Consent
Cookies consent does not escape the GDPR: CJEU issues decision in the Planet49 case
04 October 2019 - Catherine di Lorenzo
On 1 October 2019, the Court of Justice of the European Union (CJEU) issued its long-awaited decision in the case Planet49 (Case C 673/17). The decision clarifies the requirements for valid cookie consent under Directive 2002/58 (ePrivacy Directive). In particular, the CJEU rejects pre-ticked boxes as a means of providing valid consent to the use › Read More
New UK ICO guidance on cookies and similar technologies
04 July 2019 - cookies , ICO Nigel Parker
Recent changes to the cookie consent tool on www.ico.org.uk were a good sign that updated guidance from the ICO, on the use of cookies and similar technologies, would soon arrive. The ICO duly published its updated guidance on 3 July. In the run up to GDPR, and since, many companies have adopted enhanced cookie consent tools › Read More
German antitrust authority restricts Facebook’s processing of user data
13 February 2019 - Catharina Glugla
On 7 February 2019 the German antitrust authority (Bundeskartellamt) found that the extent to which Facebook collects, merges, attributes to and uses data in user accounts amounts to an abuse of a dominant position on the market for social networks. Under Facebook’s current terms and conditions, users have to agree to Facebook: (1) collecting user › Read More
Are We Heading Towards Personal Liability for Data Protection Breaches?
18 October 2016 - David Smith
A couple of weeks ago I heard Stephen Eckersley, the ICO’s Head of Enforcement being put on the spot on Radio 4 about the number of the fines imposed by the ICO that have gone unpaid. This isn’t a problem with what might be considered the more reputable businesses that pay up when fined but › Read More
Dynamic IP addresses can be personal data says Advocate-General of the CJEU
19 May 2016 - Peter van Dyck
Summary On request for a preliminary ruling from the German Supreme Court, the Advocate-General of the Court of Justice of the European Union (CJEU) concluded that dynamic IP addresses can be personal data within the meaning of the EU Data Protection Directive. Background German federal institutions exploit websites which contain general information for the public. › Read More
What can we expect from the EU General Data Protection Regulation?
24 November 2015 - Charlotte Mullarkey
It is now clear that the proposed EU data protection framework will be revised, and that it will be in the form of a Regulation – the General Data Protection Regulation. The GDPR will replace the current Directive and will be directly applicable in all Member States without the need for implementing national legislation. It › Read More