On December 31, 2021, the French Data Protection Authority (the “CNIL”) imposed a €150,000,000 fine on Google and a €60,000,000 fine on Facebook (now Meta) for violations of French rules on the use of cookies.
Continue Reading CNIL Fines Big Tech Companies 210 Million Euros for Cookie Violations
E-Privacy Directive
CIPL Publishes Paper on the Draft ePrivacy Regulation to Inform Current Trilogue Discussions
The Centre for Information Policy Leadership at Hunton Andrews Kurth published a paper on the Draft ePrivacy Regulation, in the context of the Trilogue Discussions between the EU Commission, EU Council and EU Parliament. …
Continue Reading CIPL Publishes Paper on the Draft ePrivacy Regulation to Inform Current Trilogue Discussions
CIPL Submits Response to the EDPB Guidelines on Virtual Voice Assistants
The Centre for Information Policy Leadership at Hunton Andrews Kurth has submitted its response to the European Data Protection Board consultation on draft guidelines on virtual voice assistants. The Guidelines were adopted on March 12, 2021 for public consultation.
Continue Reading CIPL Submits Response to the EDPB Guidelines on Virtual Voice Assistants
EDPB Releases Guidelines on Virtual Voice Assistants
On March 12, 2021, the European Data Protection Board (“EDPB”) published its Guidelines 01/2021 on Virtual Voice Assistants for consultation (the “Guidelines”). Virtual voice assistants (“VVAs”) understand and execute voice commands or coordinate with other IT systems. These tools are available on most smartphones and other devices and collect significant amounts of personal data, such as through user commands. In addition, VVAs require a terminal device equipped with a microphone and transfer data to remote service. These activities raise compliance issues under both the General Data Protection Regulation (“GDPR”) and the e-Privacy Directive.
Continue Reading EDPB Releases Guidelines on Virtual Voice Assistants
EU Member States Agree on Council’s Text for the ePrivacy Regulation
On February 10, 2021, representatives of the EU Member States reached an agreement on the Council of the European Union’s negotiating mandate for the draft ePrivacy Regulation, which will replace the current ePrivacy Directive. The text approved by the EU Member States was prepared under Portugal’s Presidency and will form the basis of the Council’s negotiations with the European Parliament on the final terms of the ePrivacy Regulation.
Continue Reading EU Member States Agree on Council’s Text for the ePrivacy Regulation
CNIL Fines Google and Amazon 135 Million Euros for Alleged Cookie Violations
On December 10, 2020, the French Data Protection Authority announced that it has levied fines on Google LLC, Google Ireland Limited and Amazon Europe Core for alleged violations of the French cookie rules. This post examines the French cookie rules, CNIL’s territorial jurisdiction, the investigations and the sanctions levied against each company.
Continue Reading CNIL Fines Google and Amazon 135 Million Euros for Alleged Cookie Violations
Takeaways from 100th Anniversary Meeting of German Data Protection Authorities
On November 26, 2020, the Conference of the German Data Protection Authorities issued a press release with conclusions from their 100th anniversary meeting. The key issues discussed were the implications of Schrems II on German privacy and cybersecurity.
Continue Reading Takeaways from 100th Anniversary Meeting of German Data Protection Authorities
CJEU Restricts Indiscriminate Access to Electronic Communications for National Security Purposes
On October 6, 2020, the Court of Justice of the European Union handed down Grand Chamber judgments determining that the ePrivacy Directive does not allow for EU Member States to adopt legislation intended to restrict the scope of its confidentiality obligations unless they comply with the general principles of EU law.
Continue Reading CJEU Restricts Indiscriminate Access to Electronic Communications for National Security Purposes
Belgian DPA Fines Belgian Telecommunications Provider for Several Data Protection Infringements
On July 30, 2020, the Litigation Chamber of the Belgian Data Protection Authority (the “Belgian DPA”) imposed a €20,000 fine on Belgian telecommunications provider Proximus N.V. (“Proximus”) for several data protection infringements related to Proximus’ public directory. In particular, the claimant requested that Proximus remove his contact details from the public directory and inform other publishers of public directories not to publish his personal data. Despite informing the claimant that it was going to proceed accordingly, Proximus still published his personal data in its public directory and shared it with other publishers of public directories.
…
Continue Reading Belgian DPA Fines Belgian Telecommunications Provider for Several Data Protection Infringements
European Commission Releases First Report on Evaluation of GDPR
On June 24, 2020, the European Commission submitted its first report on the evaluation and review of the GDPR to the European Parliament and Council. The report will be produced at four year intervals going forward.
Continue Reading European Commission Releases First Report on Evaluation of GDPR