Two recent decisions by Québec’s data protection authority, the Commission d’accès à l’information (the “CAI”), should serve as cautionary tales for any business contemplating the deployment of biometric information...more
On March 10, 2025, the Belgian Data Protection Authority (BDPA) updated its 2020 guidance on the processing of personal data for direct marketing purposes (see the updated guidance here in French and in Dutch)....more
At the end of 2024 the Italian Data Protection Authority issued a 15 million euro fine in the first generative AI-related case brought under GDPR. According to Garante (the Italian authority), OpenAI trained ChatGPT with...more
Cyber, Privacy, and Technology Report - Welcome to your monthly rundown of all things cyber, privacy, and technology, where we highlight all the happenings you may have missed....more
Dutch data privacy officials recently imposed a staggering penalty on Uber – €290 million ($324 million) – for allegedly breaching the European Union’s comprehensive data privacy and security law. This groundbreaking fine is...more
The Israeli Privacy Protection Authority recently published a binding directive addressing the board of director’s responsibilities for the fulfillment of a company’s obligations prescribed in the Privacy Protection...more
On 25 July 2024, the EU Commission published its second report on the application of the GDPR (the ‘Second Report’), following its first report published in 2020....more
The Israeli Privacy Protection Authority (“PPA”) recently published a draft opinion, which is open for public comments, addressing transfers of personal data from Israel to other countries. In this opinion, the PPA seeks to...more
Brazil’s data protection authority recently published regulations that could lead businesses and employers that violate the country’s data privacy laws to be punished with administrative penalties – adding yet more incentive...more
U.S. privacy law is undergoing dramatic change on an accelerating pace. New laws across the country address specific industries, certain kinds of data, and various concerning practices. There is international pressure to...more
The legislation of privacy protection laws in Israel has shifted into high gear and is beginning to close the gap with legislation in Europe. A major step in this direction occurred about a month ago when the Ministerial...more
The regulation of cookies and similar tracking technologies is rapidly evolving, not only in the European Union and United Kingdom but also in the United States and globally. If you have visited a website recently, you might...more
Do we need a new government agency tasked with protecting the data of American citizens? Senator Kirsten Gillibrand believes that we do. On February 12, 2020, Senator Gillibrand announced her proposed legislation titled “The...more
White & Case Technology Newsflash - The development of autonomous vehicles has attracted significant attention in recent years. The technologies being used in order to enable vehicles to navigate without human assistance...more
Global corporations will soon have another privacy law acronym to address. In one year (August 2020), Brazil will join the fray with its own general privacy law, the Lei Geral de Proteção de Dados Pessaoais (General Data...more
How do you verify the identity of an individual requesting access to their data or that data be deleted? The Dutch Data Protection Authority, Autoriteitpersoonsgegevens, offers guidance which can be helpful and instructive...more
On May 1, 2019, the Senate Commerce Committee held a hearing on “Consumer Perspectives: Policy Principles for a Federal Data Privacy Framework”—the Committee’s third hearing during this session discussing principles for...more
In the comic book world, one is often either a DC person or a Marvel person. In the data privacy world, one could say the European Court of Justice ruling last fall inspired the switch from DC’s Aquaman’s (Safe) Harbor to...more
Yesterday, German federal and state (Länder) data protection authorities ("DPAs") issued a Position Paper following the recent Court of Justice of the European Union ("CJEU") ruling that struck down the EU-US Safe Harbor...more
Earlier this month, privacy and security professionals from around the globe gathered for “Privacy. Security. Risk. 2015”—the second joint conference between the International Association of Privacy Professionals and the...more
On 13 May 2014 the Court of Justice of the European Union (CJEU) issued a judgment which Google called a “landmark ruling” (Google v. Costeja Gonzalez case, C-131/12). The court held, based on the 95/46 Directive on...more