At the end of last year, in the context of setting the 2023 budget, the Belgian Data Protection Authority (Autorité de protection des données/ Gegevensbeschermingsautoriteit or APD) has highlighted the main topics that will be the focus of this year’s agenda, depending on the capacity of the authority, as the APD mentioned in its press […]
GDPR
Irish DPC: Facebook Data Scraping not in line with Art. 25 of the GDPR
In 2021, media reports raised serious questions about how Facebook was dealing with the collected personal data of around 530 million Facebook users. Between 2018 and 2019, these datasets, which also included the email addresses and mobile phone numbers of Facebook users, were exposed on the internet. Following the media reports of these serious data […]
The highest fine ever imposed by the Greek DPA on Clearview AI
The U.S.-based company Clearview AI (hereafter Clearview) known for its facial recognition services received a fine of €20.000.000 by the Greek Data Protection Authority for the non-compliant collection and processing of personal data. This is the first time that the Hellenic DPA has imposed such a high data protection fine. Clearview develops facial recognition software […]
„Old“ Standard Contractual Clauses to be Invalid as of the End of December (27.12.2022)
The European Commission decided on new Standard Contractual Clauses (SCCs) in June 2021. After 27 December 2022, only these „new“ SCCs may be used without exception. What does that mean for companies and organizations? If personal data is transferred to processors (or their sub-processors) or to controllers in a country outside the EU or the […]
Clearview AI fined again, this time in France
The French Data Protection Authority, Commission Nationale de L’Informatique et des Libertés (CNIL), has issued a fine of €20 million against Clearview AI (hereafter Clearview), a company that now claims to have more than 30 billion images used for facial recognition. Clearview collects photos from all sorts of directly accessible websites, social media platforms and […]
Spanish Supreme Court: Data subjects can submit their complaint directly to a supervisory authority
According to a decision of the Spanish Supreme Court (Tribunal Supremo) of July 2022, filing a request to exercise the data subject rights with the data controller is not a prerequisite for filing a complaint to the relevant Supervisory Authority for an alleged breach of the GDPR. The decision was issued after a complaint of […]
China passed new data protection law
China issued its comprehensive data protection law, the Personal Information Protection Law (“PIPL”), on August 20, 2021. The PIPL will come into effect on November 1, 2021. This marks a new era in China’s data protection development. Before the PIPL, the main legislations regulating data processing activities in China are the Cybersecurity Law, the Data […]
Italian Data Protection Authority Fines Bologna Airport in Connection with Whistleblowing Application
In an injunction of July 10, 2021, published the following month, the Italian data protection authority (Garante per la protezione dei dati personali) has fined the Airport of Bologna € 40,000 for not having implemented adequate technical and organizational measures for a whistleblowing application. Further, the authority held that for that application, a data protection […]
The New California Privacy Rights Act (CPRA)
Not that long ago, in January 2020, the California Consumer Privacy Act (CCPA) entered into force. Shortly after that, a proposition was made to amend the CCPA, introducing a new privacy law in California, the CPRA. We reported here. Californians once more voted in favor of a new data protection law on November 3, 2020, […]
Are portable body temperature cameras GDPR compliant?
According to the French Conseil d’Etat: No! In order to combat Covid-19, the French municipality of Lisses installed one fixed thermal camera in a municipal building that was able to report excessive body temperatures. Additionally, several portable thermal cameras were entrusted to municipal officials who at the entrance of schools could measure excessive temperatures of […]
The Marketing Guide to the GDPR- Video Series
We are proud to present the first chapter of 4 whiteboard videos that focus on the most common issues faced by Marketing Departments regarding GDPR obligations. “The Marketing Guide to the GDPR” contains relatable and comprehensible examples that allow for the viewer to grasp a very broad overview of the impact of personal data in […]
Swiss Hotel Booking Platform must comply with the GDPR
The Austrian Data Protection Authority has ordered a Swiss online hotel booking platform to comply with the requirements set forth in the EU General Data Protection Regulation (GDPR), in particular to provide the information according to Art. 13 GDPR to the data subject. The ordinance was based on the following facts: An Austrian citizen living […]
The Long Arm of the GDPR
The new General Data Protection Regulation (GDPR) strictly regulates the collection, use and storage of personal data, but does the long arm of the law stretch beyond the EU borders more than anyone could have anticipated? If you are surfing the web to see who the GDPR applies to, you could come to the conclusion […]
VIOLATION OF CHILDREN’S PRIVACY – Record COPPA Enforcement against Oath, Inc.
In December 2018, the office of the New York Attorney-General issued the largest ever US penalty for the violation of the Children’s Online Privacy Protection Act (COPPA), to Oath Inc, the Verizon-owned company formerly known as AOL. In addition to the penalty amount of 4.95 Million USD, Oath Inc, agreed to adopt extensive COPPA compliant […]
Give me all your data: US CLOUD Act & Australian “Decryption” Bill vs. the GDPR
Nowadays crimes are more and more committed or at least facilitated by a smartphone or other computing device. That is why digital evidence in form of data is essential in almost all criminal investigations.[1] But that does not mean that the collection of such evidence is straightforward and effortless. Law enforcement authorities (LEAs) face, among […]