Header graphic for print
Global Media and Communications Watch The International Legal Blog for the Tech, Media and Telecoms Industry

Tag Archives: consent

Posted in Policy & Regulation Photo of Eduardo Ustaran

Getting Cookie Consent Right

One could be forgiven for thinking that knowing how to comply with a legal obligation that has been in place for nearly a decade would be clear cut. However, widespread practice tells us that this is far from the truth. In November 2009, as part of wider reforms to the European telecommunications regulatory framework, the European Union introduced various amendments to the existing Directive 2002/58/EC (‘e-Privacy Directive’), including to the provisions regulating the use of cookies. Since then the e-Privacy Directive has required obtaining the consent of users in order

Posted in Policy & Regulation Photo of Eduardo UstaranPhoto of Katie McMullan

CJEU: Consent on the Internet Means ‘Opt-In’

On 1 October 2019, the Court of Justice of the European Union (CJEU) handed down a crucial decision impacting the way that consent is obtained on the internet. The judgment relates to Case C-673/17 (Planet49 – a previous post outlining the background can be found here). In the Planet49 case, the German Federal Court referred a number of questions to the CJEU regarding the validity of consent to cookies placed by a website operating an online lottery. The questions before the CJEU amounted to the following: 1.  Does a pre-checked

Posted in Policy & Regulation Photo of Patrice Navarro

New French Guidelines on Cookies and Trackers

On 19 July the French Data Protection Authority (the “CNIL”) published new guidelines on cookies and trackers. These replace the existing Recommendation No. 2013-378 of 5 December 2013, are intended to be in line with relevant GDPR provisions and have been produced in anticipation of the future ePrivacy Regulation. The guidelines will be supplemented, at a later stage, with sectoral recommendations setting out practical methods for obtaining consent. These sectoral recommendations will be included in a final version of the guidelines on cookies and trackers open for public consultation, which

Posted in Policy & Regulation Photo of Katie McMullan

Cookie consent – What “good” compliance looks like according to the ICO

On 3 July 2019, the UK data protection authority (the ICO) updated its guidance on the rules that apply to the use of cookies and other similar technologies.  The ICO has also changed the cookie control mechanism on its own website to mirror the changes in the new guidance. Since the EU legislators shocked the internet world a decade ago by changing the legal requirement for the use of cookies and similar technologies from “notice and opt-out” to “notice and consent”, many businesses have struggled to find a way to

Posted in Cybersecurity, Data Protection & Privacy Photo of Harriet Pearson

California Consumer Privacy Act: The Challenge Ahead – Key Terms in the CCPA

This is the second installment in Hogan Lovells’ series on the California Consumer Privacy Act. Words matter. Nowhere is this truer than in legislation, where word choices—often the product of long debate and imperfect compromise—determine the scope and impact of a law. Legislative history can speak volumes about those word choices, and the unique legislative history of the California Consumer Privacy Act of 2018 (CCPA) only highlights the importance of understanding the terms used in the act.

Posted in Data Protection & Privacy Photo of Eduardo Ustaran

Cookie Consent Is the New Panic

Judging by the number of calls and the intensity of the discussions about how to comply with the cookie consent requirement in a post-GDPR world, this issue has become a top worry for organisations and data protection officers. Partly due to the visibility of the mechanisms used to collect this consent, and partly due to the potential implications of operating a website without cookies, the dilemma around what solution to deploy has become a serious business decision. Different business stakeholders are often at odds with each other and matters are

Posted in Data Protection & Privacy Photo of Eduardo Ustaran

Is Artificial Intelligence the Ultimate Test for Privacy?

Nothing challenges the effectiveness of data protection law like technological innovation. You think you have cracked a technology neutral framework and then along comes the next evolutionary step in the chain to rock the boat. It happened with the cloud. It happened with social media, with mobile, with online behavioural targeting and with the Internet of Things. And from the combination of all of that, artificial intelligence is emerging as the new testing ground. 21st century artificial intelligence relies on machine learning, and machine learning relies on…? You guessed it:

Posted in Data Protection & Privacy Photo of Natalia GulyaevaPhoto of Maria SedykhPhoto of Katherine Gasztonyi

Russia: Main Takeaways from Roskomnadzor’s Open Doors Day

Recently, the Russian Data Privacy Authority (Roskomnadzor) organized an Open Doors Day in honor of the International Data Privacy Day. During the occasion, Roskomnadzor officers presented on the authority’s 2017 enforcement activities. They followed this presentation with an open question and answer period, during which they responded to numerous questions raised by attendees. We summarize the key takeaways below. 2017 Roskomnadzor Enforcement Highlights Data operators continue to register with the Roskomnadzor, with approximately 33,000 new data operators registering with the Roskomnadzor in 2017, bringing the total to just over 400,000

Posted in Data Protection & Privacy Photo of Eduardo Ustaran

Misunderstandings, Panic and Priorities in the Year of the GDPR

It is finally here. This is the year of the GDPR. A journey that started with an ambitious policy paper about modernising data protection almost a decade ago – a decade! – is about to reach flying altitude. No more ‘in May next year this, in May next year that’. Our time has come. Given the amount of attention that the GDPR has received in recent times, data protection professionals are in high demand but we are ready. We knew this was coming and we have had years to prepare.

