Case Law & Court Rules

In February 2017, the Italian Data Protection Authority (Garante per la protezione dei Dati Personali)  fined five companies over 11 million euros for the unlawful processing of personal data. The companies, which operate in the money transfer field, unlawfully processed the personal data of over 2 millions people. To avoid money laundering legislation, the companies would use […]

On December 21, 2016, Oracle asked the Federal Communications Commission (FCC) to reconsider its decision and order “Protecting the Privacy of Customers of Broadband and Other Telecommunications Services” (“Order”) published on November 2016. See here. At the beginning of 2017, several Internet Service Providers (ISPs) and cable associations filed Petitions for Reconsideration requesting the FCC to significantly […]

On February 6, 2017, the Court of Appeals for the Fourth Circuit affirmed a district court judgement’s dismissal of two data breach class actions for lack of subject-matter jurisdiction:  Plaintiffs failed to establish a non-speculative, imminent injury-in-fact identity theft after a 2013 and 2014 data breach. This was a consolidated appeal of veterans against William Jennings Bryan […]

On February 3, 2017, the Pennsylvania US District Court granted the Government’s motions to compel Google to comply with search warrants, holding that this was not an extraterritorial application of the stored Communications Act 18 U.S.C. (“SCA“). The District Court had issued two search warrants, pursuant to section 2703 of the SCA §§ 2701 et seq., […]

European Court of Justice — Case C‑13/16 On January 26, 2017, the Advocate General (AG) to the Court of Justice of the European Union (CJEU) Mr. Bobek opined that there is no legal obligation for a data controller under EU data protection law to disclose data enabling the identification of a person allegedly responsible for an administrative offence. In […]

On November 10, 2016, the Eleventh U.S. Circuit Court of Appeals held that merely exposing sensitive data is not reasonably likely to harm consumers. LabMD operated as a clinical laboratory and as part of its business, receives patients’ sensitive personal information, which included their names, birthdates, addresses, and Social Security numbers. LabMD’s billing manager allegedly […]

  The Advocate General (AG) of the Court of Justice of the European Union (ECJ) opined on the right to be forgotten in companies’ registers: no right to be forgotten there. In case C-393/15, the Corte di Cassazione (the Italian Supreme Court) asked the ECJ to clarify the right of individuals to be forgotten, to have their […]

On October 6, 2016, the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) (“Italian DPA”)  issued an order denying the right to be forgotten to those involved in major crimes. A former city counselor involved in an investigation for corruption and fraud requested a de-indexation of some related articles. The events occurred […]

On May 18, 2016, the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) issued an order allowing for the processing of personal geo-localization data collected through the employees’ smartphones. An Italian company, SITE S.p.A., submitted a preliminary request for examination of the DPA with reference to the processing of personal data gathered […]

  On September 23, 2016, Ronald Schwartz, a New York resident, filed a case and sought class-action certification on behalf of himself and other users against defendant Yahoo. According to the complaint, the Company “failed to adequately protect its users or itself from data breach”. The claim was filed after, on September 22, 2016, Yahoo issued […]