In January 2023, the European Data Protection Board (EDPB) published a report on cookie banners (Report). The Report provides practical guidance to companies doing business in the EU on how to comply with
Continue Reading EDPB Issues Guidance on Cookie BannersAlexandre Lépine
European Commission Seeks Companies’ Input on GDPR Enforcement
On February 24, 2023, the European Commission (EC) opened a public consultation on its initiative (Initiative) to revise procedural rules relating to the enforcement of the EU General Data Protection Regulation (GDPR). The EC invites…
Continue Reading European Commission Seeks Companies’ Input on GDPR EnforcementDSA: European Commission Publishes Guidance on Requirement to Publish User Numbers Ahead of February 17, 2023, Deadline
On February 1, 2023, the European Commission (EC) published Guidance on the requirement to publish user numbers under the Digital Services Act (DSA).1 The Guidance contains important information for providers of online platforms and…
Continue Reading DSA: European Commission Publishes Guidance on Requirement to Publish User Numbers Ahead of February 17, 2023, DeadlineEU Introduces Legislative Proposal to Collect Data from Short-Term Accommodation Platforms
On November 7, 2022, the European Commission (EC) published its proposal for a regulation on data collection and sharing for short-term accommodation rental services (proposal). The proposal includes data sharing and website design requirements for…
Continue Reading EU Introduces Legislative Proposal to Collect Data from Short-Term Accommodation PlatformsBelgian DPA Finds That IAB Europe’s Cookie Consent Framework Violates the GDPR
On February 2, 2022, the Belgian Data Protection Authority (DPA) found that the Interactive Advertising Bureau Europe (IAB) Transparency & Consent Framework (TCF), a tool used to record individuals’ online ad preferences, violates the General Data Protection Regulation (GDPR). The DPA fined IAB Europe €250,000 (approx. USD 280,000), and required IAB Europe to present an action plan to bring the TCF into compliance within two months. To reach this conclusion, the DPA concluded that:
Continue Reading Belgian DPA Finds That IAB Europe’s Cookie Consent Framework Violates the GDPR
European Court of Justice Finds That “Inbox Advertising” Is Direct Marketing
On November 26, 2021, the Court of Justice of the European Union (CJEU) held[1] that the display of advertising messages in an email inbox, in a form similar to an email, constitutes direct marketing and requires users’ consent under the ePrivacy Directive.[2]
The CJEU also held that this practice constitutes ‘persistent and unwanted solicitations’ under the Unfair Commercial Practices Directive[3] when those advertising messages are displayed to users without prior consent, on a frequent and regular basis.
Continue Reading European Court of Justice Finds That “Inbox Advertising” Is Direct Marketing
CNIL Issues Guidance on Alternatives to Third-Party Cookies
On October 13, 2021, the French data protection authority (the CNIL) issued a short note (the “Note,” in French) on technologies such as fingerprinting, unique identifiers, and cohort-targeting, developed to replace traditional third-party cookies.
While the CNIL acknowledges that some of these technologies are less privacy invasive than third-party cookies, it stresses that the consent and transparency requirements also apply to these technologies.
Continue Reading CNIL Issues Guidance on Alternatives to Third-Party Cookies