Safe bank


Bank privacy processes questioned after U.K. ‘debanking’ scandal


The furor over NatWest Group’s decision to monitor and close the account of right-wing Brexit campaigner Nigel Farage—and then disclose the details to a journalist—has raised questions regarding whether other banks employ the same means to get rid of undesirable customers.

TikTok building

News Brief

TikTok fined $368M in children’s privacy GDPR ruling


The Irish Data Protection Commission announced a penalty of €345 million (U.S. $368 million) against popular social media company TikTok over alleged violations of the General Data Protection Regulation during a five-month period in 2020.



Fallout from ‘debanking’ scandal suggests more U.K. bank reforms coming


The former CEO of NatWest’s decision to leak client details to the press regarding Nigel Farage is likely to cost the financial industry millions in new compliance checks as U.K. regulators prepare reviews into how banks treat people with extreme political views.



Paying ransom to avoid GDPR fine an unwise gambit


Companies that think paying reduced ransomware demands would be a better move than informing regulators of a data breach and facing enforcement are playing with fire, according to experts.


News Brief

Swedish DPA fines Trygg-Hansa $3.2M for GDPR breaches


Sweden’s data protection authority issued a penalty of 35 million Swedish krona (U.S. $3.2 million) against insurance company Trygg-Hansa for alleged security flaws that made customer insurance information accessible on the internet.

Business argument


Pressure on DPAs to ensure success of GDPR cross-border proposal


Plans to speed up General Data Protection Regulation cases against the likes of Big Tech firms by improving cooperation among the European Union’s data regulators have been largely welcomed by experts.

EU US privacy


Expert views mixed on viability of new EU-U.S. data transfer framework


The European Commission might have given a green light to the latest mechanism to allow safe data transfers between the European Union and the United States, but experts have mixed views regarding how long it will last and whether it is even legal.

Meta Platforms

News Brief

Norwegian DPA threatens Meta with fines over behavioral advertising


The Norwegian Data Protection Authority is set to impose a temporary ban on Meta carrying out behavioral advertising on Facebook and Instagram using the personal information of users in the country.

Global data

News Brief

EU adopts Privacy Shield replacement for U.S. data transfers


The European Commission announced it adopted a new agreement with the United States to allow for transatlantic data flows without fear of violating the European Union’s General Data Protection Regulation.


News Brief

EU proposal eyes clearer GDPR cross-border case guidelines


The European Commission seeks to combat longstanding issues under the General Data Protection Regulation regarding cross-border cases with new proposed rules.


News Brief

French DPA fines adtech firm Criteo $44M under GDPR


Adtech firm Criteo was assessed a penalty of €40 million (U.S. $44 million) for multiple alleged violations of the General Data Protection Regulation, including failing to verify it gained consent to process the data of European Union citizens.


News Brief

Lawsuit: Ex-Grindr privacy chief alleges firing over red flags raised


The former chief privacy officer at Grindr is suing the company behind the LGBTQ dating app for wrongful termination regarding alleged privacy violations he raised that new management ignored.

AI Law


As AI Act moves forward, concerns of undermined GDPR persist


The European Union wants to bolster tech innovation within the single market as artificial intelligence is predicted to catapult economic growth, but some have expressed fears AI use might conflict with levels of automatic protection expected under the General Data Protection Regulation.


News Brief

Swedish DPA fines Spotify $5.4M for ‘low level’ GDPR lapses


Sweden’s data protection authority levied a fine of 58 million Swedish krona (U.S. $5.4 million) against music streaming service Spotify following an audit on how the company handles customers’ rights to access their personal data.


News Brief

Microsoft reserves $425M for LinkedIn GDPR penalty


Microsoft will reserve $425 million to pay a potential fine from the Irish Data Protection Commission regarding alleged violations of the General Data Protection Regulation by its social media subsidiary, LinkedIn.

GDPR gears


Five years of GDPR: Experts forecast changes to come for landmark privacy law


The fifth anniversary of the European Union’s General Data Protection Regulation coming into force has highlighted the many successes of the legislation but also exposed areas where the law is still untested and unclear.

Meta building


Record Meta fine brings wider GDPR ramifications for EU-U.S. data transfers


Meta’s latest punishment for breaching the European Union’s General Data Protection Regulation will have far-reaching ramifications for companies both in Europe and beyond.



