Case Law & Court Rules

After WP29 issued the guidelines to help authorities to deal with appeals resulting from search engines’ refusal to “de-list” (see here), the Italian Data Protection Authority is facing the challenges of implementing the Costeja case, C-131/12 and its “right to be forgotten”. As of February 2015, the Italian Data Protection Authority received around 10 appeals against search engines refusal to […]

The Justice Department has reached a $134,000 settlement with a New York woman after the Drug Enforcement Administration (“DEA”) set up a fake Facebook account in her name using seized pictures. The settlement takes into account emerging personal privacy concerns. Facebook had previously disabled the law enforcement agency’s fake profile. See here. Stipulation of the settlement […]

On July 10, 2014, the Italian Data Protection Authority (“DPA”) issued a resolution to protect the privacy of Google’s services users in Italy. According to the decision, Google may not process users’ data for profiling without the subjects’ prior consent; furthermore, Google shall specifically inform the users that it is profiling them for marketing purposes. The […]

On December 31, 2014, the FTC approved a final order settling charges that Snapchat – a popular mobile messaging application – deceived consumers over the amount of personal data it collected and the security measures taken to protect data from misuse and unauthorized disclosure. The final order prohibits Snapchat  from misrepresenting the extent to which it […]

On October 28, 2014, the Bundesgerichtshof (the German Federal Supreme Court) referred to the European Court of Justice a preliminary ruling on whether an IP address constitutes personal data under the EU Data Protection Directive (court ref. VI ZR 135/13). The Bundesgerichtshof, having to decide whether the IP address of a visitor can be saved beyond […]

On December 4, 2014, the Italian Data Protection Authority (“DPA”) issued a resolution to answer the motion that Google presented in September for a waiver of the notification requirement of Article 13, paragraph 5 of the Italian Privacy Code (as interpreted by the DPA’s resolution of October 15, 2010 towards Google – read here) which […]

On December 8, 2014, the UK Court of Appeal began hearing Google’s appeal against the High Court’s decision which allowed UK data subjects to sue Google Inc. in England for misuse of private information. In brief, at the beginning of 2013, several claimants alleged that Google used cookies to track their browsing activity without their consent. […]

On November 17, 2014, TRUSTe and the FTC announced a proposed consent agreement after TRUSTe allegedly deceived consumers about its recertification program for the company’s privacy practices. TRUSTe is a corporation which offers several data privacy services to companies, including a variety of assessments and certifications, monitoring tools, and compliance controls. It also offers Certified […]

Employer held responsible for employee’s HIPAA privacy violations On November 14, 2014, the Court of Appeals of Indiana found a pharmacist and her employer liable for the damages sustained by a customer as a result of the employee’s HIPAA breach. The pharmacist breached one of her most sacred duties by viewing the prescription records of […]

The US Supreme Court granted certiorari to hear a decision from the Ninth Circuit that struck down a 2008 ordinance of the city of Los Angeles requiring that hotel guest records “be made available to any officer of the Los Angeles Police Department for inspection.” Patel v. City of Los Angeles. The ordinance requires hotels to […]