What’s the problem for GDPR repeat offenders?


The General Data Protection Regulation has been in force for nearly six years. Some industries—and some companies—have been more prone to fall foul of the rules than others.


News Brief

Czech DPA fines Avast $15M over GDPR violations


The Czech Republic’s data protection authority issued a fine of 351 million Czech koruna (U.S. $15 million) against antivirus software vendor Avast for alleged violations of the General Data Protection Regulation.

EU data flag


EDPB decision sparks ‘consent or pay’ debate for Big Tech firms


Big Tech firms might need to rethink their plans to charge users for not selling their personal data for behavioral advertising following a decision by Europe’s primary data regulator.

Facial recognition scan


Focused on consumer privacy? Don’t forget employees’ rights


The implications of a privacy rights case involving a U.K.-based Uber Eats driver underscore a popular belief that companies prioritize protecting the personal information of their customers over the data rights of their employees.



New leadership no easy fix for Irish DPC’s GDPR woes


The Irish Data Protection Commission has a new leadership structure, but it is uncertain whether the changes can get the key privacy regulator caught up on enforcement of the General Data Protection Regulation.

UK privacy


ICO primed for enforcement increase behind new fining guidance?


The Information Commissioner’s Office updated its data protection fining guidance to provide companies with greater transparency and clarity about how and why it would issue penalties for a breach of the U.K. General Data Protection Regulation or Data Protection Act 2018.

Privacy Shield


Privacy by design a silver bullet for stemming AI risks?


The proliferation of artificial intelligence technologies—and their reliance on publicly available data—has reinforced the need for tech developers and the companies using their solutions to ensure privacy by design and by default is at the crux of any offering.


News Brief

​Italian DPA fines UniCredit $3M over data breach GDPR lapses


The Italian data protection authority announced a fine of €2.8 million (U.S. $3 million) against UniCredit for alleged violations of the General Data Protection Regulation regarding insufficient security measures the bank had in place during a cyberattack.

GDPR EU flag


Public consultation on GDPR opens door for changes


Feedback from a European Commission consultation on the six years of enforcement of the General Data Protection Regulation could result in tweaks to the rules and potential changes to the way data protection authorities enforce them.

Cloud Computing


Toeing the ‘fine line’ of cloud security compliance


When organizations move their data or operations to the cloud, the compliance team has their work cut out and then some, experts discussed at CW’s Cyber Risk & Data Privacy Summit.

Employee monitoring


The blurred lines of employee monitoring under GDPR


The French data regulator’s fine against an Amazon warehouse manager for violating employees’ rights to privacy in the workplace once again raises questions about what constitutes an overzealous approach to employee monitoring and why companies fail to recognize the signs.

Amazon warehouse


Examining precedent set by French DPA’s Amazon employee monitoring fine


The decision by France’s data regulator to fine an Amazon warehouse manager for breaches of the General Data Protection Regulation over the way it monitored employee productivity raises questions about the reach data protection authorities have over corporate conduct.


News Brief

Uber facing $11M fine over driver privacy rights violations


Ride-hailing company Uber Technologies was assessed a penalty of €10 million (U.S. $11 million) by the Dutch Data Protection Authority for alleged privacy rights violations regarding the handling of European drivers’ personal data.

Meta Platforms


Meta’s ‘pay or consent’ model to force GDPR to adapt?


Experts weigh in on Meta’s plans to charge EU users monthly if they do not want to be tracked for online advertising and what the ramifications of the model would mean for the future of the General Data Protection Regulation.


News Brief

ICO seeking input on generative AI to inform guidance


The U.K. Information Commissioner’s Office is seeking input from developers, users, and those interested in generative artificial intelligence to help inform policy and guidance regarding the technology.

Amazon trucks

News Brief

Amazon unit fined $35M under GDPR for employee productivity tracking


Amazon’s warehouse management arm in France was assessed a penalty of €32 million (U.S. $35 million) for violating the General Data Protection Regulation by excessively tracking the productivity of employees.


News Brief

GDPR-minded Microsoft offers cloud customers EU-based personal data storage


Microsoft announced an expansion to its European Union data storage efforts that would allow cloud customers to keep all personal data stored within the EU boundary.

AI globe


Shades of GDPR? Experts assess AI Act as global standard


As the European Union’s AI Act sets its sights on 2026 to take full effect, experts are concerned other key jurisdictions might introduce divergent legislation that treats artificial intelligence use differently, thus making it difficult for companies to ensure compliance.



Assessing impact of court ruling on GDPR strict liability


The idea companies can be held “strictly liable” for violations of the European Union’s privacy rules was shot down, following a judgment from Europe’s top court relating to a case involving German property company Deutsche Wohnen.

Data privacy


Experts: More privacy rules, enforcement expected in 2024


Businesses can prepare for a bumpy ride as the 2024 global landscape of data privacy and other related laws and regulations begins to take shape.

Germany privacy

News Brief

Deutsche Wohnen earns CJEU win in high-profile GDPR appeal


German property company Deutsche Wohnen’s court win regarding a penalty levied against it for alleged violations of the General Data Protection Regulation carries notable ramifications for enforcement of the EU privacy law.

NatWest building


Experts: ICO apology to ex-CEO does not absolve NatWest of GDPR liability


Just because Alison Rose received a public apology from the U.K. Information Commissioner’s Office regarding the suggestion she might have violated the General Data Protection Regulation doesn’t mean NatWest could avoid sanction.


