fbpx

Download free GDPR compliance checklist!

Category Archives for "Court cases"

Another Court Dismisses Data Breach Class Action Lawsuit for Lack of Standing

Another federal district court has dismissed a data breach case for lack of standing. Former guests of Marriott hotels, sued Marriott in connection with a data breach affecting over 5 million guests.

The Court dismissed plaintiff’s claims for lack of standing, holding that plaintiffs failed to plausibly allege that their alleged injuries were fairly traceable to Marriott’s conduct—an essential element of standing.

Source: Another Court Dismisses Data Breach Class Action Lawsuit for Lack of Standing | Alston & Bird Privacy, Cyber & Data Strategy Blog

Ancestry.com Beats California Privacy Suit Over Yearbook Photos

Ancestry.com Inc. convinced a federal judge on Monday to dismiss a lawsuit by California residents who claimed the genealogy-based company’s inclusion of their photos in its Yearbook database violated their privacy rights.

The California residents didn’t allege an injury in fact to support their proposed class action because the photographs came from “public yearbook information distributed to classmates (and ultimately to Ancestry).” The plaintiffs also didn’t have a commercial interest in their public profiles that would block Ancestry’s use of the profiles for profit, the court said.

Source: Ancestry.com Beats California Privacy Suit Over Yearbook Photos

France seeks to bypass EU top court on data retention

In October, the Court of Justice of the European Union ruled that national data retention rules, including France’s, were not compliant with EU law, but that such schemes could be allowed in the face of serious security risks.

Now the French government has asked the country’s highest administrative court — the Council of State — not to follow the EU ruling. France said that the EU top court should not rule on matters related to security, which remains a national competence.

Source: France seeks to bypass EU top court on data retention – POLITICO

CJEU rules electronic communication location data must only be used in investigations of ’serious crime’

Location data drawn from electronic communications must only be used by law enforcement investigations involving ‘serious crimes’ and to prevent ‘serious threats to public security’, the European Court of Justice (CJEU) has ruled.

In its decision, the court said that, unless it’s for a serious crime or in the interest of public safety, countries are prohibited from obtaining location data under the European Union’s 2002 Privacy and Electronic Communications Directive.

Source: CJEU rules electronic communication location data must only be used in investigations of ’serious crime’ | News | GRC World Forums

Privacy Debated in Fight Over Google Chrome Browser History Tracking

The plaintiffs in the class action claim they signed up for Chrome because Google explicitly said they would not have their browsing history sent to Google unless they decided to “sync” the browser with their account.

Despite these assurances, Chrome tracked their web browsing and sent it to Google, in violation of federal law and the newly minted California Consumer Privacy Act.

Google attorney Andrew Schapiro said plaintiffs had misconstrued the issue, saying that each of the plaintiffs was notified their web browsing history would be tracked when they agreed to the terms of service.

The attorney for Google also said the plaintiffs misunderstand how the advertising tracking component of the company works, because it tracks web browsing based on the website not on the browser.

Source: Privacy Debated in Fight Over Google Chrome Browser History Tracking – Courthouse News Service

A New Day for GDPR Damages Claims in Germany?

Until now, damages claims awarded by German courts pursuant to Article 82 of the General Data Protection Regulation (GDPR) – in particular, claims for non-material damages – have been relatively low. However, a more recent decision issued by the Federal Constitutional Court indicates that views in Germany may be evolving on this topic, and courts may soon be willing to entertain higher damages claims.

In a case decided in January 2021, Germany’s Federal Constitutional Court held that the issue of whether or not (and if so, the extent to which) a damages claim brought pursuant to Article 82 GDPR is subject to certain evidentiary requirements must be decided under European law and – if necessary – clarified by the Court of Justice of the European Union (CJEU).

If the CJEU continues to follow its data protection-friendly line of reasoning and pursue effective enforcement of data protection law, damages claims pursuant to Article 82 GDPR and legal proceedings based on such claims may become the new norm and much more important in the future.

Source: A New Day for GDPR Damages Claims in Germany? | Inside Privacy

Judge Approves Historic $650M Facebook Privacy Settlement

More than 1.5 million Illinois Facebook users will receive at least $345 each under the terms of the landmark deal.

A federal judge gave his final blessing Friday to a $650 million deal to resolve claims that Facebook illegally collected and stored users’ facial data without consent, making it one of the largest privacy-related settlements in U.S. history.

The approval comes more than five years after lead plaintiff Nimesh Patel sued Facebook in one of three consolidated class actions in 2015, claiming the social network started mapping users’ faces for its “Photo Tag Suggest” function in 2011.

The plaintiffs say Facebook did so without their permission and failed to inform them how long their data would be stored as required by the Illinois Biometric Information Privacy Act of 2008.

Source: Judge Approves Historic $650M Facebook Privacy Settlement – Courthouse News Service

TikTok owner ByteDance to pay US privacy settlement

TikTok’s Chinese parent company ByteDance has agreed to pay 92 million dollars in a settlement to US users who are part of a class-action lawsuit alleging the video-sharing app failed to gain their consent to collect data in violation of a strict Illinois privacy law.

The federal lawsuit alleged TikTok broke the Illinois biometric privacy law, which allows suits against companies that harvest consumer data without consent, including via facial and fingerprint scanning.

Source: TikTok owner ByteDance to pay US privacy settlement – Independent.ie

Deutsche Wohnen fine now declared invalid by a German court

There has been a big bang in the data protection world in Berlin as the first and most spectacular GDPR fine in Germany has just been declared invalid.

The Berlin Commissioner for Data Protection for Freedom of Information  issued a EUR 14.5 million fine against a German real estate company, die Deutsche Wohnen SE.

The Regional Court (Landgericht) of Berlin has now declared this fine invalid and closed the proceedings. The Berlin DPA will ask the public prosecutor’s office to appeal the Court’s decision and escalate the case to the next instance.

Source: Deutsche Wohnen fine now declared invalid by a German court

CJEU fines Spain €15 million for failure to implement Data Protection Law Enforcement Directive

The Court of Justice of the European Union (CJEU) ordered Spain to pay the European Commission 15.5 million euros and a potential daily fine thereafter for failing to transpose the Data Protection Law Enforcement Directive (Directive (EU) 2016/680).

On top of the €15 million fine Spain will have to pay a daily penalty payment of € 89 000 for each day of delay on transposition following the CJEU’s judgment.

Source: CJEU press release

>