Monday, the 13th of January 2025
A lawsuit at London's Competition Appeal Tribunal targets Apple for abusing its dominant market position by charging an 'unfair' 30% commission through App Store purchases. The lawsuit is brought on behalf of around 20 million iPhone and iPad users from the UK.
Apple's framework allows the company to impose restrictive terms on app developers and charge excessive commission, which is ultimately borne by consumers.
"Apple is not just dominant ... it holds a 100% monopoly position," lawyer Mark Hoskins said in court filings. Apple, however, maintains the case overlooks the benefits to consumers of the integrated iOS operating system, which prioritises security and privacy.
---
In a ruling released by the General Court of Justice of the European Union on January 8, 2025, the EU Commission has been found guilty of unwittingly transferring a data subject's IP address to the US. The data subject tried to access the EU Commission's webpage via a 'Sign in with Facebook' link that transferred his IP address to the US. He has claimed 400 euros in compensation.
The incident occurred in 2022 when the US did not have the status of having 'adequate protection', nor did they have 'adequate safeguards' as required by the GDPR. The General Court notes, that, "the Commission did not, therefore, comply with the conditions set by EU law for the transfer by an EU institution, body, office or agency of personal data to a third country."
The court has ruled that the Commission has indeed breached the law and is required to pay out the 400 Euros demanded by the data subject.
---
The Mouse association in France has issued a complaint with CNIL due to the fact the French railway is requiring customers to indicate their title (‘Monsieur’ or ‘Madame’) (‘Mr’ or ‘Ms’) when purchasing transport tickets online. Mouse has stated that indicating gender is not necessary information for purchasing tickets and that this violated the GDPR principle of data minimisation.
CNIL has referred this case to the CJEU for advice, and has received the following reply: the railway undertaking could choose to communicate based on generic, inclusive expressions when addressing a customer, which have no correlation with the presumed gender identity of those customers. The court further advises that in order to collect gender information:
- data collector has to inform of the legitimate interest upon collection
- data has to be limited to only that which is strictly necessary
- the risk of discrimination based on gender identity is minimised.
