Sometimes even the strongest magic cannot hide a compliance misstep, as the Federal Trade Commission (FTC) reminded Disney that even their enchantments must follow the rules. On September 2, 2025, a settlement of $10 million was reached between Disney Worldwide Service, Inc. and Disney Entertainment Operations LLC (Disney) and the FTC. Disney is one of […]
Internationaler Datenschutz
Internationaler_Datenschutz
You Have Been Called Out: The ICO’s Warning Against Unlawful Marketing
Recently, the UK’s Information Commissioner’s Office (ICO) has imposed significant fines totaling in £550,000 against two companies relying on unlawful automated marketing calls, or “robo calls” (read here). Green Spark Energy Ltd was fined £250,000 for making 9.5 million unsolicited automated calls, while Home Improvement Marketing Ltd faced a £300,000 penalty for making 2.4 million […]
China Issues Measures on Personal Information Compliance Audits
On 14 February 2025, the Cyberspace Administration of China (CAC) issued the Administrative Measures on Compliance Audits for Personal Information Protection (the Measures), which has come into effect on 1 May 2025. The Measures mark the transition of the personal information compliance audit regime, first established under the Personal Information Protection Law of the People’s […]
Cookies are not always sweet in France
In the last three years, very high fines have been issued by the French data protection authority (Commission Nationale de l’Informatique et des Libertés or CNIL) to big companies for non-compliance in the area of cookies and tracking devices. Some examples are: the 35 million euros sanction imposed by the CNIL against Amazon in 2020 […]
EuG weist Klage zum Data Privacy Framework ab
Das jüngst verkündete Urteil des Gerichts der Europäischen Union (EuG) in der Rechtssache T-553/23 | Latombe / Kommission hat die Übermittlung personenbezogener Daten aus der Europäischen Union in die USA und das dort herrschende Schutzniveau zum Gegenstand. Sachverhalt und Rechtsrahmen der Entscheidung Das EuG hat in seinem Urteil grds. bestätigt, dass die USA ein angemessenes […]
The Data Act entered into force – what you need to know
On 12 September 2025, the Data Act (Regulation (EU) 2023/2854) became applicable in the EU member states. The Data Act creates a framework for fair access to and use of data across the EU and it is aimed at giving users more control over product-generated data and foster the principles of transparency, fairness, and GDPR […]
UK Data (Use and Access) Act 2025: Key Changes for Privacy Compliance
On 19 June 2025, the Data (Use and Access) Act 2025 (DUAA) received Royal Assent, becoming law in the UK and marking a significant development in the country’s data protection framework. The first provisions will take effect on 20 August 2025 under the Commencement No. 1 Regulations, with others phased in through mid‑2026; some changes (most […]
Übersehen belgische Unternehmen die Pflicht zur Benennung eines Datenschutzbeauftragten?
In einem vorherigen Artikel haben wir bereits erläutert, was Belgiens neues Gesetz zu privaten Ermittlungen (WPO) für Unternehmen bedeutet und wann es Anwendung findet. Wie wir betont haben, reicht der Anwendungsbereich des Gesetzes weit über professionelle Detekteien hinaus. Tatsächlich fallen viele alltägliche Maßnahmen am Arbeitsplatz inzwischen unter das WPO. Der Begriff „private Ermittlungsaktivitäten“ ist sehr […]
Belgiens neues Gesetz zu privaten Ermittlungen: Was es für Arbeitgeber und den Schutz der Privatsphäre von Beschäftigten bedeutet
Im Dezember 2024 hat Belgien eine bedeutende Aktualisierung seiner Gesetzgebung zu privaten Ermittlungen eingeführt: das Wet tot regeling van de private opsporing (WPO). Auf den ersten Blick könnte man meinen, dieses Gesetz betreffe nur Privatdetektive. Doch sein Anwendungsbereich ist weitaus breiter gefasst. Tatsächlich beeinflusst es maßgeblich, wie Unternehmen interne Untersuchungen durchführen und mit Vorfällen am […]
Belgian Companies: Are You Overlooking the Data Protection Officer Requirement?
In our previous article, we explained what Belgium’s new Private Investigations Law (WPO) means for companies and when the law applies. As we highlighted, the law’s scope extends well beyond professional detective firms. In fact, many common workplace actions now fall within the WPO. The term “private investigation activities” is defined broadly. It includes any […]
Belgium’s new Private Investigations Law: what it means for employers and employee privacy
In December 2024, Belgium introduced a significant update to its legislation on private investigations: the Wet tot regeling van de private opsporing (WPO). At first glance, this might seem relevant only to private detectives, but the law’s scope is much broader. In fact, it affects how companies conduct internal investigations and manage workplace incidents. If […]
AI Regulation in the US: A Question of Federal Preemption or State Autonomy?
In the realm of data protection, the United States has long been a patchwork of sector-specific laws and state-led initiatives. Despite repeated federal attempts, the United States still lacks a comprehensive data privacy framework. To fill the void left by the inaction of the federal government, the individual states started to act. Currently, there are […]
Preventable Data Breaches: Compliance Takeaways from Recent ICO Cases
Over the past few months, the UK Information Commissioner’s Office (ICO) has issued a series of enforcement actions that underscore a recurring regulatory concern: data breaches that, in the ICO’s view, were not merely accidental but the result of organisations failing to implement even basic data protection safeguards—violations of their accountability obligations under the UK […]
Strategie des Europäischen Datenschutzausschusses 2024 – 2027
In der Welt des Datenschutzes wird den meisten der Europäische Datenschutzausschuss (EDSA) ein Begriff sein. Gerade durch die Erstellung von Leitlinien oder Empfehlungen werden Dokumente des EDSA oftmals als Hilfestellung bei datenschutzrechtlichen Fragestellungen verwendet. Aber nicht nur die Erstellung von Leitlinien oder Empfehlungen sind Aufgabe und Ziel des EDSA. Der EDSA hat 2024 eine Strategie […]
TikTok receives fine of 530 million euros by Irish DPC
In September 2021 an investigation was started by the Irish Data Protection Commission (DPC), as Lead Supervisory Authority, to verify TikTok’s compliance with GDPR obligations in terms of: verification of age requirements for users under 13 or 18 years of age and lawfulness of the personal data transfers to the People’s Republic of China (China). […]