News

18.04.2024

Turkish Personal Data Protection Law 2.0 (“PDPL 2.0”)

The first step has been taken in the long-awaited harmonisation of the Turkish Data Protection Law with the GDPR. With this step, the regulations of the Law, especially on data transfer and processing of sensitive data, have been made more applicable for data ...Mehr lesen

16.04.2024

The European Commission confirms that Argentina has adequate legislation for the international transfer of personal data

Argentina, along with 10 other countries, receives ratification from the European Union on its adequacy note for the international transfer of personal data from Europe to these countries. After a process that lasted a few years, and which was temporarily interrupted by ...Mehr lesen

11.04.2024

The Brazilian Data Protection Authority´s Regulatory Sandbox Pilot Program on Artificial Intelligence and Data Protection: A Brief Overview.

The current debates on artificial intelligence create a timely opportunity for the development of mechanisms that balance the promotion of innovation and the protection of fundamental rights, such as privacy and data protection. This article presents a brief overview of ...Mehr lesen

20.03.2024

Further processing videosurveillance recordings for assessing performance of employees is inadmissible.

Bulgarian Personal Data Protection Commission has issued an opinion on the admissibility of processing video surveillance records with sound for the purposes of assessing the personal performance of the employees and for determining their bonuses. The opinion of the ...Mehr lesen

14.03.2024

CJEU increases the requirements for claiming non-material damage within the meaning of the GDPR

Whether or not (nearly) any and all violation of the General Data Protection Regulation (GDPR) entitles data subjects to non-material damages has been the subject of substantial debate. On 14 December 2023 the Court of Justice of the European Union (CJEU) issued a first ...Mehr lesen

13.03.2024

INPLP Activity Report 2023 published

The past year was a success for the INPLP, marked by robust collaboration and network growth. The annual conference in Dublin, hosted by Rob Corbet (Arthur Cox), was a key milestone. Our priorities included strengthening collaboration, facilitating knowledge transfer, ...Mehr lesen

16.02.2024

Extraterritorial Implications of Turkish Data Protection Legislation

This article explores the regulatory landscape for data controllers located outside Turkey and their obligations under the Turkish Data Protection Law. ...Mehr lesen

13.02.2024

Violation of personal data protection by the City of Trnava as the Controller of personal data

In a recent decision by the Office for Personal Data Protection, we witnessed a case of violation of the Personal Data Protection Act and GDPR. The breach of personal data protection concerned the Controller, who unlawfully disclosed personal data of 47 affected ...Mehr lesen

09.02.2024

A thin line between a typo and a data breach: A case study in enhancing data security practices

In a recent case, the Serbian Commissioner for Information of Public Importance and Personal Data Protection issued a cautionary notice to a bank, shedding light on its procedures for collecting and managing clients' email addresses for communication purposes. ...Mehr lesen

07.02.2024

Europe’s AI Act: a new role for the Dutch Data Protection Authority?

"The genie is out of the bottle. We need to move forward on artificial intelligence development but we also need to be mindful of its very real dangers. I fear that AI may replace humans altogether." This quote from Stephen Hawking in 2017 is more relevant today than ...Mehr lesen

05.02.2024

Financial companies for fast loans fined for processing personal data without consent from personal data subject

The North Macedonian Personal Data Protection Agency has issued several fines for financial companies for fast loans due to processing personal data contrary to the law i.e. without previous consent from the data subject. ...Mehr lesen

02.02.2024

Activity of the personal data supervisory authority of Monaco (CCIN): Increase in the number of complaints and recommendations

This article outlines the complaints addressed to the CCIN by data subjects, the number of which, in proportion to Monaco, is rising sharply (1), and its recommendations (2). ...Mehr lesen

31.01.2024

Processing Children’s Data Correctly: Takeaways from the Recent TikTok Decision

In September 2023, the Irish Data Protection Commission (“DPC”) adopted its final decision in an own-volition inquiry into the processing by TikTok Technology Limited (“TikTok”) of personal data relating to child users of the TikTok platform. The sanctions imposed on the ...Mehr lesen

29.01.2024

Analysis of Legal Functionality in the Face of Technological Advancement, Case of Ecuador: Neuro-Rights.

This article analyses the impact of advancing neurotechnology on human rights, particularly regarding cognitive freedom, mental privacy, and psychological integrity. It discusses the ethical implications of brain-computer interfaces and the necessity for specific ...Mehr lesen

26.01.2024

The Brazilian National Data Protection Authority’s View On Artificial Intelligence

Despite Brazil having it’s own all-encompassing law on data protection (i.e. the General Data Protection Law - LGPD) and its own regulatory agency (the National Data Protection Authority - ANPD), the arrival and constant development of artificial intelligence has caused ...Mehr lesen

24.01.2024

How does India’s new privacy law compare to GDPR?

