On March 10, 2025, the Belgian Data Protection Authority (BDPA) updated its 2020 guidance on the processing of personal data for direct marketing purposes (see the updated guidance here in French and in Dutch)....more
At the end of 2024 the Italian Data Protection Authority issued a 15 million euro fine in the first generative AI-related case brought under GDPR. According to Garante (the Italian authority), OpenAI trained ChatGPT with...more
This series of blogs rounds up some of the key data protection regulatory trends we have seen during 2024, focused on the EU and UK. 2024 has seen behavioural advertising and cookies continue to dominate the agenda of...more
Dutch data privacy officials recently imposed a staggering penalty on Uber – €290 million ($324 million) – for allegedly breaching the European Union’s comprehensive data privacy and security law. This groundbreaking fine is...more
On 25 July 2024, the EU Commission published its second report on the application of the GDPR (the ‘Second Report’), following its first report published in 2020....more
On May 2 2024, the Dutch data protection supervisory authority (the Dutch DPA) published guidance on the processing of personal data when using facial recognition....more
As we noted in our 2023 DSIR, there has been a flurry of activity within the information governance space, at home and abroad. This activity deserves further analysis, because while it seems from a distance that there are...more
The French Data Protection Authority capped off 2022 by terminating an investigation into Lusha Systems, Inc.’s compliance with GDPR. CNIL concluded that the law did not apply to the US company’s activities...more
Greece’s privacy protection authority recently announced it was fining Intellexa, an Israeli cyber tech company, EUR 50,000. The Hellenic Data Protection Authority (HDPA) imposed the fine as part of an investigation it...more
U.S. privacy law is undergoing dramatic change on an accelerating pace. New laws across the country address specific industries, certain kinds of data, and various concerning practices. There is international pressure to...more
The legislation of privacy protection laws in Israel has shifted into high gear and is beginning to close the gap with legislation in Europe. A major step in this direction occurred about a month ago when the Ministerial...more
Organisations subject to the law should carry out a gap analysis of their current compliance position against the new requirements. The United Arab Emirates (UAE) has issued its first federal data protection law (Federal...more
The regulation of cookies and similar tracking technologies is rapidly evolving, not only in the European Union and United Kingdom but also in the United States and globally. If you have visited a website recently, you might...more
In this month's edition of our Privacy & Cybersecurity Update, we examine the Seventh Circuit's ruling finding standing for an Illinois Biometric Information Privacy Act claim, the European Data Protection Board's updated...more
French Data Protection Authority Issues Guidelines on Cookie Use - CNIL, France’s data protection authority, has released new rulesfor obtaining consumer consent under the GDPR for companies using cookies and other tracking...more
On July 18, 2019, the French Data Protection Authority (CNIL) issued new guidance on the use of cookies and similar tracking technologies (collectively referred to as “cookies” below). The guidance clarifies the instances in...more
Data protection authorities in the UK and France have released updated guidance for website operators that use cookies on their websites. This new guidance may mandate changes to existing cookie banners and provides further...more
How do you verify the identity of an individual requesting access to their data or that data be deleted? The Dutch Data Protection Authority, Autoriteitpersoonsgegevens, offers guidance which can be helpful and instructive...more
In this month's edition of our Privacy & Cybersecurity Update, we examine expanded data breach notification laws in New Jersey and Washington state, as well as the SEC's risk alert regarding cloud-based storage solutions. We...more
On May 1, 2019, the Senate Commerce Committee held a hearing on “Consumer Perspectives: Policy Principles for a Federal Data Privacy Framework”—the Committee’s third hearing during this session discussing principles for...more
Why does this topic matter to organisations? Whereas the remedies and sanctions available to DPAs under the Directive were comparatively low (generally subject to a maximum of less than €1 million per infringement, with...more
One key aspect of the EU’s General Data Protection Regulation (GDPR) is its aim of streamlining the regulatory process by providing “one-stop shopping”: the opportunity to deal with a single regulator with respect to all data...more
Over the past year, the German government has been working on legislation to implement the EU’s General Data Protection Regulation (GDPR). On July 6, 2017, Germany did so by passing a statute titled the Data Protection...more
On December 28, 2016, the New York Department of Financial Services ("DFS") released a revised version of a proposed regulation that would require banks, insurance companies, and other financial services institutions...more