News & Analysis as of

Data Protection Authority

Pillsbury - Consumer Protection Dispatch

GDPR Enforcement: Lessons from Recent Data Privacy Penalties

Recent decisions by the French data protection authority (CNIL) have highlighted the importance of GDPR compliance, particularly in the areas of data retention, consent for processing sensitive personal data, and marketing...more

Alston & Bird

EDPB Adopts Opinion on the Use of Processors and Sub-processors

Alston & Bird on

On October 7, 2024, the European Data Protection Board (“EDPB”) adopted an opinion on obligations following from the use of processors and sub-processors (the “Opinion”). The EDPB is the body that seeks to ensure harmonised...more

Goodwin

Navigating New CNIL Sanctions: What You Need to Know

Goodwin on

The Commission Nationale de l’Informatique et des Libertés (CNIL) is an independent French administrative regulatory body whose mission is to ensure that the collection, storage, and use of personal data comply with data...more

DLA Piper

EU: CJEU Confirms That Legitimate Interests Can Cover Purely Commercial Interests

DLA Piper on

Introduction - The subject of “legitimate interests” and in particular whether they can be “purely commercial” has been a topic of front and center stage debate in the Netherlands for some time. The Dutch data protection...more

Robinson+Cole Data Privacy + Security Insider

CPPA’s Cooperation with International Data Protection Authorities

Across Europe and other countries, there are numerous data protection authorities with differing goals and enforcement powers. Until 2020, when the California Privacy Rights Act (which amended the California Consumer Privacy...more

Hogan Lovells

CJEU clears the air, Dutch DPA’s interpretation of legitimate interests is too strict

Hogan Lovells on

On 4 October 2024, the Court of Justice of the European Union (CJEU) published its long-awaited judgement in case C-621/22 (KNLTB), which clarifies that purely commercial interests may not be categorically excluded from...more

Fisher Phillips

Brazil’s New International Data Transfer Rules Could Impact Your Multinational Business: What You Need to Know and Your 6-Step...

Fisher Phillips on

New rules just took effect in Brazil regulating international data transfers, and employers doing business in the country must take note. Covered data processing agents – such as companies in Brazil that transfer data to...more

Fisher Phillips

Netherlands Imposes Record-Breaking Data Privacy Fine on Uber: 4 Key Steps Companies Can Take to Ensure Compliance

Fisher Phillips on

Dutch data privacy officials recently imposed a staggering penalty on Uber – €290 million ($324 million) – for allegedly breaching the European Union’s comprehensive data privacy and security law. This groundbreaking fine is...more

DLA Piper

UK: Data Protection Authority Issues Reprimand to Gambling Operator for Unlawfully Processing Personal Data

DLA Piper on

On 16 September 2024, the UK’s data protection authority, the Information Commissioner’s Office (ICO), issued a reprimand against Sky Betting and Gaming (SkyBet) for unlawfully processing people’s data through advertising...more

Ogletree, Deakins, Nash, Smoak & Stewart,...

Supply Chain Attacks in the UK: Reducing Risk and Preparing for Upcoming Legal Changes

Effective information security is no longer just dependent on an organisation’s own internal cybersecurity controls. The UK Information Commissioner’s Office (ICO) highlights that third-party service providers are processing...more

Alston & Bird

Belgian Data Protection Authority Publishes Guidance on the Interplay between the GDPR and the AI Act

Alston & Bird on

On 19 September 2024, the Belgian Data Protection Authority (DPA) issued new Guidance on the interplay between the recently adopted EU Regulation on Artificial Intelligence (the AI Act) and the General Data Protection...more

Hogan Lovells

Dutch DPA’s fine decision suspended by Dutch court amidst “(commercial) legitimate interest-controversy”

Hogan Lovells on

Once again, a Dutch district court has recalled a decision of the Dutch Data Protection Authority (Dutch DPA) for its too strict interpretation that purely commercial interests cannot be legitimate interests under Article...more

Barnea Jaffa Lande & Co.

