Tag archives: data privacy

German antitrust authority prohibits Facebook from combining users’ personal data

By Christoph Ritzer (DE), Maxim Kleine (DE) and Natalia Filkina (DE) on February 12, 2019 Posted in General

Data Protection Report - Norton Rose Fulbright

On 7 February 2019, the German antitrust authority (Bundeskartellamt, the FCO) ruled against Facebook combining user personal data from different sources, saying it was exploiting its position as a dominant social media company in violation of the EU data protection laws.

The FCO said that Facebook abused its market dominance in:

collecting, merging and using personal data; and
failing to provide a choice to its customers to prevent collection of their data.

Consequences of the German antitrust authority’s decision

Facebook can no longer combine the personal data gathered from its own website, Facebook-owned services (like WhatsApp and … Continue Reading

First multi-million Euro GDPR fine: Google LLC fined €50 million under GDPR for transparency and consent infringements in relation to use of personal data for personalized ads

By Marcus Evans (UK), Lara White (UK) and Cécile Auvieux (FR) on January 25, 2019 Posted in Compliance and risk management, Cybersecurity, Enforcement, Regulatory response

Norton Rose Fulbright - Data Protection Report blog

On January 21,2019 the French data protection authority (the CNIL) imposed a major fine on the U.S. Google entity, Google LLC. It follows two complaints filed as soon as the GDPR came into force by two consumer rights associations, None of Your Business and La Quadrature du Net.

We focus here on four key aspects of the decision: (a) why the Irish Data Protection Commission (Irish DPC) did not take the case; (b) the consent mechanism failings; (c) the privacy policy failings; and (d) the amount of the fine.… Continue Reading

Pennsylvania Supreme Court holds common law duty for employers extends to protecting sensitive employee information

By Andrea D'Ambra (US) and Max Kellogg (US) on December 7, 2018 Posted in Compliance and risk management, Data breach, General, Regulatory response

On November 21, 2018, the Pennsylvania Supreme Court broke new ground by holding that employers have a legal duty to take reasonable care to safeguard its employees’ sensitive personal information from cyberattacks. Dittman v. UPMC, 2018 Pa. LEXIS 6072199 (Pa. Nov. 21, 2018).… Continue Reading

New China Guideline for Internet Personal Information Security Protection

By Barbara Li (CN) and Bohua Yao (CN) on December 5, 2018 Posted in Compliance and risk management, Data breach, Regulatory response

On November 30, 2018 the Cyber Security Protection Bureau, under the auspices of the PRC Ministry of Public Security (the “MPS”), issued a draft Guideline for Internet Personal Information Security Protection (the “Guideline”) along with a request for public comments.… Continue Reading

California Consumer Privacy Act: Disclosure requirements

By Chris Cwalina (US), Jeewon Kim Serrato (US), Steve Roosa (US) and Tristan Coughlin* (US) on September 11, 2018 Posted in CCPA

This is the Data Protection Report’s fourth blog posts in a series of CCPA blog posts that will break down the major elements of the CCPA, which will culminate in a webinar on the CCPA in October. Stay tuned for additional blogs and information about our upcoming webinar on the CCPA.

The California Consumer Privacy Act (the “CCPA” or “Act”) includes significant and new disclosure requirements for businesses that collect and or sell or disclose California residents’ personal information. Below we have outlined: (1) disclosures businesses must make in their privacy policy; (2) disclosures businesses must make upon receipt of … Continue Reading

California Consumer Privacy Act blog series: Covered entities

By Jeewon Kim Serrato (US), Steve Roosa (US) and Alexis Wilpon (US) on August 16, 2018 Posted in CCPA, Compliance and risk management, Regulatory response

This is the Data Protection Report’s second post in a series of blog posts that will break down the major elements of the CCPA which will culminate in a webinar on the CCPA in October. This blog focuses on covered entities. Stay tuned for additional posts and information about our upcoming webinar on the CCPA.

California’s new privacy law, the California Consumer Privacy Act (CCPA) grants California residents extensive new privacy rights. One of the more significant aspects of the law however, is the number of business entities to which it applies. Companies around the world must comply with the … Continue Reading

US Supreme Court expands digital privacy rights in Carpenter v. United States

By Jeewon Kim Serrato (US), Anna Rudawski (US) and Alexis Wilpon (US) on June 27, 2018 Posted in Dispute resolution and litigation

Data Protection Report - digital privacy, CCPA and cybersecurity

On June 22, 2018, the US Supreme Court issued a 5-4 decision in Carpenter v. United States, holding that the federal government needs a warrant to access cellphone location records.

In the decision, the Court agreed that there should be a higher standard for accessing location records due to their intrusive nature.… Continue Reading

German DPAs publish templates and guidance on records of processing activities pursuant to Art. 30 GDPR

By Christoph Ritzer (DE) on March 5, 2018 Posted in Compliance and risk management

The German Data Protection Authorities (DPAs, acting as the German Data Privacy Conference, Konferenz der unabhängigen Datenschutzbehörden des Bundes und der Länder) recently published templates for the records of processing activities for controllers (Art. 30 para. 1 GDPR) and processors (Art. 30 para. 2 GDPR) together with a corresponding guidance document. This guidance was expected to be released earlier as the EU General Data Protection Regulation (GDPR) will take effect in less than a hundred days and organisations must meet its requirements from 25 May 2018. However, the guidance does not contain significant new information and mainly confirms … Continue Reading

Amended Colorado bill aims to enhance data privacy laws

By on February 21, 2018 Posted in Regulatory response

As Data Protection Report posted on January 29, 2018, lawmakers in Colorado are considering legislation that, if enacted, would significantly strengthen Colorado’s data privacy protections. On Wednesday, February 14, 2018, an amended bill passed unanimously in Colorado’s House Committee on State, Veterans and Military Affairs.… Continue Reading

China’s proposed Cyber Security Law to have far reaching consequences for businesses operating in the country

By Barbara Li (CN) on July 16, 2015 Posted in Regulatory response

On July 6, 2015, China’s top legislative body – the National People’s Congress – published a draft Cyber Security Law that, if enacted in its current form, will have far-reaching consequences for businesses operating in China.

The draft expressly provides that the law will apply equally to both Chinese and international businesses.… Continue Reading