Latest from GDPR Legal & Regulation
CJEU rules electronic communication location data must only be used in investigations of ’serious crime’
Location data drawn from electronic communications must only be used by law enforcement investigations involving ‘serious crimes’ and to prevent ‘serious threats to public security’, the European Court of Justice (CJEU) has ruled.
Data adequacy: a flawed concept?
Following Schrems and Brexit, international data-sharing and the concept of adequacy has dominated much of the global news on data protection. But is adequacy itself a flawed concept? Marty Abrams explains why he thinks we need a better alternative
GDPR ‘out of date’ and needs revising, says one of its architects
Europe’s data protection laws need updating to take into account increased remote working and new technologies, according to a politician who was a driving force behind the legislation.
UK minister signals divergence: 'EU doesn’t hold the monopoly on data protection'
A United Kingdom government minister has signalled the country is likely to diverge from the European Union on data protection.
Luxembourg’s privacy commissioner defends lack of GDPR fines
A commissioner at the Luxembourg data protection agency has defended the lack of fines for General Data Protection Regulator (GDPR) breaches in the country, where many multi-national businesses are based.
The EU’s UK adequacy decision should not be seen as a cast-iron permanent solution
Businesses breathed a sigh of relief last week when the European Union issued a draft adequacy decision guaranteeing the continued free flow of personal data between the EU and UK. Muzaffar Shah argues however that potential regulatory divergence and legal precedent point to an uncertain future for the arrangement.
Spain fined €15m for failing to adopt data protection directive
The EU’s Court of Justice has imposed a €15m ($18.0m) financial penalty on Spain for not adopting a European Commission (EC) directive about the protection of personal data. The court also ruled Madrid must pay €89,000 daily while it fails to comply.
Irish commissioner warns against data protection law dilution
Ireland’s data protection commissioner Helen Dixon has spoken out about the dangers of data protection regulations being used to resolve other matters and becoming the “law of absolutely everything.”
European Commission issues draft data adequacy decision for UK
The European Commission has issued draft adequacy decisions for the transfer of personal data to the United Kingdom.
Facebook fined €7m in Italy for non-compliance with data practices
Italy’s Competition Authoity has fined Facebook €7m ($8.42m) for not complying with changes to data practices ordered by the anti-trust authority in November 2018
Consumer body says TikTok potentially breached GDPR
TikTok may have breached the General Data Protection Regulation (GDPR) through the misleading processing of personal data, according to the European Consumer Organisation BEUC said.
EU-UK data adequacy decision proposal ‘expected within days’
The European Commission is widely expected to propose data adequacy for the UK within days.
EU member states agree negotiating stance for ePrivacy regulation
European Union member states have agreed a joint position on the proposed ePrivacy regulation, allowing the EU President to open talks with parliament about the final text.
British Airways and TalkTalk civil claims emphasise the need for data security vigilance
Following the ICO’s record fine for British Airways under the GDPR, Julian Hayes and Guevara Leacock, consider the potentially very expensive group claim civil action now being prepared.
Norway’s DPA proposes €9.65m fine for Grindr dating app
Norway’s data protection authority has notified gay dating app Grindr that it intends to impose a financial penalty of NOK100 M ($11.7m, €9.65m) on the company for breaching consent requirements under the General Data Protection Regulation (GDPR).
GDPR and CCPA: where the differences lie
California’s Consumer Protection Act in many ways looks like the General Data Protection Regulation, but there are some significant differences. Darren Wray provides a handy guide to understanding how the two pieces of legislation differ from each other.
GDPR fines increase 19% year-on-year as regulators ‘test limits of powers’
Daily breaches of the General Data Protection Regulation (GDPR) increased 19% in the last 12 months compared to the previous year, according to research.
‘Stretched’ Irish DPC pleaded for more resources, document reveals
The Data Protection Commission (DPC) in Ireland reportedly asked the government for more staff, financing and a reorganised structure ahead of October’s Budget
German retailer vows to fight €10.4million GDPR fine for video-monitoring employees
An online electronics retailer fined for GDPR breaches over its use of video cameras in the workplace has branded its $10.4m fine “unlawful” and vowed to fight it
BA facing potential ‘£800m’ lawsuit over data breach
British Airways (BA) is potentially facing the largest privacy class-action lawsuit in UK history over its mass customer data breach that affected 400,000 people, according to a law firm involved.
The data protection and privacy trends to watch out for in 2021
PrivSec Report looks forward to the new year and what it could mean for the privacy and data protection worlds.
The importance of training: an interview with Lawpilots CEO Philipp v. Bülow
Remote working, rising cyber-crime and increased data protection regulation mean that it has never been more important to ensure your staff are well-trained. In this Q&A, Philipp v. Bülow of Lawpilots explains what a good training programme should include.
Charting the UK Data Protection Profession: December 2020 Report
Data Protection World Forum and The DPO Centre are delighted to bring you the second Index survey report from the ground-breaking UK Data Protection Index.
French food retail giant Carrefour fined €3m for GDPR breaches
The French multinational retailer Carrefour has been fined €3m for multiple data protection failings.
German court slashes ‘unreasonably high’ GDPR fine by 90%
A €9.55m fine for a telecommunications service provider for breaching GDPR has been reduced to just €900,000 by a German appeals court.
