On October 27, 2015, David Smith, the UK Deputy Commissioner of the Information Commissioner’s Office, published a blog post commenting on the ongoing Safe Harbor compliance debate in light of the Schrems v. Facebook decision of the Court of Justice of the European Union.
Continue Reading UK Deputy Information Commissioner on Safe Harbor: “Don’t Panic”

On October 6, 2015, the Court of Justice of the European Union issued its judgment in the Schrems v. Facebook case that empowers the national data protection authorities to investigate and suspend international data transfers, and concludes that the Safe Harbor Decision is invalid.
Continue Reading CJEU Declares the Commission’s U.S. Safe Harbor Decision Invalid

Recent class actions filed against Facebook and Shutterfly are the first cases to test an Illinois law that requires consent before biometric information may be captured for commercial purposes. Although the cases focus on biometric capture activities primarily in the social-media realm, these cases and the Illinois law at issue have ramifications for any business that employs biometric-capture technology, including those who use it for security or sale-and-marketing purposes. In a recent article published in Law360, Hunton & Williams partner, Torsten M. Kracht, and associate, Rachel E. Mossman, discuss how businesses already using these technologies need to keep abreast of new legislation that might affect the legality of their practices, and how businesses considering the implementation of these technologies should consult local rules and statutes before implementing biometric imaging.

Continue Reading States Writing Biometric-Capture Laws May Look to Illinois

On May 13, 2015, the Belgian Data Protection Authority published a recommendation addressing Facebook’s social plug-in practices. The Recommendation stems from the recent discussions between the Belgian Data Protection Authority and Facebook regarding its privacy policy and the tracking of Internet activities.
Continue Reading Belgian Data Protection Authority Issues Recommendation on Facebook’s User Tracking

On January 14, 2015, the data protection authority of the German federal state of Schleswig-Holstein issued an appeal challenging a September 4, 2014 decision by the Administrative Court of Appeals, which held that companies using Facebook’s fan pages cannot be held responsible for data protection law violations committed by Facebook because the companies do not have any control over the use of the data.
Continue Reading German DPA Appeals Court Decision on Facebook Fan Pages and Suggests Clarification by ECJ on Data Controllership