Posted in Data Protection & Privacy Photo of Winston Maxwell

DSM Watch: Stakes high for IoT industry in European ePrivacy debate

Following the European Commission and European Parliament’s proposed versions of the EU Regulation on Privacy and Electronic Communications (the ePR), we are now waiting for the Council of the European Union to agree their position before discussions between the three bodies can begin. A discussion paper from the Bulgarian Presidency of the Council dated 11 January 2018 (the Paper) shows that the Council is still considering multiple options in relation to several critical issues. In particular: The Commission’s draft of the ePR clarified that communications between machines (M2M communications) are

Posted in Data Protection & Privacy Photo of Mac MacmillanPhoto of Sam Choi

ICO Issues Fine for Marketing Emails Disguised as Service Messages

The Information Commissioner’s Office (ICO) has issued a £70,000 fine against Flybe and a £13,000 fine against Honda Motor Europe Ltd for breaching Regulation 22 of the Privacy and Electronic Communications Regulations (PECR) by sending emails requesting individuals to update their marketing preferences. The two cases confirm that: the interpretation by the ICO of what constitutes “marketing material” is very wide; and the ICO will take enforcement action against organisations that seek to circumvent the rules on direct marketing by disguising marketing messages as service messages. Flybe sent emails with

Posted in Data Protection & Privacy Photo of Eduardo Ustaran

ICO Turns Spotlight on Data Broker Industry

Data brokers are organisations that obtain data from a variety of sources and then sell or license it to third parties. Many trade in personal data, which is purchased by their customers for several purposes, most commonly to support marketing campaigns. In 2012, data brokers’ trade in personal data was reported to have generated over $150 billion in revenue. The UK data protection regulator (the “ICO”) has for some time been actively enforcing against organisations who buy individuals’ personal data for direct marketing purposes without first conducting appropriate due diligence

Posted in Data Protection & Privacy

Future-Proofing Privacy: Profiling Restrictions versus Big Data

A stricter regime for profiling Profiling and big data analytics are set to play a pivotal role in the growth of the digital economy. From cookie-based tracking to people’s interaction through social media, the size and the degree of granularity of our digital footprints have created unprecedented opportunities for business development and service delivery. The scale of data collection, data sharing and data analysis has not gone unnoticed to public policy makers and this has led to the inclusion of special rules addressing profiling in the Regulation. In fact, from the point of view of those businesses seeking to benefit from data

Posted in Data Protection & Privacy

Future-Proofing Privacy: Justifying Data Uses

Grounds for processing Currently, under the Data Protection Directive, each instance of data processing requires a legal justification – a “ground for processing”. This fundamental feature of EU data protection law will remain unchanged under the Regulation. However, the bar for showing the existence of certain grounds for processing will be set higher. This is especially true with regards to consent. Stringent new consent rules The Regulation lays out strict new conditions for obtaining valid consent from the data subject. For starters, if consent is given in a written document, and that document also concerns other matters (e.g. terms of

Posted in Data Protection & Privacy Photo of Gonzalo Gallego

Data Protection Compliance in Spain (2015)

Spain is well known for having one of the most restrictive data protection regimes in the European Union (EU). It also counts with some of the highest penalties (fines are up to € 600,000 per infringement), and a data protection authority – the Spanish Data Protection Agency (AEPD) – with a reputation for being one of the fiercest of the EU. Moreover, the penalties envisaged are not only on paper; they are applied on a regular basis by the AEPD. For instance, in the past few years, it has imposed

Posted in Data Protection & Privacy, Policy & Regulation Photo of Joke BodewitsPhoto of Patrice Navarro

Part 6: Profiling Restrictions v. Big Data

A stricter regime for profiling Profiling and Big Data analytics are set to play a pivotal role in the growth of the digital economy. From cookie-based tracking to people’s interaction through social media, the size and the degree of granularity of our digital footprints have created unprecedented opportunities for business development and service delivery. The scale of data collection, data sharing and data analysis has not gone unnoticed to public policy makers and this has led to the inclusion of special rules addressing profiling in the Regulation. In fact, from