The Italian Data Protection Authority (Garante per la protezione dei dati personali, or short Garante) has released in May 2024 guidelines aimed to protect personal data published online by public and private entities (in a role of data controller) from web scraping performed by third parties. While the purposes to perform data scraping or web […]
Internationaler Datenschutz
Internationaler_Datenschutz

Retention of Metadata – legal and business impacts of the Italian DPA guideline – UPDATED
A few months ago, we delved into a new decision of the Italian data protection authority (Garante) on this blog, which recommended that employers set retention periods for their employees‘ email metadata not exceeding 7 days. This guideline created some confusion, leading the Garante to suspend its applicability and open it up for public consultation […]

Current legislation shaping Europe’s Digital Decade
In recent years, Europe has made decisive efforts to lead companies and people into the digital future. These efforts are ongoing and are leading to a dynamic process at legislative level with a flood of new legislation. This article provides an overview of several significant new pieces of legislation introduced by the EU as part […]

Italian Data Protection Authority imposed the highest fine so far on electricity provider
Telemarketing activities and aggressive practices against the consumers are again in the spotlight of the Italian Data Protection Authority (Garante), that imposed the highest fine ever on the Italian electricity provider Enel Energia. It is unfortunately very common that Italian consumers are harassed by unwanted telephone calls from marketing agencies proposing contracts for different services […]

A closer look at noyb’s Complaint against OpenAI
On April 29, 2024, the European Center for Digital Rights, better known as noyb, co-founded by Austrian lawyer and privacy activist Max Schrems, has filed a formal complaint against OpenAI, the company behind the popular ChatGPT. The complaint raises concerns about the chatbot’s handling of personal data, focusing on two main issues: the provision of […]

The Washington My Health My Data Act enters into force
The Washington My Health My Data Act (henceforth the “MHMDA”) passed the Washington State Legislature on April 17, 2023, and was signed into law on April 27, 2023. The Act includes effective dates on a section-by-section basis with regulated entities being bound to comply with its obligations and prohibitions beginning 31 March 2024. Small businesses […]
The American Privacy Rights Act – a new chapter in the U.S. data privacy story
The United States is seen throughout the world as a leader in technology. With major players growing from small start-ups to international household names. Despite such growth in the world of technology right in our backyards, the U.S. is also seen as lacking when it comes to regulating the implications of such technologies on our […]

Groeiende Relevantie AVG en Recordboetes in 2023
Volgens de Financial Times zijn de boetes onder de Algemene Verordening Gegevensbescherming (AVG) in het jaar 2023 met bijna 40 procent gestegen. Toezichthouders van Europese landen hebben vorig jaar een stuk strenger gehandhaafd en leggen steeds vaker druk op bedrijven en instanties. Uit onderzoek van DLA Piper is gebleken dat grote tech- en social mediabedrijven […]
A Tale of two Advisories: Untangling India’s latest foray into AI Regulation
Recently, Google’s AI platform Gemini provided what was perceived as a “biased” answer to a question on the Indian Prime Minister, Narendra Modi, asking “Is Modi a fascist?”. Gemini’s response was that Prime Minister Modi was “accused of implementing policies some experts have characterised as fascist.” This answer drew sharp criticism from the Indian government, […]
A new Regulation facilitates cross-border data transfers from China to a third country
China’s cross-border data transfer regulations have been relaxed for the first time after the country issued a series of cybersecurity and personal data protection laws that imposed strict conditions on cross-border data transfers, raising concerns among companies doing business in China and abroad. On 23 March 2024, the Cyberspace Administration of China („CAC“), China’s central […]
Colombia’s Database Registration Deadline Approaches
In 2012, Colombia enacted Law 1581, establishing the national regime for personal data protection in the country. Law 1581 mandates that data controllers register their databases containing personal data in a national registry managed by the personal data protection authority, the Superintendencia de Industria y Comercio (SIC). This registration obligation occurs annually, with the deadline […]
Controlling Working Times and Attendance via the Processing of Biometric Data: Guidelines by the Spanish DPA
In November 2023, the Spanish data protection authority (AEPD) unveiled new guidelines regarding the use of biometric data in the workplace to ensure companies’ compliance with data protection laws while implementing attendance control systems such as fingerprint scanners. Let’s take a look at what it says. Understanding Biometric Data Biometric data, like fingerprints, retina scans, […]
AI Act – What’s next?
After a record-long negotiation (36 hours), the EU Parliament declared on Friday, December 8, 2023, that they have successfully reached an agreement on the upcoming AI Act. As of now, there is no official text available. The only official sources of information that we have are press releases from the EU institutions involved in the […]
Internationales Abkommen zum Schutz vor KI-Missbrauch
Die Cybersecurity and Infrastructure Security Agency (CISA) als Teil des Ministeriums für innere Sicherheit der USA (DHS) und das National Cyber Security Centre (NCSC) des Vereinigten Königreichs haben am 26.11.2023 gemeinsam Richtlinien für die sichere Entwicklung von KI-Systemen veröffentlicht. Beteiligt waren insgesamt 23 Cybersicherheitsbehörden aus insgesamt 18 Ländern – darunter auch das deutsche Bundesamt für […]
What does the Data Privacy Framework Self-Certification mean for your company?
Let’s take a closer look at what the decision to self-certify under the DPF means for your company. In terms of costs, other then the applicable fees, you need to consider administrative and organizational costs aimed at ensuring accountability while implementing mechanisms to allow data subjects the exercise of their rights. We are providing you […]