CNIL Hits Google With €150 Million Fine Over Cookie Consent Violations
For Vehicle Data, GDPR Is Just the Beginning
For vehicle data, GDPR is just the beginning, the German Brandenburg regional government said in a Q&A. Stay tuned for the Data Governance Act.
Here are some key points:
- Vehicle manufacturers have to observe GDPR when collecting and processing data. For this purpose, the customer’s consent to the use of their data (e.g. on-board systems
No Cookies for You: DSK TTDSG Guidelines Impose Strict Limitations
The German Data Protection Conference (DSK) issued guidance on the Federal Act on the Regulation of Data Protection and Privacy in Telecommunications and Telemedia (‘TTDSG’), which went into effect on December 1, 2021.
Some key takeaways:
Scope:
- If no personal data is processed, only TTDSG is applicable. If both personal and non-personal data is
Do You Know What You’re Consenting to When You Click Accept?
Do you know what you’re consenting to when you click accept?
Does it include sharing your data with law enforcement?
I spoke with Bloomberg Law about a new law in Illinois that limits law enforcement access to data from household digital devices.
Read more here.
Pain and Suffering for a Data Breach? German Court Issues First Decision of Its Kind in Europe.
A German Court has ordered pain and suffering damages as a result of a data breach, the first decision of its kind in Europe.
According to the judgment, Scalable Capital has to pay the plaintiff, represented by consumer organization EuGD Europäische Gesellschaft für Datenschutz mbH, € 2,500 in damages for non-material damage because he was
Children’s Privacy is Front and Center in DPC Ireland Report
With enforcement on children’s data privacy ramping up around the world, Ireland’s Data Protection Commission has issued a detailed report on the fundamental principles of such data privacy, as well as some helpful suggestions to controllers on how to improve.
The key principles:
- FLOOR OF PROTECTION: Online service providers should provide a “floor” of
Datatilsynet’s $7.1 Million Fine Against Grindr: Key Takeaways
Norwegian regulator Datatilsynet has slapped Grindr, a location-based online dating application, with a $7.1 million fine for sharing data with advertisers without the consent of its users. Here are some of my initial takeaways.
General:
- The opinion was released in (excellent) English, and this is very important and much appreciated.
- The opinion is very well
CNIL: Refusing Cookies Should Be as Easy as Accepting Them
Who refused the cookies in the cookie jar?
The Commission Nationale de l’Informatique et des Libertés (CNIL) has sent new orders for cookie compliance to 30 additional companies, bringing the total to 90.
The sectors affected include: public institutions, higher education, clothing, transportation, retail and distance selling.
Some key issues:
- automatic embedding of cookies before
‘Legal Uncertainty Is Unkind’ EDPB and EDPS Say in Joint Opinion
“Clear is kind. Unclear is unkind,” according to author Brené Brown.
A joint opinion from the European Data Protection Board (EDPB) and European Data Protection Supervisor (EDPS) on the European Union’s proposed digital and data strategies, including the Digital Services Act (DSA), the Digital Markets Act (DMA), the Data Governance Act (DGA) and the
You Use a US-Based Sub Processor, You Lose, German Court Says
If you use a U.S.-based sub processor (even for data processed in the EU), you lose, the German administrative court of Wiesbaden said in an interim decision.
No transfer. No worries. TIA anyway.
Even if the server is possibly located in the EU, the US company has access to it and the U.S. Cloud Act
Here are some key takeaways, and their US relevance: