Privacy by design a silver bullet for stemming AI risks?
The proliferation of artificial intelligence technologies—and their reliance on publicly available data—has reinforced the need for tech developers and the companies using their solutions to ensure privacy by design and by default is at the crux of any offering.
Italian DPA fines UniCredit $3M over data breach GDPR lapses
The Italian data protection authority announced a fine of €2.8 million (U.S. $3 million) against UniCredit for alleged violations of the General Data Protection Regulation regarding insufficient security measures the bank had in place during a cyberattack.
Public consultation on GDPR opens door for changes
Feedback from a European Commission consultation on the six years of enforcement of the General Data Protection Regulation could result in tweaks to the rules and potential changes to the way data protection authorities enforce them.
Toeing the ‘fine line’ of cloud security compliance
When organizations move their data or operations to the cloud, the compliance team has their work cut out and then some, experts discussed at CW’s Cyber Risk & Data Privacy Summit.
The blurred lines of employee monitoring under GDPR
The French data regulator’s fine against an Amazon warehouse manager for violating employees’ rights to privacy in the workplace once again raises questions about what constitutes an overzealous approach to employee monitoring and why companies fail to recognize the signs.
Examining precedent set by French DPA’s Amazon employee monitoring fine
The decision by France’s data regulator to fine an Amazon warehouse manager for breaches of the General Data Protection Regulation over the way it monitored employee productivity raises questions about the reach data protection authorities have over corporate conduct.
Uber facing $11M fine over driver privacy rights violations
Ride-hailing company Uber Technologies was assessed a penalty of €10 million (U.S. $11 million) by the Dutch Data Protection Authority for alleged privacy rights violations regarding the handling of European drivers’ personal data.
Meta’s ‘pay or consent’ model to force GDPR to adapt?
Experts weigh in on Meta’s plans to charge EU users monthly if they do not want to be tracked for online advertising and what the ramifications of the model would mean for the future of the General Data Protection Regulation.
ICO seeking input on generative AI to inform guidance
The U.K. Information Commissioner’s Office is seeking input from developers, users, and those interested in generative artificial intelligence to help inform policy and guidance regarding the technology.
Amazon unit fined $35M under GDPR for employee productivity tracking
Amazon’s warehouse management arm in France was assessed a penalty of €32 million (U.S. $35 million) for violating the General Data Protection Regulation by excessively tracking the productivity of employees.
GDPR-minded Microsoft offers cloud customers EU-based personal data storage
Microsoft announced an expansion to its European Union data storage efforts that would allow cloud customers to keep all personal data stored within the EU boundary.
Shades of GDPR? Experts assess AI Act as global standard
As the European Union’s AI Act sets its sights on 2026 to take full effect, experts are concerned other key jurisdictions might introduce divergent legislation that treats artificial intelligence use differently, thus making it difficult for companies to ensure compliance.
Assessing impact of court ruling on GDPR strict liability
The idea companies can be held “strictly liable” for violations of the European Union’s privacy rules was shot down, following a judgment from Europe’s top court relating to a case involving German property company Deutsche Wohnen.
Experts: More privacy rules, enforcement expected in 2024
Businesses can prepare for a bumpy ride as the 2024 global landscape of data privacy and other related laws and regulations begins to take shape.
Deutsche Wohnen earns CJEU win in high-profile GDPR appeal
German property company Deutsche Wohnen’s court win regarding a penalty levied against it for alleged violations of the General Data Protection Regulation carries notable ramifications for enforcement of the EU privacy law.
Experts: ICO apology to ex-CEO does not absolve NatWest of GDPR liability
Just because Alison Rose received a public apology from the U.K. Information Commissioner’s Office regarding the suggestion she might have violated the General Data Protection Regulation doesn’t mean NatWest could avoid sanction.
Axpo Italia fined $10.5M in GDPR case over data processing
Axpo Italia, a producer and trader of renewable energy products, was penalized under the General Data Protection Regulation by the Italian data protection authority for processing inaccurate and outdated personal data of customers.
FCA flags potential regulatory breaches at NatWest regarding Farage scandal
An independent review into how NatWest handled the closure of politician Nigel Farage’s Coutts account uncovered potential regulatory breaches by the bank that are on the radar of the U.K. Financial Conduct Authority.
EOS Matrix battles back against Croatian DPA in $5.8M GDPR case
Debt collector EOS Matrix said it will challenge a General Data Protection Regulation penalty levied against it by the Croatian data protection authority after finding the data in question in the case does not match the data in its database.
Expert: How data hoarding increases businesses’ cyber risks
Holding on to data for longer than necessary creates vulnerabilities for businesses by giving cyberattackers more avenues to access an organization’s computer systems.
Bank privacy processes questioned after U.K. ‘debanking’ scandal
The furor over NatWest Group’s decision to monitor and close the account of right-wing Brexit campaigner Nigel Farage—and then disclose the details to a journalist—has raised questions regarding whether other banks employ the same means to get rid of undesirable customers.
TikTok fined $368M in children’s privacy GDPR ruling
The Irish Data Protection Commission announced a penalty of €345 million (U.S. $368 million) against popular social media company TikTok over alleged violations of the General Data Protection Regulation during a five-month period in 2020.
Fallout from ‘debanking’ scandal suggests more U.K. bank reforms coming
The former CEO of NatWest’s decision to leak client details to the press regarding Nigel Farage is likely to cost the financial industry millions in new compliance checks as U.K. regulators prepare reviews into how banks treat people with extreme political views.
Paying ransom to avoid GDPR fine an unwise gambit
Companies that think paying reduced ransomware demands would be a better move than informing regulators of a data breach and facing enforcement are playing with fire, according to experts.
