On October 2, 2019, the UK Court of Appeal handed down its judgment on the appeal in Richard Lloyd v. Google LLC, in which Richard Lloyd, a consumer protection advocate, seeks to bring a representative action on behalf of four million Apple iPhone users against Google LLC in the United States. Previously, the High Court had refused to grant permission for the proceedings to be served outside the UK. The Court of Appeal reversed the High Court’s judgment, granting permission for service outside the UK and allowing the representative action to proceed. The judgment is significant as it paves the way for representative actions (equivalent to class actions) for data protection infringements in the UK.
Continue Reading
International
CJEU Reaches Decision in Case Involving Cookie Consent under EU Data Protection Law
Posted on
On October 1, 2019, the Court of Justice of the European Union issued its decision in an important case involving consent for the use of cookies by a German business called Planet49.…
Continue Reading
Addressing GDPR Challenges: An Interactive Session on Handling Data Breaches
Posted on
On October 15, 2019, Hunton Andrews Kurth will host a luncheon seminar in our Brussels office on Handling Data Breaches. This blog entry provides details on the event and a link to register.…
Continue Reading
Belgian DPA Announces Fine for Disproportionate Use of Customers’ eID Card
Posted on
On September 17, 2019, the Belgian Data Protection Authority (the “Belgian DPA”) imposed a fine of EUR 10,000 on a shop for the disproportionate use of customers’ electronic identity cards (the “eIDs ”) – a national identification card.
…
Continue Reading
CIPL Submits Comments to Canadian Government’s Proposals to Modernize PIPEDA
Posted on
On September 27, 2019, the Centre for Information Policy Leadership at Hunton Andrews Kurth LLP submitted comments on Innovation, Science and Economic Development Canada’s Proposals to Modernize the Personal Information Protection and Electronic Documents Act (“PIPEDA”) (the “Comments”).
…
Continue Reading
CJEU Rules “Right to be Forgotten” on Google Limited to the EU in Landmark Case
Posted on
On September 24, 2019, the Court of Justice of the European Union released its judgments in cases C-507/17, Google v. CNIL and C-136/17, G.C. and Others v. CNIL regarding (1) the territorial scope of the right to be forgotten, and (2) the conditions in which individuals may exercise the right to be forgotten in relation to links to web pages containing sensitive data.…
Continue Reading
Canada’s Privacy Commissioner Ends Effort to Require Consent for Transborder Data Transfer
Posted on
Posted in Information Security, International
On September 23, 2019, the Office of the Privacy Commissioner of Canada announced that it completed its consultation on transfers for processing and that the OPC’s current guidelines for processing personal data across borders—under which consent for transfers to data processors is not required—remain unchanged.…
Continue Reading
Philippines Submits Notice of Intent to Join the APEC CBPR
Posted on
Posted in International
On September 20, 2019, the Philippines National Privacy Commission announced it has filed its notice of intent to join the APEC Cross-Border Privacy Rule system.…
Continue Reading
EU Council Presidency Published Amended Proposal for Draft ePrivacy Regulation
Posted on
Posted in European Union, International
On September 18, 2019, the Presidency of the European Council published its proposed amendments to the Proposal for a Regulation Concerning the Respect for Private Life and the Protection of Personal Data in Electronic Communications.…
Continue Reading
Dutch DPA Releases Complaints Report for First Half of 2019
Posted on
Posted in European Union, International
On September 9, 2019, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, the “Dutch DPA”) published a report on the privacy complaints it received between January 2019 and June 2019 (the “Report”).
…
Continue Reading