The latest on GDPR breaches, test cases, guidance and legislative updates relating to data protection and privacy.

Latest from GDPR Legal & Regulation



CJEU rules electronic communication location data must only be used in investigations of ’serious crime’


Location data drawn from electronic communications must only be used by law enforcement investigations involving ‘serious crimes’ and to prevent ‘serious threats to public security’, the European Court of Justice (CJEU) has ruled.

Marty Abrams


Data adequacy: a flawed concept?

2021-03-04T07:00:00+00:00By Naomi Owen

Following Schrems and Brexit, international data-sharing and the concept of adequacy has dominated much of the global news on data protection. But is adequacy itself a flawed concept? Marty Abrams explains why he thinks we need a better alternative

axel voss


GDPR ‘out of date’ and needs revising, says one of its architects


Europe’s data protection laws need updating to take into account increased remote working and new technologies, according to a politician who was a driving force behind the legislation.



UK minister signals divergence: 'EU doesn’t hold the monopoly on data protection'


A United Kingdom government minister has signalled the country is likely to diverge from the European Union on data protection.



Luxembourg’s privacy commissioner defends lack of GDPR fines


A commissioner at the Luxembourg data protection agency has defended the lack of fines for General Data Protection Regulator (GDPR) breaches in the country, where many multi-national businesses are based.

data adequacy 2


The EU’s UK adequacy decision should not be seen as a cast-iron permanent solution

2021-02-26T08:52:00+00:00By Muzaffar Shah

Businesses breathed a sigh of relief last week when the European Union issued a draft adequacy decision guaranteeing the continued free flow of personal data between the EU and UK. Muzaffar Shah argues however that potential regulatory divergence and legal precedent point to an uncertain future for the arrangement.

spain parliament


Spain fined €15m for failing to adopt data protection directive


The EU’s Court of Justice has imposed a €15m ($18.0m) financial penalty on Spain for not adopting a European Commission (EC) directive about the protection of personal data. The court also ruled Madrid must pay €89,000 daily while it fails to comply.

helen dixon


Irish commissioner warns against data protection law dilution


Ireland’s data protection commissioner Helen Dixon has spoken out about the dangers of data protection regulations being used to resolve other matters and becoming the “law of absolutely everything.”

brexit EU


European Commission issues draft data adequacy decision for UK


The European Commission has issued draft adequacy decisions for the transfer of personal data to the United Kingdom.



Facebook fined €7m in Italy for non-compliance with data practices


Italy’s Competition Authoity has fined Facebook €7m ($8.42m) for not complying with changes to data practices ordered by the anti-trust authority in November 2018

tik tok


​Consumer body says TikTok potentially breached GDPR


TikTok may have breached the General Data Protection Regulation (GDPR) through the misleading processing of personal data, according to the European Consumer Organisation BEUC said.

data adequacy


EU-UK data adequacy decision proposal ‘expected within days’


The European Commission is widely expected to propose data adequacy for the UK within days.

europe map


EU member states agree negotiating stance for ePrivacy regulation


European Union member states have agreed a joint position on the proposed ePrivacy regulation, allowing the EU President to open talks with parliament about the final text.

data security 2


British Airways and TalkTalk civil claims emphasise the need for data security vigilance

2021-02-03T10:49:00+00:00By Julian Hayes and Guevara Leacock

Following the ICO’s record fine for British Airways under the GDPR, Julian Hayes and Guevara Leacock, consider the potentially very expensive group claim civil action now being prepared.

apple iphone


Norway’s DPA proposes €9.65m fine for Grindr dating app


Norway’s data protection authority has notified gay dating app Grindr that it intends to impose a financial penalty of NOK100 M ($11.7m, €9.65m) on the company for breaching consent requirements under the General Data Protection Regulation (GDPR).

magnifying glass


GDPR and CCPA: where the differences lie

2021-01-25T14:25:00+00:00By Darren Wray

California’s Consumer Protection Act in many ways looks like the General Data Protection Regulation, but there are some significant differences. Darren Wray provides a handy guide to understanding how the two pieces of legislation differ from each other.



GDPR fines increase 19% year-on-year as regulators ‘test limits of powers’

2021-01-22T10:11:00+00:00By GRC World Forums

Daily breaches of the General Data Protection Regulation (GDPR) increased 19% in the last 12 months compared to the previous year, according to research.



‘Stretched’ Irish DPC pleaded for more resources, document reveals

2021-01-19T15:12:00+00:00By GRC World Forums

The Data Protection Commission (DPC) in Ireland reportedly asked the government for more staff, financing and a reorganised structure ahead of October’s Budget



German retailer vows to fight €10.4million GDPR fine for video-monitoring employees


An online electronics retailer fined for GDPR breaches over its use of video cameras in the workplace has branded its $10.4m fine “unlawful” and vowed to fight it

british airways


BA facing potential ‘£800m’ lawsuit over data breach


British Airways (BA) is potentially facing the largest privacy class-action lawsuit in UK history over its mass customer data breach that affected 400,000 people, according to a law firm involved.

2021 privacy


The data protection and privacy trends to watch out for in 2021

2020-12-17T10:11:00+00:00By Catherine Wycherley

PrivSec Report looks forward to the new year and what it could mean for the privacy and data protection worlds.

Lawpilots CEO Philipp v. Bülow


The importance of training: an interview with Lawpilots CEO Philipp v. Bülow


Remote working, rising cyber-crime and increased data protection regulation mean that it has never been more important to ensure your staff are well-trained. In this Q&A, Philipp v. Bülow of Lawpilots explains what a good training programme should include.

The DP Index December 2020 Report


Charting the UK Data Protection Profession: December 2020 Report


Data Protection World Forum and The DPO Centre are delighted to bring you the second Index survey report from the ground-breaking UK Data Protection Index.

GDPR breaches


French food retail giant Carrefour fined €3m for GDPR breaches


The French multinational retailer Carrefour has been fined €3m for multiple data protection failings.

Customer Service


German court slashes ‘unreasonably high’ GDPR fine by 90%


A €9.55m fine for a telecommunications service provider for breaching GDPR has been reduced to just €900,000 by a German appeals court.