India is now one-month into its grand experiment with data privacy regulation, having replaced a decade-old set of data security rules with a bespoke Digital Personal Data Protection Act, 2023. This new law has had an interesting journey that warrants examination, to see ...Mehr lesen

22.01.2024

A new member has joined the INPLP: Betül Çolak and Ceren Cakir (Turkey)

...Mehr lesen

22.01.2024

Cyberattacks based on the victim´s compliance

Information security compliance has become now a new exploit that cybercriminals are taking advantage from, prompting a need for clear regulatory guidance and proactive security measures. ...Mehr lesen

19.01.2024

New CPRA Regs are here again!

California Privacy Protection Agency issues new amendments to the CPRA regs for discussion in its upcoming December 8 meeting. What do you need to know? ...Mehr lesen

19.01.2024

A new member has joined the INPLP: Bora Yazıcıoğlu (Turkey)

...Mehr lesen

17.01.2024

Understanding data transfers and data transmissions under Mexican Data Protection Law

You may want to avoid getting lost in translation when preparing a data transfer to or from Mexico. We have different names to regulate what globally is known as C2C and C2P data transfers. ...Mehr lesen

15.01.2024

Chile on the way to GDPR standards

Even though Chile was the first Latin American country to have a data privacy regulation and has developed one of the most successful economies in the region, has fallen behind regarding data protection. ...Mehr lesen

12.01.2024

WHO IS ACCOUNTABLE WHEN THE COMPANY SUFFERS A CYBERATTACK?

Managing cyber attacks has always been a complex task and, in almost every scenario, it implied the dismissal of the CISO of the company. However, as we will see, there are several reasons to conclude that there is no only one person who shall face responsibility. ...Mehr lesen

10.01.2024

Data Protection vs. Anti-Doping Measures - Advocate General Ćapeta Perspective

This case highlights the challenging balance between safeguarding data privacy and preserving the integrity of sport through anti-doping measures. In a world where the internet is the primary channel for information dissemination, adapting data protection regulations to ...Mehr lesen

08.01.2024

Cyber Security Breaches in Hong Kong: A Growing Trend and a Call to Action

Hong Kong is grappling with a surge in cyber security breaches, prompting the authority to take proactive measures. This article highlights the need for immediate action, urging organizations to bolster their data security practices to safeguard sensitive information and ...Mehr lesen

05.01.2024

Hungary is prepared to introduce a new act which would further digitize the services provided by the state to its citizens

The new Hungarian Digital Citizenship Act would make communication with public administration, as well as management of official documents easier and more user-friendly. The new Act would also enable consent management in respect of electronic collection and use of ...Mehr lesen

22.12.2023

Privacy of war crimes victims

The right for Privacy is a fundamental right according to Israeli law but it is a relative right. How should State interests to publish war crimes be considered in this balance? ...Mehr lesen

22.12.2023

This is how Costa Rica closes 2023 in terms of privacy and data protection

2023 has been a year of growth and learning for Costa Rica in terms of privacy. Two takeaways on local supervisory authority dynamics and a landmark controversy with political and social impact are introduced below. ...Mehr lesen

18.12.2023

Extraterritorial Implications of Turkish Data Protection Legislation

This article explores the regulatory landscape for data controllers located outside Turkey and their obligations under the Turkish Data Protection Law. ...Mehr lesen

13.12.2023

CaliforniAI: New Executive Order takes on Generative AI

California Governor, Gavin Newsom, issues Executive Order on Generative AI, which echoes some points in the recent Texas and Connecticut AI laws and goes further, imposing detailed, time limited obligations on California State agencies. ...Mehr lesen

12.12.2023

Constitutional Court: The Criteria for Access to Traffic Data Too Loose

Slovenia’s Constitutional Court found the provisions of the Criminal Procedure Act (CPA) enabling the prosecution (police) to access and seize traffic data (data about the circumstances of a communication) to be disproportionate and therefore in violation of the ...Mehr lesen

11.12.2023

A thin line between a typo and a data breach: A case study in enhancing data security practices

In a recent case, the Serbian Commissioner for Information of Public Importance and Personal Data Protection issued a cautionary notice to a bank, shedding light on its procedures for collecting and managing clients' email addresses for communication purposes. ...Mehr lesen

07.12.2023

Finding the balance between fighting crime and privacy: an Update to the use of Metadata in Criminal Prosecution

On October 13, 2023, the Portuguese Parliament approved an updated version of Law No. 32/2008, which had been declared unconstitutional in April 2022. The community is now waiting for a new preventive judgement of constitutionality on the use of communications metadata ...Mehr lesen

06.12.2023

Insurance company fined SEK 35 million for security failures and putting data subjects’ data at risk.

The Swedish Authority for Privacy Protection issued an administrative fine of SEK 35 million (3MEUR+) against the insurance company Trygg-Hansa due to severe security flaws that enabled unauthorized access to information via the internet and put 650 000 customers’ data ...Mehr lesen

30.11.2023

AUSTRIA: Is legal advice by software solutions and/or AI permitted in Austria?

