The Privacy Insider Podcast Ep. 7: David, Goliath, and Data Privacy Part II: Max Schrems
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
No Password Required: MITRE Engage Lead, Innovator in Cyber Deception, and Dance Community Builder
Navigating State Privacy Laws: A Conversation with Oregon & Texas Regulators about Privacy Enforcement
[Webinar] You Are Here: First Steps in Data Mapping
Fintech Focus Podcast | What Does AI Safety Mean For Fintechs?
The FTC's Health Privacy Enforcement Actions
The FTC and DOJ Act Against Amazon to Protect Privacy
Law Brief®: Rich Schoenstein and Annmarie Giblin Discuss Cyber Law
Biometric Litigation
Podcast - The FTC Agenda & Data Privacy
Webinar Recording – The Colorado Privacy Act and Draft Rules
2022 DSIR Report Deeper Dive: Personal Data Deletion
Congress Tries to Wrangle Cyber and Crypto Industries
Who are the decision makers at INTERPOL's CCF?
NGE On Demand: Personal Data Protection Travels: The New Standard Contractual Clause with John Koenigsknecht and David Wheeler
Inside Privacy Law: The Regulation of Personal Data
Oklahoma: Changing Data Privacy as We Know It?
Privacy Talk | The New Swiss Data Protection Act
Update on Global Data Privacy Regulations by John Jackson
The French Data Protection Authority (CNIL) recently imposed a EUR 310,000 fine, representing 1% of its turnover, on FORIOU, a telemarketing company promoting loyalty programs. The fine stemmed from FORIOU’s use of...more
Last year proved to be a big year in data protection with U.S. state data protection laws popping up across the country, the FTC updating its guidance and regulations on everything from data breaches and biometric...more
In this day and age, data privacy is a hot topic. Many Americans believe their personal data is less secure now than ever and that data collection poses more risks than benefits. For this reason, among others, businesses must...more
The French Data Protection Authority imposed a €280,000 fine for GDPR infringements and a €100,000 fine for violation of French cookie rules. On 11 May 2023 the French Data Protection Authority (the CNIL) handed down its...more
What does the Court of Justice of the European Union (CJEU) Advocate General’s opinion in the case of Meta vs. the German Bundeskartellamt tell us regarding the scope of what constitutes “sensitive information,” “contractual...more
Following the 2020 Court of Justice of the European Union’s (CJEU) ruling invalidating the Privacy Shield (see our alert here), personal data transfers from the European Union to the United States required EU companies to...more
When the General Data Protection Regulation (GDPR) came into force throughout the European Union nearly three years ago, one of its most eye-catching features was its extraterritorial jurisdiction provisions. These extend the...more
On 7 January 2020, Directive (EU) 2019/2161 (the "Directive") came into force, setting into motion a swathe of measures aimed at modernizing the existing consumer protection rules, bolstering the level of protection available...more
On October 1, 2019, the European Union Court of Justice notably ruled on the type of consent required by a consumer in order to store cookies on their device. The case involved a promotional online lottery organized by...more
The Situation: Fashion ID, a German online clothing retailer, embedded on its website the Facebook "Like" button. When a user consults the website of Fashion ID, that user's personal data are transmitted to Facebook Ireland....more
Yes. European data privacy law distinguishes between session cookies that, for example, allow a website to function properly, and behavioural advertising cookies that are unnecessary for the functioning of the website. ...more
A Facebook “like” is actually more like “in a [Joint Controller] relationship” status, says the Court of Justice of the EU in a long awaited decision in the Fashion ID matter. At issue: The legal framework surrounding...more
On 7 March 2019, the Dutch Data Protection Authority published guidance (in Dutch) that it considers “cookie walls” to violate the GDPR. A cookie wall is a pop-up on a website that blocks a user from access to the website...more
Recent legislative hearings in the United States and Europe have focused on the means by which large third-party data collectors track individuals via websites. Regulators have paid comparatively little attention to the...more
The Federal Trade Commission (FTC) announced settlements with four companies last month—IDmission LLC, mResource LLC (doing business as Loop Works LLC), SmartStart Employment Screening, Inc. and VenPath, Inc.—of the FTC’s...more
The Federal Trade Commission recently entered into settlement agreements with four companies regarding claims that the companies misrepresented their compliance with the EU-U.S. Privacy Shield Framework. ...more
Although the U.S.-E.U. Privacy Shield Framework has been intensely criticized by E.U. Authorities, the Federal Trade Commission (FTC) continues to enforce violations of it by U.S. companies....more
Worldwide, companies are scrambling to meet the May 25th deadline to comply with the European Union’s General Data Protection Regulation (GDPR). For companies with physical operations in an EU member state, this deadline is...more
How will the new European Union data protection law affect U.S. nonprofit organizations? Nonprofit organizations based in the U.S. can often handle large amounts of data which originates in the EU—for example, they may...more
The European Union’s General Data Protection Regulation (“GDPR”) is arguably the most comprehensive – and complex – data privacy regulation in the world. As companies prepare for the GDPR to go into force on May 25, 2018,...more
The General Data Protection Regulation (GDPR), EU legislation that will take effect in May 2018, will drastically change how companies can collect and use personal data about web users in Europe. Among other things, the GDPR...more
In a key decision, the European Court of Justice has ruled that dynamic IP addresses may qualify as personal data in certain circumstances—ending years of uncertainty about whether such fundamental building blocks of the...more
In a ruling with significant potential impact, the Court of Justice of the European Union (CJEU) has ruled that a dynamic internet protocol (IP) address may constitute "personal data" under EU Data Protection Directive...more