Glawischnig-Piesczek vs. Facebook Ireland Limited: CJEU determines that hosting provider may ordered to remove identical and equivalent comments to those which have already been declared illegal

The decision of the CJEU in this case in which a hosting provider can be required to remove content on a global level in the context of a EU Member State Court injunction within the framework of international law, exemplifies the global reach of European regulators with the Internet.   Here's a little background on the case ...

CJEU rules that the prohibition on processing certain categories of sensitive personal data applies also to operators of search engines

In Case C-136/17 GC and Others v Commission nationale de l'informatique et des libertés (CNIL), the CJEU determined that the prohibition on processing certain categories of sensitive personal data applies also to operators of search engines and that in the context of a request for de-referencing, a balance must be struck between the fundamental rights ...

CJEU rules storing cookies requires internet users’ active consent and therefore a pre-ticked checkbox is insufficient

The Court of Justice of the European Union in its Judgment in Case C-673/17 Bundesverband der Verbraucherzentralen und Verbraucherverbände ̶ Verbraucherzentrale Bundesverband eV v Planet49 GmbH, confirmed "that the consent which a website user must give to the storage of and access to cookies on his or her equipment is not validly constituted by way ...

FTC Fines Google $170 Million USD for having violated the privacy of children on YouTube

The American Federal Trade Commission and the New York Attorney General reached a settlement with Google (YouTube) for having violated the American Federal Children's Online Privacy Protection Act (COPPA). YouTube was accused of illegally harvesting the data of children, tracking their browsing behaviour in order to offer them targeted advertising,, all without the consent ...

The importance of Data Protection in research

The Swedish Data Protection Authority recently launched an investigation into Umeå University's handling of sensitive personal data, specifically data obtained from the Danish Police Authority for research purposes. The Swedish Police Authority to the Data Inspectorate has alleged that the university sent the sensitive data in its possession via unencrypted email. Data protection in ...

Social plug-ins and joint controllership

The European Court of Justice in Case C-210/16, also known as the Fashion ID case, concerns the joint controllership relationship between Facebook and website operators that embed the Facebook “Like” button on their site.  Fashion ID GmbH & Co. KG, an online fashion retailer had the Like button on its website.  In order to better understand the ...

Don’t use consent for the processing of employee data! Greek DPA issues first fine under GDPR

The Hellenic DPA in Decision no 26/2019 decided that for personal data to be processed in compliance with the GDPR, all the principles outlined in Article 5(1) GDPR should be met. The Decision came to light after the DPA received complaints concerning the processing of PriceWaterhouseCoopers employee data where employees were required to provide their ...

ePrivacy Regulation updates

On 12 July 2019 the consolidated text of the forthcoming ePrivacy Regulation was made available. The document was published in light of the 17 July WP TELE (which will focus on articles 12-16 and related recitals) and covers the entire text of the proposed regulation. Of particular relevance, the definition of direct marketing communications ...

Join me for the Cloud Security Alliance GDPR Certification Lead Auditor Training in Amsterdam

Join me in Amsterdam for the following GDPR Lead Auditor Certification Trainings: 2-3 July 201924-25 September 201918-19 November 2019 (CSA Congress EMEA Berlin)10-11 December 2019 Enterprises around the world are looking for ways to show their compliance to Europe’s General Data Protection Regulation (GDPR). The Cloud Security Alliance (CSA) has developed a Code of Conduct designed to offer both a ...

Does Privacy Shield provide adequate protections?

On May 31st the Supreme Court of Ireland denied Facebook’s appeal to avoid referral of its recent case concerning the international transfer of personal data to the European Court of Justice.  You most likely remember the case brought forth by privacy activist and lawyer Max Schrems which questions whether the methods used by technology companies, and ...