German court decides what can be the first decision on non-material damages under the GDPR

In November 2018, a German local court, the Amtsgericht Diez, decided on a claim for immaterial damages under Art. 82.1, GDPR.  According to this source, on May 25, 2018, Plaintiff received an e-mail in which Plaintiff’s consent to receive a newsletter was requested. An email of this sort is considered spam under German law and […]

Tags: ,

Update on French Conseil d’Etat’s request for a preliminary ruling on the right to be forgotten

On September 11, 2018, the Court of Justice of the European Union (CJEU) began hearing evidence from over 70 stakeholders in the case whose judgement shall outline the territorial scope of the right to be forgotten. The panel of 15 CJEU judges will rule in 2019. The request for a preliminary ruling (Case C-507/17) was […]

Tags: ,

Facebook profile can be accessed by heirs, German federal court says

On July 12, 2018, the German federal court (Bundesgerichtshof, BGH) overturned the judgment of the Berlin’s highest state court (Kammergerichts), which had denied the parents’ access to their daughter’s Facebook account. The case involved a mother trying to access the deceased 15-year-old daughter’s Facebook account in order to understand the cause of death. With its […]

Tags: ,

Carpenter v. United States

Carpenter v. United States, 201 L. Ed. 2d 507, 2018 U.S. LEXIS 3844, 138 S. Ct. 2206, 86 U.S.L.W. 4491, 27 Fla. L. Weekly Fed. S 415, 2018 WL 3073916   SCOTUS decided Carpenter vs US: police needs a warrant to search past location data from a suspect’s cellphone   On June 22, 2018, the […]


ECJ’s preliminary ruling on case of German DPA against Facebook

On June 5, 2018, the European Court of Justice (CJEU), issued its preliminary ruling in C‑210/16, opining on the definition of data controller, applicable national law, and jurisdiction under EU data protection law according to Directive 95/46/EC. According to the CJEU’s judgement, EU companies that have been advertising through Facebook can be considered data controllers […]

Tags: ,

The Ninth Circuit changes standard on standing in data breach class actions: sufficient the “increased risk of future identity theft”

On March 8, 2018, the U.S. Court of Appeals for the Ninth Circuit found that an alleged “increased risk of future identity theft” suffices Article III standing requirement in a data breach putative class action. On June 1, 2015, the District Court of Nevada had dismissed for lack of standing the data breach putative class […]

Tags: ,

Italian DPA allows collection of photos of lawyers participating in e-learning to verify identity

On July 17, 2017, the Italian Data Protection Authority (DPA), the Garante per la Protezione dei Dati Personali, approved the use of computer systems to verify the correspondence between the identity of attorneys enrolled in professional training e-courses (CLEs trainings) and that of people actually connected to the events. The system aims at preventing participants from […]

Deceased Floridians maintain their Constitutional right to privacy

In this constitutional challenge to the 2013 amendments to sections 766.106 and 766.1065 of the Florida Statutes requiring claimants in a medical malpractice claim to disclose certain protected health information (PHI) and to consent to secret, ex parte interviews between health providers and defendant , the Florida Supreme Court held that the requirements were unconstitutional and […]


SCOTUS heard oral argument in Carpenter vs US: can the Gov’t access carriers’ location data without a warrant?

On November 29, 2017, the Supreme Court heard oral argument in an important privacy case. The Sixth Circuit held that the protection granted under the Fourth Amendment did not prevent the government to access business records from the defendants’ wireless carriers revealing the user’s location without a warrant. In Carpenter v. United States Timothy Carpenter and Timothy Sanders […]


1 2 3 12