fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " ePrivacy "

Spanish DPA fines company for the cookie policy with 30,000 euros

The Spanish Data Protection Authority fined the company Vueling for the cookie policy used on its website with 30,000 euros because users who access the company’s website do not have the ability to configure the cookies that are installed on their computers.

When accessing online the cookie policy of the website, users are informed about what cookies are and what cookies they use (first and third-party). What the company does not provide is a management system or cookie configuration panel that allows the user to delete them in a granular way.

Source: The Spanish Data Protection Authority fined the company Vueling for the cookie policy used on its website with 30,000 euros | European Data Protection Board

Pre-Checked Cookie Consent Invalid, EU Court Rules

The Court of Justice of the European Union (CJEU) this morning ruled that storing cookies requires internet users’ active consent.

It’s not good enough, says the CJEU, to present users with a pre-checked box and require them to click it to opt out. That consent must be specific, and that users should be informed how long cookies will be stored for and used, and whether or not third parties will have access to them.

That decision is unaffected by whether or not the information stored or accessed on the user’s equipment is personal data.

Source: Pre-Checked Cookie Consent Invalid, EU Court Rules

EU Council Presidency Published Amended Proposal for Draft ePrivacy Regulation

On September 18, 2019, the Presidency of the European Council published its proposed amendments to the Proposal for a Regulation Concerning the Respect for Private Life and the Protection of Personal Data in Electronic Communications (ePrivacy Regulation).

The Presidency proposed numerous amendments to the draft text, including amendments to the provisions on the processing of electronic communications metadata.

Source: EU Council Presidency Published Amended Proposal for Draft ePrivacy Regulation

EDPS publishes opinion on communication data as personal data

The European Data Protection Supervisor (EDPS) published, on 11 September 2019, the pleading notes before the Court of Justice of the European Union (CJEU) in the joint hearing for case C-623/17 Privacy International, joint cases C-511/18 and C-512/18 La Quadrature du Net and Others, and case C-520/18 Ordre des Barreaux Francophones et Germanophone and Others.

Notes address question whether the IP addresses or other data relating to electronic communications are capable of providing information on the content of communications, what information concerning the private lives of the concerned persons can be obtained from IP addresses or other data relating to electronic communications, as well as whether, and to what extent, it would be possible to limit the retention and the access to electronic communication data while enabling the objectives set out in Article 15(1) of the ePrivacy Directive.

Source: Pleading notes of the European Data Protection Supervisor (EDPS)

Changes in ePrivacy Regulation regarding electronic communications and digital marketing

On 26 July 2019, at the level of the Council, the Finnish government has issued a revised (Council) proposal for the e-Privacy Regulation with some amendments concerning electronic communication content, data & metadata, and further processing of metadata. This proposal will be discussed during a next Council meeting on 9 September 2019.

The Proposal has introduced a limited number of amendments. Most notable:

  1. Article 6 is divided into four distinct provisions, in order to clarify their respective scope by scope of data (all data, content, metadata).
  2. Data can only be processed (i) for the duration necessary for the permitted purposes and (ii) if those purposes cannot be fulfilled by processing information that is made anonymous.
  3. Targeted advertising might not constitute direct marketing communications.

Source: EUROPE: e-Privacy Regulation – changes regarding electronic communications and digital marketing

Cookies and other tracking devices: the CNIL publishes new guidelines

Without waiting for the future ePrivacy regulation, which is currently under discussion at the European level and which is not likely to come into force in the short term, the CNIL has decided to update its reference framework. In particular, it was necessary to repeal the 2013 recommendation, which was not compatible with the new provisions of the GDPR.

Full article: Cookies and other tracking devices: the CNIL publishes new guidelines

ePrivacy Regulation Slowly Moves Forward

Adoption of the ePrivacy Regulation Introduced in 2017, and originally slated to go into effect with the GDPR (on May 25, 2018), it now appears the ePrivacy Regulation will not be implemented before late 2021.

With the Romanian Presidency’s oversight of the Council of the European Union passing to Finland as of July 1, and in view of forthcoming EU parliamentary elections and procedural considerations, it is possible that the adoption of the ePrivacy Regulation may be delayed even further.

Full article: EU Updates: ePrivacy Regulation Inches Forward, EDPB Issues Guidance on Interplay Between GDPR and ePrivacy Directive

Cookie consent – What “good” compliance looks like according to the ICO

On 3 July 2019, the UK data protection authority (the ICO) updated its guidance on the rules that apply to the use of cookies and other similar technologies.

The ICO has also changed the cookie control mechanism on its own website to mirror the changes in the new guidance.

Full article: Cookie consent – What “good” compliance looks like according to the ICO

French DPA to take action on online targeted advertisements

French data protection authority CNIL has received an important number of individual and collective complaints (La Quadrature du Net, Privacy International, NOYB) relating to online marketing. In 2018, 21% of the complaints were related to marketing in the broad sense.

Therefore, the CNIL has decided to make targeted online advertising a priority topic for 2019. In July, the CNIL will repeal its 2013 cookie recommendation that has become outdated in some respects (in particular for what concerns the expression of consent), and publish guidelines outlining the applicable rules of law.

Working sessions will be held in the second half of 2019 between the CNIL services and each category of stakeholders (content editors, advertisers, service providers and intermediaries in the marketing ecosystem, civil society), through their representative organizations.

The CNIL will carry out inspections on this the final recommendation 6 months after its final adoption.

Source: Online targeted advertisement: what action plan for the CNIL?

ICO admits its own cookie policy is non-compliant with GDPR

The Information Commissioners Office has admitted that its current consent notice relating to the use of cookies on devices failed “to meet the required GDPR standard”.

The issue relates to the automatic placing of cookies on a user’s mobile device when accessing the ICO’s website, which one complaint argued was in breach of the Privacy and Electronic Communications Regulations 2003, which sits alongside GDPR.

Source: ICO admits its own cookie policy is non-compliant with GDPR | IT PRO

1 2 3 11
>