On Thursday, September 2, 2021, the Irish Data Protection Commission (“DPC”) published its decision in the long-awaited inquiry it initiated into the data processing of WhatsApp Ireland Limited (“WhatsApp”) in December 2018.  It finds against WhatsApp, imposing a fine of €225 million.

Continue Reading Irish DPC Finds Against WhatsApp

On December 17, 2019, the Belgian Supervisory Authority (“SA”) imposed a fine of € 15,000 on an SME operating a legal information website that welcomes approximately 35,000 unique visitors a month.  Interestingly, in the apparent absence of any actual complaints submitted to the SA, it carried out this enforcement action on its own initiative.

In

On November 8, 2019, the Spanish Supervisory Authority (“SA”) issued detailed guidance on cookies and similar technologies in collaboration with stakeholders in the ad industry, including Adigital, Anunciantes, AUTOCONTROL and IAB Spain. The guidance is divided in 4 chapters:

  • Chapter 1: scope of the Spanish cookie rules (Art. 22 of Law 34/2002);
  • Chapter 2

On January 21, 2019, the French Supervisory Authority for data protection (“CNIL”) issued a fine of €50 million against Google for violations of the General Data Protection Regulation (“GDPR”) (the decision was published in French here).  The CNIL’s decision was triggered by complaints from two non-profit organizations together representing 9974 individuals. The case raises

The Article 29 Working Party (WP29) has published long-awaited draft guidance on transparency and consent under the General Data Protection Regulation (“GDPR”).  We are continuing to analyze the lengthy guidance documents, but wanted to highlight some immediate reactions and aspects of the guidance that we think will be of interest to clients and other readers of InsidePrivacy.  The draft guidance is open for consultation until 23 January 2018.

Continue Reading EU Regulators Provide Guidance on Notice and Consent under GDPR

By Caleb Skeath

As we reported yesterday, the Congressional Privacy Bill has been released, following the release of the White House’s proposal for a privacy bill in late February.  The bill contains the Commercial Privacy Rights Act of 2015, the Congressional counterpart to the White House’s proposal, along with data breach notification provisions and the “Do Not Track Kids Act of 2015,” which proposes substantial revisions to the Children’s Online Privacy Protection Act (COPPA).  As with the White House proposal, the Privacy Rights Act would implement a comprehensive regime of substantive privacy requirements.  Our analysis of the Commercial Privacy Rights Act is below, and we will separately post further analysis of the data breach provisions as well as the Do Not Track Kids Act.
Continue Reading Congressional Privacy Bill: Commercial Privacy Rights Act of 2015

As readers of the InsidePrivacy blog know, we often save some fun reading on privacy issues for the weekend, given the crush of business during the week.  Sure, you’re reading the FTC’s just‑released Internet of Things report (and hopefully Shel’s helpful analysis of it), but a little broader reading might be just right for our (somewhat) snowy weekend.

At the top of my list for this weekend is Neil Richards’ new book, Intellectual Privacy: Rethinking Civil Liberties in the Digital Age.  This book follows up on Neil’s great law review article of the same name, but develops and updates the arguments, examples and use cases.  The subject of the work is the conflict between privacy and free expression, one of the most important issues in our area of law and policy.  Topics such as the “right to be forgotten” place this issue squarely into today’s headlines.  Neil suggests that free speech should win out in the event of a true conflict between the two values, but concludes that true conflicts are exceedingly rare.  It is more likely that privacy should be seen as a precondition for the exercise of free speech — without some assurance that privacy rights will be honored, individuals will not speak freely.  It’s a great premise with which I agree, and one that I look forward to thinking more about.  And if you’re in New York on Monday and can stop by the book launch sponsored by Data & Society, you can ask Neil about it!
Continue Reading Privacy Weekend: Provocative Articles We’re Reading Now

The Article 29 Data Protection Working Party (“Working Party”), the independent European advisory body on data protection and privacy, comprised of representatives of the data protection authorities of each of the EU member states, the European Data Protection Supervisor (the “EDPS”) and the European Commission, has identified a number of significant data protection challenges related to the Internet of Things. Its recent Opinion 08/2014 on the Recent Developments on the Internet of Things (the “Opinion”), adopted on September 16, 2014 provides guidance on how the EU legal framework should be applied in this context. The Opinion complements earlier guidance on apps on smart devices (see InsidePrivacy, EU Data Protection Working Party Sets Out App Privacy Recommendations, March 15, 2013).
Continue Reading Internet of Things Poses a Number of Significant Data Protection Challenges, Say EU Watchdogs

Data is everywhere. The amount of data on the global level is growing by 50 percent annually. 90 [percent] of the world’s data has been generated within the past two years alone,” explains the International Working Group on Data Protection in Telecommunications in their Opinion of May 6, 2014, titled, “Working Paper on Big Data and Privacy: Privacy principles under pressure in the age of Big Data analytics“. The Working Group, founded in 1983, has adopted numerous recommendations and since the beginning of the 90s focused on the protection on privacy on the Internet. Its members include representatives from data protection authorities and other bodies of national public administrations, international organizations and scientists from all over the world.


Continue Reading Big Data Analysis is Possible Without Infringing Key Privacy Principles, Says International Working Group

With the ongoing public dialogue concerning the intersection of technological innovation, national security, and privacy that followed Edward Snowden’s revelations of classified information last year, it is no surprise that privacy and security were top themes at SXSW Interactive this year.  The following summarizes key points made about privacy throughout the Interactive conference, which ended