Board of Director’s responsibility for data security in a company

The Israeli Privacy Protection Authority recently published a binding directive addressing the board of director’s responsibilities for the fulfillment of a company’s obligations prescribed in the Privacy Protection...more

Mayer Brown

New ANPD Regulation International Data Transfers

Mayer Brown on

Scope of the Regulation - On August 23, 2024, the Brazilian Data Protection Authority (ANPD) published Resolution CD/ANPD No. 19/2024 (the “Regulation”), which addresses international transfers of personal data....more

Ius Laboris

Massive fine for Uber of EUR 290 million

Ius Laboris on

On 26 August the Dutch Data Protection Authority (DPA) fined Uber EUR 290 million for a breach of the General Data Protection Regulation (GDPR). Following a number of complaints from French Uber drivers, the DPA found that...more

DLA Piper

Ireland: Increased Regulatory Convergence of AI and Data Protection: X Suspends Training of AI Chatbot With EU User Data After...

DLA Piper on

The Irish Data Protection Commission (DPC) has welcomed X’s agreement to suspend its processing of certain personal data for the purpose of training its AI chatbot tool, Grok. This comes after the DPC issued suspension...more

A&O Shearman

European Commission publishes second report on application of GDPR

A&O Shearman on

On 25 July 2024, the EU Commission published its second report on the application of the GDPR (the ‘Second Report’), following its first report published in 2020....more

Hogan Lovells

Retention of corporate email metadata, news from the Italian Data Protection Authority

Hogan Lovells on

The Italian Data Protection Authority (“Garante per la Protezione dei Dati Personali”) published a provision in which it established that some services for e-mail management are configured to collect and store metadata...more

Alston & Bird

Dutch Data Protection Authority Warns that Using AI Chatbots Can Lead to Personal Data Breaches

Alston & Bird on

On August 6th, the Dutch Data Protection Authority (DPA) issued guidance cautioning companies about the potential data protection risks associated with the use of Artificial Intelligence (AI)-powered chatbots....more

Hogan Lovells

Brazil’s Data Protection Authority releases guidance on data protection officer responsibilities and duties

Hogan Lovells on

On July 16, 2024, the National Data Protection Authority (ANPD) published Resolution No. 18/2024 (Resolution 18) outlining rules on the appointment, definition, duties and activities of a Data Protection Officer (DPO) in...more

Barnea Jaffa Lande & Co.

Israel: Significant Changes in Privacy Protection Law

The Knesset Constitution, Law, and Justice Committee has approved an amendment to the Israeli Privacy Protection Law (PPL). The amendment proposes extensive changes to the PPL, including granting additional enforcement powers...more

Fenwick & West LLP

EDPB and the Role of DPAs Under the EU AI Act

Fenwick & West LLP on

The European Data Protection Board (EDPB) recently adopted a statement suggesting the Data Protection Authorities’ (DPAs) role with regard to the EU AI Act recently published in the Official Journal of the EU....more

Barnea Jaffa Lande & Co.

Privacy: Transfers of Personal Data Outside of Israel are Only Permitted to Countries Ensuring Adequate Data Protection

The Israeli Privacy Protection Authority (“PPA”) recently published a draft opinion, which is open for public comments, addressing transfers of personal data from Israel to other countries. In this opinion, the PPA seeks to...more

A&O Shearman

UK - When is a data protection claim not a data protection claim?

A&O Shearman on

In a recent case, Pacini & Anor v Dow Jones & Company Inc., the publisher of the Wall Street Journal unsuccessfully applied to strike out a data protection claim concerning two historic articles....more

BCLP

Analysing the CNIL’s Latest Recommendations for AI Systems

BCLP on

Following the very recent adoption of the EU Regulation on AI (the AI Regulation) the CNIL (the French data regulator) has issued the second in its series of recommendations for the development of privacy-friendly AI models....more

808 Results
 / 
View per page
Page: of 33

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide