Tag Archives: Cookies

European Commission Launches Consultation on Reform of the ePrivacy Directive

By Ezra Steinhardt and Vera Coughlan Following the expected approval of the final text of the General Data Protection Regulation (“GDPR”) in the European Parliament this week, the Commission is now turning its attention towards the ePrivacy Directive. On Monday (April 11, 2016), the Commission launched a public consultation to review and propose changes to the … Continue Reading

Third Circuit Resurrects State Law Claims Against Google in Safari Cookie Tracking Lawsuit

Last week, the Third Circuit revived a multi-district privacy lawsuit against Google, finding that the trial court erred in dismissing the plaintiffs’ privacy claims under California state law.  The case centers around the plaintiffs’ allegations that Google violated state and federal law by circumventing the Safari browser’s default “cookie blocker” settings to track users’ online … Continue Reading

Compliance Warning States OBA Principles Apply to Cross-Device and Cross-Platform Tracking

Last week, the Online Interest-Based Advertising Accountability Program released a compliance warning to clarify that its Self-Regulatory Principles for Online Behavioral Advertising (OBA Principles) apply―not just to traditional HTTP cookies―but to other types of tracking technologies that enable the tracking of consumers across different platforms and devices.   The compliance warning admonished companies developing and implementing … Continue Reading

Industry Grapples With Implementing “Do Not Track” Disclosures; IAB Outlines “Guiding Principles” for a Post-Cookie World

California’s recent amendments to the California Online Privacy Protection Act require certain online services to make additional disclosures about how they respond to browser-based Do Not Track signals―new obligations that went into effect on January 1.  Along with Joanne McNabb of the Office of the California Attorney General, Kurt Wimmer and I will be discussing … Continue Reading

European Regulators and the Eternal Cookie Debate

By Dan Cooper, Mark Young and Maria-Martina Yalamova This week, the Article 29 Working Party (the “WP29”) released an opinion paper on what constitutes “consent” for purposes of complying with the EU’s “cookie” rules — rules that were revised to include a consent requirement nearly four years ago.  The paper will be relevant to website … Continue Reading

Court Tosses Claims Against Google and Others Based on Safari Hack

By Katherine Gasztonyi & Steve Satterfield Last week, Judge Robinson of the District of Delaware dismissed a multi-district lawsuit claiming that Google, Vibrant Media, Media Innovation Group, and WPP violated federal privacy and computer security laws by allegedly circumventing browser privacy settings in order to track users online. This lawsuit stems from a February 17, … Continue Reading

Amazon Settles “Flash Cookie” Lawsuit

On Thursday, November 15, 2012, Judge Robert S. Lasnick of the Western District of Washington dismissed Del Vecchio v. Amazon, stating that the parties had reached a settlement, the details of which were not disclosed.  The suit had alleged (among other things) that Amazon used Flash cookies to backup and “respawn” browser cookies that plaintiffs … Continue Reading

Court Approves $22.5 Million Google Settlement

A U.S. district court has approved the Federal Trade Commission’s $22.5 million settlement with Google.  The FTC had charged that Google misrepresented to users of Apple’s Safari browser that it would not place tracking cookies or serve targeted ads to those users, violating an earlier privacy settlement between the company and the FTC.  The settlement is … Continue Reading

FTC Approves $22.5 Million Consent Decree to Settle Charges that Google Bypassed Safari Users’ Privacy Settings

Today the Federal Trade Commission has announced its approval of a consent decree to settle charges that Google misrepresented to users of Apple’s Safari browser that it would not place tracking “cookies” or serve targeted ads to those users, violating an earlier privacy settlement between the company and the FTC.  The decree requires Google to pay a … Continue Reading

Article 29 Working Party Publishes Guidance On Cookie Rule Exemptions

On Tuesday, June 12, the Article 29 Working Party (WP29), a group of European data protection authorities, published an opinion on the exemptions available to the new cookie rules introduced by the revised EU ePrivacy Directive.  The opinion provides guidance on the implementation of the available exemptions to the requirement to obtain internet users’ informed … Continue Reading

Court Dismisses CFAA, Trespass Claims Against Amazon

By Brian Ryoo The United States District Court for the Western District of Washington recently dismissed in part an online privacy lawsuit alleging that Amazon “circumvented” browser privacy controls in order to track users’ web browsing activities.  The plaintiffs in Del Vecchio v. Amazon had alleged that Amazon “exploit[ed]” browser controls in Internet Explorer by … Continue Reading

