On January 21, 2019, the CNIL imposed a fine of €50 million on Google LLC under the GDPR, its first fine under the GDPR and the highest fine imposed by a supervisory authority within the EU under the GDPR to date.
Continue Reading
Penalty
Advocate General Finds Search Engine Operators May Limit the Scope of Right to Be Forgotten to the EU
Posted on
Posted in European Union, International
On January 10, 2019, Advocate General Szpunar of the Court of Justice of the European Union issued an Opinion in the case of Google v. CNIL, which is currently pending before the CJEU. In its Opinion, the Advocate General provided his views concerning the territorial scope of the right to be forgotten under the EU Data Protection Directive.…
Continue Reading
CNIL Fines French Telecom Operator for Data Security Failure
Posted on
On December 27, 2018, the CNIL announced that it imposed a fine of €250,000 on the French telecom operator Bouygues Telecom for failure to protect the personal data of the customers of its mobile package. This blog entry provides details on the decision.…
Continue Reading
CNIL Fines Uber for Data Security Failure Related to 2016 Data Breach
Posted on
On December 20, 2018, the CNIL announced that it imposed a fine of €400,000 on Uber France SAS for failure to implement some basic security measures which resulted in the 2016 Uber data breach.…
Continue Reading
ICO Notifies More Than 900 Organizations of Failure to Pay Required Data Protection Fee
Posted on
Posted in European Union, International
In the UK, the Information Commissioner’s Office introduced a requirement for organizations to pay a “data protection fee,” which data controllers falling under the ICO’s scope must pay once a year. We highlight details of the fee in this blog entry.…
Continue Reading
AOL Successor Agrees to Pay $4.95 Million in COPPA Enforcement Action
Posted on
On December 4, 2018, the New York Attorney General announced that Oath Inc. agreed to pay New York a $4.95 million civil penalty following allegations that it had violated the Children’s Online Privacy Protection Act. This is the largest-ever COPPA penalty.…
Continue Reading
Yahoo! Agrees to Settle Data Breach Class Actions with $50 Million Fund and Credit Monitoring
Posted on
On October 23, 2018, the parties in the Yahoo! Inc. Customer Data Security Breach Litigation pending in the Northern District of California and the parties in the related litigation pending in California state court filed a motion seeking preliminary approval of a settlement related to breaches of the company’s data.…
Continue Reading
OCR Enters into Record Settlement with Anthem
Posted on
Recently, the U.S. Department of Health and Human Services’ Office for Civil Rights entered into a resolution agreement and record settlement of $16 million with Anthem, Inc. following Anthem’s 2015 data breach, the largest breach of protected health information in history that affected approximately 79 million individuals.…
Continue Reading
Four Companies Settle FTC Allegations Regarding False EU-U.S. Privacy Shield Certifications
Posted on
On September 27, 2018, the Federal Trade Commission announced a settlement agreement with four companies – IDmission, LLC, mResource LLC, SmartStart Employment Screening, Inc., and VenPath, Inc. – over allegations that each company had falsely claimed to have valid certifications under the EU-U.S. Privacy Shield framework.…
Continue Reading
Uber Settles with 50 State Attorneys General for $148 Million In Connection with 2016 Data Breach
Posted on
On September 26, 2018, Uber Technologies Inc. agreed to a settlement with all 50 U.S. state attorneys general in connection with a 2016 data breach affecting the personal information (including driver’s license numbers) of approximately 607,000 Uber drivers nationwide, as well as approximately 57 million consumers’ email addresses and phone numbers.…
Continue Reading