Cookies

On September 10, 2019, the Court of Justice of the European Union (“CJEU“) issued its decision in the Planet 49 case.  The case centers on the consent requirements for the use of cookies.

Planet49 GmbH offered an online lottery service for which interested users had to register.  The registration form asked users to tick a

Back in 2013, we published a blog post entitled, “European Regulators and the Eternal Cookie Debate” about what constitutes “consent” for purposes of complying with the EU’s cookie rules.  The debate continues…  Yesterday, the ICO published new guidance on the use of cookies and a related “myth-busting” blog post.  Some of the

On June 28, 2019, the French Supervisory Authority (CNIL) announced that it will issue new guidelines on the use of cookies for direct marketing purposes.  It will issue these guidelines in two phases.

First, during July 2019, the CNIL will update its guidance issued in 2013 on cookies.  According to the CNIL, the 2013 guidance

On April 5, 2019, the association of German Supervisory Authorities for data protection (‘Datenschutzkonferenz’ or ‘DSK’) published a guideline regarding the applicability of the German Telemedia Act (‘TMG’) to telemedia services – including, for example, the use of website cookies for targeted advertising post-GDPR. The guideline aims to “clarify

On March 21, 2019, Advocate General Szpunar released his opinion in the Planet49 case, currently pending before the Court of Justice of the European Union (CJEU).  The case centers on the use of consent for the processing of personal data and consent for the use of cookies.

Planet49 GmbH offered an online lottery service for

On March 7, 2019, the Dutch Supervisory Authority for data protection issued guidance prohibiting the use of “cookie walls” on websites.  Cookie walls require website users to consent to the placing of tracking cookies or similar technologies before allowing them access to the website.  According to the regulator, it received many complaints about this practice.

Following the expected approval of the final text of the General Data Protection Regulation (“GDPR”) in the European Parliament this week, the Commission is now turning its attention towards the ePrivacy Directive.

On Monday (April 11, 2016), the Commission launched a public consultation to review and propose changes to the ePrivacy Directive (2002/58/EC).  (See the

Last week, the Third Circuit revived a multi-district privacy lawsuit against Google, finding that the trial court erred in dismissing the plaintiffs’ privacy claims under California state law.  The case centers around the plaintiffs’ allegations that Google violated state and federal law by circumventing the Safari browser’s default “cookie blocker” settings to track users’ online activity while publicly professing to respect users’ Safari browser settings.  While the Third Circuit affirmed the trial court’s dismissal of federal claims under the Wiretap Act, the Stored Communications Act (SCA), and the Computer Fraud and Abuse Act (CFAA), the court vacated the district court’s dismissal of the plaintiffs’ claims under California tort law and the California constitution’s right to privacy.

The plaintiffs’ claims originated from a 2012 Wall Street Journal article describing a researcher’s findings that Google, despite the Safari browser’s default settings intended to blocking tracking cookies, had utilized methods to circumvent these settings and track Safari users’ Internet browsing habits via tracking cookies.  At the same time, the plaintiffs alleged, Google made a series of public statements, including statements within its privacy policy, indicating that it respected the Safari browser’s cookie-blocking settings.  Google subsequently entered into settlements with the Department of Justice and a consortium of state attorneys general over its practices.  Twenty-four plaintiffs also filed putative class action suits against Google and third-party advertisers, alleging violations of federal and state privacy law.  The suits were combined into the instant litigation in the District of Delaware, and in October 2013, the district court dismissed the complaint in its entirety, finding that the plaintiffs failed to state a claim.

Continue Reading Third Circuit Resurrects State Law Claims Against Google in Safari Cookie Tracking Lawsuit

Last week, the Online Interest-Based Advertising Accountability Program released a compliance warning to clarify that its Self-Regulatory Principles for Online Behavioral Advertising (OBA Principles) apply―not just to traditional HTTP cookies―but to other types of tracking technologies that enable the tracking of consumers across different platforms and devices.  

The compliance warning admonished companies developing and implementing

California’s recent amendments to the California Online Privacy Protection Act require certain online services to make additional disclosures about how they respond to browser-based Do Not Track signals―new obligations that went into effect on January 1.  Along with Joanne McNabb of the Office of the California Attorney General, Kurt Wimmer and I will be discussing