On March 7, 2024, the Court of Justice of the European Union issued its judgment in the case of IAB Europe (Case C‑604/22). In this judgment, the CJEU assessed the role of IAB Europe in the processing operations associated with its Transparency and Consent Framework and further developed CJEU case law on the concept of personal data under the GDPR.
Continue Reading CJEU Rules on IAB Europe’s Transparency and Consent Framework

On December 7, 2023, the Court of Justice of the European Union ruled that credit scoring constitutes automated decision-making, which is prohibited under Article 22 of the EU General Data Protection Regulation unless certain conditions are met.
Continue Reading CJEU Rules that GDPR Prohibition on Automated Decision-Making Applies to Credit Scoring

On October 30, 2023, the Federal Trade Commission announced that it is sending nearly $100 million in refunds to consumers who were harmed as a result of internet phone service provider Vonage’s alleged use of dark patterns and other obstacles that made it difficult for users to cancel their service.
Continue Reading FTC to Send Nearly $100 Million in Refunds in Vonage Settlement

On October 27, 2023, the European Data Protection Board adopted an urgent binding decision instructing the Irish Data Protection Commissioner to take final measures against Meta Ireland Limited within two weeks and impose a ban on Meta’s processing of personal data for behavioral advertising based on the contractual necessity and legitimate interests legal bases.
Continue Reading Irish DPA to Ban Meta from Processing Personal Data for Behavioral Advertising Following EDPB Urgent Binding Decision

On October 12, 2023, the French Data Protection Authority announced a €600,000 fine for mass media company Groupe Canal+ for failing to comply with its commercial prospecting obligations applicable under the French Post and Electronic Communications Code and several obligations of the EU General Data Protection Regulation.
Continue Reading CNIL Fines Groupe Canal+ 600,000 Euros For Direct Marketing and GDPR Infringements

On August 8, 2023, the Massachusetts Gaming Commission approved 205 CMR 257: Sports Wagering Data Privacy, a set of regulations designed to create new rights and obligations with respect to sports betting operators’ use of patrons’ Confidential Information or Personally Identifiable Information. The regulations took effect on September 1, 2023.
Continue Reading Massachusetts Sports Wagering and Data Privacy Regulations Take Effect

On September 21, 2023, the UK Information Commissioner’s Office published an opinion on the UK Government’s assessment of adequacy for the UK Extension to the EU-U.S. Data Privacy Framework.
Continue Reading The UK ICO Publishes Opinion on UK Government’s Assessment of Adequacy for the UK Extension to the EU-U.S. DPF