The vast difference between the views of privacy held in the US and in the EU is illustrated by the divergent paths of two prominent data privacy actions. In the EU, the action was brought by Max Schrems as a complaint before the Irish Data Protection Commissioner, claiming that Facebook’s transfer of user data to […]
The vast difference between the views of privacy held in the US and in the EU is illustrated by the divergent paths of two prominent data privacy actions. In the EU, the action was brought by Max Schrems as a complaint before the Irish Data Protection Commissioner, claiming that Facebook’s transfer of user data to […]
On June 4, 2015, the Minnesota District Court dismissed a data breach class action for lack of constitutional standing because the plaintiffs did not allege injury in fact. Carlsen v. GameStop. In this class action, Plaintiffs subscribed to a videogame magazine accessible through the web. The terms of service for the online subscription included a privacy […]
Tags: DATA PROTECTION
On November 7, 2019, the European Data Protection Supervisor (EDPS) [i] issued the Guidelines on the concepts of controller, processor and joint controllership under Regulation (EU) 2018/1725 (“Guidelines”). As a background, Regulation (EU) 2018/1725[ii] (“Regulation”) applies to the processing of personal data by the Union institutions, bodies, offices and agencies. The Guidelines aim at providing […]
On May 8, 2019, the Brussel’s Court of Appeal referred certain questions to the Court of Justice of the European Union (CJEU) to ensure that the Belgian Data Protection Authority (DPA) can pursue the case against Facebook also after the GDPR entered into force. In particular, the questions is whether the one-stop shop mechanism (which […]
The E.D. Michigan held that despite European data protection laws that might restrict disclosure of personal information, a US litigant must comply with federal discovery rules even if that means producing documents stored in the EU. Under EU Directive 46/1995 and the national implementation legislation,[i] personal information can only be processed according to privacy rules. Disclosure in […]
We have been reading some commentaries to the effect that the GDPR (General Data Protection Regulation) needs to be transposed with special legislation adopted in the several EU member states. That there will be legislation is true, but the statement is misleading. Make no mistake: the GDPR is an EU regulation, not a EU directive […]
Originally published on South Carolina Lawyer (March 2016) It is the modern employer’s dilemma: do you allow employees to bring their personal smartphones, laptops and tablets to work for business purposes? Do you purchase work devices for them, duplicating what they have? Or do you simply ban use of any personal device for work […]
The Target breach illustrates the breadth of applicable state laws when a data breach affects a large company. On December 19, 2013, Target announced that it had been the victim of a criminal attack on its computer network by third-party intruders who stole payment card data and other personal information from Target shoppers who shopped at Target […]
The news has been saturated lately by stories of data breaches. The IRS discovered recently that a breach of citizens’ tax return information covered more than 330,000 taxpayers, three times that originally identified in May of this year. Target’s data breach in 2013 is back in the news because the company just settled claims against it by […]