Swedish DPA fines Trygg-Hansa $3.2M for GDPR breaches
Sweden’s data protection authority issued a penalty of 35 million Swedish krona (U.S. $3.2 million) against insurance company Trygg-Hansa for alleged security flaws that made customer insurance information accessible on the internet.
Pressure on DPAs to ensure success of GDPR cross-border proposal
Plans to speed up General Data Protection Regulation cases against the likes of Big Tech firms by improving cooperation among the European Union’s data regulators have been largely welcomed by experts.
Expert views mixed on viability of new EU-U.S. data transfer framework
The European Commission might have given a green light to the latest mechanism to allow safe data transfers between the European Union and the United States, but experts have mixed views regarding how long it will last and whether it is even legal.
Norwegian DPA threatens Meta with fines over behavioral advertising
The Norwegian Data Protection Authority is set to impose a temporary ban on Meta carrying out behavioral advertising on Facebook and Instagram using the personal information of users in the country.
EU adopts Privacy Shield replacement for U.S. data transfers
The European Commission announced it adopted a new agreement with the United States to allow for transatlantic data flows without fear of violating the European Union’s General Data Protection Regulation.
EU proposal eyes clearer GDPR cross-border case guidelines
The European Commission seeks to combat longstanding issues under the General Data Protection Regulation regarding cross-border cases with new proposed rules.
French DPA fines adtech firm Criteo $44M under GDPR
Adtech firm Criteo was assessed a penalty of €40 million (U.S. $44 million) for multiple alleged violations of the General Data Protection Regulation, including failing to verify it gained consent to process the data of European Union citizens.
Lawsuit: Ex-Grindr privacy chief alleges firing over red flags raised
The former chief privacy officer at Grindr is suing the company behind the LGBTQ dating app for wrongful termination regarding alleged privacy violations he raised that new management ignored.
As AI Act moves forward, concerns of undermined GDPR persist
The European Union wants to bolster tech innovation within the single market as artificial intelligence is predicted to catapult economic growth, but some have expressed fears AI use might conflict with levels of automatic protection expected under the General Data Protection Regulation.
Swedish DPA fines Spotify $5.4M for ‘low level’ GDPR lapses
Sweden’s data protection authority levied a fine of 58 million Swedish krona (U.S. $5.4 million) against music streaming service Spotify following an audit on how the company handles customers’ rights to access their personal data.
Microsoft reserves $425M for LinkedIn GDPR penalty
Microsoft will reserve $425 million to pay a potential fine from the Irish Data Protection Commission regarding alleged violations of the General Data Protection Regulation by its social media subsidiary, LinkedIn.
Five years of GDPR: Experts forecast changes to come for landmark privacy law
The fifth anniversary of the European Union’s General Data Protection Regulation coming into force has highlighted the many successes of the legislation but also exposed areas where the law is still untested and unclear.
Record Meta fine brings wider GDPR ramifications for EU-U.S. data transfers
Meta’s latest punishment for breaching the European Union’s General Data Protection Regulation will have far-reaching ramifications for companies both in Europe and beyond.
Five years in, GDPR still a lightning rod for criticism
The General Data Protection Regulation risks losing credibility if enforcement is not harmonized and privacy by design is not at the heart of tech innovation, said EU officials during a summit marking the fifth anniversary of the legislation.
Meta fined record $1.3B in GDPR data transfer ruling
The Irish Data Protection Commission announced a record penalty of €1.2 billion (U.S. $1.3 billion) against Meta regarding its transfers of user data from the European Union to the United States in violation of the General Data Protection Regulation.
Experts: Austrian Post GDPR ruling offers clarity on damages compensation
A decision by Europe’s Supreme Court regarding Austria’s main postal service might make it easier for the bloc’s citizens to bring legal claims for privacy breaches—with potentially unlimited scope for damages.
French DPA fines Clearview AI $5.7M for noncompliance with previous order
France’s data protection authority last month fined facial recognition company Clearview AI €5.2 million (then-U.S. $5.7 million) for failing to comply with an October order to cease and desist from further violations of the General Data Protection Regulation.
Croatian DPA levies largest GDPR fine
The Croatian data protection authority handed down its largest penalty under the General Data Protection Regulation to date: a fine of nearly €2.3 million (U.S. $2.5 million) against debt collector B2 Kapital.
Big Tech, ad industry bracing for Meta data transfer decision
Meta and other Big Tech firms will soon learn if they might be prevented from transferring the personal data of European citizens to the United States in the way they do now.
ChatGPT back in Italy after user privacy updates
ChatGPT restored access for Italian users after changes to its privacy controls were welcomed by the country’s data protection authority.
Is ChatGPT the privacy problem? Or is GDPR?
Scrutiny into ChatGPT has reignited concerns the General Data Protection Regulation is either stifling innovations in technology or that the legislation is not flexible enough to keep pace with technological advances. Experts weigh in.
‘Divergence is coming’: Experts cast doubt on EU adopting U.K. GDPR reforms
Despite suggestions the European Union could look to the United Kingdom when considering future changes to the General Data Protection Regulation, legal experts question the impact planned U.K. reforms to the privacy law will have on multinational businesses.
EDPB task force latest scrutinizing ChatGPT, AI accountability
The European Data Protection Board is the latest regulatory body assessing the applicability of ChatGPT amid skyrocketing data privacy concerns regarding the popular artificial intelligence platform.
TikTok fined $15.9M for violations of U.K. GDPR
Social media platform TikTok was fined £12.7 million (U.S. $15.9 million) by the U.K. Information Commissioner’s Office for using the personal data of children without parental consent and other violations of data protection mandates.
ChatGPT exits Italy after GDPR violation warning
The Italian data protection authority shut down ChatGPT in the country, alleging the AI chatbot violates European Union privacy laws and has no controls to stop it interacting inappropriately with young children.