France’s highest administrative court recently issued a summary judgment that rejected a request for the suspension of the partnership between the French Ministry of Health and Doctolib, a leading provider of online medical consultations in Europe, for the management of COVID-19 vaccination appointments.
Continue Reading French Highest Court Rejects Suspension of Partnership with EU Service Provider Using AWS; Extends Application of the Schrems II Requirements
Service Provider
EDPB Releases Guidelines on Virtual Voice Assistants
On March 12, 2021, the European Data Protection Board (“EDPB”) published its Guidelines 01/2021 on Virtual Voice Assistants for consultation (the “Guidelines”). Virtual voice assistants (“VVAs”) understand and execute voice commands or coordinate with other IT systems. These tools are available on most smartphones and other devices and collect significant amounts of personal data, such as through user commands. In addition, VVAs require a terminal device equipped with a microphone and transfer data to remote service. These activities raise compliance issues under both the General Data Protection Regulation (“GDPR”) and the e-Privacy Directive.
Continue Reading EDPB Releases Guidelines on Virtual Voice Assistants
NY Department of Financial Services Issues Cyber Fraud Alert to Regulated Entities Using Instant Quote Websites
The New York Department of Financial Services has issued a Cyber Fraud Alert to regulated entities in light of a growing campaign to steal Nonpublic Information, as defined under New York law, from public-facing websites that provide instant quotes for products like auto insurance.
Continue Reading NY Department of Financial Services Issues Cyber Fraud Alert to Regulated Entities Using Instant Quote Websites
EDPS Publishes Opinion on Digital Services Act and Digital Markets Act
On February 10, 2021, the European Data Protection Supervisor published two opinions on the European Commission’s proposals for a Digital Services Act and a Digital Markets Act. The two proposals are part of a set of measures announced in the 2020 European Strategy for Data and have two main goals: (1) creating a safer digital space in which the fundamental rights of all users of digital services are protected, and (2) establishing a level playing field to foster innovation, growth and competitiveness in the European Single Market and globally.
Continue Reading EDPS Publishes Opinion on Digital Services Act and Digital Markets Act
German BGH Ruling on Consent for Cookies and Third-Party Advertising
On May 29, 2020, the German Federal Court of Justice, Germany’s highest court for civil and criminal matters, issued its ruling on case Planet49 regarding consent requirements for the use of cookies and telemarketing activities. …
Continue Reading German BGH Ruling on Consent for Cookies and Third-Party Advertising
EU Council Presidency Releases Proposed Amendments to Draft ePrivacy Regulation
On February 21, 2020, the Presidency of the Council of the European Union published a revised part of the proposed Regulation concerning the Respect for Private Life and the Protection of Personal Data in Electronic Communications and Repealing Directive. …
Continue Reading EU Council Presidency Releases Proposed Amendments to Draft ePrivacy Regulation
Italian Garante Fines Telecom Company 27.8 Million Euros for Unlawful Marketing Practices
On February 1, 2020, the Italian Data Protection Authority announced that it had levied a fine of 27.8 Million Euros on TIM S.p.A., a telecommunications company, for several unlawful marketing data processing practices.
Continue Reading Italian Garante Fines Telecom Company 27.8 Million Euros for Unlawful Marketing Practices
CJEU Reaches Decision in Case Involving Cookie Consent under EU Data Protection Law
On October 1, 2019, the Court of Justice of the European Union issued its decision in an important case involving consent for the use of cookies by a German business called Planet49.
Continue Reading CJEU Reaches Decision in Case Involving Cookie Consent under EU Data Protection Law
DOJ Releases a White Paper on the CLOUD Act
Earlier this month, the U.S. Department of Justice published a white paper entitled “Promoting Public Safety, Privacy, and the Rule of Law Around the World: The Purpose and Impact of the CLOUD Act.”…
Continue Reading DOJ Releases a White Paper on the CLOUD Act
Iowa and Nebraska Enact Information Security Laws
Recently, Iowa and Nebraska enacted information security laws applicable to personal information. Iowa’s law applies to operators of online services directed at and used by students in kindergarten through grade 12, whereas Nebraska’s law applies to all businesses doing business in Nebraska who own or license Nebraska residents’ personal information.
Continue Reading Iowa and Nebraska Enact Information Security Laws