GDPR


Privacy Shield

Premium

Privacy by design a silver bullet for stemming AI risks?

2024-03-15T17:41:00+00:00By

The proliferation of artificial intelligence technologies—and their reliance on publicly available data—has reinforced the need for tech developers and the companies using their solutions to ensure privacy by design and by default is at the crux of any offering.

UniCredit

News Brief

​Italian DPA fines UniCredit $3M over data breach GDPR lapses

2024-03-11T15:54:00+00:00By

The Italian data protection authority announced a fine of €2.8 million (U.S. $3 million) against UniCredit for alleged violations of the General Data Protection Regulation regarding insufficient security measures the bank had in place during a cyberattack.

GDPR EU flag

Premium

Public consultation on GDPR opens door for changes

2024-02-20T14:24:00+00:00By

Feedback from a European Commission consultation on the six years of enforcement of the General Data Protection Regulation could result in tweaks to the rules and potential changes to the way data protection authorities enforce them.

Cloud Computing

Premium

Toeing the ‘fine line’ of cloud security compliance

2024-02-14T22:26:00+00:00By

When organizations move their data or operations to the cloud, the compliance team has their work cut out and then some, experts discussed at CW’s Cyber Risk & Data Privacy Summit.

Employee monitoring

Premium

The blurred lines of employee monitoring under GDPR

2024-02-09T20:03:00+00:00By

The French data regulator’s fine against an Amazon warehouse manager for violating employees’ rights to privacy in the workplace once again raises questions about what constitutes an overzealous approach to employee monitoring and why companies fail to recognize the signs.

Amazon warehouse

Premium

Examining precedent set by French DPA’s Amazon employee monitoring fine

2024-02-07T18:03:00+00:00By

The decision by France’s data regulator to fine an Amazon warehouse manager for breaches of the General Data Protection Regulation over the way it monitored employee productivity raises questions about the reach data protection authorities have over corporate conduct.

Uber

News Brief

Uber facing $11M fine over driver privacy rights violations

2024-02-05T19:38:00+00:00By

Ride-hailing company Uber Technologies was assessed a penalty of €10 million (U.S. $11 million) by the Dutch Data Protection Authority for alleged privacy rights violations regarding the handling of European drivers’ personal data.

Meta Platforms

Premium

Meta’s ‘pay or consent’ model to force GDPR to adapt?

2024-01-31T14:52:00+00:00By

Experts weigh in on Meta’s plans to charge EU users monthly if they do not want to be tracked for online advertising and what the ramifications of the model would mean for the future of the General Data Protection Regulation.

ICO

News Brief

ICO seeking input on generative AI to inform guidance

2024-01-25T21:38:00+00:00By

The U.K. Information Commissioner’s Office is seeking input from developers, users, and those interested in generative artificial intelligence to help inform policy and guidance regarding the technology.

Amazon trucks

News Brief

Amazon unit fined $35M under GDPR for employee productivity tracking

2024-01-24T03:50:00+00:00By

Amazon’s warehouse management arm in France was assessed a penalty of €32 million (U.S. $35 million) for violating the General Data Protection Regulation by excessively tracking the productivity of employees.

Microsoft

News Brief

GDPR-minded Microsoft offers cloud customers EU-based personal data storage

2024-01-12T18:41:00+00:00By

Microsoft announced an expansion to its European Union data storage efforts that would allow cloud customers to keep all personal data stored within the EU boundary.

AI globe

Premium

Shades of GDPR? Experts assess AI Act as global standard

2023-12-20T16:00:00+00:00By

As the European Union’s AI Act sets its sights on 2026 to take full effect, experts are concerned other key jurisdictions might introduce divergent legislation that treats artificial intelligence use differently, thus making it difficult for companies to ensure compliance.

GDPR_gavel

Premium

Assessing impact of court ruling on GDPR strict liability

2023-12-15T18:25:00+00:00By

The idea companies can be held “strictly liable” for violations of the European Union’s privacy rules was shot down, following a judgment from Europe’s top court relating to a case involving German property company Deutsche Wohnen.

Data privacy

Premium

Experts: More privacy rules, enforcement expected in 2024

2023-12-14T11:30:00+00:00By

Businesses can prepare for a bumpy ride as the 2024 global landscape of data privacy and other related laws and regulations begins to take shape.

Germany privacy

News Brief

Deutsche Wohnen earns CJEU win in high-profile GDPR appeal

2023-12-05T21:29:00+00:00By

German property company Deutsche Wohnen’s court win regarding a penalty levied against it for alleged violations of the General Data Protection Regulation carries notable ramifications for enforcement of the EU privacy law.

NatWest building

Premium

Experts: ICO apology to ex-CEO does not absolve NatWest of GDPR liability

2023-11-16T15:54:00+00:00By

Just because Alison Rose received a public apology from the U.K. Information Commissioner’s Office regarding the suggestion she might have violated the General Data Protection Regulation doesn’t mean NatWest could avoid sanction.

