Tag Archives: Cookies

ICO Updates Guidance on Cookies and Similar Technologies

Back in 2013, we published a blog post entitled, “European Regulators and the Eternal Cookie Debate” about what constitutes “consent” for purposes of complying with the EU’s cookie rules.  The debate continues…  Yesterday, the ICO published new guidance on the use of cookies and a related “myth-busting” blog post.  Some of the “new” guidance really … Continue Reading

French Supervisory Authority will issue new guidelines on cookies

On June 28, 2019, the French Supervisory Authority (CNIL) announced that it will issue new guidelines on the use of cookies for direct marketing purposes.  It will issue these guidelines in two phases. First, during July 2019, the CNIL will update its guidance issued in 2013 on cookies.  According to the CNIL, the 2013 guidance … Continue Reading

German DSK publishes guidance on the applicability of the German Telemedia Act to telemedia services

On April 5, 2019, the association of German Supervisory Authorities for data protection (‘Datenschutzkonferenz’ or ‘DSK’) published a guideline regarding the applicability of the German Telemedia Act (‘TMG’) to telemedia services – including, for example, the use of website cookies for targeted advertising post-GDPR. The guideline aims to “clarify and concretize” a previous statement on … Continue Reading

EU Advocate General Issues Opinion on Consent for Cookies and Intersection with the GDPR

On March 21, 2019, Advocate General Szpunar released his opinion in the Planet49 case, currently pending before the Court of Justice of the European Union (CJEU).  The case centers on the use of consent for the processing of personal data and consent for the use of cookies. Planet49 GmbH offered an online lottery service for … Continue Reading

Dutch Supervisory Authority Prohibits “Cookie Walls” under GDPR

On March 7, 2019, the Dutch Supervisory Authority for data protection issued guidance prohibiting the use of “cookie walls” on websites.  Cookie walls require website users to consent to the placing of tracking cookies or similar technologies before allowing them access to the website.  According to the regulator, it received many complaints about this practice. … Continue Reading

European Commission Launches Consultation on Reform of the ePrivacy Directive

By Ezra Steinhardt and Vera Coughlan Following the expected approval of the final text of the General Data Protection Regulation (“GDPR”) in the European Parliament this week, the Commission is now turning its attention towards the ePrivacy Directive. On Monday (April 11, 2016), the Commission launched a public consultation to review and propose changes to the … Continue Reading

Third Circuit Resurrects State Law Claims Against Google in Safari Cookie Tracking Lawsuit

Last week, the Third Circuit revived a multi-district privacy lawsuit against Google, finding that the trial court erred in dismissing the plaintiffs’ privacy claims under California state law.  The case centers around the plaintiffs’ allegations that Google violated state and federal law by circumventing the Safari browser’s default “cookie blocker” settings to track users’ online … Continue Reading

Compliance Warning States OBA Principles Apply to Cross-Device and Cross-Platform Tracking

Last week, the Online Interest-Based Advertising Accountability Program released a compliance warning to clarify that its Self-Regulatory Principles for Online Behavioral Advertising (OBA Principles) apply―not just to traditional HTTP cookies―but to other types of tracking technologies that enable the tracking of consumers across different platforms and devices.   The compliance warning admonished companies developing and implementing … Continue Reading

Industry Grapples With Implementing “Do Not Track” Disclosures; IAB Outlines “Guiding Principles” for a Post-Cookie World

California’s recent amendments to the California Online Privacy Protection Act require certain online services to make additional disclosures about how they respond to browser-based Do Not Track signals―new obligations that went into effect on January 1.  Along with Joanne McNabb of the Office of the California Attorney General, Kurt Wimmer and I will be discussing … Continue Reading

European Regulators and the Eternal Cookie Debate

By Dan Cooper and Mark Young This week, the Article 29 Working Party (the “WP29”) released an opinion paper on what constitutes “consent” for purposes of complying with the EU’s “cookie” rules — rules that were revised to include a consent requirement nearly four years ago.  The paper will be relevant to website providers that … Continue Reading

Court Tosses Claims Against Google and Others Based on Safari Hack

By Katherine Gasztonyi Last week, Judge Robinson of the District of Delaware dismissed a multi-district lawsuit claiming that Google, Vibrant Media, Media Innovation Group, and WPP violated federal privacy and computer security laws by allegedly circumventing browser privacy settings in order to track users online. This lawsuit stems from a February 17, 2012, Wall Street … Continue Reading

Amazon Settles “Flash Cookie” Lawsuit

On Thursday, November 15, 2012, Judge Robert S. Lasnick of the Western District of Washington dismissed Del Vecchio v. Amazon, stating that the parties had reached a settlement, the details of which were not disclosed.  The suit had alleged (among other things) that Amazon used Flash cookies to backup and “respawn” browser cookies that plaintiffs … Continue Reading

