The German High Court asks the ECJ to issue preliminary ruling on validity of pre-checked checkboxes to gather consent for processing

On September 3, 2018, the Bundesgerichtshof, the German Federal Court of Justice deferred a preliminary ruling to the Court of justice of the European Union (CJEU) to decide whether, under EU data protection laws, a pre-checked checkbox – which the user must unselect to refuse his consent – is a valid consent to store information, […]

Tags: ,

Facebook profile can be accessed by heirs, German federal court says

On July 12, 2018, the German federal court (Bundesgerichtshof, BGH) overturned the judgment of the Berlin’s highest state court (Kammergerichts), which had denied the parents’ access to their daughter’s Facebook account. The case involved a mother trying to access the deceased 15-year-old daughter’s Facebook account in order to understand the cause of death. With its […]

Tags: ,

Carpenter v. United States

Carpenter v. United States, 201 L. Ed. 2d 507, 2018 U.S. LEXIS 3844, 138 S. Ct. 2206, 86 U.S.L.W. 4491, 27 Fla. L. Weekly Fed. S 415, 2018 WL 3073916   SCOTUS decided Carpenter vs US: police needs a warrant to search past location data from a suspect’s cellphone   On June 22, 2018, the […]

Tags:

ECJ’s preliminary ruling on case of German DPA against Facebook

  On June 5, 2018, the European Court of Justice (CJEU), issued its preliminary ruling in C‑210/16, opining on the definition of data controller, applicable national law, and jurisdiction under EU data protection law according to Directive 95/46/EC. According to the CJEU’s judgement, EU companies that have been advertising through Facebook can be considered data […]

Tags: ,

The Ninth Circuit changes standard on standing in data breach class actions: sufficient the “increased risk of future identity theft”

On March 8, 2018, the U.S. Court of Appeals for the Ninth Circuit found that an alleged “increased risk of future identity theft” suffices Article III standing requirement in a data breach putative class action. On June 1, 2015, the District Court of Nevada had dismissed for lack of standing the data breach putative class […]

Tags: ,

Processing of personal data carried out on company e-mail accounts shall be necessary and proportional

On February 1, 2018, the Garante per la Protezione dei Dati Personali, the Italian Data Protection Authority (DPA), prohibited an Italian company to store employees’ corporate emails for an indefinite period. This would violate the principles of lawfulness, necessity, and proportionality established by the Privacy Code. The DPA explained that the company – instead of implementing […]

Tags: ,

Employees judicial data can be processed only with express authorization by law or Agency, Italian DPA says

On June 15, 2017, the Italian Data Protection Authority, Garante per la Protezione dei Dati Personali, rejected the request of an Italian service company to be authorized to process its employees’ judiciary data because of lack of an adequate legal basis. The Italian company was looking to process the judiciary information of its employees to allegedly […]

Tags: ,

U.S. Customs and Border Protection searches of travelers’ mobile electronic devices may be unconstitutional

On September 13, 2017, ten U.S. citizens and one lawful permanent resident sued the Department of Homeland Security (DHS) before the U.S. Court of Massachusetts challenging searches and seizure of travelers’ personal electronic devices in violation of privacy and free speech protections of the U.S. Constitution. Allegedly, U.S. Customs and Border Protection (CBP) and U.S. […]

Tags:

Privacy class action brought in California against Walt Disney for apps exploiting children’s personal information

On August 3, 2017, several parents brought a class action in San Francisco against Walt Disney. The parents allege that Walt Disney and its partners exfiltrated the personally identifying information of their children playing online games via smart phone apps, for future commercial exploitation, in direct violation of the federal Children’s Online Privacy Protection Act […]

Tags:

Time is an important factor in assessing a request to be forgotten, but it isn’t the only one, Italian DPA reminds

On June 15, 2017, the Italian Data Protection Authority, Garante per la protezione dei dati personali, highlighted how time is not the only factor to consider when asking to be forgotten. There are additional circumstances that have to be considered, like for example, the public right to information. In this case, a senior public official […]

Tags:

1 2 3 4 5 6 16