UK DPA fined “parenting club” company for violation of the principle of “fairness” in processing

  On April 9, 2019, the UK Data Protection Authority, the Information Commissioner Officer (ICO), served a monetary penalty notice under section 55A of the Data Protection Act 1998 (DPA) of around $ 520,000. The fined company (Bounty) shared the personal data of over 14 million individuals to a number of organizations including credit reference […]

Tags: ,

German Antitrust ordered Facebook to stop “combining” data of German users without voluntary consent

  On February 7, 2019, the Bundeskartellamt, the German antitrust authority, prohibited Facebook from combining data concerning German Facebook users gathered also from third party websites when the user didn’t give voluntary consent to this practice. The decision concerns all private users of Facebook based in Germany. According to the Bundeskartellamt’s decision, until now, individuals […]

Tags: ,

German court decides what can be the first decision on non-material damages under the GDPR

In November 2018, a German local court, the Amtsgericht Diez, decided on a claim for immaterial damages under Art. 82.1, GDPR.  According to this source, on May 25, 2018, Plaintiff received an e-mail in which Plaintiff’s consent to receive a newsletter was requested. An email of this sort is considered spam under German law and […]

Tags: ,

Update on French Conseil d’Etat’s request for a preliminary ruling on the right to be forgotten

On September 11, 2018, the Court of Justice of the European Union (CJEU) began hearing evidence from over 70 stakeholders in the case whose judgement shall outline the territorial scope of the right to be forgotten. The panel of 15 CJEU judges will rule in 2019. The request for a preliminary ruling (Case C-507/17) was […]

Tags: ,

Facebook profile can be accessed by heirs, German federal court says

On July 12, 2018, the German federal court (Bundesgerichtshof, BGH) overturned the judgment of the Berlin’s highest state court (Kammergerichts), which had denied the parents’ access to their daughter’s Facebook account. The case involved a mother trying to access the deceased 15-year-old daughter’s Facebook account in order to understand the cause of death. With its […]

Tags: ,

Carpenter v. United States

Carpenter v. United States, 201 L. Ed. 2d 507, 2018 U.S. LEXIS 3844, 138 S. Ct. 2206, 86 U.S.L.W. 4491, 27 Fla. L. Weekly Fed. S 415, 2018 WL 3073916   SCOTUS decided Carpenter vs US: police needs a warrant to search past location data from a suspect’s cellphone   On June 22, 2018, the […]


ECJ’s preliminary ruling on case of German DPA against Facebook

On June 5, 2018, the European Court of Justice (CJEU), issued its preliminary ruling in C‑210/16, opining on the definition of data controller, applicable national law, and jurisdiction under EU data protection law according to Directive 95/46/EC. According to the CJEU’s judgement, EU companies that have been advertising through Facebook can be considered data controllers […]

Tags: ,

The Ninth Circuit changes standard on standing in data breach class actions: sufficient the “increased risk of future identity theft”

On March 8, 2018, the U.S. Court of Appeals for the Ninth Circuit found that an alleged “increased risk of future identity theft” suffices Article III standing requirement in a data breach putative class action. On June 1, 2015, the District Court of Nevada had dismissed for lack of standing the data breach putative class […]

Tags: ,

Italian DPA allows collection of photos of lawyers participating in e-learning to verify identity

On July 17, 2017, the Italian Data Protection Authority (DPA), the Garante per la Protezione dei Dati Personali, approved the use of computer systems to verify the correspondence between the identity of attorneys enrolled in professional training e-courses (CLEs trainings) and that of people actually connected to the events. The system aims at preventing participants from […]

1 2 3 12