On May 8, 2019, the Brussel’s Court of Appeal referred certain questions to the Court of Justice of the European Union (CJEU) to ensure that the Belgian Data Protection Authority (DPA) can pursue the case against Facebook also after the GDPR entered into force. In particular, the questions is whether the one-stop shop mechanism (which […]
On April 17, 2019, the EU Parliament adopted the proposed EU Regulation on platform-to-business trading practices. The text adopted by the European Parliament still has to be formally approved by the Council of the European Union. Once approved, the Regulation will enter into force 12 months after its publication in the Official Journal. […]
On April 16, 2019, the European Parliament informed that it decided to create the Common Identity Repository (CIR). The CIR will interconnect a series of data systems (listed below) into a gigantic biometric database containing data about EU and non-EU citizens to improve data exchange between EU information systems to manage borders, security and migration. […]
On April 24, 2019, Facebook published its financial results for the first quarter, where it estimated a probable loss and recorded an accrual of $3 billion in connection with an investigation by the Federal Trade Commission (FTC). The investigation could result in a penalty of up to 5 billion. The FTC began its investigation into […]
On November 9, 2019, the European Data Protection Board (EDPB) adopted guidelines on the GDPR’s lawful basis for processing. In particular, the EDPB provided guidance on the “contractual necessity basis for processing personal data in the context of online services.” Guidelines 2/2019 on the processing of personal data under Article 6(1)(b) GDPR in the context […]
With a decision published on March 18, 2019, the Danish Privacy Authority, Datatilsynet (DPA), found that a Danish Taxi App – Taxa 4×35 – did not respect the principle of data minimization envisaged by the GDPR (art. 5.1(c)), keeping the personal data of the customers beyond the expected retention period. The company deleted the […]
Bahrain. Bahrain enacted Law No. 30, 2018, the law protecting personal data (Data Protection Law), which goes into force on August 1, 2019. Bahrain has several other laws with provisions relating to data protection, including: Law No. 16, 2014, regarding the Protection of Information and State Documents; Law No. 2, 2017, for Ratifying the Arab Agreement in Combating […]
On April 9, 2019, the UK Data Protection Authority, the Information Commissioner Officer (ICO), served a monetary penalty notice under section 55A of the Data Protection Act 1998 (DPA) of around $ 520,000. The fined company (Bounty) shared the personal data of over 14 million individuals to a number of organizations including credit reference […]
The Children’s Advertising Review Unit (CARU), a self-regulatory advertising unit approved by the Federal Trade Commission (FTC) and administered by the Council of Better Business Bureaus, recently found issues with the advertising approach taken by two mobile applications for kids: KleptoCats and My Talking Tom. CARU monitors advertising and privacy practices and determines whether such […]
On March 25, 2019, the Supreme Court denied Zappo’s petition for certiorari allowing a class action to proceed for a 2012 data breach even though consumers didn’t establish they were injured by the breach. This is a setback for companies hoping to limit their liability in data breach cases. By way of background. On June […]