Wanneer je het iconische „Tadum“, het opstartgeluid van Netflix, hoort, denk je waarschijnlijk aan je favoriete tv-serie. Maar onlangs hoorde de Autoriteit Persoonsgegevens (AP) iets anders: een oproep tot strengere naleving van de privacywetgeving. Netflix kwam onder vuur te liggen vanwege zijn privacypraktijken, wat leidde tot een onderzoek en een boete van 4,75 miljoen euro. […]
pb-international
Legislation on Web Accessibility in Spain
The Spanish legislation contemplates the need to guarantee the rights of people with disabilities since the Spanish Constitution of 1978. In the framework of information technologies, the „Law 51/2003, of 2 December, on equal opportunities, non-discrimination and universal accessibility for people with disabilities“, now repealed, established a period of two years to approve the basic […]
Italian Data Protection Authority bans DeepSeek for Italian market
In the past years, the Italian Data Protection Authority (Garante per la Protezione dei dati personali) has made clear statements towards big technology companies introducing their services in Italy, prior to the verification of GDPR and Italian Data Protection Act compliance. We are referring to the Clearview case of 2022, that caused a fine of […]
AI Literacy and the Dutch Data Protection Authority’s Recommendations
Is your business ready for the AI Act? As of February 2, 2025, businesses operating in the EU must ensure that their employees are AI-literate in accordance with the AI Act. This means that anyone working with AI, whether developing, implementing, or using AI-driven tools, must have the necessary knowledge, skills, and ethical awareness to […]
Website Accessibility in Italy
Website accessibility is becoming an increasingly important topic in Italy, in particular since companies have until the 28th June 2025 to comply with the new European Accessibility Directive. In this article, we outline the Italian legal framework for website accessibility, the importance of early action, and practical steps businesses can take to ensure compliance and […]
The GDPR and the AI Act: A Harmonized Yet Complex Regulatory Landscape
The European Union has recently introduced the AI Act, poised to become the cornerstone of AI governance across the EU. This groundbreaking regulation is designed to address the risks AI systems pose to health, safety, and fundamental rights, complementing the protections already established by the General Data Protection Regulation (GDPR). Together, these frameworks create a […]
Understanding China’s new Measures for the Certification of Personal Information Protection for Overseas Transfers
The Personal Information Protection Law and the Network Data Security Management Regulation, among other laws and regulations, stipulate the methods for transferring personal information overseas, including: a data transfer security assessment, a standard contract, and certification. Additionally, other conditions may permit the personal information overseas transfer. Recently, the Cyberspace Administration of China (“CAC”) released the […]
Benelux Authorities Tighten Scrutiny on DPO Appointments
Authorities in Belgium, the Netherlands, and Luxembourg are paying closer attention to how organizations appoint their Data Protection Officers (DPOs). They are especially focused on making sure DPOs can work independently, without a conflict of interest and have enough resources to do their job properly. In the Netherlands, the Dutch Authority for Personal Data (AP) […]
EDPB Issues Opinion on Personal Data Processing by AI Models
As artificial intelligence (AI) increasingly integrates into daily life, its influence on privacy continues to grow. Developing AI models often involves processing vast amounts of data, and such models are now widely involved in numerous processing activities. This trend has raised concerns about privacy, transparency, and fairness. In response to these challenges, the European Data […]
Liability: Responsibility for Processing Personal Data
New Years Eve is a time when we all tend to look back on the past year and revel in achievements and berate ourselves for mistakes made or goals not yet achieved. I also find that this is a time when I start to regret some of the holiday gifts I purchased. Things I thought […]
BeReal – Too Real to Accept a No?
The French social media app BeReal promises its audience a daily dose of real life. Users are encouraged to “BeReal” by sharing daily selfies with their followers. To that end, every day at a random time, users receive a notification inviting them to „BeReal“ and take and post a photo of themselves within the next […]
Chile Aprueba Nueva Ley de Protección de Datos
La nueva ley de protección de datos personales, Ley 21.719 se publicó hoy, 13 de diciembre de 2024 en el diario oficial de la República de Chile. La nueva ley entrará en vigor 24 meses después de su publicación esto es, en Diciembre de 2026. De acuerdo con el portal de internet del gobierno de […]
Chile Approves New Data Protection Law
The new personal data protection law, Law 21.719 was published on December 13, 2024 in the official gazette of the Republic of Chile. The new law will enter into force 24 months after its publication, namely, in December 2026. According to the Chilean government’s website, the new law brings the Chilean standard of personal data […]
Copyright Lawsuit Against OpenAI in India
Indian news agency ANI has filed a lawsuit against OpenAI, accusing the company of using copyrighted material without authorization. ANI joins a growing group of publishers worldwide challenging OpenAI and other AI developers over similar practices. The lawsuit, filed in the Delhi High Court, centers on OpenAI’s use of publicly available content for training its […]
The Icelandic DPA Upholds Legitimate Interest of Cross-Checking Caller Information and Follow-Up Surveys
In a recent decision, the Icelandic Data Protection Authority (DPA), Persónuvernd, upheld the legitimate interest of companies sending customer satisfaction surveys and cross-referencing caller information. The case involved the insurance company VÍS and one of its customers and addressed whether a data controller could lawfully cross-check a (anonymous) caller’s phone number with its customer database […]