Fladgate’s quick guide to the law on website cookies

31 October 2019

1. What are cookies and what this note covers 1.1 Cookies are small files which a website can, through an internet browser, leave on a user’s device, and to then be used to extract information about the user or their system. 1.2 In many cases, cookies are simply tools to let the website do its […]

Read more

CJEU delivers judgment in Facebook “Like” button case

9 August 2019

The Court of Justice of the European Union (CJEU) last week handed down its decision in a case concerning a German online clothing retailer’s use of the Facebook “Like” button. The retailer, Fashion ID, had embedded the Facebook tool on its website, enabling visitors to “like” content on the web and so share it on […]

Read more

Marriott Hotels to be fined nearly £100 Million for GDPR breaches – a warning for corporate buyers

10 July 2019

Hot on the heels of the £139M fine for British Airways comes confirmation from the ICO that it has proposed a financial penalty of £99.2M for breach of GDPR arising out of a data security breach reported in November 2018.

Read more

Spanish football league La Liga fined around €250,000 for a breach of GDPR

19 June 2019

The top Spanish football league, La Liga, has been fined around €250,000 for a breach of the GDPR by the Spanish data protection agency, AEPD. In an effort to combat piracy of Spanish football live matches, La Liga allegedly used a smart phone app to collect users data without users’ specific consent. AEPD therefore levied […]

Read more

Data Protection – A year’s worth of challenges and threats

19 March 2019

Leigh Callaway and Gerald Brent examine the major issues which have been cropping up continually over the past year.

Read more

Mutual EU-Japan adequacy decision now in force

23 January 2019

The EU and Japan have today announced a new personal data adequacy agreement between the two parties. This agreement will allow personal data to flow freely between the two parties on the basis that there are strong protective guarantees in place. Before the agreement was put in place, Japan agreed to put additional safeguards in […]

Read more

Google fined €50M in France for GDPR breach

21 January 2019

Reports are circulating that the French data protection authority, the CNIL, has issued a fine of €50M on Google for failure to comply with the GDPR.  The issue relates to the consents obtained from Google account holders in relation to the personalisation of advertising that was served to the user. The CNIL referenced the fact […]

Read more

Amazon mistakenly sends smart-device recordings to strangers

9 January 2019

A recent story from Germany highlights the precautions companies must take when complying with data subject requests under the GDPR. When complying with a right of access, Amazon accidentally disclosed the personal data of another Amazon user. Although no enforcement action has been taken by a GDPR authority in this case (yet), Amazon have opened […]

Read more

Brexiting the GDPR: New draft UK data protection regulations introduced

8 January 2019

The government has recently published draft legislation to deal with the UK’s post-Brexit GDPR regime, namely “The Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019”. The new legislation proposes to introduce an amended version of the GDPR (creatively titled “the UK GDPR”), the Privacy and Electronic Communications Regulations 2003 (PECR), and […]

Read more

First German GDPR penalty

21 December 2018

The European Data Protection Board is today reporting that the supervisory authority for Baden-Würrtemburg has imposed the first GDPR fine in Germany.  A social network company was fined €20,000 for a data breach in July 2018 involving a hack which exposed the email addresses and  unencrypted passwords of 330,000 users.  The fine was reduced in […]

Read more