LinkedIn Ireland has been fined 310 million euros by the Irish Data Protection Commission (DPC) for breaching several key provisions of the GDPR. The DPC issued this fine following a two-year investigation, which began in 2021. In particular, the investigation focused on LinkedIn’s processing of personal data for the purposes of behavioural analytics and targeted […]
English Posts
Online Proctoring and Data Protection in Germany and France
Online proctoring refers to the use of digital tools and technologies to remotely monitor students during online exams. This technology typically involves video and audio recording capabilities such as screen and web traffic recording, room recording, periodic desk scans and sometimes methods such as biometric recognition to reduce the potential for academic dishonesty and maintain […]
Fines remain discretionary
Does anyone remember 12 September 2019? The GDPR was still new, but the initial excitement had died down and the first practical experiences with the new law had crystallised. Much was unclear, but some things were slowly becoming clearer. On 12 September, around 200 data protection lawyers met in Bremen, Germany for the 20th Autumn […]
UK Data Protection Commissioner (ICO) launched a Data Protection Audit Framework
The ICO has recently issued an instrument to support organisations in verifying data protection compliance. The online audit toolkits can be used to conduct both consensual and compulsory audits. The toolkits are designed for organization personnel having familiarity with data protection compliance or data protection professionals (for example: senior management, the data protection officer, internal […]
Unsolicited Email Marketing – Ensuring compliance worldwide
In today’s interconnected world, businesses increasingly depend on email marketing to effectively expand and engage their international customer base. However, when sending unsolicited emails internationally, balancing data protection obligations and the requirements of local laws is crucial for maintaining compliance. This article delves into best practices, outlines the most appropriate legal bases, and examines the […]
EDPB publishes opinion on the “Code of Conduct for Service Providers in Clinical Research” submitted by EUCROF
According to Art. 40 GDPR, associations and other bodies representing categories of controllers or processors are encouraged to prepare codes of conduct, or amend or extend such codes, for the purpose of contributing to the proper application of the GDPR in specific sectors. When such codes of conduct – or amendments to existing ones – […]
AI Innovation at Risk? A Showdown Between Privacy Laws and Tech Giants
AI is transforming the world at an unprecedented speed, and yet, a growing regulatory storm seems ready to slow it down. Recently, LinkedIn was forced to halt its AI-powered data processing in the UK after concerns raised by the ICO (Information Commissioner’s Office). But could this be just the tip of the iceberg for a […]
CJEU Broadens Definition of Health Data in Pivotal GDPR Ruling
The Court of Justice of the European Union (CJEU) has recently issued a landmark decision (C-21/23 “Lindenapotheke”) that expands the interpretation of what constitutes health data under the General Data Protection Regulation (GDPR). This ruling has significant implications for businesses, especially those involved in the sale of medicinal products online. A Wider Scope of Health […]
Legitimate Interest: new CJEU ruling challenges Dutch Authority’s strict interpretation
On October 4, 2024, the Court of Justice of the European Union (CJEU) issued a ruling in the case C-621/22, addressing whether purely commercial interests can qualify as a legitimate interest for processing personal data under Article 6 para. 1 lit. f of the General Data Protection Regulation (GDPR). This decision challenges the strict stance […]
Can AI Be Used to Predict Crimes? Should it?
Recently, the Argentinian government announced the creation of the Unidad de Inteligencia Artificial Aplicada a la Seguridad (UIAAS), a unit designed to use artificial intelligence (AI) for the prevention, detection, investigation, and prosecution of crimes. The plan involves using machine-learning algorithms to analyze historical crime data and predict future felonies. It is also expected to […]
A Trip to Canada’s Data Protection Landscape
As we are entering into autumn, most people are traveling the world again. Some prefer a few quiet weeks at the beach, while others are seeking adventures climbing mountains and jumping off cliffs. Nerds like me however, like to discover the curiously wild landscape of Canada’s data protection laws. It keeps us lawyers constantly on […]
Data Protection Officer (DPO) in Singapore – obligations, role and responsibilities
The Personal Data Protection Act (PDPA) of Singapore mandates organizations to safeguard the personal data they collect, use, or disclose. A key aspect of this responsibility is appointing a Data Protection Officer (DPO) or a team to ensure compliance with the PDPA. Appointing a DPO – requirements and obligations As part of the Accountability Obligation, […]
How to verify the implementation of Binding Corporate Rules? The CNIL published a monitoring tool
A number of multinational companies operating across multiple jurisdictions and sharing personal data between different countries, have adopted Binding Corporate Rules (BCRs) as a transfer mechanism under Art. 47 of the General Data Protection Regulation (GDPR). BCRs are internal data protection compliance rules to ensure that personal data transferred between their entities, particularly from the […]
Unlawful use of facial recognition technology (FRT) at a school in Essex
The UK’s supervisory authority, the Information Commissioner’s Office (ICO), announced on 23 July 2024 that it had issued a warning to a school in Essex for the unlawful use of facial recognition technology – a violation of Art. 58 para. 2 lit. b UK GDPR. What happened? In March 2023, the school began using facial […]
Case Analysis: A Landmark Cross-Border Data Transfer Dispute in China
In a significant ruling that underscores the growing emphasis on personal data protection in China, the Guangzhou Internet Court recently concluded a case involving cross-border data transfer violations under the Personal Information Protection Law of the People’s Republic of China (PIPL). The case, titled (2022) Yue 0192 Min Chu 6486, saw Mr. Z, a Chinese […]