$5B Facebook’s settlement with FTC over Cambridge Analytica approved by federal court

On April 23, 2020 a federal court officially approved the agreement reached between Facebook and the Federal Trade Commission (FTC) last July. FTC’s investigation began after the events of Cambridge Analytica in 2018. See here for more about this investigation. The reached settlement agreement received some criticism. Facebook agreed to shift its approach to  privacy, […]


Host providers with actual knowledge of illegal activities must expeditiously (and worldwide) remove or disable access to the information, the ECJ held

  On October 3, 2019 in Case C-18/18, Eva Glawischnig-Piesczek v. Facebook Ireland Limited, the European Court of Justice (EDJ) held that — under Directive 2000/31, the Directive on electronic commer – cefor a platform (host provider) to be considered hosting provider (and so benefit from liability exception), while it must play a passive role (having no knowledge of the content), must […]

Google “Safari Workaround” action’s “block” overturned by UK Court of Appeal

On October 2, 2019, the UK Court of Appeal unanimously overturned a block on a “class-action” lawsuit (technically a “collective action”) brought by a veteran on behalf of millions iPhone users against  Google for the latter’s use of “Safari Workaround” . Now the case can be heard. The lawsuit alleges that Google secretly tracked some […]

Tags: ,

Class action against Facebook’s processing of personal biometric data continues

Updated on October 18th, 2019: On August 8, 2019, the United States Court of Appeals for the Ninth Circuit held that the plaintiffs have constitutional standing to sue Facebook for violating statutory privacy rights under the Illinois Biometric Information Privacy Act of 2008. Facebook had filed a motion to dismiss arguing that plaintiffs lacked standing […]

Tags: , ,

ECJ holds by embedding social media plug-ins in website you may become a joint data controller with the social media provider

  On July 29, 2019, the Court of Justice of the European Union (ECJ) published its judgement in case C-40/17, holding – like Advocate General Bobek (see here) suggested – that an organization who embeds a Facebook “Like” button on its website may be considered a data controller. In this case, a German fashion online […]

Tags: ,

Update: oral hearing before the ECJ on Model Clauses preliminary ruling

On July 9, 2019, the European Court of Justice (CJEU) heard oral arguments on a landmark case concerning Facebook’s transfer of personal data from the EU to the US on the basis of the currently utilized “standard contractual clauses” (SCCs) mechanism. The CJEU’s decision — will have tangible consequences for businesses performing data transfers from […]


Update on Cambridge Analytica scandal: Italian DPA fined Facebook in the summer of 2019

  On June 28, 2019, the Garante per la protezione dei dati personali, the Italian Data Protection Authority issued a EUR 1 million fine against Facebook following the scandal of Cambridge Analytica. See here for more info. According to the Italian DPA, 57 Italian users downloaded the incriminated application through the Facebook login function. This […]

Tags: ,

Arizona A.G. settled over multi-state HIPAA-related data breach for $900,000

  On May 28, 2019, Attorney General Mark Brnovich announced a settlement with healthcare software providers Medical Informatics Engineering Inc. and NoMoreClipboard, LLC regarding some claims brought against them under the federal Health Insurance Portability and Accountability Act (HIPAA). By way of background. Defendants were business associates that were providing health records services that enabled […]


1 2 3 14