Across the world, large retail stores and small businesses alike are shutting their doors. International flights and sporting events, conferences and concerts (and everything in between) are being cancelled. With all of the cancellations, postponements, and alternative arrangements that are required as a result of this global crisis, plus the special desire of all retail, travel, and other consumer-facing businesses to stay in touch with their customers, many organisations face the critical challenge of getting to grips with the legal rules that apply to those unsolicited communications and interactions.
On 1 October 2019, the Court of Justice of the European Union handed down a crucial decision impacting the way that consent is obtained on the internet. The judgment relates to Case C-673/17. In the Planet49 case, the German Federal Court referred a number of questions to the CJEU regarding the validity of consent to cookies placed by a website operating an online lottery.
A number of data protection authorities around the globe have issued press releases confirming their involvement in the 2016 global privacy “sweep”, which kicked off on April 11th. This year’s initiative involves a coordinated investigation by 29 DPAs into the practices of internet-connected devices, such as fitness and health trackers, thermostats, smart meters and TVs and connected cars. The work is being coordinated by the Global Privacy Enforcement Network under the leadership of the UK Information Commissioner’s Office.
The General Data Protection Regulation will have a significant impact on service providers/vendors (i.e. data “processors”) and organisations that engage them by imposing a number of detailed obligations and restrictions directly on processors, unlike the current Directive that only applies to data controllers. The new rules for processors are considered in detail in the attached entry. This entry is an excerpt from Hogan Lovells’ “Future-proofing privacy: A guide to preparing for the EU Data Protection Regulation.”
The UK and Canadian data protection regulators have written to webcam manufacturers to highlight concerns about the safety of internet-connected devices and to enlist their assistance in reducing the risks posed by their products. In particular, the regulators call for manufacturers to roll out privacy-friendly default settings, implement “privacy by design” – whereby data protection and privacy considerations are built into the design and manufacturing process – and provide increased guidance to consumers about ensuring the security of devices.
The Court of Justice of the European Union has today published its decision in the case of Ryneš and has found that domestic CCTV which films a public area cannot be exempt from the obligations contained in the EU Data Protection Directive by virtue of the “household exemption”.