News Brief

Axpo Italia fined $10.5M in GDPR case over data processing


Axpo Italia, a producer and trader of renewable energy products, was penalized under the General Data Protection Regulation by the Italian data protection authority for processing inaccurate and outdated personal data of customers.


News Brief

FCA flags potential regulatory breaches at NatWest regarding Farage scandal


An independent review into how NatWest handled the closure of politician Nigel Farage’s Coutts account uncovered potential regulatory breaches by the bank that are on the radar of the U.K. Financial Conduct Authority.


News Brief

EOS Matrix battles back against Croatian DPA in $5.8M GDPR case


Debt collector EOS Matrix said it will challenge a General Data Protection Regulation penalty levied against it by the Croatian data protection authority after finding the data in question in the case does not match the data in its database.

Online Database


Expert: How data hoarding increases businesses’ cyber risks


Holding on to data for longer than necessary creates vulnerabilities for businesses by giving cyberattackers more avenues to access an organization’s computer systems.

Safe bank


Bank privacy processes questioned after U.K. ‘debanking’ scandal


The furor over NatWest Group’s decision to monitor and close the account of right-wing Brexit campaigner Nigel Farage—and then disclose the details to a journalist—has raised questions regarding whether other banks employ the same means to get rid of undesirable customers.

TikTok building

News Brief

TikTok fined $368M in children’s privacy GDPR ruling


The Irish Data Protection Commission announced a penalty of €345 million (U.S. $368 million) against popular social media company TikTok over alleged violations of the General Data Protection Regulation during a five-month period in 2020.



Fallout from ‘debanking’ scandal suggests more U.K. bank reforms coming


The former CEO of NatWest’s decision to leak client details to the press regarding Nigel Farage is likely to cost the financial industry millions in new compliance checks as U.K. regulators prepare reviews into how banks treat people with extreme political views.



Paying ransom to avoid GDPR fine an unwise gambit


Companies that think paying reduced ransomware demands would be a better move than informing regulators of a data breach and facing enforcement are playing with fire, according to experts.


News Brief

Swedish DPA fines Trygg-Hansa $3.2M for GDPR breaches


Sweden’s data protection authority issued a penalty of 35 million Swedish krona (U.S. $3.2 million) against insurance company Trygg-Hansa for alleged security flaws that made customer insurance information accessible on the internet.

Business argument


Pressure on DPAs to ensure success of GDPR cross-border proposal


Plans to speed up General Data Protection Regulation cases against the likes of Big Tech firms by improving cooperation among the European Union’s data regulators have been largely welcomed by experts.

EU US privacy


Expert views mixed on viability of new EU-U.S. data transfer framework


The European Commission might have given a green light to the latest mechanism to allow safe data transfers between the European Union and the United States, but experts have mixed views regarding how long it will last and whether it is even legal.

Meta Platforms

News Brief

Norwegian DPA threatens Meta with fines over behavioral advertising


The Norwegian Data Protection Authority is set to impose a temporary ban on Meta carrying out behavioral advertising on Facebook and Instagram using the personal information of users in the country.

Global data

News Brief

EU adopts Privacy Shield replacement for U.S. data transfers


The European Commission announced it adopted a new agreement with the United States to allow for transatlantic data flows without fear of violating the European Union’s General Data Protection Regulation.


News Brief

EU proposal eyes clearer GDPR cross-border case guidelines


The European Commission seeks to combat longstanding issues under the General Data Protection Regulation regarding cross-border cases with new proposed rules.


News Brief

French DPA fines adtech firm Criteo $44M under GDPR


Adtech firm Criteo was assessed a penalty of €40 million (U.S. $44 million) for multiple alleged violations of the General Data Protection Regulation, including failing to verify it gained consent to process the data of European Union citizens.


News Brief

Lawsuit: Ex-Grindr privacy chief alleges firing over red flags raised


The former chief privacy officer at Grindr is suing the company behind the LGBTQ dating app for wrongful termination regarding alleged privacy violations he raised that new management ignored.

AI Law


As AI Act moves forward, concerns of undermined GDPR persist


The European Union wants to bolster tech innovation within the single market as artificial intelligence is predicted to catapult economic growth, but some have expressed fears AI use might conflict with levels of automatic protection expected under the General Data Protection Regulation.


News Brief

Swedish DPA fines Spotify $5.4M for ‘low level’ GDPR lapses


Sweden’s data protection authority levied a fine of 58 million Swedish krona (U.S. $5.4 million) against music streaming service Spotify following an audit on how the company handles customers’ rights to access their personal data.


News Brief

Microsoft reserves $425M for LinkedIn GDPR penalty


Microsoft will reserve $425 million to pay a potential fine from the Irish Data Protection Commission regarding alleged violations of the General Data Protection Regulation by its social media subsidiary, LinkedIn.

GDPR gears


Five years of GDPR: Experts forecast changes to come for landmark privacy law


The fifth anniversary of the European Union’s General Data Protection Regulation coming into force has highlighted the many successes of the legislation but also exposed areas where the law is still untested and unclear.

Meta building


Record Meta fine brings wider GDPR ramifications for EU-U.S. data transfers


Meta’s latest punishment for breaching the European Union’s General Data Protection Regulation will have far-reaching ramifications for companies both in Europe and beyond.



Five years in, GDPR still a lightning rod for criticism


The General Data Protection Regulation risks losing credibility if enforcement is not harmonized and privacy by design is not at the heart of tech innovation, said EU officials during a summit marking the fifth anniversary of the legislation.