Across Europe and other countries, there are numerous data protection authorities with differing goals and enforcement powers. Until 2020, when the California Privacy Rights Act (which amended the California Consumer Privacy...more
On 4 October 2024, the Court of Justice of the European Union (CJEU) published its long-awaited judgement in case C-621/22 (KNLTB), which clarifies that purely commercial interests may not be categorically excluded from...more
Dutch data privacy officials recently imposed a staggering penalty on Uber – €290 million ($324 million) – for allegedly breaching the European Union’s comprehensive data privacy and security law. This groundbreaking fine is...more
Once again, a Dutch district court has recalled a decision of the Dutch Data Protection Authority (Dutch DPA) for its too strict interpretation that purely commercial interests cannot be legitimate interests under Article...more
The Israeli Privacy Protection Authority recently published a binding directive addressing the board of director’s responsibilities for the fulfillment of a company’s obligations prescribed in the Privacy Protection...more
Scope of the Regulation - On August 23, 2024, the Brazilian Data Protection Authority (ANPD) published Resolution CD/ANPD No. 19/2024 (the “Regulation”), which addresses international transfers of personal data....more
On August 6th, the Dutch Data Protection Authority (DPA) issued guidance cautioning companies about the potential data protection risks associated with the use of Artificial Intelligence (AI)-powered chatbots....more
On July 16, 2024, the National Data Protection Authority (ANPD) published Resolution No. 18/2024 (Resolution 18) outlining rules on the appointment, definition, duties and activities of a Data Protection Officer (DPO) in...more
The Israeli Privacy Protection Authority (“PPA”) recently published a draft opinion, which is open for public comments, addressing transfers of personal data from Israel to other countries. In this opinion, the PPA seeks to...more
On May 16, 2024, the CNIL announced a critical public consultation and three significant updates to adapt health research regulations in France. These updates, focusing on remote quality control, home monitoring, and...more
On 1 May 2024, the Dutch Data Protection Authority (DPA) issued guidelines on data scraping used by private organisations in relation to GDPR principles including ‘lawfulness’. The guidelines could affect the way GenAI...more
Working from home requires heightened attention to compliance with privacy protection and data security laws. The basis for such compliance, inter alia, is the Israeli Privacy Protection Authority’s guidelines, “Emphases for...more
The French supervisory authority (CNIL) asked for public comments on its draft recommendation on data security in relation to processing that presents particularly high risks to individuals or to the public interest (the...more
On 6 July 2023, the French data protection authority (the "CNIL") updated its guidelines on whistleblowing systems again. The last version dated from December 2019. This update is the result of the French transposition of...more
In February 2023, the Brazilian National Data Protection Authority (ANPD) published the rules for the application of sanctions and the methodology for calculating fines for violation of their General Data Protection Law...more
Les derniers mois ont vu une activité bouillonnante de la CNIL avec l’adoption de nombreuses délibérations. Nous avons analysé ces décisions pour comprendre les principales orientations prises par l’autorité française....more
Ever since the White House issued its Executive Order to pave a path for the new EU-U.S. Data Privacy Framework, stakeholders have provided both praise and criticism about whether the Executive Order sufficiently addresses...more
The Swiss government has drafted a proposed list of countries that are approved to receive personal data transfers out of Switzerland. Japan and South Korea are excluded from the current and proposed lists, requiring...more
...This session, led by industry-acknowledged experts in areas ranging from data protection and privacy to data transfer and legal discovery, provided a professional forum for the explanation of the best approaches,...more
On January 27, 2022, the National Data Protection Authority (ANPD) published Resolution nr. 2, regulating the application of certain provisions of the General Personal Data Protection Act (LGPD) to small processing agents,...more
No dia 27 de janeiro de 2022, a Autoridade Nacional de Proteção de Dados (ANPD) publicou a Resolução n.º 2, regulamentando a aplicação de determinados dispositivos da Lei Geral de Proteção de Dados Pessoais (LGPD) a agentes...more
On February 2, 2022, the Belgian Data Protection Authority (DPA) found that the Interactive Advertising Bureau Europe (IAB) Transparency & Consent Framework (TCF), a tool used to record individuals' online ad preferences,...more
By the close of 2021, EU data protection authorities (“DPA”) had initiated investigations into a number of US tech companies operating in Europe and further investigations are set to continue. In a recent case concerning...more
You know that cleaning out the garage is a good idea. You would have more storage space and would even be able to put the car into the garage, which is better for security, for keeping it clean, and for ensuring an easy start...more
On 2 August 2021, the Italian supervisory authority (Garante) announced that is has imposed a fine of EUR 2.5 million against a food delivery company Deliveroo Italy s.r.l. (Deliveroo) for violation of several requirements of...more