ItalyFee

News Brief

Axpo Italia fined $10.5M in GDPR case over data processing

2023-11-10T15:13:00+00:00By

Axpo Italia, a producer and trader of renewable energy products, was penalized under the General Data Protection Regulation by the Italian data protection authority for processing inaccurate and outdated personal data of customers.

NatWest

News Brief

FCA flags potential regulatory breaches at NatWest regarding Farage scandal

2023-10-27T17:17:00+01:00By

An independent review into how NatWest handled the closure of politician Nigel Farage’s Coutts account uncovered potential regulatory breaches by the bank that are on the radar of the U.K. Financial Conduct Authority.

Croatia

News Brief

EOS Matrix battles back against Croatian DPA in $5.8M GDPR case

2023-10-13T14:39:00+01:00By

Debt collector EOS Matrix said it will challenge a General Data Protection Regulation penalty levied against it by the Croatian data protection authority after finding the data in question in the case does not match the data in its database.

Online Database

Premium

Expert: How data hoarding increases businesses’ cyber risks

2023-10-11T20:21:00+01:00By

Holding on to data for longer than necessary creates vulnerabilities for businesses by giving cyberattackers more avenues to access an organization’s computer systems.

Safe bank

Premium

Bank privacy processes questioned after U.K. ‘debanking’ scandal

2023-09-21T19:05:00+01:00By

The furor over NatWest Group’s decision to monitor and close the account of right-wing Brexit campaigner Nigel Farage—and then disclose the details to a journalist—has raised questions regarding whether other banks employ the same means to get rid of undesirable customers.

TikTok building

News Brief

TikTok fined $368M in children’s privacy GDPR ruling

2023-09-15T17:50:00+01:00By

The Irish Data Protection Commission announced a penalty of €345 million (U.S. $368 million) against popular social media company TikTok over alleged violations of the General Data Protection Regulation during a five-month period in 2020.

Hodge_opinion

Opinion

Fallout from ‘debanking’ scandal suggests more U.K. bank reforms coming

2023-09-12T15:00:00+01:00By

The former CEO of NatWest’s decision to leak client details to the press regarding Nigel Farage is likely to cost the financial industry millions in new compliance checks as U.K. regulators prepare reviews into how banks treat people with extreme political views.

Ransomware

Premium

Paying ransom to avoid GDPR fine an unwise gambit

2023-09-07T13:21:00+01:00By

Companies that think paying reduced ransomware demands would be a better move than informing regulators of a data breach and facing enforcement are playing with fire, according to experts.

Trygg-Hansa

News Brief

Swedish DPA fines Trygg-Hansa $3.2M for GDPR breaches

2023-08-31T16:55:00+01:00By

Sweden’s data protection authority issued a penalty of 35 million Swedish krona (U.S. $3.2 million) against insurance company Trygg-Hansa for alleged security flaws that made customer insurance information accessible on the internet.

Business argument

Premium

Pressure on DPAs to ensure success of GDPR cross-border proposal

2023-08-01T13:34:00+01:00By

Plans to speed up General Data Protection Regulation cases against the likes of Big Tech firms by improving cooperation among the European Union’s data regulators have been largely welcomed by experts.

EU US privacy

Premium

Expert views mixed on viability of new EU-U.S. data transfer framework

2023-07-18T14:46:00+01:00By

The European Commission might have given a green light to the latest mechanism to allow safe data transfers between the European Union and the United States, but experts have mixed views regarding how long it will last and whether it is even legal.

Meta Platforms

News Brief

Norwegian DPA threatens Meta with fines over behavioral advertising

2023-07-17T14:43:00+01:00By

The Norwegian Data Protection Authority is set to impose a temporary ban on Meta carrying out behavioral advertising on Facebook and Instagram using the personal information of users in the country.

Global data

News Brief

EU adopts Privacy Shield replacement for U.S. data transfers

2023-07-10T17:41:00+01:00By

The European Commission announced it adopted a new agreement with the United States to allow for transatlantic data flows without fear of violating the European Union’s General Data Protection Regulation.

GDPR

News Brief

EU proposal eyes clearer GDPR cross-border case guidelines

2023-07-07T13:33:00+01:00By

The European Commission seeks to combat longstanding issues under the General Data Protection Regulation regarding cross-border cases with new proposed rules.

Criteo

News Brief

French DPA fines adtech firm Criteo $44M under GDPR

2023-06-22T16:29:00+01:00By

Adtech firm Criteo was assessed a penalty of €40 million (U.S. $44 million) for multiple alleged violations of the General Data Protection Regulation, including failing to verify it gained consent to process the data of European Union citizens.

Grindr

News Brief

Lawsuit: Ex-Grindr privacy chief alleges firing over red flags raised

2023-06-20T16:18:00+01:00By

The former chief privacy officer at Grindr is suing the company behind the LGBTQ dating app for wrongful termination regarding alleged privacy violations he raised that new management ignored.

AI Law

Premium

As AI Act moves forward, concerns of undermined GDPR persist

2023-06-16T13:00:00+01:00By

The European Union wants to bolster tech innovation within the single market as artificial intelligence is predicted to catapult economic growth, but some have expressed fears AI use might conflict with levels of automatic protection expected under the General Data Protection Regulation.