Court Approves $22.5 Million Google Settlement

A U.S. district court has approved the Federal Trade Commission’s $22.5 million settlement with Google.  The FTC had charged that Google misrepresented to users of Apple’s Safari browser that it would not place tracking cookies or serve targeted ads to those users, violating an earlier privacy settlement between the company and the FTC.  The settlement is … Continue Reading

FTC Approves $22.5 Million Consent Decree to Settle Charges that Google Bypassed Safari Users’ Privacy Settings

Today the Federal Trade Commission has announced its approval of a consent decree to settle charges that Google misrepresented to users of Apple’s Safari browser that it would not place tracking “cookies” or serve targeted ads to those users, violating an earlier privacy settlement between the company and the FTC.  The decree requires Google to pay a … Continue Reading

Article 29 Working Party Publishes Guidance On Cookie Rule Exemptions

On Tuesday, June 12, the Article 29 Working Party (WP29), a group of European data protection authorities, published an opinion on the exemptions available to the new cookie rules introduced by the revised EU ePrivacy Directive.  The opinion provides guidance on the implementation of the available exemptions to the requirement to obtain internet users’ informed … Continue Reading

Court Dismisses CFAA, Trespass Claims Against Amazon

By Brian Ryoo The United States District Court for the Western District of Washington recently dismissed in part an online privacy lawsuit alleging that Amazon “circumvented” browser privacy controls in order to track users’ web browsing activities.  The plaintiffs in Del Vecchio v. Amazon had alleged that Amazon “exploit[ed]” browser controls in Internet Explorer by … Continue Reading

UK ICO Publishes Further Cookie Guidance Accepting Implied Consent

On May 25, 2012, the UK’s data protection authority, the ICO, issued updated guidance on the new cookie rules (Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011).  As we have reported here and here, when the rules were first introduced in May 2011, the ICO granted UK website operators a “honeymoon” period of 12-months … Continue Reading

UK ICO Issues Updated Guidance on the Rules on Use of Cookies and Similar Technologies

On December 13, 2011, the UK data protection authority (the “ICO”) issued updated guidance on the new cookie rules (Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011) implemented as part of the review of the EU e-Privacy Directive.  The guidance is intended to help website operators and those using cookies understand how the rules … Continue Reading

Amazon Case Dismissed; No Adequate Facts Pled To Establish Plausible Harm

The United States District Court for the Western District of Seattle recently dismissed an online privacy case involving the alleged improper use of browser and Flash cookies in Del Vecchio v. Amazon.  Finding that the plaintiff “simply not plead adequate facts to establish any plausible harm,” this opinion follows closely on the heels of several … Continue Reading

French Data Protection Authority Releases Guidance on the Use of Cookies

On October 26, 2011, the French Data Protection Authority, the CNIL, published guidance on the implementation of the new cookie rules arising from the amendments to the EU e-Privacy Directive 2002/58/EC (the “Directive”).  The new cookie rules have been implemented into French national law via the ordinance of August 24, 2011, relating to electronic communications … Continue Reading

Article 29 Working Party Meets the European Advertising Industry over Self-Regulatory Code

The representatives of IAB Europe and EASA, European advertising and marketing industry associations, met with the Article 29 Working Party, a group of European data protection authorities, on 14 September 2011 to discuss the industry’s self-regulatory code on Online Behavioural Advertising.  As we blogged here, the Article 29 Working Party had previously voiced concerns over … Continue Reading

Commission Launches Enforcement Proceedings Against 20 Member States on “Cookie” Rules

On July 19, 2011, the European Commission announced that it sent formal requests for further information to 20 Member States regarding their failure to implement the EU’s new package of telecoms rules.  The rules, which include amendments to the E-Privacy Directive to create new consent requirements for the use of most web cookies, were required to … Continue Reading

UK ICO Calls for More Privacy Audits

The U.K. Information Commissioner’s Office (ICO) issued a press release yesterday calling on companies to undergo more data protection audits.  (Currently, only some public sector entities in the UK can be made to undergo audits — the ICO can effectively only request to audit a private sector company).  The ICO issued the “warning” after releasing … Continue Reading

European Regulators Continue to Struggle With New Cookie Rule

In 2009, Directive 2002/58/EC, the so-called ePrivacy Directive, was amended.  The deadline for EU Member States to implement the revised Directive in their national laws was May 25, 2011, but very few Member States met the deadline and even today, almost one month after the deadline, discussions remain ongoing in most national parliaments.  The implementation efforts … Continue Reading
LexBlog