Cybersecurity has become an increasingly discussed topic in Europe and is more and more valued and controlled on a business level by most companies operating in the EU market. The reason for this rising trend can certainly be traced back to the impressive rate of cyber attacks, which continues to increase each year, as shown […]
English Posts
How did your kid find out about that game they are constantly talking about? It is a mystery even to the most experienced elf…
Responsible advertising to children (during Christmas time and beyond) in the EU Children are at the heart of Christmas. Many businesses operate in the online world and target their products and services to children, trying to persuade them that they can make their Christmas dreams come true! What are the rules about targeting to children […]
EU Commission published Draft Adequacy Decision for EU – US data transfer
On 13 December 2022, approximately only 1 month after the signing of President Biden’s Executive Order, the European Commission announced the Draft Adequacy Decision for EU – US Data Transfers. This time-record achievement officially launches the process towards the adoption of the Adequacy Decision for the proposed EU-US Data Privacy Framework, and may put a […]
Irish DPC: Facebook Data Scraping not in line with Art. 25 of the GDPR
In 2021, media reports raised serious questions about how Facebook was dealing with the collected personal data of around 530 million Facebook users. Between 2018 and 2019, these datasets, which also included the email addresses and mobile phone numbers of Facebook users, were exposed on the internet. Following the media reports of these serious data […]
Google and the U.S.: A multi-state historic privacy settlement
Google, the giant U.S. tech company, will pay a total of $391.5 million to 40 U.S. states, which is the largest multi-state privacy settlement with state Attorneys General in the U.S. history. The main reason behind the fine is that the online search engine platform has engaged in deceptive and unfair actions in violation of […]
„Old“ Standard Contractual Clauses to be Invalid as of the End of December (27.12.2022)
The European Commission decided on new Standard Contractual Clauses (SCCs) in June 2021. After 27 December 2022, only these „new“ SCCs may be used without exception. What does that mean for companies and organizations? If personal data is transferred to processors (or their sub-processors) or to controllers in a country outside the EU or the […]
Clearview AI fined again, this time in France
The French Data Protection Authority, Commission Nationale de L’Informatique et des Libertés (CNIL), has issued a fine of €20 million against Clearview AI (hereafter Clearview), a company that now claims to have more than 30 billion images used for facial recognition. Clearview collects photos from all sorts of directly accessible websites, social media platforms and […]
Over €500.000 fine for a German e-Commerce company having appointed a DPO with a conflict of interest
The fine has been issued by the Berlin Supervisory Authority (Berliner Beauftragte für Datenschutz und Informationsfreiheit – BlnBDI) on the 20th of September to an e-Commerce company following to the identification of a conflict of interest among the roles of the appointed Data Protection Officer (DPO), as mentioned in the authority’s press release. The DPO […]
One Step Closer to a EU-U.S. Adequacy Decision
On October 7, 2022, U.S. President Biden signed the long-awaited Executive Order (EO) on ‘Enhancing Safeguards for United States Signals Intelligence Activities‘. Some would say it is merely a memorandum on how the US will continue to spy on individuals. Others would say it is an effort to control the intelligence system in place without […]
Spanish Supreme Court: Data subjects can submit their complaint directly to a supervisory authority
According to a decision of the Spanish Supreme Court (Tribunal Supremo) of July 2022, filing a request to exercise the data subject rights with the data controller is not a prerequisite for filing a complaint to the relevant Supervisory Authority for an alleged breach of the GDPR. The decision was issued after a complaint of […]
Art. 9 GDPR: What counts as special categories of personal data?
In its judgment of August 1, 2022, the CJEU extended the scope of application of Art. 9 GDPR to “indirectly sensitive data” following a referral from a Lithuanian Administrative Court (Case C 184-20). This ruling is being widely discussed in the data protection world, as it has the potential to have a big impact on […]
Will the American Data Privacy and Protection Act Become Law Eventually?
While some U.S. states have data privacy laws, amongst them California, known to have the strictest privacy law, to date, the United States do not have a federal data protection act. In June this year, a first draft of the American Data Privacy and Protection Act (ADPPA) was proposed. The draft bill received bipartisan support and […]
ICO fine for unlawful facial recognition
Clearview AI (hereafter Clearview) is a company dedicated to facial recognition. Clearview created a data base of over 20 billion images indexed from the Internet and social media and developed a facial recognition algorithm to analyze and match faces. Clearview compares sample images provided by its clients (mostly law enforcement bodies, governments, and banks) with […]
UK GDPR Reform
In September 2021, the government launched its consultation here to draw proposals to make substantial changes in the UK Data Protection Laws which were less stringent than the EU GDPR but still covered all the important data protection rights. The UK government has expressed that the focus of this reform is to make a trusted […]
Nope, Data Protection Law Does Not Allow Us to Do THAT
It is the easiest excuse on the books right now. You want to do that…I am sorry data protection law prohibits it. Somethings are truly not allowed under data protection law, but sometimes people just use this as an excuse that they assume very few people can argue against. They just want to say “No”, […]