ECJ holds by embedding social media plug-ins in website you may become a joint data controller with the social media provider

  On July 29, 2019, the Court of Justice of the European Union (ECJ) published its judgement in case C-40/17, holding – like Advocate General Bobek (see here) suggested – that an organization who embeds a Facebook “Like” button on its website may be considered a data controller. In this case, a German fashion online […]

Tags: ,

Update: oral hearing before the ECJ on Model Clauses preliminary ruling

On July 9, 2019, the European Court of Justice (CJEU) heard oral arguments on a landmark case concerning Facebook’s transfer of personal data from the EU to the US on the basis of the currently utilized “standard contractual clauses” (SCCs) mechanism. The CJEU’s decision — will have tangible consequences for businesses performing data transfers from […]

Tags:

Arizona A.G. settled over multi-state HIPAA-related data breach for $900,000

  On May 28, 2019, Attorney General Mark Brnovich announced a settlement with healthcare software providers Medical Informatics Engineering Inc. and NoMoreClipboard, LLC regarding some claims brought against them under the federal Health Insurance Portability and Accountability Act (HIPAA). By way of background. Defendants were business associates that were providing health records services that enabled […]

Tags:

NY A.G. settles with online retailer Bombas which failed to notify data breach involving credit cards details

  On June 6, 2019 Attorney General Letitia James, announced a $65,000 settlement with online retailer Bombas LLC for failing to provide notice of payment cards consumers’ data breach occurred to 39,561 consumers. In 2014 unauthorized intruders inserted malicious software code to steal payment card information into the ecommerce platform supporting Bombas’ website. Intruders accessed […]

Tags: ,

Important question about the GDPR “one –stop shop” mechanism referred to the ECJ

On May 8, 2019, the Brussel’s Court of Appeal referred certain questions to the Court of Justice of the European Union (CJEU) to ensure that the Belgian Data Protection Authority (DPA) can pursue the case against Facebook also after the GDPR entered into force. In particular, the questions is whether the one-stop shop mechanism (which […]

Tags: ,

UK DPA fined “parenting club” company for violation of the principle of “fairness” in processing

  On April 9, 2019, the UK Data Protection Authority, the Information Commissioner Officer (ICO), served a monetary penalty notice under section 55A of the Data Protection Act 1998 (DPA) of around $ 520,000. The fined company (Bounty) shared the personal data of over 14 million individuals to a number of organizations including credit reference […]

Tags: ,

FTC orders $5.7 mln civil penalty for COPPA violation (the biggest ever for COPPA violations)

  On February 27, 2019, the American Federal Trade Commission (FTC) published a proposed stipulated order for civil penalties and other reliefs against Musical.ly for violation of the Children’s Online Privacy Protection Act (COPPA) by collecting personal information from kids without parental consent. The $5.7 million civil penalty is the FTC’s largest ever under COPPA. […]

Tags: ,

German Antitrust ordered Facebook to stop “combining” data of German users without voluntary consent

  On February 7, 2019, the Bundeskartellamt, the German antitrust authority, prohibited Facebook from combining data concerning German Facebook users gathered also from third party websites when the user didn’t give voluntary consent to this practice. The decision concerns all private users of Facebook based in Germany. According to the Bundeskartellamt’s decision, until now, individuals […]

Tags: ,

1 2 3 13