On March 16, 2023, the French Data Protection Agency (the “CNIL”) imposed a fine of € 25,000 on the company CITYSCOOT in connection with a finding that CITYSCOOT failed to comply with the obligation to ensure data minimization, as required by Article 5.1.c of the GDPR. The facts that led to the judgment included a
Meta’s Annual Report Says It May Have To Shut Down Facebook and Instagram in Europe Because of GDPR – A Fact, Not a Threat
In July 2020, the Schrems II decision issued and the European Commission’s adequacy decision for the EU-US Privacy Shield Framework was invalidated. Further, and broader than the invalidation of Privacy Shield adequacy decision, the Schrems II judgement found that US surveillance measures interfered with what are considered “fundamental rights” under EU law, i.e., the rights…
Can European Websites use Google Analytics and Similar Services Without Violating the GDPR?
It has been nearly a year and a half since the Schrems II decision issued in July 2020, which invalidated the European Commission’s adequacy decision for the EU-US Privacy Shield Framework. As a result, companies were forced to reexamine their transfers of personal information out of the EU, and the safeguards that they rely on…
France Fines Facebook and Google For Violating the EU Cookie Law: You Need to Make it As Easy to Refuse as a Cookie, as it is to Accept One
France recently fined Alphabet Inc’s Google $169 million and Meta Platform’s Facebook $67 million on grounds that the companies violated the EU e-Privacy directive (aka the EU “Cookie Law”) by requiring too many “clicks” for users to reject cookies. The result was that many users just accepted the cookies, thus allowing the identifiers to track…
When Machines Discriminate – NIST Tackles Bias in AI
At this point you have probably heard about one of the many incidents where an AI-enabled system discriminated against certain populations in settings ranging from healthcare, law enforcement, and hiring, among others. In response to this problem, the National Institute of Standards and Technology (NIST) recently proposed a strategy for identifying and managing bias in…
WhatsApp – An Example of How Companies Compete Based on Privacy
Facebook, the parent company to WhatsApp, is reporting near-record low revenue growth. Thus, presumably in an effort to monetize WhatsApp more heavily, WhatsApp recently announced changes to its privacy policy: as of February 8, 2021, all WhatsApp users (except those that live in Europe) must agree to share their data with Facebook. If users do…
EU Data Transfers Update: You Have a Lot of Weekend Reading To Do!
If you’re a company that has been scratching your head and racking your brain since the Schrems II decision issued on July 16, 2020, invalidating Privacy Shield and calling into question all data transfers between the EU and third countries on surveillance-related grounds, your wish for more guidance has finally come true.
This week, the…
Speed Dating in the UK? Negotiating New Data Protection Relationships with the EU
With all that has happened this year, most of us can’t wait until 2020 is in the rear view mirror. The end of 2020, however, marks the end of the transition period provided, post-Brexit, to allow time for UK businesses and organizations that rely on international data flows, target European customers or operate inside the…
Uh, Houston, We Have a Problem. What Governs the Data That is Processed On The Moon?
Last week NASA reported that it awarded contracts to three companies to build spacecraft capable of landing humans on the moon—Blue Origin (owned by Jeff Bezos); Dynetics (a Leidos subsidiary); and SpaceX (owned by Elon Musk). The current plan is purportedly to, in 2024, fly astronauts to the Orion spacecraft, built by Lockheed Martin, to…
Taking A Stand (And Facebook)
The number of actions to enforce the European Union’s General Data Protection Regulation (GDPR) against a wide range of companies continues to rise. Germany, a country where privacy enjoys strong legal protection, is establishing itself as a favorite jurisdiction for enforcement of the GDPR. And, not surprisingly, Facebook is one of the companies in the…