Christopher Olsen

Subscribe to Christopher Olsen's Posts

On Monday September 7, 2020, the European Data Protection Board (EDPB) issued draft Guidelines 8/2020 on the targeting of social media users (the “Draft Guidelines”). The Draft Guidelines have far-reaching implications for social media platforms, advertisers, and adtech companies, as they will result in a clarification of the roles and responsibilities of the key stakeholders, and establish rules for consent.

The Draft Guidelines are open for public consultation until October 19, 2020. Interested companies can submit their comments to the EDPB.
Continue Reading EDPB Issues Guidelines on Social Media Targeting Under GDPR

Over the last few days, the European Data Protection Board (EDPB), the European Data Protection Supervisor (EDPS) and various Supervisory Authorities (SAs) across Europe issued statements addressing the decision of the European Court of Justice (ECJ) to invalidate the EU-U.S. Privacy Shield framework (Schrems 2.0). Below we summarize some of the main reactions.

The EDPB is working on a set of FAQs that will hopefully provide some level of clarification on key issues that companies now face. The EDPB is meeting on July 22 and 23, and we expect the FAQs to be published shortly thereafter. We will report on these FAQs as soon as they are issued.
Continue Reading Initial Reaction of European Data Protection Regulators to Schrems 2.0 Judgment

In Liu v. Securities & Exchange Commission,1 the Supreme Court upheld, but circumscribed, the Securities and Exchange Commission’s (SEC’s) disgorgement authority by holding 8-1 that the SEC may seek disgorgement through its equitable relief power only if the award does not exceed a wrongdoer’s net profits and is awarded to victims. Although this decision is important in its own right, the Court’s underlying reasoning also has significant ramifications on a similar question regarding the Federal Trade Commission’s (FTC’s) power to obtain equitable monetary relief under 15 U.S.C. § 53(b) (Section 13(b) of the FTC Act).
Continue Reading Liu v. SEC: Foreshadowing a Challenge to the FTC’s Disgorgement Authority

On June 30, 2020 the Federal Trade Commission (FTC) announced that it reached a settlement in its litigation against NTT Global Data Centers (formerly RagingWire Data Centers) over allegations that the company misled customers about its adherence to the EU-U.S. Privacy Shield framework.1 As part of the settlement, the cloud service provider is required to hire a third-party assessor to annually verify its compliance with the Privacy Shield if it chooses to participate in the framework.2 As noted by three commissioners, this order is “more protective of the Privacy Shield Principles than the 14 orders [the] Commission … has approved in prior Privacy Shield Cases.”3
Continue Reading FTC Announces Unusually Stringent Consent Order in Privacy Shield Case Settlement

On June 19, 2020, the Federal Trade Commission (FTC) submitted to Congress two reports that Congress requested in connection with the spending bill that funds the FTC. One of these reports (the “Resources Report”) describes the resources used and needed by the FTC to protect consumer privacy and security, and the second (the “Authorities Report”) describes the FTC’s use of its existing authorities to protect consumer privacy and security.
Continue Reading FTC Outlines Potential Changes to Enhance Privacy and Security Enforcement Efforts If Given More Resources

On July 29, 2019, the European Court of Justice (ECJ) issued its decision in FashionID (Case C-40/17), determining that website operators are jointly liable with plugin providers for data collection and transmission through social media buttons and other embedded plugins. Although the ECJ found the operator and plugin provider to be jointly liable, the court placed the burden on the website operator to provide notice and, where necessary, obtain consent for the joint activity. Further, the court found the plugin provider to be independently responsible for any subsequent use of the data. The decision will likely prompt regulators to closely scrutinize the use of third-party plugins.
Continue Reading Website Operator Jointly Liable for Data Collection and Transmission Through Facebook “Like” Button