Yesterday, I delved into the recent judgment in the Meta case (Case C-252/21) from the Court of Justice of the European Union (CJEU). I gave a preliminary analysis of the court’s view on some of the complexities surrounding the processing of personal data for personalized advertising under the GDPR, focusing on three lawful bases for data processing: contractual necessity, legitimate interests, and consent. I emphasized the importance of a nuanced understanding of the CJEU decision and pointed out that the decision does not determine definitively whether Meta can rely on legitimate interests or fall back on user consent for personalized advertising.

Read the full piece here.

Today’s judgment from the Court of Justice of the European Union (CJEU) in Meta’s case (Case C-252/21) offers new insights into the complexities surrounding personalized advertising under the EU General Data Protection Regulation (GDPR). In the decision, in which the CJEU gave the green light to an attempt by the German competition authority (FCO) to rely on the GDPR, the court also explored the lawful bases for data processing under the GDPR, notably for personalized advertising.

Read the full piece here.

Readers might recall my recent discussion of the Federal Trade Commission’s (FTC) new Bureau of Let’s Sue Meta, in which I covered, among other things, the commission’s proposal to modify its 2020 Decision and Order In the Matter of Facebook Inc. (now Meta). The 2020 order included complex behavioral requirements, in addition to a record-setting $5 billion penalty. One supposes that the consumer harm had been inestimable, given that the commission never did estimate it.

Read the full piece here.

In Robert Bolt’s play “A Man for All Seasons,” the character of Sir Thomas More argues at one point that he would “give the Devil benefit of law, for my own safety’s sake!” Defending the right to due process for a broadly disliked company is similarly not the most popular position, but nonetheless, even Meta deserves the rule of law.

Read the full piece here.

ICLE Senior Scholar Miko?aj Barczentewicz joined the Mobile Dev Memo podcast to discuss the Irish Data Protection Commission’s recent $1.3 billion levied against Meta over its transmission of EU resident data to the United States, and what the case means for the future of U.S.-EU data flows. The full episode is embedded below.

ICLE Director of Law & Economics Programs Gus Hurwitz was a guest on The Cyberlaw Podcast to discuss the Federal Trade Commission’s (FTC) recent settlement with Amazon of a claim regarding children’s privacy, as well as separate FTC efforts to rewrite its 2019 consent decree with Meta over children’s advertising and services.

Other topics included Amazon settling another FTC  complaint over security failings at its Ring doorbell operation; Microsoft losing a data protection case in Ireland; and whether automated tip suggestions should be condemned as “dark patterns.”

The full episode is embedded below.

In my last roundup, I puzzled over the Federal Trade Commission’s (FTC) suit to block Amgen’s acquisition of Horizon Therapeutics. The deal involved no product overlaps whatsoever (i.e., no horizontal competition), a target firm acknowledged to have no competitors for the orphan drugs at issue, and nobody poised to enter into competition either.

I won’t recapitulate the details of my confusion here, but I will point to a new piece by Bill MacLeod (a past chair of the American Bar Association’s Antitrust Section and a former FTC bureau director) and David Evans, in which they raise an issue I didn’t cover: “The Federal Trade Commission may have filed the first merger complaint in a generation that could be dismissed for failure to state a claim.” Which would not look good.

Read the full piece here.

The €1.2 billion fine that the Irish Data Protection Commission (DPC) against Meta marks a new record for violation of the EU’s General Data Protection Regulation (GDPR), but it is the DPC’s order that the company to shut off its transatlantic flow of user data that will have the most far-reaching consequences for international trade, privacy policy, and the rule of law.

Read the full piece here.

While it bills itself a “Digital Bill of Rights,” the Florida Senate Bill 262 could actually harm consumers and businesses online by substantially raising the costs of targeted advertising.

For consumers, this would mean less “free” stuff online, as publishers switch from advertising-based to subscription-based models. For businesses, it would mean having less ability to target advertisements to consumers who actually want their products, resulting in less revenue.

Read the full piece here.