Weekly IP Buzz for week ending February 15, 2019

February 19, 2019 Darin M. Klemchuk

Here's a summary of interesting developments in intellectual property, technology, social media, and Internet law for the week ending February 15, 2019.

EU Data Privacy Rules: Google Fined Millions as First Major GDPR Casualty

Earlier this week, France’s data protection agency, known as CNIL, fined Alphabet’s Google 50 million euros ($57 million) for breaching the European Union’s new online data privacy rules – the biggest such penalty levied against a U.S. tech company so far.

Enforcement of New EU Data Privacy Rules

The penalty against Google was issued for alleged violations of the EU’s General Data Protection Regulation (GDPR), which went into force in May 2018. It allows users to better control their personal data and gives regulators the power to impose fines of up to 4 percent of global revenue for violations.

“GDPR represents a seismic shift in data privacy rules, requiring tech companies to be more transparent about data use, and giving individuals much more power over the collection and use of their data,” says Jim Chester, a global business and technology attorney and partner in Dallas-based technology boutique Klemchuk LLP.

“Although the industry has been aware of GDPR, it is such a fundamental and comprehensive change in how companies need to think about data privacy that many companies have struggled to adapt their policies – there is no clear ‘best practices’ blueprint for compliance,” Chester adds.

EU Data Privacy Rules Extend to US Companies

U.S. companies have also been uncertain regarding the extent to which they’d be subject to the EU data privacy rules. According to Chester, as penalties and enforcement actions start to happen, a clearer picture of what’s expected will begin to develop.

In this case, the French regulator claimed Google lacked transparency and clarity in the way it informs users about its handling of personal data and failed to properly obtain their consent for personalized ads. In a statement, CNIL said “The amount decided, and the publicity of the fine, are justified by the severity of the infringements observed regarding the essential principles of the GDPR: transparency, information and consent.”

The penalty will likely be the first of many enforcement actions under the new EU data privacy rules, and U.S. Internet companies are scrambling to comply.

Read the full article here.

ICANN is Complying with the GDPR

European Privacy Regulation Results in Changes to ICANN Policies

The 2018 passage of the General Data Protection Regulation (“GDPR”) created stricter regulations for companies to meet when handling the personal and sensitive data of consumers and users. As such, the GDPR has created lasting impact in areas of regulation that were previously not affected by domestic laws. This changed, however, when the European Union passed the GDPR, forcing the Internet Corporation for Assigned Names and Numbers (“ICANN”) to create new policies to respond to the heightened security standards.

ICANN is a nonprofit organization that oversees and manages the Internet’s global domain name system (“DNS”). ICANN’s responsibilities include the management of root name servers, introduction of any new generic top-level domains (“gTLDs”), and the creation of new policies that govern and manage the DNS system. ICANN’s policies are recognized internationally, and countries look to ICANN to arbitrate disputes regarding the DNS system as well as to maintain the overall stability of the Internet as it pertains to DNS systems, Internet protocol address spaces, and regional Internet registries.