On May 4, 2020, the European Data Protection Board (‘EDPB’) adopted updated guidelines on the meaning of ‘consent’ under the EU’s General Data Protection Regulation (‘GDPR’). The two key changes clarify that: Websites and other services may not use ‘cookie walls’, as these do not permit valid consent to be collected. ‘Cookie walls’ require the […]
GDPR
UK ICO publishes the final version of its Age Appropriate Design Code
On January 21, 2020, the UK ICO published the final version of its Age Appropriate Design Code (the “Design Code”), which sets out 15 standards that online services should meet to protect children’s privacy. The Design Code is not only applicable to online services squarely aimed at children, but also covers online services likely to […]
French CNIL Launches Public Consultation on Cookie Consent Recommendations
On January 14, 2020, the French data protection authority (CNIL) launched a public consultation on its draft recommendations for the collection of consent in the context of cookies and other tracking technologies (the ‘draft Recommendations’). Under EU ePrivacy rules, such technologies generally may not be placed on – or accessed from – users’ devices without […]
Schrems 2.0: Standard Contractual Clauses Declared Valid by EU Advocate General
The Advocate General’s Opinion of December 19, 2019 deemed valid the Standard Contractual Clauses (SCCs) adopted by the European Commission for the transfer of personal data from controllers to processors. Currently, many companies rely on SCCs as a mechanism for transferring personal data from the EU to non-EU countries in compliance with the GDPR. […]
Google-Style GDPR Fines for Everyone? Bavarian DPA Conducts Website Cookie Practices Sweep, Announces Fines under Consideration
As has been widely reported, in late January the French privacy supervisor CNIL fined Google €50 million for privacy violations relating to targeted marketing using Android user data. One of the core violations the CNIL found was that Google’s Android user interface did not obtain effective, GDPR-compliant consent to targeted marketing from users. The amount […]