In August 2024, the European Center for Digital Rights (noyb), co-founded by privacy advocate Max Schrems, filed a series of complaints against X (formerly Twitter), the social media platform owned by Elon Musk. The nine complaints, lodged in nine different countries, focus on X’s use of personal data to train its Artificial Intelligence (AI) technologies. […]
GDPR
GDPR Breach due to Health Data Leak results in 80,000 euro fine for Private Clinic
A private clinic specializing in assisted reproductive technology (ART), experienced a significant data breach due to a cyberattack. The breach compromised the personal data of approximately 400 individuals, including patients and employees. The affected data included identity, contact information, financial details, and sensitive health and genetic information. Even though the breach was detected on 21 […]
PIAs and DPIAs: A Two-Step Process to GDPR Compliance
If you work in a company in the European Union or the UK you have probably heard your fair share about data protection. From HR to Sales, personal data infiltrates almost every aspect of a company. One of the biggest tasks under the General Data Protection Regulation (GDPR) is collecting all the information required and […]
Italian Data Protection Authority imposed the highest fine so far on electricity provider
Telemarketing activities and aggressive practices against the consumers are again in the spotlight of the Italian Data Protection Authority (Garante), that imposed the highest fine ever on the Italian electricity provider Enel Energia. It is unfortunately very common that Italian consumers are harassed by unwanted telephone calls from marketing agencies proposing contracts for different services […]
Groeiende Relevantie AVG en Recordboetes in 2023
Volgens de Financial Times zijn de boetes onder de Algemene Verordening Gegevensbescherming (AVG) in het jaar 2023 met bijna 40 procent gestegen. Toezichthouders van Europese landen hebben vorig jaar een stuk strenger gehandhaafd en leggen steeds vaker druk op bedrijven en instanties. Uit onderzoek van DLA Piper is gebleken dat grote tech- en social mediabedrijven […]
Privacy and AI: Schufa algorithm condemned by the CJEU
In December 2023, the Court of Justice of the European Union (CJEU) issued Judgement C-634/21 on the Schufa case. This landmark ruling is set to shape the GDPR-friendly approach to future AI-based businesses. At a pivotal moment where AI takes center stage in the European Institutions’ agenda, with efforts towards the adoption of the renowned […]
Seven days to retain metadata – legal and business impacts of the Italian DPA decision
Indiscriminate and unrestricted retention of employee data (especially their emails) is a common yet dangerous violation of the GDPR that undermines workers‘ rights from multiple perspectives. But how far can GDPR compliance go without excessively hindering business needs and interests? This is the question behind one of the most recent (and discussed) decisions of the […]
Controlling Working Times and Attendance via the Processing of Biometric Data: Guidelines by the Spanish DPA
In November 2023, the Spanish data protection authority (AEPD) unveiled new guidelines regarding the use of biometric data in the workplace to ensure companies’ compliance with data protection laws while implementing attendance control systems such as fingerprint scanners. Let’s take a look at what it says. Understanding Biometric Data Biometric data, like fingerprints, retina scans, […]
Unlawful use of a GPS tracking tool installed in company cars was found by the Austrian DPA
The installation of a GPS tracking tool on the company fleet cars has always been a pretty delicate and sometimes controversial topic, on which data protection implications have a critical role when deciding the way it is implemented, in accordance with the principles of privacy by design and by default. The case of the Austrian […]
The Magic of Christmas…I mean Consent!
Every child wakes up with an extra little twinkle in their eye on Christmas morning. Whether that twinkle comes on the 24th of December when the Christ Child visits in Southern Germany or on the 25th when Santa leaves goodies for all the good girls and boys throughout the US. The magic of Christmas is […]
What does the Data Privacy Framework Self-Certification mean for your company?
Let’s take a closer look at what the decision to self-certify under the DPF means for your company. In terms of costs, other then the applicable fees, you need to consider administrative and organizational costs aimed at ensuring accountability while implementing mechanisms to allow data subjects the exercise of their rights. We are providing you […]
Does your Company Need a Data Privacy Framework Certification?
Well, it depends. Let me begin by providing an overview of the Data Privacy Framework as adopted on July 11th 2023 and follow by providing my opinion on whether and for which companies a certification under the new framework would add value. The EU-US Data Privacy Framework in the Big Picture of the Adequacy Decisions […]
Access to employee emails: A delicate balance between business needs and privacy rights
In the landscape of corporate operations, accessing employee emails may sometimes feel like a necessity for companies. Whether to investigate suspected misconduct of current employees, facilitate operational management during an employee’s prolonged absence, or streamline the transition after an employee departs, the reasons can be varied. However, this task is not straightforward as there are […]
CJEU rules on Right of Access and first copy of personal data: what companies should know
The Court of Justice of the European Union (CJEU) issued a recent ruling in case C-307/22, highlighting important considerations regarding the extent of the right of access under Article 15 of the GDPR. This ruling carries significant implications for companies that process personal data under the GDPR. It asserts that the GDPR right of access […]
New Data Protection Law in Saudi Arabia
Individual privacy in Saudi Arabia and the protection of personal data have long fallen under the general provisions of Saudi law and not under the specific provisions on „data protection“ or „data security“. In the absence of specific laws, Islamic law generally applies in Saudi Arabia. Thus, Saudi courts dealt with data protection issues according […]