Episode 8: Third Party Cookies - ECJ lays down new rules in Fashion ID case

GDPR Now!

Karen Heaton/Data Protection 4 Business

Gdpr Now!, Data Breaches, Cyber Security, Personal Data, Gdpr Now, Outsourced Dpo, Management, Business, Data Protection Officer, Business News, Privacy, It Security, Data Protection, News, Gdpr

4.8 • 11 Ratings

🗓️ 17 September 2019

⏱️ 18 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

In the Fashion ID case, the European Court of Justice decides that website owners are now joint controllers with the provider of the third-party cookie, and that website owners are responsible for issuing the privacy notices for third party cookies and for collecting any consents that are required. And, to make things a bit more complicated, the ECJ comes up with a new approach to analysing the data journey and who is the controller! All this and more in this episode of GDPR Now! GDPR Now! Is brought to you by This Is DPO. www.thisisdpo.co.uk. Host Mark Sherwood-Edwards [email protected] Materials You can try ADL Consulting’s "Introduction to Cyber Security" module for free here: https://adlconsulting.teachable.com/p/an-introduction-to-cyber-security Fashion ID ECJ Judgement: http://curia.europa.eu/juris/document/document.jsf;jsessionid=CF6549B82743BAC9782DB7D41AD478DF?text=&docid=216555&pageIndex=0&doclang=en&mode=lst&dir=&occ=first&part=1&cid=14417748 Advocate General’s Opinion: http://curia.europa.eu/juris/document/document.jsf?text=&docid=209357&pageIndex=0&doclang=en&mode=lst&dir=&occ=first&part=1&cid=14418147 Related documents Update Report Into Adtech And Real Time Bidding, ICO. https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2019/06/blog-ico-adtech-update-report-published-following-industry-engagement/ Guidance On The Use Of Cookies And Similar Technologies, ICO. https://ico.org.uk/for-organisations/guide-to-pecr/guidance-on-the-use-of-cookies-and-similar-technologies/ Délibération N° 2019-093 Du 4 Juillet 2019 Portant Adoption De Lignes Directrices Relatives À L'application De L'article 82 De La Loi Du 6 Janvier 1978 Modifiée Aux Opérations De Lecture Et Écriture Dans Le Terminal D'un Utilisateur (Notamment Aux Cookies Et Autres Traceurs), CNIL. https://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTEXT000038778053&dateTexte=&categorieLien=id Opinion 5/2019 On The Interplay Between The Eprivacy Directive And The Gdpr, in particular regarding the competence, tasks and powers of data protection authorities, adopted on 12 March 2019, EDPB. https://edpb.europa.eu/sites/edpb/files/files/file1/201905_edpb_opinion_eprivacydir_gdpr_interplay_en_0.pdf Questions, suggestion for improvement, ideas for issues to be covered in future episodes, or if you would like to appear one of our podcasts, please contact us at [email protected]

Transcript

Click on a timestamp to play from that location

0:00.0	Welcome to GDPR now. This episode is going to be looking at third party cookies and in particular we'll be looking at the recent European Court of Justice case fashion ID.
0:14.0	Now this podcast and the case has implications for any website owner that uses third party cookies and also has important implications for any website owner that uses third-party cookies and also has important implications
0:23.7	for any businesses that uses third-party cookies as part of the data journey for its data subjects.
0:33.2	The podcast should take, I know, 15 to 25 minutes. Frequent listeners will know I have a tendency
0:39.9	to ramble on, so it may take a bit longer. Normally a podcast is me and guests. Today it's just
0:45.8	me, Mark showed Edwards. And just to remind everyone, this podcast is brought to you by
0:50.9	this is dpo.co.k, which you can find at this is dpo.co.com.
0:56.2	UK.
0:57.3	So what are the facts of the case?
0:59.1	Well, fashion ID was an online retailer, and on their website, they had a Facebook plugin, the like
1:05.6	one.
1:06.2	So if you like it, like it, you click on it and that feeds into Facebook.
1:10.6	Action was brought in the German courts by a German Consumer Association, which claimed that
1:15.6	fashion idea was a controller, but that it was not issuing a privacy notice, it wasn't gaining
1:21.6	consent, wasn't behaving like a controller should behave. Now that got escalated to the German courts and then ended up at the European Court of Justice
1:31.3	for some decisions on the law.
1:33.3	And those are familiar with this kind of court case will know that the ECJ doesn't decide of facts,
1:40.3	it just decides on what the law is in that particular situation. Now, ECJ cases often come in kind of two parts, the judgment itself and also the advocate
1:53.0	general's opinion. Now the advocate general is like an advisor and he or she writes an opinion.
2:00.0	And the interesting about it is that it's typically much more expansive in its analysis and its reasoning and things it says than the court's official judgment.
2:10.6	So unlike Anglo-Saxon cases where the judges like to write long judgments and lots of reasoning and that kind of stuff.
2:18.4	The typical ECJ judgment is relatively short. So if you want an inkling of the thinking that
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from Karen Heaton/Data Protection 4 Business, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of Karen Heaton/Data Protection 4 Business and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.