News

  On January 25, 2015, the European Commission released a statement with an update about the effects of the adoption of Regulation 2016/679/EU (GDPR). See: Joint Statement by First Vice-President Timmermans, Vice-President Ansip, Commissioners Jourová and Gabriel ahead of Data Protection Day Since its entry into force on May 25, 2018, “citizens have become more […]

On December 19, 2018, Advocate General Bobek, published his opinion in case C-40/17, deeming that anyone who enters the Facebook “Like” button on his website can be considered a joint controller. In this case, a German fashion online retailer embedded a Facebook’s ‘Like’ button in its website. As a result, when users landed on the […]

  On January 15, 2019, the United States Court of Appeals for the Ninth Circuit held that websites and mobile applications (app) of places of public accommodation must be fully accessible to persons with disabilities. By way of background, Plaintiff – a blind man – alleged that Defendant Domino’s Pizza, LLC, (Domino’s) failed to design, […]

    On January 25, 2019, the Illinois Supreme Court found that data subjects do not need to allege a concrete injury in order to sue under the Biometric Information Privacy Act (Act) (740 ILCS 14/1 et seq., BIPA). Contrary to the appellate court’s view, the Illinois Supreme Court found that “actual injury or adverse […]

    Two courts in Canada recently dealt with excessive legal fees charged for performing legal research and found out that computer-assisted legal research is a necessity for the contemporary practice of law but shall be carried out with competence. In both Cass v. Ontario and Drummond v. Cadillac the Ontario Superior Court commented on artificial intelligence and […]

On March 28, 2018, Alabama was the last State, after South Dakota, to adopt a data breach notification statute. The Alabama Data Breach Notification Act of 2018 (S.B. 318) went into effect on June 1, 2018. According to the Alabama Statute, any “covered entity” and “third-party agent” must comply. Written notification must be made to all affected […]

On 23 January 2019, the EU Commission adopted its adequacy decision on Japan, allowing personal data to flow freely between Europe and Japan. The adequacy decision started to apply as of January 23. The same will happen on the Japanese side. The adequacy decision includes: a set of Supplementary Rules to strengthen the protection of sensitive data, […]

On January 21, 2019, the CNIL (Commission Nationale de l’Informatique et des Libertés, the French Data Protection Authority), restricted committee, for the first time applies the new sanctions limit provided by the GDPR and sanctions Google for EUR 50 million for two GDPR violations: 1. “violation of the obligations of transparency and information“ “First, the restricted […]

On January 10, 2018, Advocate General Maciej Szpunar of the Court of Justice of the European Union (CJEU) issued his opinion in the case of Google v. CNIL (Case C-507/17). In the opinion, the Advocate General stresses that the right to be forgotten must be balanced against other fundamental rights, such as the legitimate public […]

On December 14, 2018, New York Attorney General Barbara D. Underwood announced settlements with Western Union Financial Services, Inc., Priceline.com, LLC, Equifax Consumer Services, LLC, Spark Networks, Inc., and Credit Sesame, Inc., “for having mobile apps that failed to keep sensitive user information secure when transmitted over the Internet.” No fraud had happened with those […]