Case Law & Court Rules

  On June 28, 2019, the Garante per la protezione dei dati personali, the Italian Data Protection Authority issued a EUR 1 million fine against Facebook following the scandal of Cambridge Analytica. See here for more info. According to the Italian DPA, 57 Italian users downloaded the incriminated application through the Facebook login function. This […]

On May 31, 2019, the District of Columbia Superior Court issued an order rejecting Facebook’s request to dismiss or to stay a data privacy litigation brought under a state consumer protection statute. The case is interesting because the order deals with the decision of a state court on the applicability of state general consumer protection […]

    On June 4, 2019, the United States District Court for the Southern District of New York granted Defendant’s motion to dismiss since the company mooted Plaintiff’s claims and for lack of personal jurisdiction over Defendant. By way of background, Plaintiff alleged that Defendant’s website denied equal access to visually-impaired customers and that Defendant’s […]

  On May 28, 2019, Attorney General Mark Brnovich announced a settlement with healthcare software providers Medical Informatics Engineering Inc. and NoMoreClipboard, LLC regarding some claims brought against them under the federal Health Insurance Portability and Accountability Act (HIPAA). By way of background. Defendants were business associates that were providing health records services that enabled […]

  On June 7, 2019, the US Court of Appeal for the Sixth Circuit held that the district court did not err in awarding judgment in favor of business as it was exempt from liability under a “consequential damages waiver” contained in the “Merchant Agreement” executed with the data processing company. By way of background. Two […]

On June 6, 2019 Attorney General Letitia James, announced a $65,000 settlement with online retailer Bombas LLC for failing to provide notice of payment cards consumers’ data breach that affected 39,561 consumers. In 2014 unauthorized intruders inserted malicious software code to steal payment card information into the ecommerce platform supporting Bombas’ website. Intruders accessed customer […]

  On May 20, 2019, the Corte di Cassazione, the Italian Supreme Court, clarified that if the damage is not proven, there is no crime for the violation of privacy under the Italian Privacy Code (Article 167, Legislative Decree 196/2003). In this case, a father and a son were involved in a civil proceeding. The father […]

On May 8, 2019, the Brussel’s Court of Appeal referred certain questions to the Court of Justice of the European Union (CJEU) to ensure that the Belgian Data Protection Authority (DPA) can pursue the case against Facebook also after the GDPR entered into force. In particular, the questions is whether the one-stop shop mechanism (which […]

  On April 9, 2019, the UK Data Protection Authority, the Information Commissioner Officer (ICO), served a monetary penalty notice under section 55A of the Data Protection Act 1998 (DPA) of around $ 520,000. The fined company (Bounty) shared the personal data of over 14 million individuals to a number of organizations including credit reference […]

On March 20, 2019, the U.S. Supreme Court vacated a judgment of the Ninth Circuit and remanded it for further proceedings “Because there remain substantial questions about whether any of the named plaintiffs has standing to sue in light of our decision in Spokeo, Inc. v. Robins, 578 U. S. ___ (2016).” By way of […]