fbpx

Download free GDPR compliance checklist!

Category Archives for "Court cases"

Google Loses Its Appeal On 50 Million Euro GDPR Fine

Google lost on appeal of 50 million euro fine levied against Google in January 2019 for GDPR breaches.

On Friday, the Conseil d’État, a division of the French government that serves as the supreme court of administrative justice, sided with France’s data protection authority, the CNIL, which levied the fine against Google.

Source: Google Loses Its Appeal On 50 Million Euro GDPR Fine | AdExchanger

A Landmark Ruling in Brazil: Paving the Way for Considering Data Protection as an Autonomous Fundamental Right

A historic ruling of the Brazilian Supreme Court from May 07, 2020 describes the right to data protection as an autonomous right stemming from the Brazilian Constitution.

By a significant majority, 10 votes to 1, the Court halted the effectiveness of the Presidential Executive Order (MP[1] 954/2020) that mandated telecom companies to share subscribers’ data (e.g., name, telephone number, address) of more than 200 hundred million individuals with the Brazilian Institute of Geography and Statistics (IBGE), the country’s agency responsible for performing census research.

Full article: A Landmark Ruling in Brazil: Paving the Way for Considering Data Protection as an Autonomous Fundamental Right

Twitter and Reddit challenges requirement for US visa applicants to declare their online handles

Twitter, Reddit, and the Internet Association filed a legal brief in support of a challenge to the US State Department’s policy of requiring visa applicants to disclose their social media handles and profiles.

The State Department policy was introduced in 2017 and was criticized at the time as a deterrent to free speech. An estimated 14.7m people apply for a US visa from abroad each year.

The US government has attempted to justify its social media screening as a security measure. But a 2017 report from the DHS Inspector General found that pilot programs to gather social media accounts failed to establish the data had value to identify security threats.

Source: Twitter, Reddit and pals super unhappy US visa hopefuls have to declare their online handles to Uncle Sam • The Register

Warrant needed to search locked phones, US court rules

Thanks to the Fourth Amendment of the US Constitution and all the case law built upon it, police generally need a warrant to search your phone—and that includes just looking at the lock screen, a judge has ruled.

Generally, courts have held that law enforcement can compel you to use your body, such as your fingerprint (or your face), to unlock a phone but that they cannot compel you to share knowledge, such as a PIN. In this recent case, however, the FBI did not unlock the phone. Instead, they only looked at the phone’s lock screen for evidence.

Basically, the court ruled, the FBI pushing the button on the phone to activate the lock screen qualified as a search, regardless of the lock screen’s nature.

Source: Just turning your phone on qualifies as searching it, court rules | Ars Technica

Google faces $5 billion lawsuit in U.S. for tracking ‘private’ internet use

Google was sued on Tuesday in a proposed class action accusing the internet search company of illegally invading the privacy of millions of users by pervasively tracking their internet use through browsers set in “private” mode.

The lawsuit seeks at least $5 billion, accusing the Alphabet Inc unit of surreptitiously collecting information about what people view online and where they browse, despite their using what Google calls Incognito mode.

Source: Google faces $5 billion lawsuit in U.S. for tracking ‘private’ internet use – Reuters

CJEU to decide on right of consumer protection associations and competitors to sue under GDPR

The Federal Court of Justice (BGH) has submitted to the Court of Justice of the European Union (CJEU) the question whether consumer protection associations or competitors are authorised to initiate a civil action in case of infringements of the General Data Protection Regulation (GDPR).

In this preliminary ruling procedure, the CJEU will have to decide whether, among other provisions, Art. 80 GDPR is in conflict with member state law which allows consumer protection associations and competitors to take action against infringements of the GDPR irrespective of the violation of subjective rights of individuals and without a mandate from the data subject.

Source: GERMANY: Right of consumer protection associations and competitors to initiate civil actions under GDPR will be case for CJEU

ACLU sues Clearview AI over alleged privacy violations

The ACLU has sued Clearview AI for allegedly violating Illinois privacy law through its face recognition-based surveillance technology.

The lawsuit was filed in an Illinois state court and won’t have a direct impact on Clearview AI’s business elsewhere. It could still deal a significant blow if it leads to a statewide ban, however, and might prompt other states to take action.

Source: ACLU sues Clearview AI over alleged privacy violations | Engadget

EasyJet faces £18 billion class-action lawsuit over data breach

UK budget airline easyJet is facing an £18 billion class-action lawsuit filed on behalf of customers impacted by a recently-disclosed data breach.

The lawsuit has been filed in the High Court of London on behalf of customers. According to the firm, easyJet’s data breach took place in January 2020, and while the ICO was apparently notified at this time, customers were not informed until four months later. The lawsuit aims to secure up to £2,000 per impacted customer.

Source: EasyJet faces £18 billion class-action lawsuit over data breach | ZDNet

Court Tells Grandma To Delete Photos Of Grandkids On Facebook For Violating The GDPR

Dutch court has said that a grandmother must delete photos of her grandkids that she posted to Facebook and Pinterest, because it violates the GDPR.

A mother of three underage children (plaintiff) filed a claim in the Court to cease the posting of her children’s photos by their grandmother (defendant) on social media. The plaintiff argued that the defendant had not obtained a consent from her or her ex-partner – the legal representatives of one of the children concerned.

Source: Court Tells Grandma To Delete Photos Of Grandkids On Facebook For Violating The GDPR | Above the Law

French Court Bans the Use of Drone Surveillance to Enforce Covid-19 Lockdown

The Conseil d’État, France’s highest administrative court, issued a decision banning French authorities from using drone surveillance to track individuals violating social distancing rules.

The Court cited privacy issues with drone surveillance and stated that drone surveillance by police would be banned until technology is added to prevent the filming and identification of individuals or approval was given by France’s privacy regulator, the Commission nationale de l’informatique et des libertés (CNIL).

Source: French Court Bans the Use of Drone Surveillance to Enforce Covid-19 Lockdown

>