AI-powered chatbots are all the rage these days and ChatGPT is the biggest star. With more than 100 million monthly users just two months after its launch, it officially holds the record for the fastest-growing web platform in history, beating giants like Instagram and TikTok. The appeal of OpenAI’s ChatGPT is easy to understand. The […]
English Posts

EU – most relevant GDPR fines of the last years
More than four years after the General Data Protection Regulation 2016/679 (GDPR) came into force, companies and organizations that process personal data inside and outside the EU have come to realize the benefits that a privacy-friendly business management can entail. Moreover, in the last years it became evident that processing personal data in violation of […]

The New Look of Cross-Border Transfers in Switzerland
The Swiss Parliament passed the revised Federal Act on Data Protection (nFADP) in the fall of 2020. The Swiss Federal Council announced that the law will enter into force on September 1, 2023. As there will be no transition period, the requirements must be met from the first day the law becomes effective. While we […]

Italian Sunshine Act: a GDPR oriented analysis
In June 2022, Law 62/2022 known as the Sunshine Act entered into force in Italy, introducing new transparency regulations on transfers of value established between companies operating in the pharmaceutical and health care sector and health care professionals (HCPs) as well as health care organizations (HCOs). The Italian Sunshine Act is one of the newest […]

The priorities set by the Belgian Data Protection Authority for the 2023 Agenda
At the end of last year, in the context of setting the 2023 budget, the Belgian Data Protection Authority (Autorité de protection des données/ Gegevensbeschermingsautoriteit or APD) has highlighted the main topics that will be the focus of this year’s agenda, depending on the capacity of the authority, as the APD mentioned in its press […]
Cybersecurity in the EU: the new NIS 2 Directive comes into force
Cybersecurity has become an increasingly discussed topic in Europe and is more and more valued and controlled on a business level by most companies operating in the EU market. The reason for this rising trend can certainly be traced back to the impressive rate of cyber attacks, which continues to increase each year, as shown […]
How did your kid find out about that game they are constantly talking about? It is a mystery even to the most experienced elf…
Responsible advertising to children (during Christmas time and beyond) in the EU Children are at the heart of Christmas. Many businesses operate in the online world and target their products and services to children, trying to persuade them that they can make their Christmas dreams come true! What are the rules about targeting to children […]
EU Commission published Draft Adequacy Decision for EU – US data transfer
On 13 December 2022, approximately only 1 month after the signing of President Biden’s Executive Order, the European Commission announced the Draft Adequacy Decision for EU – US Data Transfers. This time-record achievement officially launches the process towards the adoption of the Adequacy Decision for the proposed EU-US Data Privacy Framework, and may put a […]
Irish DPC: Facebook Data Scraping not in line with Art. 25 of the GDPR
In 2021, media reports raised serious questions about how Facebook was dealing with the collected personal data of around 530 million Facebook users. Between 2018 and 2019, these datasets, which also included the email addresses and mobile phone numbers of Facebook users, were exposed on the internet. Following the media reports of these serious data […]
Google and the U.S.: A multi-state historic privacy settlement
Google, the giant U.S. tech company, will pay a total of $391.5 million to 40 U.S. states, which is the largest multi-state privacy settlement with state Attorneys General in the U.S. history. The main reason behind the fine is that the online search engine platform has engaged in deceptive and unfair actions in violation of […]
„Old“ Standard Contractual Clauses to be Invalid as of the End of December (27.12.2022)
The European Commission decided on new Standard Contractual Clauses (SCCs) in June 2021. After 27 December 2022, only these „new“ SCCs may be used without exception. What does that mean for companies and organizations? If personal data is transferred to processors (or their sub-processors) or to controllers in a country outside the EU or the […]
Clearview AI fined again, this time in France
The French Data Protection Authority, Commission Nationale de L’Informatique et des Libertés (CNIL), has issued a fine of €20 million against Clearview AI (hereafter Clearview), a company that now claims to have more than 30 billion images used for facial recognition. Clearview collects photos from all sorts of directly accessible websites, social media platforms and […]
Over €500.000 fine for a German e-Commerce company having appointed a DPO with a conflict of interest
The fine has been issued by the Berlin Supervisory Authority (Berliner Beauftragte für Datenschutz und Informationsfreiheit – BlnBDI) on the 20th of September to an e-Commerce company following to the identification of a conflict of interest among the roles of the appointed Data Protection Officer (DPO), as mentioned in the authority’s press release. The DPO […]
One Step Closer to a EU-U.S. Adequacy Decision
On October 7, 2022, U.S. President Biden signed the long-awaited Executive Order (EO) on ‘Enhancing Safeguards for United States Signals Intelligence Activities‘. Some would say it is merely a memorandum on how the US will continue to spy on individuals. Others would say it is an effort to control the intelligence system in place without […]
Spanish Supreme Court: Data subjects can submit their complaint directly to a supervisory authority
According to a decision of the Spanish Supreme Court (Tribunal Supremo) of July 2022, filing a request to exercise the data subject rights with the data controller is not a prerequisite for filing a complaint to the relevant Supervisory Authority for an alleged breach of the GDPR. The decision was issued after a complaint of […]