On October 26, 2011, the French Data Protection Authority, the CNIL, published guidance on the implementation of the new cookie rules arising from the amendments to the EU e-Privacy Directive 2002/58/EC (the “Directive”). The new cookie rules have been implemented into French national law via the ordinance of August 24, 2011, relating to electronic communications … Continue Reading
The representatives of IAB Europe and EASA, European advertising and marketing industry associations, met with the Article 29 Working Party, a group of European data protection authorities, on 14 September 2011 to discuss the industry’s self-regulatory code on Online Behavioural Advertising. As we blogged here, the Article 29 Working Party had previously voiced concerns over … Continue Reading
On July 19, 2011, the European Commission announced that it sent formal requests for further information to 20 Member States regarding their failure to implement the EU’s new package of telecoms rules. The rules, which include amendments to the E-Privacy Directive to create new consent requirements for the use of most web cookies, were required to … Continue Reading
The U.K. Information Commissioner’s Office (ICO) issued a press release yesterday calling on companies to undergo more data protection audits. (Currently, only some public sector entities in the UK can be made to undergo audits — the ICO can effectively only request to audit a private sector company). The ICO issued the “warning” after releasing … Continue Reading
In 2009, Directive 2002/58/EC, the so-called ePrivacy Directive, was amended. The deadline for EU Member States to implement the revised Directive in their national laws was May 25, 2011, but very few Member States met the deadline and even today, almost one month after the deadline, discussions remain ongoing in most national parliaments. The implementation efforts … Continue Reading
Late yesterday the UK ICO issued a new press release and guidance on its plans to enforce the new UK “cookie regulation,” which was enacted by the UK Government to implement the EU’s e-Privacy Directive. The new release, which follows previous ICO guidance outlining how businesses might comply with the new rules (see my previous post), declared that the ICO … Continue Reading
Following its vague warning on cookies in March, and confirmation last month that the UK would adopt the amended EU rules on cookies verbatim, the UK ICO has now issued new guidance that makes it clear that websites must obtain users’ consent before storing cookies on devices. The guidance, which relates to amendments to the UK … Continue Reading
As we’ve described in this recent article, the past year has witnessed a surge in privacy litigation that shows no signs of easing. Many of these suits involve allegations that defendants have used Flash local shared objects (“Flash cookies”) for the purpose of tracking Internet users’ browsing activity. Flash cookies differ from traditional browser cookies in that … Continue Reading
Just a week after the Obama Administration announced its support for comprehensive privacy legislation in testimony before the Senate Commerce Committee, Senator John Kerry (D-Mass.) has released a draft bill that attempts to respond to the Administration’s call for broad baseline privacy protections for consumers. Kerry’s bill, which is co-sponsored by Senator John McCain (R-Ariz.) is still … Continue Reading
Since the 2009 amendments to Article 5(3) of the ePrivacy Directive (2002/58/EC) regarding cookies and consent, there has been considerable debate over what web sites and ad networks must do in order to deploy cookies lawfully, and over what constitutes informed consent from users (e.g., opt-in versus opt-out). For a flavour, see the Article 29 Working Party Opinion 2/2010 on online behavioural … Continue Reading
The United States District Court for the District of Montana has dismissed [PDF] several class action claims against the Internet service provider Bresnan Communications arising out of its partnership with the controversial (and now defunct) online advertising firm NebuAd. Bresnan subscribers alleged that the ISP allowed NebuAd to test a system to profile subscribers’ online activity using deep packet inspection … Continue Reading
