Anna Oberschelp de Meneses

Subscribe to all posts by Anna Oberschelp de Meneses

EU Advocate General Issues Opinion on Consent for Cookies and Intersection with the GDPR

On March 21, 2019, Advocate General Szpunar released his opinion in the Planet49 case, currently pending before the Court of Justice of the European Union (CJEU).  The case centers on the use of consent for the processing of personal data and consent for the use of cookies. Planet49 GmbH offered an online lottery service for … Continue Reading

The Court of Justice of the European Union reiterates broad application of the EU Data Protection Law’s journalism exception to online platforms

On January 14, 2019, the Court of Justice of the European Union (“CJEU”) decided that video recordings of police officers in the exercise of their duties and the uploading of such videos on YouTube may constitute “journalistic activities” in the meaning of the journalism exception of the EU Data Protection Directive (“Directive”) (available here). The … Continue Reading

EU-Japan Adopt Mutual Adequacy Decision

[Update to previous post from August 17, 2018] On January 23, 2019, the European Commission and Japan mutually recognized each other’s data protection laws as providing an adequate level of protection of personal data (see European Commission press release here). As a result, nearly all personal data can now flow freely between the EU and … Continue Reading

Google fined €50 million in France for GDPR violation

On January 21, 2019, the French Supervisory Authority for data protection (“CNIL”) issued a fine of €50 million against Google for violations of the General Data Protection Regulation (“GDPR”) (the decision was published in French here).  The CNIL’s decision was triggered by complaints from two non-profit organizations together representing 9974 individuals. The case raises a … Continue Reading

Austrian Data Protection Authority Validates Paid Subscription Model as a Viable Alternative to Ad Tracking

On 30 November 2018, the Austrian Data Protection Authority (“DPA”) decided that the website of an online media publisher – which offers users the option to either consent to advertising cookies or pay for a subscription – gives users a free choice that is compatible with the requirements of consent under the GDPR. (The decision … Continue Reading

German Courts Decide Whether an Infringement of the GDPR also Qualifies as Unfair-Competitive Behavior

Under the Data Protection Directive (now superseded by the General Data Protection Regulation, “GDPR”), it was disputed whether a violation of the German Data Protection Law transposing the Directive could serve as a basis for anti-competition claims under the German Act Against Unfair Competition (“Gesetz gegen den unlauteren Wettbewerb”, “UWG”).  Since the entry into force … Continue Reading

CNIL imposes GDPR-consent in online advertising space

On November 9, 2018, the French Supervisory Authority for Data Protection (known as the “CNIL”) announced that it issued a formal warning (available here) ordering the company Vectaury to change its consent experience for customers and purge all data collected on the basis of invalid consent previously obtained.   Vectaury is an advertising network that … Continue Reading

Portuguese hospital receives and contests 400,000 € fine for GDPR infringement

On July 17, 2018, the Portuguese Supervisory Authority (“CNPD”) imposed a fine of 400.000 € on a hospital for infringement of the European Union General Data Protection Regulation (“GDPR”).  The decision has not been made public.  Earlier this week, the hospital publicly announced that it will contest the fine. According to press reports, the CNPD … Continue Reading

Italian court decides that a data protection officer does not have to be a certified ISO 27001 Auditor

On September 5, 2018, a first instance Administrative Court in Italy decided that a public company cannot reject an application for the position of data protection officer (“DPO”) on the basis that the applicant is not a certified ISO 27001 Auditor / Lead Auditor (decision available here). ISO 27001 is an international information security standard. … Continue Reading

EU and Japan conclude talks on reciprocal adequacy finding

On July 17, 2018, the European Commission successfully concluded negotiations with Japan on a reciprocal adequacy finding which will allow personal data to flow freely from the EU to Japan (and vice versa). The adequacy decision has not yet been formally adopted, as it must still undergo the respective EU and Japanese approval procedures, which … Continue Reading
LexBlog