India has entered a new phase in its privacy journey with the Digital Personal Data Protection Act (DPDPA), 2023 and its recently notified Rules. Together, they establish a comprehensive regulatory system governing digital personal data and operationalize the fundamental right to privacy enshrined in the Constitution of India. The government has chosen a staggered rollout […]
personal data
Bibbidi Bobbidi Boo, Here’s a Fine for You – Disney’s $10M COPPA Case
Sometimes even the strongest magic cannot hide a compliance misstep, as the Federal Trade Commission (FTC) reminded Disney that even their enchantments must follow the rules. On September 2, 2025, a settlement of $10 million was reached between Disney Worldwide Service, Inc. and Disney Entertainment Operations LLC (Disney) and the FTC. Disney is one of […]
Pseudonymised Data: Not Always Personal According to The Latest CJEU Judgement
On 4 September 2025, the Court of Justice of the European Union (CJEU) handed down its judgment in EDPS v Single Resolution Board (C-413/23 P). The ruling addresses a fundamental question in EU data protection law: when pseudonymised information qualifies as personal data, and for whom. This decision provides important clarification on the scope of […]
News from the UK: The ICO’s Online Tracking Strategy 2025
The UK data protection authority, Information Commissioner’s Officer (ICO), has recently published news regarding their online tracking strategy for 2025. Recognizing that “being tracked online is part of daily life for most people”, in 2024 the ICO implemented a number of initiatives to enhance people’s control over how they are tracked. Among such initiatives, the […]
Italian Data Protection Authority bans DeepSeek for Italian market
In the past years, the Italian Data Protection Authority (Garante per la Protezione dei dati personali) has made clear statements towards big technology companies introducing their services in Italy, prior to the verification of GDPR and Italian Data Protection Act compliance. We are referring to the Clearview case of 2022, that caused a fine of […]
The GDPR and the AI Act: A Harmonized Yet Complex Regulatory Landscape
The European Union has recently introduced the AI Act, poised to become the cornerstone of AI governance across the EU. This groundbreaking regulation is designed to address the risks AI systems pose to health, safety, and fundamental rights, complementing the protections already established by the General Data Protection Regulation (GDPR). Together, these frameworks create a […]
Understanding China’s new Measures for the Certification of Personal Information Protection for Overseas Transfers
The Personal Information Protection Law and the Network Data Security Management Regulation, among other laws and regulations, stipulate the methods for transferring personal information overseas, including: a data transfer security assessment, a standard contract, and certification. Additionally, other conditions may permit the personal information overseas transfer. Recently, the Cyberspace Administration of China (“CAC”) released the […]
Liability: Responsibility for Processing Personal Data
New Years Eve is a time when we all tend to look back on the past year and revel in achievements and berate ourselves for mistakes made or goals not yet achieved. I also find that this is a time when I start to regret some of the holiday gifts I purchased. Things I thought […]
Chile Approves New Data Protection Law
The new personal data protection law, Law 21.719 was published on December 13, 2024 in the official gazette of the Republic of Chile. The new law will enter into force 24 months after its publication, namely, in December 2026. According to the Chilean government’s website, the new law brings the Chilean standard of personal data […]
Protecting Privacy, one State at a time: Maryland’s new Privacy Law
In the world we live in trends are an everyday thing, from YouTube Videos to TikTok challenges, from the clothes people wear to the music they listen to. We see trends in every part of our everyday lives. Sometimes in government, just like in our private lives, when something is a good idea (sometimes even […]
Unlawful use of a GPS tracking tool installed in company cars was found by the Austrian DPA
The installation of a GPS tracking tool on the company fleet cars has always been a pretty delicate and sometimes controversial topic, on which data protection implications have a critical role when deciding the way it is implemented, in accordance with the principles of privacy by design and by default. The case of the Austrian […]
Access to employee emails: A delicate balance between business needs and privacy rights
In the landscape of corporate operations, accessing employee emails may sometimes feel like a necessity for companies. Whether to investigate suspected misconduct of current employees, facilitate operational management during an employee’s prolonged absence, or streamline the transition after an employee departs, the reasons can be varied. However, this task is not straightforward as there are […]
CJEU rules on Right of Access and first copy of personal data: what companies should know
The Court of Justice of the European Union (CJEU) issued a recent ruling in case C-307/22, highlighting important considerations regarding the extent of the right of access under Article 15 of the GDPR. This ruling carries significant implications for companies that process personal data under the GDPR. It asserts that the GDPR right of access […]
New Data Protection Law in Saudi Arabia
Individual privacy in Saudi Arabia and the protection of personal data have long fallen under the general provisions of Saudi law and not under the specific provisions on „data protection“ or „data security“. In the absence of specific laws, Islamic law generally applies in Saudi Arabia. Thus, Saudi courts dealt with data protection issues according […]
WhatsApp switches its legal basis to „Legitimate Interest“ due to severe sanctions
It is by far not the first time that Meta and its platforms had to face scrutiny in terms of their privacy policy. This time around, the Irish Data Protection Commission (DPC) sanctioned WhatsApp with a fine of 5.5 million Euros due to the lack of a legitimate legal basis for processing personal data in […]
1 2