December 03, 2019

MONTH-IN-BRIEF: Internet Law & Cyber-Security

Juliet Moringiello, Sara Beth A.R. Kohut

International Law

Austrian Post Fined €18m for Non-Compliance with Data Protection Laws

By Melissa Hall, MacRoberts LLP

 Last month, Austria’s supervisory authority (“Austrian DPA”) announced that it is imposing a fine of €18 million against Österreichische Post AG (“Austrian Post”) under the EU data protection laws. The Austrian DPA heard evidence that the Austrian Post had used its customers’ personal data (including data related to age, address and gender) to calculate assumed affiliations with political parties, and then sold its findings. The Austrian Post has indicated that it intends to challenge the fine before the Federal Administrative Court.

Data Privacy

Facebook Backs Down to ICO After Investigation into Misuse of Personal Data in Political Campaigns

By Rebecca Henderson, MacRoberts LLP

Facebook have agreed to pay the £500,000 monetary penalty issued by the UK data protection authority, the Information Commissioner’s Office (“ICO”). The fine was originally issued by the ICO on 24 October 2018 (under the pre-GDPR legislation) after a yearlong investigation by the ICO into reports that companies such as Facebook (and its processor, Cambridge Analytica) had misused personal data during political elections.

 Initially, Facebook appealed the fine and in June this year, the First Tier Tribunal issued an interim decision (that the ICO then appealed) that procedural fairness and reports of bias within the ICO should be considered and dealt with in Facebook’s appeal against the £500,000 fine imposed by the ICO.

On 30 October 2019, the ICO issued a statement (available here) that it had come to an agreement with Facebook where both parties would withdraw their appeals (and pay their own costs) and Facebook would pay the original £500,000 fine levied by the ICO on the condition that Facebook makes no admission of liability in paying such a fine.

Both the ICO and Facebook are committed to continuing investigations into misuse of personal data in connection with political campaigns and/or elections and, with this settlement, Facebook will also gain access to certain documents held by the ICO to allow it to continue internal investigations into Cambridge Analytica and lessons that can be learned from this incident.

Juliet Moringiello

Commonwealth Professor of Business Law, Widener University Commonwealth Law School

Juliet Moringiello is the Commonwealth Professor of Business Law at Widener University Commonwealth Law School in Harrisburg, PA, where she teaches Property, Bankruptcy, Secured Transactions, Sales, and a seminar on Cities in Crisis. She earned her B.S.F.S. at Georgetown University, her J.D. at Fordham University School of Law, and her LL.M in Legal Education at Temple University School of Law. Professor Moringiello is Chair of the Pennsylvania Bar Association Business Law Section, a Uniform Law Commissioner for Pennsylvania, and a member of the American Law Institute. She is also a Fellow of the American College of Commercial Finance Lawyers and has held several leadership positions in the American Bar Association Business Law Section.

Sara Beth A.R. Kohut

Co-Chair; Cybersecurity, Privacy, and Data Protection Group; Young Conaway

Sara Beth’s practice focuses on advising legal representatives for future claimants in connection with asbestos mass tort insolvency matters and settlement trusts. She has also represented national and local businesses in cases involving intellectual property, corporate and commercial issues in the federal and state courts in Delaware. Sara Beth has advised clients on strategies for protecting intellectual property rights and complying with obligations governing the privacy and security of sensitive data. She currently co-chairs Young Conaway’s Cybersecurity, Privacy, and Data Protection group.