Loud and Clear! CNIL sends strong privacy with new €40 million fine of CRITEO

French Data Protection Authority, the CNIL, has fined advertising company CRITEO €40 million for improper conduct in handling users’ personal data. This is one of the largest fines of its kind, and perhaps a sign of a new era. ...Mehr lesen

Data transfers across the Atlantic… a storm in a teacup?!

The European Commission's new adequacy decision concerning the United States puts a stop to the European doctrine that was taking shape on the use of American tools involving transfers of personal data across the Atlantic, not without a touch of perplexity. ...Mehr lesen

The Polish Supreme Administrative Court concluded “Morele.net saga”

In its judgement from February 2023, the Supreme Administrative Court of Poland announced a significant decision from 2019 of the Polish DPA that imposed a substantial fine of PLN 2.8 million (ca. 645,000 euros) against the online retailer, Morele.net. The decision ...Mehr lesen

Barbados urges banks to bolster cyber resilience with new guideline

The Central Bank of Barbados recently published its Technology and Cyber Risk Management Guideline. Not only does the Guideline require banks to implement a cyber risk framework, it holds them responsible for ensuring the framework’s resilience and robustness in ...Mehr lesen

New Guidelines With Updated Obligations on Cookies in Spain: Companies Have Just a Few...

The Spanish DPA (AEPD) published earlier this week new guidelines on cookies in order to update the existing ones to the recommendations of the European Data Protection Board (EDPB). ...Mehr lesen

Data Privacy in Peru: Considerations for foreign personal data controllers with no physical...

As in the case of other Latin American and European jurisdictions, the scope of data protection rules in Peru has been designed to be circumscribed to a territorial scope based on a local establishment criterion, which creates obligations for data controllers before ...Mehr lesen

“Another breach in the wall” – the Polish DPA’s views regarding data security and...

In the ever-evolving landscape of data protection and privacy regulations, organizations must remain vigilant in upholding the security of the personal data they handle. A recent decision issued by the Polish DPA underscores this critical aspect, as the Polish DPA ...Mehr lesen

Recommendations for reliable artificial intelligence

Argentine Information Technology Subsecretariat approves a set of recommendations for trustworthy artificial intelligence (“AI”), specifically directed to the public sector. ...Mehr lesen

Serious Criticism and Injunction Issued for using Facebook Business Tools

The Danish Data Protection Authority, Datatilsynet, has issued severe criticism of Boligportal, Denmark's largest online marketplace for rental properties, for failing to demonstrate compliance with the General Data Protection Regulation (GDPR) in their handling of ...Mehr lesen

Is the Austrian Communication-Platforms-Act contrary to EU law?

On 8th June 2023 the ECJ’s Advocate General, Maciej Szpunar, delivered his opinion in the Case C-376/22, concerning the conformity of the so-called Austrian Communications-Platforms-Act („Kommunikationsplattformen-Gesetz“ – “KoPl-G”) with EU-law. As it appears, according ...Mehr lesen