At the end of 2024 the Italian Data Protection Authority issued a 15 million euro fine in the first generative AI-related case brought under GDPR. According to Garante (the Italian authority), OpenAI trained ChatGPT with...more
Recent decisions by the French data protection authority (CNIL) have highlighted the importance of GDPR compliance, particularly in the areas of data retention, consent for processing sensitive personal data, and marketing...more
The Commission Nationale de l’Informatique et des Libertés (CNIL) is an independent French administrative regulatory body whose mission is to ensure that the collection, storage, and use of personal data comply with data...more
On 26 August the Dutch Data Protection Authority (DPA) fined Uber EUR 290 million for a breach of the General Data Protection Regulation (GDPR). Following a number of complaints from French Uber drivers, the DPA found that...more
On May 16, 2022, the European Data Protection Board (EDPB), the independent body of data protection supervisors that promotes consistent data protection rules and application thereof throughout the European Union (EU),...more
Danske Bank, Denmark’s largest bank, faces a fine of approximately $1.5 million from the Danish Data Protection Agency (DPA) for a failure to comply with the GDPR’s data deletion requirements. The GDPR requires all personal...more
The Dutch Data Protection Authority (Dutch DPA) recommends that Dutch websites stop using the IAB framework and other similar tools for tracking users, reports a Dutch newspaper (only in Dutch). The recommendation of the...more
In a decision of December 16, 2021, the Belgian Data Protection Authority (“DPA”) imposed a EUR 75,000 administrative fine on a bank located in Belgium for failure to comply with the requirement in Article 38.6 of the General...more
When GDPR became effective three years ago, companies took notice of the fines and penalties attached to violations of the stringent privacy law—4 percent of global annual sales....more
The French data protection authority, La Commission nationale de l’informatique et des libertés ("CNIL"), one of Europe's ("EU") most active data protection regulators, has continued to focus on the lawfulness of the use of...more
Mittlerweile haben mehrere deutsche Datenschutzaufsichtsbehörden zweistellige Millionenbußgelder nach Art. 83 DSGVO verhängt. Kurz nach Geltung der DSGVO war es teilweise noch durchaus möglich, sich mit den zuständigen...more
The 2021 edition of BakerHostetler’s annual Data Security Incident Response Report highlights some regulatory enforcement trends we saw from the European Union (EU) data protection authorities (DPAs) during the past year. EU...more
The regulation of cookies and similar tracking technologies is rapidly evolving, not only in the European Union and United Kingdom but also in the United States and globally. If you have visited a website recently, you might...more
The Bavarian Data Protection Authority recently prohibited a European company from using U.S. newsletter provider Mailchimp in a first-of-its-kind decision. Since the Schrems II decision of the Court of Justice of the...more
This quarterly update highlights some of the international data protection issues that have caught our attention, and the attention of our clients, in the past three months....more
The Spanish Data Protection Agency (“Spanish DPA”) decided to start 2021 the same way it ended 2020: by imposing the highest fines to date (EUR 5,000,000 and 6,000,000) to two large Spanish financial entities. ...more
The European Union’s (EU) General Data Protection Regulation (GDPR) has been in effect since May 2018. The law’s goal of protecting EU citizens’ personal information and privacy seems to be coming into fruition. In the past,...more
The Irish Data Protection Commission (DPC) fined Twitter 450,000 euros (about US$546,000) for failing to timely notify the Irish DPC within the required 72 hours of discovering a Q4 2018 breach involving a bug in its Android...more
CEP Magazine (December 2020) - The Hamburg Data Protection Authority issued their largest fine ever under the General Data Protection Regulation (GDPR) for employee-related offenses. A fine of more than €35 million was...more
In early October, the Data Protection Authority in Hamburg, Germany announced that the clothing retailer H&M committed severe violations of its employees’ privacy. Because of these European General Data Protection Regulations...more
It was announced today that the Hamburg data protection authority (DPA) has imposed a fine of a whopping €35,258,707.95 on the fashion retailer H&M Hennes & Mauritz Online Shop A.B. & Co. KG, which is based in Hamburg....more
The CNIL has imposed a €250,000 fine on an online retailer for GDPR infringements in cooperation with other EU supervisory authorities. Founded in 2006 and headquartered in France, Spartoo SAS (Spartoo) is one of the...more
In this part of our briefing series, we cover how prior regulatory enforcement action affects the assessment of sanctions and some pitfalls associated with undertaking internal security audits. Who is this relevant for?...more
Q1/ Applicable legislation - (a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation? New legislation has been passed....more