Five years in, GDPR still a lightning rod for criticism


The General Data Protection Regulation risks losing credibility if enforcement is not harmonized and privacy by design is not at the heart of tech innovation, said EU officials during a summit marking the fifth anniversary of the legislation.

Facebook Ireland

News Brief

Meta fined record $1.3B in GDPR data transfer ruling


The Irish Data Protection Commission announced a record penalty of €1.2 billion (U.S. $1.3 billion) against Meta regarding its transfers of user data from the European Union to the United States in violation of the General Data Protection Regulation.

Austrian Post


Experts: Austrian Post GDPR ruling offers clarity on damages compensation


A decision by Europe’s Supreme Court regarding Austria’s main postal service might make it easier for the bloc’s citizens to bring legal claims for privacy breaches—with potentially unlimited scope for damages.

Clearview AI

News Brief

French DPA fines Clearview AI $5.7M for noncompliance with previous order


France’s data protection authority last month fined facial recognition company Clearview AI €5.2 million (then-U.S. $5.7 million) for failing to comply with an October order to cease and desist from further violations of the General Data Protection Regulation.


News Brief

Croatian DPA levies largest GDPR fine


The Croatian data protection authority handed down its largest penalty under the General Data Protection Regulation to date: a fine of nearly €2.3 million (U.S. $2.5 million) against debt collector B2 Kapital.

Meta building


Big Tech, ad industry bracing for Meta data transfer decision


Meta and other Big Tech firms will soon learn if they might be prevented from transferring the personal data of European citizens to the United States in the way they do now.


News Brief

​ChatGPT back in Italy after user privacy updates


ChatGPT restored access for Italian users after changes to its privacy controls were welcomed by the country’s data protection authority.

ChatGPT logo


Is ChatGPT the privacy problem? Or is GDPR?


Scrutiny into ChatGPT has reignited concerns the General Data Protection Regulation is either stifling innovations in technology or that the legislation is not flexible enough to keep pace with technological advances. Experts weigh in.

GDPR EU flag


‘Divergence is coming’: Experts cast doubt on EU adopting U.K. GDPR reforms


Despite suggestions the European Union could look to the United Kingdom when considering future changes to the General Data Protection Regulation, legal experts question the impact planned U.K. reforms to the privacy law will have on multinational businesses.

ChatGPT logo

News Brief

EDPB task force latest scrutinizing ChatGPT, AI accountability


The European Data Protection Board is the latest regulatory body assessing the applicability of ChatGPT amid skyrocketing data privacy concerns regarding the popular artificial intelligence platform.


News Brief

TikTok fined $15.9M for violations of U.K. GDPR


Social media platform TikTok was fined £12.7 million (U.S. $15.9 million) by the U.K. Information Commissioner’s Office for using the personal data of children without parental consent and other violations of data protection mandates.


News Brief

ChatGPT exits Italy after GDPR violation warning


The Italian data protection authority shut down ChatGPT in the country, alleging the AI chatbot violates European Union privacy laws and has no controls to stop it interacting inappropriately with young children.

London cityscape

News Brief

U.K. moves forward with GDPR reform bill


The U.K. government formally introduced a bill to reform the country’s data privacy laws in a manner projected to save British businesses “billions.”

Virgin Media


U.K. push for GDPR reprimand transparency draws mixed reviews


The U.K. Information Commissioner’s Office began publishing the details of cases where organizations breached the General Data Protection Regulation but were not fined. Legal experts share their take on the initiative.

EU US privacy


Privacy Shield replacement on track, though hurdles remain


The agreement on a new framework for transatlantic data flows between the United States and European Union could be finalized this year. Whether it can stand legal scrutiny is the real question.

Energy company

News Brief

Italian DPA fines Edison Energia $5.2M over GDPR lapses


The Italian data protection authority penalized electric utility company Edison Energia for multiple alleged violations of the General Data Protection Regulation regarding marketing communications and data processing transparency.

Experian sign


Ruling in Experian GDPR case thrusts ‘legitimate interest’ into spotlight


Experian won a legal battle against the U.K. Information Commissioner’s Office after the data regulator ordered the credit reference agency to make “fundamental changes” over the way it handled personal data for direct marketing purposes or stop altogether.



