On July 29, 2019, the European Court of Justice (“ECJ”) issued its decision in the case of FashionID GmbH & Co. KG v. Verbraucherzentrale NRW. The ECJ found that websites that integrate Facebook plugins are jointly responsible for the data collected by those plugins and sent to Facebook. Despite the somewhat innocuous-sounding holding, this decision […]
CCPA Carve-Out for Online Advertising? Proposed Amendment Exempts Certain Advertising Data from Do-Not-Sell Restrictions
California passed the California Consumer Privacy Act (CCPA) in September 2018, and the CCPA enters into force on January 1, 2020. One of the CCPA’s core elements is a right for consumers to know when a company is selling their data, and to opt-out of data sales at any time. This was the primary focus […]
Google-Style GDPR Fines for Everyone? Bavarian DPA Conducts Website Cookie Practices Sweep, Announces Fines under Consideration
As has been widely reported, in late January the French privacy supervisor CNIL fined Google €50 million for privacy violations relating to targeted marketing using Android user data. One of the core violations the CNIL found was that Google’s Android user interface did not obtain effective, GDPR-compliant consent to targeted marketing from users. The amount […]
German DPA Announces GDPR Compliance Survey of Large Companies – Translation Provided
Following a two-year grace period, EU General Data Protection Regulation (GDPR) entered into force on May 25, 2018. For many companies, preparing for the GDPR was a multi-year project involving multiple teams and input or assistance from across the organization. On this blog, we have outlined the items we have seen as particularly time- or […]
German DPAs Issue DPIA Blacklists; Many Companies Likely to be Affected
The GDPR entered into force on May 25, 2018. One of the GDPR’s core going-forward obligations is the duty to conduct Data Protection Impact Assessments (DPIAs) over processing activities that create a “high risk” to individuals’ privacy. DPIAs constitute an important aspect of GDPR compliance, as they arguably replace the notifications of processing systems and […]