Advocate General opined that embedding a Facebook “Like” button on websites could determine a situation of joint control

On December 19, 2018, Advocate General Bobek, published his opinion in case C-40/17, deeming that anyone who enters the Facebook “Like” button on his website can be considered a joint controller. In this case, a German fashion online retailer embedded a Facebook’s ‘Like’ button in its website. As a result, when users landed on the […]

NY A.G. settled with five companies whose mobile apps were not secure

On December 14, 2018, New York Attorney General Barbara D. Underwood announced settlements with Western Union Financial Services, Inc., Priceline.com, LLC, Equifax Consumer Services, LLC, Spark Networks, Inc., and Credit Sesame, Inc., “for having mobile apps that failed to keep sensitive user information secure when transmitted over the Internet.” No fraud had happened with those […]

CNIL publishes guidance on data transfer to third parties for electronic prospecting

On December 28, 2018, the French Data Protection Agency, the Commission Nationale de l’informatique et des Libertés (CNIL) published several principles to help companies comply with the General Data Protection Regulation (GDPR) while transferring personal data to their commercial partners for electronic prospecting. Particularly, the CNIL highlights how: the data subject must give consent before the […]

County in NY strengthens privacy on wage and salary history to protect women and minorities

On October 2, 2018, the Suffolk County, NY Legislature introduced a local law to restrict access to information regarding salary and earnings (“RISE” act). The legislature of Suffolk County found that “women and racial and ethnic minority workers have historically encountered lower wages and salaries causing a wage gap that pervades all industries,” and that they have been negatively […]

GDPR complaints against Google for tracking filed with seven EU DPAs

On November 27, 2018, the European Consumer Organisation (BEUC), informed that seven EU consumer organizations filed complaints against Google with their national data protection authorities (DPAs) for breaching the General Data Protection Regulation (GDPR) in relation to how the company tracks its users’ location. The complaints are based on new research (Every step you take) […]

EDPS adopts Guidelines on GDPR’s territorial scope

On November 16, 2018, the European Data Protection Board (EDPB) adopted guidelines on the territorial application of the GDPR. Guidelines 3/2018 on the territorial scope of Regulation 2016/679/EU- Version for public consultation. The guidelines are now open to public consultation. The Guidelines aim at clarifying the territorial scope of the GDPR, in particular where the data […]