GDPR push for privacy by design still ‘a long way off’


Italy’s data protection authority banned U.S.-based AI chatbot creator Replika from processing the personal data of Italian users because of risks the service posed to minors and vulnerable people—the latest example of a tech company’s product running afoul of the GDPR.

Business data


Experts: New AI laws pose risk of overlap with data protection mandates


Companies are at serious risk of facing multiple fines for the same offense under different sets of legislation if the artificial intelligence technologies they employ misuse personal data or cause harm to consumers, according to legal experts.

WhatsApp phone

News Brief

WhatsApp fined $5.9M for lawful processing GDPR violations


The Irish Data Protection Commission announced a fine of €5.5 million (U.S. $5.9 million) against WhatsApp under the General Data Protection Regulation for forcing users to consent to updated terms and conditions or lose access to the service.

Facebook Ireland

News Brief

Meta fined $414M for targeted advertising GDPR breaches


The Irish Data Protection Commission fined Meta Ireland a total of €390 million (U.S. $414 million) for breaching the General Data Protection Regulation by forcing users to agree their personal data can be used for targeted advertising to access Facebook and Instagram.



Ten things I’d like to see happen in 2023 (2022 in review)


Expect big developments for the compliance profession in 2022 to continue to take center stage in the year ahead, including CCO certifications, climate-related disclosures, and more.



Irish DPC probing Twitter over breach affecting 5.4M users


The Irish Data Protection Commission is investigating whether Twitter violated the European Union’s General Data Protection Regulation regarding a data breach alleged to have affected 5.4 million users.



Portugal statistics office fined record $4.6M for GDPR violations


The government office for national statistics in Portugal was assessed a fine of €4.3 million (U.S. $4.6 million) by the country’s data protection authority for multiple violations of the General Data Protection Regulation that occurred during its 2021 census work.



Clubhouse app operator fined $2M for GDPR violations


Alpha Exploration, operator of the social media app Clubhouse, received a penalty from the Italian data protection authority for the unlawful processing of EU citizens’ data in violation of the General Data Protection Regulation.

Meta building


Meta fined $274M under GDPR for data scraping breach


Meta Platforms Ireland was fined €265 million (U.S. $274 million) for failing to put in place adequate measures to protect users’ data after a leak compromised the personal details of more than half a billion individuals.

Facebook Ireland


Privacy advocate sues Meta over targeted ad GDPR violation claims


A privacy and human rights advocate sued Meta Platforms in the United Kingdom, claiming the social media giant is refusing her request to stop being targeted with advertising based on her use of Facebook.



​Discord fined $830K for GDPR lapses


Discord, a popular communication service primarily utilized by the video game community, was assessed a fine of €800,000 (U.S. $829,000) by the French data protection authority for multiple violations of the General Data Protection Regulation related to safeguarding user data.



ICO warns of ‘complacency’ in fining Interserve $5M under GDPR


The U.K. Information Commissioner warned companies not to ignore “crucial measures” to prevent cyber incidents following his office’s decision to fine construction firm Interserve £4.4 million (U.S. $5 million) for failing to secure employee personal information.

France privacy


French DPA latest to fine Clearview AI over GDPR violations


France’s CNIL became the fourth European data protection authority this year to fine Clearview AI over its controversial facial image aggregation practices, matching a pair of its counterparts with a €20 million (U.S. $19.6 million) penalty.

exterro gdpr ebook thumbnail


e-Book: How the EU might move forward with GDPR

2022-10-20T03:05:00+01:00Provided by

Data privacy experts believe the mechanisms in place under the General Data Protection Regulation (GDPR) to ensure compliance, enforcement, and redress need revisiting—and quickly.

Employee monitoring


ICO guidance stresses importance of reasoning in employee monitoring


The U.K. Information Commissioner’s Office issued draft guidance to help ensure employers’ monitoring of staff performance does not turn into surveillance or harassment.

White House


U.S. includes surveillance concessions in new transatlantic data flow framework


President Joe Biden’s executive order on a data privacy framework aims to provide a workable, legally resilient solution for companies to continue moving and storing the personal data of EU-based citizens to American-based servers without running afoul of the GDPR.