Spotify_web

News Brief

Swedish DPA fines Spotify $5.4M for ‘low level’ GDPR lapses

2023-06-13T19:25:00+01:00By

Sweden’s data protection authority levied a fine of 58 million Swedish krona (U.S. $5.4 million) against music streaming service Spotify following an audit on how the company handles customers’ rights to access their personal data.

LinkedIn

News Brief

Microsoft reserves $425M for LinkedIn GDPR penalty

2023-06-02T15:43:00+01:00By

Microsoft will reserve $425 million to pay a potential fine from the Irish Data Protection Commission regarding alleged violations of the General Data Protection Regulation by its social media subsidiary, LinkedIn.

GDPR gears

Premium

Five years of GDPR: Experts forecast changes to come for landmark privacy law

2023-06-01T14:41:00+01:00By

The fifth anniversary of the European Union’s General Data Protection Regulation coming into force has highlighted the many successes of the legislation but also exposed areas where the law is still untested and unclear.

Meta building

Premium

Record Meta fine brings wider GDPR ramifications for EU-U.S. data transfers

2023-05-26T16:21:00+01:00By

Meta’s latest punishment for breaching the European Union’s General Data Protection Regulation will have far-reaching ramifications for companies both in Europe and beyond.

GDPR_gavel

Premium

Five years in, GDPR still a lightning rod for criticism

2023-05-25T18:04:00+01:00By

The General Data Protection Regulation risks losing credibility if enforcement is not harmonized and privacy by design is not at the heart of tech innovation, said EU officials during a summit marking the fifth anniversary of the legislation.

Facebook Ireland

News Brief

Meta fined record $1.3B in GDPR data transfer ruling

2023-05-22T16:43:00+01:00By

The Irish Data Protection Commission announced a record penalty of €1.2 billion (U.S. $1.3 billion) against Meta regarding its transfers of user data from the European Union to the United States in violation of the General Data Protection Regulation.

Austrian Post

Premium

Experts: Austrian Post GDPR ruling offers clarity on damages compensation

2023-05-12T13:51:00+01:00By

A decision by Europe’s Supreme Court regarding Austria’s main postal service might make it easier for the bloc’s citizens to bring legal claims for privacy breaches—with potentially unlimited scope for damages.

Clearview AI

News Brief

French DPA fines Clearview AI $5.7M for noncompliance with previous order

2023-05-11T20:37:00+01:00By

France’s data protection authority last month fined facial recognition company Clearview AI €5.2 million (then-U.S. $5.7 million) for failing to comply with an October order to cease and desist from further violations of the General Data Protection Regulation.

Croatia

News Brief

Croatian DPA levies largest GDPR fine

2023-05-09T13:28:00+01:00By

The Croatian data protection authority handed down its largest penalty under the General Data Protection Regulation to date: a fine of nearly €2.3 million (U.S. $2.5 million) against debt collector B2 Kapital.

Meta building

Premium

Big Tech, ad industry bracing for Meta data transfer decision

2023-05-04T20:21:00+01:00By

Meta and other Big Tech firms will soon learn if they might be prevented from transferring the personal data of European citizens to the United States in the way they do now.

ChatGPT

News Brief

​ChatGPT back in Italy after user privacy updates

2023-04-28T19:08:00+01:00By

ChatGPT restored access for Italian users after changes to its privacy controls were welcomed by the country’s data protection authority.

ChatGPT logo

Premium

Is ChatGPT the privacy problem? Or is GDPR?

2023-04-26T15:23:00+01:00By

Scrutiny into ChatGPT has reignited concerns the General Data Protection Regulation is either stifling innovations in technology or that the legislation is not flexible enough to keep pace with technological advances. Experts weigh in.

GDPR EU flag

Premium

‘Divergence is coming’: Experts cast doubt on EU adopting U.K. GDPR reforms

2023-04-24T14:05:00+01:00By

Despite suggestions the European Union could look to the United Kingdom when considering future changes to the General Data Protection Regulation, legal experts question the impact planned U.K. reforms to the privacy law will have on multinational businesses.

ChatGPT logo

News Brief

EDPB task force latest scrutinizing ChatGPT, AI accountability

2023-04-13T19:52:00+01:00By

The European Data Protection Board is the latest regulatory body assessing the applicability of ChatGPT amid skyrocketing data privacy concerns regarding the popular artificial intelligence platform.

TikTok

News Brief

TikTok fined $15.9M for violations of U.K. GDPR

2023-04-04T20:12:00+01:00By

Social media platform TikTok was fined £12.7 million (U.S. $15.9 million) by the U.K. Information Commissioner’s Office for using the personal data of children without parental consent and other violations of data protection mandates.

chatgpt_web

News Brief

ChatGPT exits Italy after GDPR violation warning

2023-04-03T18:13:00+01:00By

The Italian data protection authority shut down ChatGPT in the country, alleging the AI chatbot violates European Union privacy laws and has no controls to stop it interacting inappropriately with young children.