Cookies consent does not escape the GDPR: CJEU issues decision in the Planet49 case

Catherine di Lorenzo

On 1 October 2019, the Court of Justice of the European Union (CJEU) issued its long-awaited decision in the case Planet49 (Case C 673/17). The decision clarifies the requirements for valid cookie consent under Directive 2002/58 (ePrivacy Directive). In particular, the CJEU rejects pre-ticked boxes as a means of providing valid consent to the use Read More

No Comments

New UK ICO guidance on cookies and similar technologies

Nigel Parker

Recent changes to the cookie consent tool on were a good sign that updated guidance from the ICO, on the use of cookies and similar technologies, would soon arrive. The ICO duly published its updated guidance on 3 July. In the run up to GDPR, and since, many companies have adopted enhanced cookie consent tools Read More

No Comments

German antitrust authority restricts Facebook’s processing of user data

Catharina Glugla

On 7 February 2019 the German antitrust authority (Bundeskartellamt) found that the extent to which Facebook collects, merges, attributes to and uses data in user accounts amounts to an abuse of a dominant position on the market for social networks. Under Facebook’s current terms and conditions, users have to agree to Facebook: (1) collecting user Read More

No Comments

Are We Heading Towards Personal Liability for Data Protection Breaches?

David Smith

A couple of weeks ago I heard Stephen Eckersley, the ICO’s Head of Enforcement being put on the spot on Radio 4 about the number of the fines imposed by the ICO that have gone unpaid. This isn’t a problem with what might be considered the more reputable businesses that pay up when fined but Read More

No Comments

Dynamic IP addresses can be personal data says Advocate-General of the CJEU

Peter van Dyck

Summary On request for a preliminary ruling from the German Supreme Court, the Advocate-General of the Court of Justice of the European Union (CJEU) concluded that dynamic IP addresses can be personal data within the meaning of the EU Data Protection Directive. Background German federal institutions exploit websites which contain general information for the public. Read More

No Comments

What can we expect from the EU General Data Protection Regulation?

Charlotte Mullarkey

It is now clear that the proposed EU data protection framework will be revised, and that it will be in the form of a Regulation – the General Data Protection Regulation. The GDPR will replace the current Directive and will be directly applicable in all Member States without the need for implementing national legislation. It Read More

No Comments