Tag Archives: Google

Schrems’ Privacy Organization Files First Complaints Based on GDPR

On Friday, May 25, the day when GDPR became effective, noyb.eu (None of Your Business), the non-profit privacy organization recently set up by Max Schrems, filed the first complaints based on GDPR.

Max Schrems is the Austrian privacy lawyer who had complained about the transfer of his data to the United States by Facebook:  he argued that, in light of the Snowden revelations,… More

Pokémon Go Catches More Than It Bargained For

Pikachu figure characterThe recently-released Pokémon Go has quickly emerged as a cultural phenomenon, with legions of players using their phones to “catch” Pokémon that emerge all around them, visible (thankfully) only to players.  While catching Pokémon by phone is far less cumbersome than collecting boxes upon boxes of Pokémon cards, as some of us did in the early aughts, it does come with its own set of pitfalls.  Specifically,… More

Cybersecurity News & Notes – July 5, 2016

In Case You Missed It: Ruling in FTC v. Amazon Suggests a Way Forward for Companies Responding to Actions Brought by the FTC after a Data Breach.  The FTC’s recent actions in the realm of data security have been predicated on its claim of statutory authority to seek injunctive relief for the failure to maintain reasonable and appropriate data security practices.  A U.S. District Court ruling last week casts some doubt on that authority. … More

Google and the Right to be Forgotten: The French Data Protection Authority Takes the Matter Further

On June 12, 2015 the French Data Protection Authority (Commission Nationale de l’Informatique et des Libertés – CNIL) issued a notice ordering Google to draw all the consequences of the CJEU May 13, 2014 ruling and to apply delisting not only to the national domain of the individual who requests delisting but on all of the search engine’s domains, including google.com (see our article The Right to be Forgotten: Another Scuffle between Google and The French Data Protection Authority | Security,… More

The Right to be Forgotten: Another Scuffle between Google and The French Data Protection Authority

On 13 May 2014 the Court of Justice of the European Union (CJEU) issued a judgment which Google called a “landmark ruling” (Google v. Costeja Gonzalez case, C-131/12). The court held, based on the 95/46 Directive on protection of personal data that “the operator of a search engine is obliged to remove from the list of results displayed following a search made on the basis of a person’s name links to web pages,… More

The Lasting (?) Impact of the Changes in the Ad Policies of Google and Facebook

Remember in late October, when Google and Facebook issued new policies enabling them to use adults’ and minors’ data for advertising purposes?  Initial reports suggested there could be a big hue and cry among consumers.  At the time, I was quoted by Law360 saying:

“They’re absolutely testing the boundaries from not only a legal standpoint, but also from a public acceptance standpoint,” said Foley Hoag LLP privacy and data security practice co-chair Colin Zick.… More

PCI-DSS Update: The Payment Card Industry Security Standards Council Issues Guidelines for Security Risk Assessments, Cloud Computing, and Accepting Payments on Mobile Devices

Merchants who accept credit cards have a duty to protect customer information, not only by law (see, e.g., 201 CMR 17.00), but also because the credit card companies tell them so.  The Payment Card Industry Security Standards Council was created by Visa, MasterCard and American Express to tell merchants precisely what they are supposed to do to protect consumers.  Merchants must follow the Payment Card Industry Data Security Standard (PCI DSS) or risk fines or losing the ability to process credit cards. … More

State Attorneys General Write to Google

In a letter sent earlier today, 37 state attorneys generals (or their equivalents) wrote to Larry Page, Google’s CEO, "to express our strong concerns with the new privacy policy that Google announced it will be adopting for all of its consumer products."

According to the letter:

Google’s new privacy policy is troubling for a number of reasons. On a fundamental level, the policy appears to invade consumer privacy by automatically sharing personal information consumers input into one Google product with all Google products.… More

The Right To Be Deleted

If you haven’t Googled yourself in a while, this might be a good time. My own self-search reveals, among other things, a page at mylife.com.  I didn’t put it there, and I’d rather it not be there. However, right now, there isn’t a right to have your personal or professional information be deleted from social media, review sites, and other types of websites that gather your personal information.  However, legislation may be coming that will address this concern.… More