On 23 October 2019 the European Commission published a report on the third annual review on the functioning of the EU-U.S. Privacy Shield. The report states that the U.S. continues to ensure an adequate level of protection for personal data transferred under the Privacy Shield from the EU to participating companies in the U.S. Today approx. 5,000 companies are participating in this EU-U.S. data protection framework.
A procedure of the Court of Justice of the European Union was initiated in order to provide Member States greater control over social media websites regarding shared illegal content. The CJU arrived on its decision on 3 October 2019, where it broadens the liability of the social media platforms such as Facebook or Instagram.
On 1 October 2019 the Court of Justice of the European Union (‘CJEU’) published its judgment in the Planet49 case. The background of the case is that Planet49 ran a promotional lottery on its website. While entering the lottery, users were presented with two tick-boxes. The first was an unchecked tick-box to receive third party advertising. In order to enter the competition, users needed to tick such box. The second was a pre-ticked box allowing Planet49 to set cookies to track the user’s behaviour online.
On 9 July 2019 Marriott International announced that UK Information Commissioner’s Office (ICO) had communicated its intent to issue a fine in the amount of £99 200 396 against the company in relation to the ‘Starwood guest reservation database’ incident that Marriott announced on 30 November 2018. In this incident a variety of personal data contained in approximately 339 million guest records globally were exposed, of which around 30 million related to residents of 31 countries in the European Economic Area (EEA), while seven million related to UK residents.
Over one year after the entry of the GDPR into force, on 24 July 2019 the European Commission published a report looking at the positive impact of the EU data protection rules and how they can be improved further.
After the scandal around Facebook and Cambridge Analytica broke in the first half of 2018 (when Cambridge Analytica used data to profile and target individual voters for the purpose to predict and influence their decisions at elections), another data protection authority has fined Facebook for personal data misuse.