A website operator that embedded a Facebook "Like" button is subject to EU data protection law, the European Court of Justice (ECJ) ruled Monday. The case, Fashion ID GmbH & Co. KG v. Verbraucherzentrale NRW eV (Case C-40/17), involved a challenge by a German consumer rights organization against Fashion ID, a German online clothing retailer. The seller embedded the "Like" plug-in supplied by Facebook Ireland on its website, causing visitors' browsers to automatically send information about their IP address and browser string to the social media platform, the court said. Those transmissions took place without users having to click on the button, and also allowed Facebook to place cookies on users' devices. The consumer group sued in a national district court to force Fashion ID to stop integrating the plug-in. The case was later referred to the ECJ for interpretation of several provisions of the former data protection directive as replaced by the general data protection regulation (GDPR). Among the court's findings: A website operator that embeds a third-party plug-in on its website resulting in the collection and transmission of a user's personal data is considered a data controller with joint responsibility (here with Facebook) for operations for which it co-decides on the means and purposes for processing the data and a data subject's consent obtained under the directive must be given to a website operator that has embedded the content of a third party. The case is "quite significant," tweeted Hogan Lovells (London) data protection lawyer Eduardo Ustaran. In practice, he added, all website operators using such cookies should contractually apportion responsibilities for the data collection and processing consider which GDPR lawful ground applies, and then explain those data uses in their privacy or cookie policies.

A new Comcast parental control feature announced Tuesday automatically pauses network connectivity in the home to all of a child’s devices once that child's daily time limit is reached. The feature, accessible from the main xFi page, lets parents set a specific amount of time their children can be online each day; separate limits can be set for weekdays and weekends, it said. Comcast cited a Common Sense Media study saying 68 percent of parents feel their teenagers spend too much time using mobile devices.

The global infrastructure as a service (IaaS) cloud-services market grew 31.3 percent in 2018 to $32.4 billion, up from $24.7 billion in 2017, said Gartner Monday. Amazon continued holding a commanding lead with nearly 48 percent market, followed distantly by Microsoft, Alibaba, Google and IBM, it said. "The cloud market’s consolidation favors the large and dominant providers, with smaller and niche providers losing share,” said Gartner. In 2018, the top five IaaS providers had nearly 77 percent of the global IaaS market, up from less than 73 percent in 2017, it said: “Market consolidation will continue through 2019, driven by the high rate of growth for the top providers.”

Walmart's latest pilot program with a self-driving vehicle company is with Palo Alto, California-based Gatik, blogged Tom Ward, Walmart U.S. senior vice president-digital operations. The retailer has been testing autonomous-vehicle use for customer deliveries and transporting goods between its locations, he said. With Gatik, it’s testing an autonomous vehicle to move customer orders on a 2-mile route between two stores in Bentonville, Arkansas, its home base, to learn more about the logistics of integrating autonomous vehicles into its online grocery ecosystem, said Ward.

U.S. District Court for the District of Columbia should carefully review the “fairness and adequacy” of the FTC’s $5 billion settlement with Facebook and consider the impact on pending consumer complaints, the Electronic Privacy Information Center said Friday. EPIC filed a motion to intervene in U.S. v. Facebook (in Pacer). The consent decree would prevent EPIC and other advocates from pursuing all complaints filed with the FTC before June 12, the group said. Earlier this year, EPIC said 26,000 complaints were pending before the commission. It’s seeking further information through a Freedom of Information Act request.

The FCC and 15 other federal agencies have ineffective information security policies and practices, GAO reported Friday. The department of Commerce and Justice were also included in the group. Most of the 16 agencies sampled had “weaknesses in most security control areas,” it said. GAO recommended the Office of Management and Budget hold coordinated cybersecurity review meetings “at more agencies that need them.” OMB held three such agency meetings in 2018, compared to 24 in 2016, GAO said. It suggested OMB submit a “statutorily required report to Congress on the effectiveness of agencies' information security policies and practices.”

More than 20 federal agencies designated a cybersecurity risk executive at GAO's request, but none “fully incorporated” other key practices recommended for cybersecurity risk management, the watchdog reported Thursday. Other key practices included developing “a risk management strategy and policies, assessing cyber risks and coordinating between cybersecurity and enterprise-wide risk management functions.” GAO made 58 recommendations for improving cybersecurity management programs to departments including Commerce, Energy, Homeland Security, Justice, State, Transportation and Treasury.

Comments on the FTC review of the Children's Online Privacy Protection Act (see 1907170063) are due Oct. 23, said Thursday’s Federal Register.

Now one year old, the general data protection regulation is bearing fruit, said European Justice, Consumers and Gender Equality Commissioner Vera Jourova at a Wednesday briefing. The European Commission published its first assessment of the GDPR, saying it's working well, but more work is needed to make it fully effective. The report reached three conclusions, Jourova said. "Data protection finally matters" and people are starting to care about their privacy. The EU is "entering a digital era on a strong footing" as data protection rules become part of other policies such as artificial intelligence. And Europe's data protection rules "open up possibilities for digital diplomacy to promote data flows based on high standards between countries that share EU values." The EC still has some concerns, she said: Some EU members are "gold-plating" the regulation by adding new provisions into national laws. There are fewer complaints from businesses that see the "doom scenario" didn't materialize, but too many companies, especially smaller ones, remain uncertain about the measure. The EU has become "the rule maker for the world," with more countries using the regulation as a reference point for adopting privacy laws, she said. Greece, Portugal and Slovenia haven't adopted the GDPR into their law. Asked whether the EC is considering formal enforcement actions, Jourova said she won't hesitate to launch such procedures where appropriate and is talking with EU members to resolve the issues.

Samsung, Intel, Ericsson and MediaTek can intervene in support of Qualcomm’s request for a stay in its appeal of an FTC lawsuit over the company's alleged mobile chip monopoly (see 1907190012), the 9th U.S. Circuit Court of Appeals ruled (in Pacer) Tuesday. ACT|The App Association previously filed an amicus brief against Qualcomm’s motion for a stay, saying the harm to the market from a stay “substantially outweighs the dubious allegations of harm to one competitor.”