issued its much-anticipated decision in a class action against Facebook involving alleged biometric privacy violations, affirming certification of a class. In Patel v. Facebook, the Northern District of...more
On June 13, 2019, a draft bill increasing fines for violations of Federal Law No. 242-FZ (Data Localization Law) was submitted to the State Duma (i.e., the lower house of the Federal Assembly). ...more
Much has happened since the European Union (EU) General Data Protection Regulation (GDPR) went into effect on May 25, 2018. Many EU countries have enacted national legislation to implement and expand the requirements of the...more
Following numerous privacy complaints, the State Office for Data Protection Supervision (BayLDA) recently conducted a random audit on 40 companies and found widespread problems with their cookie disclosures....more
On Jan. 21, 2019, the French Data Protection Authority (CNIL) levied a 50 million euros sanction against Google LLC for violating the EU General Data Protection Regulation2 (GDPR) in the context of the first enforcement...more
With a high-level White House meeting on Friday, the US and China have extended trade talks, even as a “final deal remains elusive” (aka, nothing at all is in writing yet). It also appears that the purported progress is...more
Many companies have been struggling with GDPR implementation over the past two years, putting much effort into new roles, privacy concepts, and workflows. ...more
On January 21, 2019, the French data protection supervisory authority (“CNIL”) fined Google €50 million (approximately $57 million) for violating the European General Data Protection Regulation (“GDPR”). ...more