Individual privacy in Saudi Arabia and the protection of personal data have long fallen under the general provisions of Saudi law and not under the specific provisions on „data protection“ or „data security“. In the absence of specific laws, Islamic law generally applies in Saudi Arabia. Thus, Saudi courts dealt with data protection issues according […]
English Posts
Meta’s Court Defeat in Norway and the Europe-wide Repercussions
An exciting case was decided in Oslo at the beginning of September. In July, the Norwegian Data Protection Authority Datatilsynet had banned Meta Ireland and Facebook Norway (hereinafter referred to as Meta) from displaying personalised advertising via its platforms in Norway. Meta had appealed against this and as a result lost before an Oslo district […]
WhatsApp switches its legal basis to „Legitimate Interest“ due to severe sanctions
It is by far not the first time that Meta and its platforms had to face scrutiny in terms of their privacy policy. This time around, the Irish Data Protection Commission (DPC) sanctioned WhatsApp with a fine of 5.5 million Euros due to the lack of a legitimate legal basis for processing personal data in […]
Overcoming Challenges in Developing a GDPR-Compliant Data Deletion Framework
The General Data Protection Regulation (GDPR) has transformed the way companies manage personal data, introducing stringent requirements for data deletion. In accordance with the GDPR, personal data cannot be stored indefinitely, and companies must develop comprehensive deletion frameworks as explained in detail here. However, creating and implementing these frameworks presents significant challenges for organizations. In […]
Roadmap to the Development of a Deletion Framework
A data deletion framework refers to a structured set of guidelines and procedures governing an organization’s adherence to deletion obligations according to data protection and statutory laws, as well as its processes for managing and executing the deletion of personal data. Essentially, a data deletion framework entails the systematic classification of personal data along with […]
Technology and Children – U.S. Courts Place Injunctions on State Laws for Unconstitutionality
It is our duty as parents to protect our children from the harms of the world, but as a mother of two young children I have learned that I cannot do it alone. The saying “It takes a village to raise a child” means more to me now than I ever could have imagined 10 […]
Insurance company receives significant fine from Swedish SA
Another significant fine for the lack of adequate security measures on personal data was recently issued by a European Supervisory Authority (SA) to a controller responsible for private customers´ data. In the present case, the Swedish Supervisory Authority (IMY) imposed a fine of SEK 35 million (approx. EUR 2.9 million) to the insurance company Trygg-Hansa, […]
Update of the Application for Approval and Guiding Principles for the Controller Binding Corporate Rules (BCR-C)
On the 20th of June 2023 the European Data Protection Board (EDPB) adopted the recommendations 01/2022 on the application for approval and on the elements and principles to be found in the Controller Binding Corporate Rules (BCRs or more specific BCR-C, Art. 47 GDPR). The decision to update some of the principles and guidelines to […]
India’s new Digital Personal Data Protection Act
On August 11, 2023, the President of India gave his assent to the Digital Personal Data Protection Act, 2023 (DPDP Act). India, as a tech-savvy nation with a booming digital economy, recognized the need for a structured data protection framework. It shall come into force on such date as the Central Government may notify in […]
The Long-Awaited U.S. Adequacy Decision Has Been Issued By The European Commission
Last year in Spring I mentioned in my article, Will Spring Bring a New EU-U.S. Privacy Shield Agreement?, how the EU and the U.S. were working to bring about an easier way to transfer data across the Atlantic. It was stated by Sean Heather, senior vice president of regulatory affairs for the U.S. Chamber of […]
Italian DPA imposes €240,000 fine on Benetton Group
In April 2023 the Italian Data Protection Authority (Garante per la protezione dei dati personali) has fined the famous fashion brand Benetton with 240,000 Euros for violations of the GDPR related to marketing practices involving consumer data. The Garante’s investigation started in 2019 during the course of a scheduled investigation related to marketing activities and […]
Data Protection in (Mental) Health Apps
Mental health matters – and with global crises such as the Covid pandemic shaping our lives in the 2020s, everyone has been talking about it. A common piece of advice for people who are struggling with their mental health is to get help: Find a therapist or speak to a coach or counselor. However, these […]
Google Bard released in the EU after privacy concerns were addressed
Google has finally released its AI chatbot Bard in the European Union, after previously delaying the launch due to privacy concerns. The company said that it has addressed the concerns of the Irish Data Protection Commission (DPC), which is the lead regulator for Google’s data privacy practices in the EU. Bard can be considered Google’s […]
How the upcoming Cyber Resilience Act will impact privacy
One of the biggest challenges faced by data controllers today is the ever-looming risk of cyber attacks. Vulnerabilities in systems and devices can result in not only the loss of vast amounts of personal data and the potential for ransom demands but also the imposition of hefty fines by authorities for neglecting proper technical and […]
Why Strong Identity Verification is Vital in Data Protection
In the realm of data protection, identity verification plays a crucial role in safeguarding personal information. In this article, we explore a recent incident involving Vodafone España, shedding light on the significance of strong identity verification procedures. We’ll examine the case, discuss the consequences faced by Vodafone, and delve into best practices for verifying someone’s […]