In its judgment 4 Ob 77/23m from 27th June 2023 the Austrian Supreme Court, among other things, ruled that the provision of recommendations for action by software solutions and/or AI to lawyers in a legal advisory or automated manner is permissible and that the ...Mehr lesen

28.11.2023

The 8th annual conference

Successful event held in Dublin with representatives from 20 countries. ...Mehr lesen

28.11.2023

ChaptGPT: the Italian Data Protection Authority leads the way and imposes GDPR compliance.

The Italian Data Protection Authority recently gained international attention for being the first to address the privacy risks of generative artificial intelligence, ordering the temporary restriction of the Italians’ data processing to OpenAI because of the violation of ...Mehr lesen

24.11.2023

Czech Data Protection Office record breaking penalty for spam

The Czech Data Protection Office (Úřad pro ochranu osobních údajů or ÚOOÚ, further as “CZDPA”) is the authority supervising compliance with GDPR and related agenda. One of these is the area of the spam – unwanted electronic communication (usually called as newsletters by ...Mehr lesen

23.11.2023

Waiting for Cjeu Ruling in the Matter of “Deutsche Wohnen” (C-807/21)

Since the end of December 2021, the preliminary ruling of the European Court of Justice (CJEU) on the conditions under which an administrative fine may be imposed on a legal entity for violating the GDPR has been pending. Since then, the Austrian Data Protection ...Mehr lesen

13.11.2023

Unveiling some salient features of Nigeria’s novel Nigeria Data Protection Act (NDPA) 2023.

For a period, the Nigeria Data Protection regulation (NDPR) 2019 was the reference point for data privacy and protection compliance in Nigeria. The enactment of the Nigeria Data Protection Act (“NDPA”) on June 12 2023 launched a new era in data privacy and protection ...Mehr lesen

24.10.2023

AI Act and GDPR: managing the world of data in the world of privacy.

Contrary to some persisting beliefs that the AI Act and GDPR are inherently incompatible, GDPR may in fact be interpreted in a way that concords with the purposes of the AI Act. Processing personal data through an artificial intelligence (AI) system’s algorithm triggers ...Mehr lesen

18.10.2023

Generative AI and the Protection of Personal Information under the Japanese Law

While generative AI has been getting attention in business, there has been a concern on the protection of personal information when using them. Recently, the Japanese Personal Information Protection Commission (“PPC”) has issued an Alert on the use of generative AI ...Mehr lesen

11.10.2023

Cross-Border Data Transfer: Navigating Compliance under the Nigerian Data Protection Act 2023

The recently enacted Nigeria Data Protection Act (“the Act”) 2023 is now the principal data privacy and protection legislation in Nigeria, and it establishes the Nigeria Data Protection Commission (the Commission) to oversee the implementation of the Act. The Act ...Mehr lesen

04.10.2023

Brazil's innovative approaches to data protection: the main differences between GDPR and LGPD.

The General Data Protection Regulation (GDPR) and the Brazilian General Data Protection Act (LGPD) are two comprehensive data protection regulations that have gained significant attention worldwide. Both regulations emphasize the importance of obtaining individuals' ...Mehr lesen

02.10.2023

AdTech Update: CJEU landmark data protection ruling for online and behavioral advertising

Online advertising is one of the largest online industries. However, it also has long faced issues with data protection regulators. The CJEU has handed down a landmark ruling that clarifies what legal bases controllers can rely on for online and behavioral advertising. ...Mehr lesen

29.09.2023

Romanian Whistleblowing Law. About Protecting Data while Fostering Transparency

Romania transposed the EU Whistleblowing Directive on 22 December 2022, via Law No. 361/2022 on the protection of whistleblowers in the public interest ("Romanian Whistleblowing Law"). This article explores key aspects of the law, providing an overview of how Romanian ...Mehr lesen

27.09.2023

Loud and Clear! CNIL sends strong privacy with new €40 million fine of CRITEO

French Data Protection Authority, the CNIL, has fined advertising company CRITEO €40 million for improper conduct in handling users’ personal data. This is one of the largest fines of its kind, and perhaps a sign of a new era. ...Mehr lesen

26.09.2023

Data transfers across the Atlantic… a storm in a teacup?!

The European Commission's new adequacy decision concerning the United States puts a stop to the European doctrine that was taking shape on the use of American tools involving transfers of personal data across the Atlantic, not without a touch of perplexity. ...Mehr lesen

25.09.2023

The Polish Supreme Administrative Court concluded “Morele.net saga”

In its judgement from February 2023, the Supreme Administrative Court of Poland announced a significant decision from 2019 of the Polish DPA that imposed a substantial fine of PLN 2.8 million (ca. 645,000 euros) against the online retailer, Morele.net. The decision ...Mehr lesen

22.09.2023

Barbados urges banks to bolster cyber resilience with new guideline

The Central Bank of Barbados recently published its Technology and Cyber Risk Management Guideline. Not only does the Guideline require banks to implement a cyber risk framework, it holds them responsible for ensuring the framework’s resilience and robustness in ...Mehr lesen