UK ICO Publishes Further Cookie Guidance Accepting Implied Consent

On May 25, 2012, the UK’s data protection authority, the ICO, issued updated guidance on the new cookie rules (Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011).  As we have reported here and here, when the rules were first introduced in May 2011, the ICO granted UK website operators a “honeymoon” period of 12-months … Continue Reading

UK ICO Issues Updated Guidance on the Rules on Use of Cookies and Similar Technologies

By Dan Cooper and Maria-Martina Yalamova On December 13, 2011, the UK data protection authority (the “ICO”) issued updated guidance on the new cookie rules (Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011) implemented as part of the review of the EU e-Privacy Directive.  The guidance is intended to help website operators and those … Continue Reading

Amazon Case Dismissed; No Adequate Facts Pled To Establish Plausible Harm

The United States District Court for the Western District of Seattle recently dismissed an online privacy case involving the alleged improper use of browser and Flash cookies in Del Vecchio v. Amazon.  Finding that the plaintiff “simply not plead adequate facts to establish any plausible harm,” this opinion follows closely on the heels of several … Continue Reading

French Data Protection Authority Releases Guidance on the Use of Cookies

On October 26, 2011, the French Data Protection Authority, the CNIL, published guidance on the implementation of the new cookie rules arising from the amendments to the EU e-Privacy Directive 2002/58/EC (the “Directive”).  The new cookie rules have been implemented into French national law via the ordinance of August 24, 2011, relating to electronic communications … Continue Reading

Article 29 Working Party Meets the European Advertising Industry over Self-Regulatory Code

The representatives of IAB Europe and EASA, European advertising and marketing industry associations, met with the Article 29 Working Party, a group of European data protection authorities, on 14 September 2011 to discuss the industry’s self-regulatory code on Online Behavioural Advertising.  As we blogged here, the Article 29 Working Party had previously voiced concerns over … Continue Reading

Commission Launches Enforcement Proceedings Against 20 Member States on “Cookie” Rules

On July 19, 2011, the European Commission announced that it sent formal requests for further information to 20 Member States regarding their failure to implement the EU’s new package of telecoms rules.  The rules, which include amendments to the E-Privacy Directive to create new consent requirements for the use of most web cookies, were required to … Continue Reading

UK ICO Calls for More Privacy Audits

The U.K. Information Commissioner’s Office (ICO) issued a press release yesterday calling on companies to undergo more data protection audits.  (Currently, only some public sector entities in the UK can be made to undergo audits — the ICO can effectively only request to audit a private sector company).  The ICO issued the “warning” after releasing … Continue Reading

European Regulators Continue to Struggle With New Cookie Rule

In 2009, Directive 2002/58/EC, the so-called ePrivacy Directive, was amended.  The deadline for EU Member States to implement the revised Directive in their national laws was May 25, 2011, but very few Member States met the deadline and even today, almost one month after the deadline, discussions remain ongoing in most national parliaments.  The implementation efforts … Continue Reading

On First Day of New UK Cookie Rules, ICO Issues a 1-year Moratorium on Enforcement

Late yesterday the UK ICO issued a new press release and guidance on its plans to enforce the new UK “cookie regulation,” which was enacted by the UK Government to implement the EU’s e-Privacy Directive.   The new release, which follows previous ICO guidance outlining how businesses might comply with the new rules (see my previous post), declared that the ICO … Continue Reading

Do “Flash Cookies” Plaintiffs Have Standing to Sue in Federal Court?

As we’ve described in this recent article, the past year has witnessed a surge in privacy litigation that shows no signs of easing.   Many of these suits involve allegations that defendants have used Flash local shared objects (“Flash cookies”) for the purpose of tracking Internet users’ browsing activity. Flash cookies differ from traditional browser cookies in that … Continue Reading

Kerry, McCain Circulate “Commercial Privacy Bill of Rights”

Just a week after the Obama Administration announced its support for comprehensive privacy legislation in testimony before the Senate Commerce Committee, Senator John Kerry (D-Mass.) has released a draft bill that attempts to respond to the Administration’s call for broad baseline privacy protections for consumers.   Kerry’s bill, which is co-sponsored by Senator John McCain (R-Ariz.) is still … Continue Reading

UK Information Commissioner Issues (Vague) Warning on Cookies

Since the 2009 amendments to Article 5(3) of the ePrivacy Directive (2002/58/EC) regarding cookies and consent, there has been considerable debate over what web sites and ad networks must do in order to deploy cookies lawfully, and over what constitutes informed consent from users (e.g., opt-in versus opt-out).  For a flavour, see the Article 29 Working Party Opinion 2/2010 on online behavioural … Continue Reading
LexBlog