The growing use of biometric systems in workplaces has brought new challenges for data protection, especially with the General Data Protection Regulation (GDPR) in Europe. A recent case in Belgium highlights these issues after a company introduced a fingerprint-based time-tracking system without properly adhering to GDPR rules. Facts In 2020, a Belgian company began using […]
English Posts

The landscape of online proctoring and the intersection of GDPR and US laws
With the rise of remote learning, online proctoring – used to ensure academic integrity during virtual exams – has become widely adopted by schools and universities across the U.S. These tools use methods like identity verification, video and audio monitoring, eye-tracking, and even AI-based behavioral analysis. As this technology proliferates, concerns about how such software […]

Navigating Employee Email Privacy: Lessons from a recent Fine by Italy’s DPA
The Italian Data Protection Authority (Garante) recently imposed a significant fine of 80,000 euros on a company, for mishandling a sales agent’s email data, highlighting once again the challenges and complexities of managing employee data, in particular when access to employees’ emails is required. The issue arose when the company used a backup of the […]

LinkedIn hit with Fine of 310 Million Euros
LinkedIn Ireland has been fined 310 million euros by the Irish Data Protection Commission (DPC) for breaching several key provisions of the GDPR. The DPC issued this fine following a two-year investigation, which began in 2021. In particular, the investigation focused on LinkedIn’s processing of personal data for the purposes of behavioural analytics and targeted […]

Online Proctoring and Data Protection in Germany and France
Online proctoring refers to the use of digital tools and technologies to remotely monitor students during online exams. This technology typically involves video and audio recording capabilities such as screen and web traffic recording, room recording, periodic desk scans and sometimes methods such as biometric recognition to reduce the potential for academic dishonesty and maintain […]

Fines remain discretionary
Does anyone remember 12 September 2019? The GDPR was still new, but the initial excitement had died down and the first practical experiences with the new law had crystallised. Much was unclear, but some things were slowly becoming clearer. On 12 September, around 200 data protection lawyers met in Bremen, Germany for the 20th Autumn […]
UK Data Protection Commissioner (ICO) launched a Data Protection Audit Framework
The ICO has recently issued an instrument to support organisations in verifying data protection compliance. The online audit toolkits can be used to conduct both consensual and compulsory audits. The toolkits are designed for organization personnel having familiarity with data protection compliance or data protection professionals (for example: senior management, the data protection officer, internal […]
Unsolicited Email Marketing – Ensuring compliance worldwide
In today’s interconnected world, businesses increasingly depend on email marketing to effectively expand and engage their international customer base. However, when sending unsolicited emails internationally, balancing data protection obligations and the requirements of local laws is crucial for maintaining compliance. This article delves into best practices, outlines the most appropriate legal bases, and examines the […]
EDPB publishes opinion on the “Code of Conduct for Service Providers in Clinical Research” submitted by EUCROF
According to Art. 40 GDPR, associations and other bodies representing categories of controllers or processors are encouraged to prepare codes of conduct, or amend or extend such codes, for the purpose of contributing to the proper application of the GDPR in specific sectors. When such codes of conduct – or amendments to existing ones – […]
AI Innovation at Risk? A Showdown Between Privacy Laws and Tech Giants
AI is transforming the world at an unprecedented speed, and yet, a growing regulatory storm seems ready to slow it down. Recently, LinkedIn was forced to halt its AI-powered data processing in the UK after concerns raised by the ICO (Information Commissioner’s Office). But could this be just the tip of the iceberg for a […]
CJEU Broadens Definition of Health Data in Pivotal GDPR Ruling
The Court of Justice of the European Union (CJEU) has recently issued a landmark decision (C-21/23 “Lindenapotheke”) that expands the interpretation of what constitutes health data under the General Data Protection Regulation (GDPR). This ruling has significant implications for businesses, especially those involved in the sale of medicinal products online. A Wider Scope of Health […]
Legitimate Interest: new CJEU ruling challenges Dutch Authority’s strict interpretation
On October 4, 2024, the Court of Justice of the European Union (CJEU) issued a ruling in the case C-621/22, addressing whether purely commercial interests can qualify as a legitimate interest for processing personal data under Article 6 para. 1 lit. f of the General Data Protection Regulation (GDPR). This decision challenges the strict stance […]
Can AI Be Used to Predict Crimes? Should it?
Recently, the Argentinian government announced the creation of the Unidad de Inteligencia Artificial Aplicada a la Seguridad (UIAAS), a unit designed to use artificial intelligence (AI) for the prevention, detection, investigation, and prosecution of crimes. The plan involves using machine-learning algorithms to analyze historical crime data and predict future felonies. It is also expected to […]
A Trip to Canada’s Data Protection Landscape
As we are entering into autumn, most people are traveling the world again. Some prefer a few quiet weeks at the beach, while others are seeking adventures climbing mountains and jumping off cliffs. Nerds like me however, like to discover the curiously wild landscape of Canada’s data protection laws. It keeps us lawyers constantly on […]
Data Protection Officer (DPO) in Singapore – obligations, role and responsibilities
The Personal Data Protection Act (PDPA) of Singapore mandates organizations to safeguard the personal data they collect, use, or disclose. A key aspect of this responsibility is appointing a Data Protection Officer (DPO) or a team to ensure compliance with the PDPA. Appointing a DPO – requirements and obligations As part of the Accountability Obligation, […]