Included in this edition of data & privacy news: CNIL issues its largest ever fine; ICO launches toolkit to help law enforcement use data analytics and more...


CNIL issues its largest ever fine of €100 million to Google over ad-tracking cookies

CNIL, the French data privacy regulator, has issued Google and Amazon with fines of €100 million and €35 million, respectively, over their unlawful use of cookies.

The regulator said neither Google nor Amazon had sought consent from visitors before advertising cookies were saved on their computers. The tech giants had also failed to provide clear information about the use of the trackers and how visitors to French websites could decline the cookies. 

Both companies have been given three months to change the information banners displayed on their websites. Non-compliance will result in a further €100,000 fine per day.

ICO launches toolkit to help law enforcement use data analytics

As part of its AI priority work, the Information Commissioner's Office (ICO) has launched a toolkit to help those in law enforcement with data protection when using data analytics. 

The ICO is advising police forces to build in data protection at the beginning of any data analytics projects to ensure compliance with the law, as well as gain public trust and confidence in AI technology and its use of personal data. 

US Senate Committee hears testimony on Privacy Shield invalidation 

The Senate Committee on Commerce, Science, and Transportation has conducted a hearing to discuss the halt to the Privacy Shield and other related trans-Atlantic data flow matters.

During the hearing, questioning pointed towards whether a federal privacy law would resolve issues cited in the Court of Justice of the European Union's (CJEU) decision to veto the Privacy Shield. Views from committee members and witnesses were wide ranging, though not many ideas were suggested of other avenues the US could explore other than legislative reform and continuing negotiations. 

The European Commission and the High Representative have also put together a proposal for a new transatlantic agenda, for global cooperation based on common values, interests and global influence. The agenda covers four areas with actions that would act as an early transatlantic roadmap, helping to address key challenges and capture opportunities. 

The European Council has been invited to approve the outline before its launch at an EU-US Summit in 2021. 

Adtech firms hit with more privacy complaints over ad targeting

Fresh privacy complaints have been filed with national data protection watchdogs in six EU countries over the adtech industry's abuse of internet users' information to target ads.

Adtech firms collect individuals' browsing history and broadcast it to other companies, which then auction and place ads.

Since 2018, complaints have been filed in numerous EU countries over the same real-time bidding advertising issue, but no substantive regulatory action has yet occurred. 

Irish Data Protection Commissioner publishes statement on the upcoming judicial review proceedings on EU-US data transfers

This week, the Irish High Court is hearing Facebook's judicial review proceedings against the Data Protection Comission (DPC), which have their origins in the Schrems II judgment delivered by the CJEU on 16 July 2020. Facebook has asked the Court to quash the DPC's decision to launch an inquiry, as well as set aside the Preliminary Draft Decision, on the basis that the DPC have not respected Facebook's right to fair procedures. 

The DPC is also continuing to investigate its complaint by Max Schrems, which relates to the transfer of his personal data to the US. These judicial proceedings are listed for hearing on the 13 January 2021. 

Key Contacts

Ross McKenzie

Ross McKenzie

Partner, Commercial & Data Protection
Aberdeen, UK

View profile
Helena Brown

Helena Brown

Partner, Commercial and Data Protection & Head of Data
Edinburgh, UK

View profile