On February 24, 2012, the German Federal Constitutional Court ruled that law enforcement authorities may only request user data from telecommunications companies under certain strict conditions.
Continue Reading German Federal Constitutional Court Restricts Access to User Data for Law Enforcement Purposes
IP Address
Representative Stearns Introduces Consumer Privacy Protection Act
On April 13, 2011, Representative Cliff Stearns introduced the Consumer Privacy Protection Act of 2011, designed to “protect and enhance consumer privacy” through notice and choice requirements and a self-regulatory program.
…
Continue Reading Representative Stearns Introduces Consumer Privacy Protection Act
German DPAs Still Consider Google Analytics Illegal
According to a press report dated October 2, 2010, the Düsseldorfer Kreis still considers the use of Google Analytics on websites to be illegal.
…
Continue Reading German DPAs Still Consider Google Analytics Illegal
German Court Finds No Right to Immediate Deletion of IP Addresses
On June 16, 2010, the Frankfurt am Main Higher Regional Court upheld a decision allowing Internet access providers to store IP addresses for up to seven days.
…
Continue Reading German Court Finds No Right to Immediate Deletion of IP Addresses
Twitter Settles FTC Data Security Charges
Twitter has agreed to settle FTC charges that it deceived consumers and put their privacy at risk by failing to safeguard their personal information from hackers.
…
Continue Reading Twitter Settles FTC Data Security Charges
The Digital Economy Act 2010: A Step Toward Censorship?
On April 8, 2010, the UK’s Digital Economy Act became law, raising concerns about increased monitoring of online activities.
…
Continue Reading The Digital Economy Act 2010: A Step Toward Censorship?
German Federal Constitutional Court Declares Implementation of Data Retention Directive Unconstitutional
On March 2, 2010, the German Federal Constitutional Court ruled that the mass storage of telephone and Internet data for law enforcement purposes is unlawful in its current form.
Since 2008, the challenged law has required telecom companies to retain data from telephone, email and Internet traffic, as well as mobile phone location data, for six months. This information may be retrieved for law enforcement and safety purposes. Constitutional claims were brought before the Court by nearly 35,000 citizens, representing the largest mass claim proceeding in German history.
German Data Protection Authorities Issue Resolution on Website Analysis Methods
In December 2009, the German data protection authorities (“DPAs”) for the private sector published a resolution on data protection compliance for website audience measurement. The resolution was adopted at the Düsseldorfer Kreis meeting on November 26-27, 2009.
Many website operators analyze users’ surfing behavior for advertising and market research purposes, or to adapt their websites to suit consumer preferences. To create user profiles, website operators often use software or other services that are offered by third party service providers (sometimes free of charge).
…
Continue Reading German Data Protection Authorities Issue Resolution on Website Analysis Methods
French Court of Cassation Rules on Data Protection and Online Copyright Infringement
In SACEM v. Cyrille Saminadin (Cour de Cassation, chambre criminelle, 13 janvier 2009), the SACEM (a representative body of authors, composers, and music editors) asked one of its agents to carry out an investigation and to collect evidence of copyright infringements on a peer-to-peer network. After selecting a peer-to-peer network, the agent manually typed in the title of a song belonging to one of the rights holders and searched for all available files corresponding to this title. The agent then randomly selected one of these files and saved all the information relating to it (IP address, country of origin, name of the internet service provider, etc.) onto a CD-ROM as evidence for use in filing a complaint. The question raised in this case was whether such activity constitutes data processing requiring the prior authorization of the French Data Protection Authority (CNIL).