fbpx

Download free GDPR compliance checklist!

Category Archives for "Court cases"

Federal Constitutional Court: CJEU must clarify whether GDPR provides materiality threshold

The German Federal Constitutional Court has ruled the Court of Justice of the European Union needs to clarify if the EU General Data Protection Regulation provides for a materiality threshold for GDPR damage claims.

The Federal Constitutional Court’s decision overturns a judgment of the Goslar Local Court of Sept. 27, 2019, regarding the unlawful sending of an advertising email. The Local Court had held that the plaintiff had not suffered any compensable damage under Article 82 of the GDPR. The damage suffered by the plaintiff had not exceeded the materiality threshold in this matter.

The plaintiff subsequently filed a constitutional complaint with the Federal Constitutional Court, arguing the Local Court should have made a submission to the CJEU for a preliminary ruling under Article 267 of the Treaty of the European Union.

Source: Federal Constitutional Court: CJEU must clarify whether GDPR provides materiality threshold

Google challenges French data watchdog’s €100 million fine in court

France’s administrative court known as the Council of State considered on Thursday an application for interim measures filed by Google LLC and Google Ireland after the French Data Protection Authority known as the CNIL fined the digital giant €100 million last December for its cookie collection policy.

In its deliberation of 7 December 2020, the French data protection authority (CNIL) accused the US giant, whose European headquarters are based in Dublin, of contravening the law on information technology, files, and freedoms.

For its part, Google has appealed to the one-stop-shop mechanism provided for in the General Data Protection Regulation (GDPR) which, in its view, requires it to report on data protection matters only to the corresponding authority in the country in which it is based, namely Ireland.

Source: Google challenges French data watchdog’s €100 million fine in court – EURACTIV.com

1st Circuit Upholds Border Searches of Phones and Laptops

Border agents can turn on a U.S. citizen’s laptop, phone or other digital device, scroll through the data and then confiscate it for weeks even if they don’t have any reason to suspect that the owner is guilty of a crime, the First Circuit ruled Wednesday.

“Given the volume of travelers passing through our nation’s borders, warrantless electronic device searches are essential to … adequately protect the border,” the Boston-based court said in a decision. Requiring suspicion of wrongdoing “would hamstring the agencies’ efforts to prevent border-related crime and protect this country from national security threats.”

Source: 1st Circuit Upholds Border Searches of Phones and Laptops – Courthouse News Service

Facebook faces new UK class action after data harvesting scandal

Facebook is facing a second London High Court class action over allegations it failed to protect the personal details of about one million people in England and Wales, in the latest lawsuit to spring from a scandal over data harvesting.

Journalist and writer Peter Jukes said on Tuesday he had filed a lawsuit for unspecified but “substantial” damages three years after the social media giant was fined in Britain over how third-party app “This Is Your Digital Life” gathered Facebook users’ data without consent between 2013 and 2015.

The lawsuit is the second to allege Facebook allowed third-party apps to harvest the data of friends without their permission or knowledge. Litigation firm Milberg London, which is advising on a similar claim filed last October, said it was surprised to hear about the rival lawsuit.

Source: Facebook faces new UK class action after data harvesting scandal | Reuters

‘Orwellian’ AI lie detector project challenged in EU court

A legal challenge was heard today in Europe’s Court of Justice in relation to a controversial EU-funded research project using artificial intelligence for facial “lie detection” with the aim of speeding up immigration checks.

The transparency lawsuit against the EU’s Research Executive Agency (REA), which oversees the bloc’s funding programs, was filed in March 2019 by Patrick Breyer, MEP of the Pirate Party Germany and a civil liberties activist — who has successfully sued the Commission before over a refusal to disclose documents.

He’s seeking the release of documents on the ethical evaluation, legal admissibility, marketing and results of the project. And is hoping to set a principle that publicly funded research must comply with EU fundamental rights — and help avoid public money being wasted on AI “snake oil” in the process.

Source: ‘Orwellian’ AI lie detector project challenged in EU court | TechCrunch

“Party affinity” data may not be processed without the consent, Austrian court rules

The Federal Administrative Court of Austria confirmed by its decision of 26 November 2020 the stance of the Austrian Data Protection Authority (“Datenschutzbehörde“) that so-called “party affinity” data may not be processed without the data subject’s consent.

Most importantly, the Court clarified that data about an individual fall within the scope of “personal data” even if they only reflect probable and not actual characteristics of individuals. This judgement is one of the few judicial decisions rendered in recent years which establish that the concept of personal data includes more than facts about an individual.

Source: Austria: Probabilities as personal data | BDK Advokati

US publisher not within GDPR scope despite European readership

A US-registered publisher will not have to defend claims that its processing of a British resident’s personal data breached EU data protection laws after the High Court in London ruled that the laws do not apply to it.

The court reached that verdict despite it recognising that the US publisher had a “not minimal” number of UK readers; a fact the High Court said was “of no more than marginal relevance” to the question of whether its activities fell subject to the EU’s General Data Protection Regulation (GDPR).

Source: US publisher not within GDPR scope despite European readership

Constitutional court bans bulk Internet surveillance in South Africa

In a landmark judgment handed down on Thursday, the constitutional court banned the South African state from bulk surveillance of online communication, preventing security agencies from hoovering up Internet data.

This sort of surveillance, which is routinely done by agencies such as the National Security Agency in the US and GCHQ in the UK – both of which have routinely tapped into submarine Internet cables – is now illegal in South Africa thanks to the country’s highest court.

Source: Constitutional court bans bulk Internet surveillance in South Africa – TechCentral

noyb brings Luxemburg’s Data Protection watchdog to court for refuses to act on US companies

noyb filed an appeal against two decisions of the Luxemburg Data Protection Authority (CNPD) before the administrative tribunal of Luxemburg on a fundamental matter: the authority dismissed two complaints lodged against US-based data controllers, Apollo and RocketReach.

The CNPD explicitly confirmed that the General Data Protection Regulation (GDPR) applies to these non-EU companies. However, the CNPD considered that it could not enforce the GDPR against these US controllers, despite multiple enforcement options within the EU. These decisions fundamentally undermine the application of the GDPR to all foreign companies on the EU market – a key promise of the law when it was introduced in 2018.

Source: Luxemburg’s Data Protection watchdog refuses to show its teeth to US companies. noyb files court case.

UK Case Tests the Territorial Application of the GDPR to U.S. Run Website

The recent UK case of Soriano v Forensic News and Others tested the territorial reach of the General Data Protection Regulation and represents the first UK judgment dealing with the territorial scope of the GDPR. Mr. Soriano argued that because the Forensic News site used cookies for targeted online advertising, it had engaged in monitoring of people in the EU, and thus the GDPR’s territorial scope test was met.

Court held that the use of cookies for behavioral advertising purposes was not “related to” Mr. Soriano’s real complaint. In its judgement, the Court stated that, “the Defendant’s journalistic activities have been advanced not through any deployment of these cookies.” However, he was given permission to serve proceedings outside of the UK in respect of the misuse of private information claim (for the photos only) and the defamation claim.

Source: UK Case Tests the Territorial Application of the GDPR to U.S. Run Website | Privacy & Information Security Law Blog

>