Issue 80

Enforcement issues

Complaint against CJEU for GDPR violations

compliant was filled against the Court of Justice of the European Union (CJEU) with the European Data Protection Supervisor (EDPS) by a data subject. The complainant had stated that cookies and other similar tracking technology was placed on his terminal, by the CJEU’s website and other third-party websites which were linked by the CJEU on its website without clearly informing him and obtaining his consent. The EDPS assessed the complaint and held that CJEU was in violation of GDPR provisions. As a result, CJEU was ordered to take immediate corrective actions.

Class action against Google in California

A class action lawsuit has been filed against Google LLC in Northern District of California. The petitioners of the class action have complained that despite Google’s claim regarding non-selling of personal data and allowing users have control over their use of personal data, it engages in illegally selling personal data using its real-time-biding auction process to third parties. The complaint demands damages for the privacy violations under CCPA (California) and US federal laws.

Irish High Court refers Instagram case to ECJ over questions of privacy

petition seeking clarity on the extent to which courts can orders social media platforms to disclose identity of account users, has reached European Court of Justice (ECJ). An application of disclosure was filed by a school in the Irish High Court which demanded that court orders Instagram to reveal identity of a user, who had posted material in relation to the school online. The Irish High Court observed that the case involved questions concerning the right to privacy, freedom of expression and data protection as enshrined in the EU charter of Fundamental Rights and referred the case to ECJ to decide.

Regulatory updates around the globe

  • Consumer Data Privacy Act introduced in Pennsylvania.
  • Bill to amend and improve existing privacy framework introduced in Uzbekistan.
  • Malaysian Data Protection Authority begins offering facility of minimum registration period and renewal of registration for data controllers.

India updates

  • Telegram and WhatsApp data privacy war on Twitter.
  • Legal notice served to Hyderabad City police over unlawful collection of surveillance data.
  • Justice B N Srikrishna talks about new Intermediary guidelines and its data privacy concerns- Report’s ET.

EU updates

  • The European Data Protection Board published its 2020 Annual Report.
  • New Standard Contractual Clauses adopted by the European Commission.
  • Trust framework for European Digital Identity Regulation proposed by the European Commission.
  • The Grand Chamber of the European Court of Human Rights ruled that UK government’s mass surveillance actions resulted in violation of fundamental right to privacy.

Guidance issued

  • Canada’s privacy commissioners publish joint statement on vaccine passports.
  • French Data Protection Authority published its second guidance on GDPR implementation in the social and medical care services sector.
  • US Federal Trade Commission released its 2020 Privacy and Data Security Update.

News around the globe

  • Google will no longer allow App developers to use Android Advertising Id of users who have opted out.
  • France relies on cloud computing technology developed by Google and Microsoft for storing its sensitive personal data. – Report’s the Economic Times
  • Columbia’s Data Protection Authority orders WhatsApp to comply with its data protection regime. – Report’s Reuters.
  • Philippines National Privacy Commission set to issue administrative fines.

Read our digital newsletter here.

© 2019 Reina Consulting LLP – All rights reserved