U.S. Supreme Court deems sufficient the “increased risk of future identity theft” for standing in data breach putative class actions

On March 25, 2019, the Supreme Court denied Zappo’s petition for certiorari allowing a class action to proceed for a 2012 data breach even though consumers didn’t establish they were injured by the breach. This is a setback for companies hoping to limit their liability in data breach cases. By way of background. On June […]

Tags: ,

Facebook users can file civil law suits, in addition to data protection complains, Vienna higher court rules

  On March 25, 2019, Vienna’s higher Regional Court (Oberlandesgericht Wien) ruled that “every citizen can not only file a complaint with the data protection authority, but also submit a lawsuit in courts.” See here. The claims is complicated and concerns Facebook’s breach of EU privacy laws. See here for more info. The admissibility of […]

Tags: ,

Pre-checked boxes aren’t valid for consent nor cookies under EU data protection law

Update: In October 2019, the European Court of Justice held that in order to store cookies on user devices, the users must actively consent and that pre-checked checkbox that users must actively deselect is not a valid form of consent. The European Court of Justice also stated that all types of cookies require active consent, […]

Tags: ,

FTC orders $5.7 mln civil penalty for COPPA violation (the biggest ever for COPPA violations)

  On February 27, 2019, the American Federal Trade Commission (FTC) published a proposed stipulated order for civil penalties and other reliefs against Musical.ly for violation of the Children’s Online Privacy Protection Act (COPPA) by collecting personal information from kids without parental consent. The $5.7 million civil penalty is the FTC’s largest ever under COPPA. […]

Tags: ,

German Antitrust ordered Facebook to stop “combining” data of German users without voluntary consent

  On February 7, 2019, the Bundeskartellamt, the German antitrust authority, prohibited Facebook from combining data concerning German Facebook users gathered also from third party websites when the user didn’t give voluntary consent to this practice. The decision concerns all private users of Facebook based in Germany. According to the Bundeskartellamt’s decision, until now, individuals […]

Tags: ,

Illinois Supreme Court found improper collection and retention of handprints constitutes injury-in-fact sufficient to grant standing

    On January 25, 2019, the Illinois Supreme Court found that data subjects do not need to allege a concrete injury in order to sue under the Biometric Information Privacy Act (Act) (740 ILCS 14/1 et seq., BIPA). Contrary to the appellate court’s view, the Illinois Supreme Court found that “actual injury or adverse […]

Tags:

Advocate general suggest to limit global de-listing approach related to right to be forgotten

On January 10, 2018, Advocate General Maciej Szpunar of the Court of Justice of the European Union (CJEU) issued his opinion in the case of Google v. CNIL (Case C-507/17). In the opinion, the Advocate General stresses that the right to be forgotten must be balanced against other fundamental rights, such as the legitimate public […]

Tags: ,

German court decides what can be the first decision on non-material damages under the GDPR

In November 2018, a German local court, the Amtsgericht Diez, decided on a claim for immaterial damages under Art. 82.1, GDPR.  According to this source, on May 25, 2018, Plaintiff received an e-mail in which Plaintiff’s consent to receive a newsletter was requested. An email of this sort is considered spam under German law and […]

Tags: ,

1 2 3 4 5 16