Fladgate’s quick guide to the law on website cookies


Fladgate’s quick guide to the law on website cookies

31 October 2019

1. What are cookies and what this note covers 1.1 Cookies are small files which a website can, through an internet browser, leave on a user’s device, and to then be used to extract information about the user or their system. 1.2 In many cases, cookies are simply tools to let the website do its […]

Read more

CJEU delivers judgment in Facebook “Like” button case

9 August 2019

The Court of Justice of the European Union (CJEU) last week handed down its decision in a case concerning a German online clothing retailer’s use of the Facebook “Like” button. The retailer, Fashion ID, had embedded the Facebook tool on its website, enabling visitors to “like” content on the web and so share it on […]

Read more

Spanish football league La Liga fined around €250,000 for a breach of GDPR

19 June 2019

The top Spanish football league, La Liga, has been fined around €250,000 for a breach of the GDPR by the Spanish data protection agency, AEPD. In an effort to combat piracy of Spanish football live matches, La Liga allegedly used a smart phone app to collect users data without users’ specific consent. AEPD therefore levied […]

Read more

Mutual EU-Japan adequacy decision now in force

23 January 2019

The EU and Japan have today announced a new personal data adequacy agreement between the two parties. This agreement will allow personal data to flow freely between the two parties on the basis that there are strong protective guarantees in place. Before the agreement was put in place, Japan agreed to put additional safeguards in […]

Read more

Brexiting the GDPR: New draft UK data protection regulations introduced

8 January 2019

The government has recently published draft legislation to deal with the UK’s post-Brexit GDPR regime, namely “The Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019”. The new legislation proposes to introduce an amended version of the GDPR (creatively titled “the UK GDPR”), the Privacy and Electronic Communications Regulations 2003 (PECR), and […]

Read more

Facebook €10M fine in Italy

12 December 2018

Not a GDPR fine, but, according to press reports, Facebook has been fined €10M by the Italian consumer protection authority arising out of its use of subscriber’s data. The reports say that FB breached the Italian Consumer Code by misleading users about the commercial use of their data and not making it clear to users […]

Read more

Jingle Regulation

7 December 2018

The UK’s data protection enforcement body, the ICO, has published an article on “Sleigh-ing the Christmas GDPR myths”.  As they say, the last thing they want is Santa to be reported to the IC-Ho-Ho-Ho! So the article sets the record straight on some pretty crazy “rules” that have been blamed on GDPR, such as: Children […]

Read more

Uber fined £385,000 following mass data breach

29 November 2018

The UK Information Commissioner’s Office (ICO) has issued a fine against Uber for £385,000 for failing to protect customers’ personal information during a cyber attack in 2016, that compromised the data of millions of customers and tens of thousands of drivers. The ICO has reported that data security flaws allowed the personal details of about […]

Read more

ICO penalty for spam overturned

29 October 2018

A fine imposed by the ICO on a company accused of sending millions of unsolicited emails was overturned last month by the Appeal Tribunal[1]. The ICO had initially issued the fine against Xerpla Ltd, for a breach of regulation 22 of the Privacy and Electronic Communications Regulations (PECR) against unsolicited communications. In brief, this regulation […]

Read more

Personal data: a global commodity subject to regional rules

14 September 2018

The introduction within the EU of the General Data Protection Regulation (GDPR) led to frantic scrambles in the EU to achieve compliance. Such behaviour is understandable, given how easily a complaint may be made to a supervisory authority about organisations which allegedly breach data protection rules: in Britain, the Information Commissioner’s Office (ICO) has provided […]

Read more