The UK Information Commissioner’s Office (“ICO”), which enforces data protection legislation in the UK, has ruled that the NHS Royal Free Foundation Trust (“Royal Free”), which manages a London hospital, failed to comply with the UK Data Protection Act 1998 in providing 1.6 million patient records to Google DeepMind (“DeepMind”), requiring the Royal Free to … Continue Reading
Last week, the Third Circuit revived a multi-district privacy lawsuit against Google, finding that the trial court erred in dismissing the plaintiffs’ privacy claims under California state law. The case centers around the plaintiffs’ allegations that Google violated state and federal law by circumventing the Safari browser’s default “cookie blocker” settings to track users’ online … Continue Reading
The UK Supreme Court has granted Google the right to appeal part of the English and Welsh Court of Appeal’s notable ruling in Google Inc. v. Vidal-Hall & Ors [2015] EWCA Civ 311. Our previous blog highlighted the facts of the case (brought by Internet users against Google’s ad-tracking practices) and the significant consequences of … Continue Reading
Pursuant to a press release of April 8, 2014, the Hamburg data protection authority (the “Hamburg DPA”) essentially upheld its order of September 2014, in which it found that certain of Google’s data processing operations explained in its 2012 privacy policy violated German data protection law. More in particular, the Hamburg DPA established that Google’s … Continue Reading
Dan Cooper and Phil Bradley-Schmieg On March 27, 2015, the England and Wales Court of Appeal (EWCA) handed down a historic judgment in Google Inc v. Vidal-Hall & Ors [2015] EWCA Civ 311, with significant consequences for organizations handling personal data in, or from, the UK. This case was brought against Google Inc. by three … Continue Reading
Regulators and courts in the EU are increasingly vigilant in relation to privacy practices and policies of large online companies. In recent years and months, the pressure increases not only through privacy-specific regulations and enforcement, but also through the application of consumer legislation. As the below examples from France and Germany show, some courts or … Continue Reading
On November 25, 2014, the Article 29 Working Party agreed guidelines for data protection authorities seeking to apply the Court of Justice of the European Union (CJEU) ruling reached earlier this year against Google, which has become known as the right to be forgotten or “RTBF” ruling. The full guidelines have not yet been published, … Continue Reading
By Randall Friedland Yesterday, the USA Freedom Act (S. 2685), a bill aimed at curbing the National Security Agency’s (“NSA”) data collection practices, fell two votes short of the 60 votes necessary for cloture in the Senate. The bill was largely blocked by Senate Republicans who expressed concern that the legislation would harm the government’s … Continue Reading
Yesterday, the Article 29 Working Party group of European privacy regulators released a short press release describing the results of its most recent plenary meeting, in which the right to be forgotten was discussed. The “right to be forgotten” refers to a “new” right that the Court of Justice of the European Union (CJEU) read … Continue Reading
By Dan Cooper, Mark Young and Kristof van Quathem On May 13, the European Court of Justice (the “Court”) handed down an important judgement in a referral from Spain’s National High Court involving Google, a Spanish national, and the Spanish data protection authority (Case C-131/12). The decision has wide-ranging consequences regarding the application of EU … Continue Reading
On January 8, 2014, the French data protection authority, the Commission nationale de l’informatique et des libertés (CNIL), announced that it was imposing a fine of €150,000 on Google, as well as a requirement that Google, within eight days of the decision, publicize the fine on its own website (at www.google.fr) for a period of … Continue Reading
Yesterday, the FTC announced a settlement with Goldenshores Technologies, a company that makes the most-downloaded flashlight app on the Android platform. The FTC alleged that Goldenshores violated Section 5 of the FTC Act by failing to disclose to consumers that it shared location data it collected from users’ device with third parties. Although a list … Continue Reading
On Tuesday, 19 November, the Regional Court of Berlin ruled against Google in a case brought by the Federation of German Consumer Associations (vzbv). The vzbv had initiated an action for injunction against Google, requesting it to stop using certain clauses in its Terms of Use and Privacy Policy. In Germany, consumer associations have a … Continue Reading
Google has entered into a $17 million settlement agreement with attorneys general from 37 states and the District of Columbia over allegations that the company engaged in unauthorized tracking of users of Apple’s Safari browser in 2011 and 2012. The allegations stemmed from 2012 reports that Google had bypassed Safari’s default privacy settings and placed cookies … Continue Reading
By Katherine Gasztonyi & Steve Satterfield Last week, Judge Robinson of the District of Delaware dismissed a multi-district lawsuit claiming that Google, Vibrant Media, Media Innovation Group, and WPP violated federal privacy and computer security laws by allegedly circumventing browser privacy settings in order to track users online. This lawsuit stems from a February 17, … Continue Reading
In a decision issued last week that is being described by some as a “landmark,” Judge Koh of the Northern District of California denied a motion to dismiss a complaint filed against Google alleging that its Gmail service unlawfully intercepts the contents of emails sent by and to Gmail users. The case involves Google’s longstanding … Continue Reading
On 25 June, the Advocate General (the “AG”) submitted an Opinion on a set of questions that a Spanish court referred to the Court of Justice of the European Union (the “Court”). This is the first time that the Court has been asked to interpret the European Data Protection Directive 95/46/EC (the ‘Directive’) in the context of internet … Continue Reading
By Jorg Walter The CNIL announced in a press release on Thursday that it has issued a formal notice to Google Inc. that requires the search engine to provide clear and sufficient information to users about how their data is being used. In particular, the Paris based regulator wants Google to: Define specified and explicit … Continue Reading
The data protection authority in Hamburg, Germany, issued an administrative fine in the amount of € 145,000 against Google for its illegal WiFi data collection activities. This fine fell just short of the maximum amount for such fines under German data protection law, which is € 150,000 (in cases of negligence). Between 2008 and 2010, … Continue Reading
The Court of Justice of the European Union (“CJEU”) in Luxembourg heard argument yesterday concerning the “right to be forgotten”—specifically, whether search engines such as Google must block search results when asked by European citizens to remove references to themselves. This particular case—which is representative of approximately 200 similar cases in Spain—came before the CJEU … Continue Reading
On Friday, an Italian appeals court in Milan overturned the 2010 criminal conviction of three Google Inc. executives for violating the privacy of a disabled boy by allowing a video of students bullying him to appear on Google Video. In February 2010, a court handed down six-month prison sentences to three senior Google executives—Senior Vice … Continue Reading
A U.S. district court has approved the Federal Trade Commission’s $22.5 million settlement with Google. The FTC had charged that Google misrepresented to users of Apple’s Safari browser that it would not place tracking cookies or serve targeted ads to those users, violating an earlier privacy settlement between the company and the FTC. The settlement is … Continue Reading
By Dan Cooper & Ezra Steinhardt On 16 October, 2012, the French data protection authority, the CNIL, released a report on behalf of the Article 29 Working Party that examines Google’s compliance with European data protection law. The report marks a new stage in an investigation which began nine months ago, when Google announced that … Continue Reading
Updated on October 1, 2012 to add information about Chairman Leibowitz’s response to the nine Representatives’ letter. As we previously noted, in March of this year the Federal Trade Commission called for the implementation of a Do Not Track (DNT) system that allows consumers to opt out of the collection of all online behavioral data … Continue Reading
