News

23.07.2024

Predicting the Next Amendment of the Japanese Privacy Law

The Personal Information Protection Commission recently publishes an interim summary of issues for the next amendment of the Japanese Privacy Law. ...Mehr lesen

16.07.2024

3 Personal Data Conundrums For India’s New Government

While India’s new Government will continue to push new digital laws, successful implementation of new concepts may require a little novel thinking. ...Mehr lesen

11.07.2024

Swiss-US Data Privacy Framework: Slowly But Steady?

Despite ongoing efforts to align with EU data protection standards, the Swiss-U.S. Privacy Framework remains a work in progress, leaving Swiss controllers with legal uncertainty and the burden of additional compliance measures when transferring data to the US. ...Mehr lesen

09.07.2024

Israel and the EU: Data Protection Adequacy

Adequacy is a status granted by the Commission of the European Union to countries outside the European Economic Area (EEA) that provide a level of personal data protection comparable to that provided in European law. When a country has been awarded adequacy status, ...Mehr lesen

04.07.2024

The Right to Compensation Under the GDPR: Key Takeaways from Recent Case Law of the Court of Justice of the European Union

Over the course of several preliminary references during 2023 and 2024, the Court of Justice of the European Union (“CJEU”) has clarified the circumstances in which data subjects will be entitled to compensation under Article 82 of the General Data Protection Regulation ...Mehr lesen

25.06.2024

Video surveillance and artificial intelligence: sanctions against a Public Body by the Italian DPA

With the decision No. 5 of 2024, the Italian Data Protection Authority (“DPA”) penalised the Municipality of Trento for the unlawful data processing in two AI surveillance projects. The DPA stated that the AI systems used did not provide adequate data anonymization ...Mehr lesen

20.06.2024

Cyprus DPC Rulings on Data Breaches by the Cyprus Football Association, Cyprus News Agency, and Arktinos Publications Ltd

On 17 June 2024, the Commissioner for Data Protection of Cyprus published her decisions (issued in February 2024) in relation to three similar complaints for infringement of the provisions of Chapter V of the GDPR due to the use of Google Analytics and Facebook Connect ...Mehr lesen

18.06.2024

French pass system to be deployed during 2024 Olympic and Paralympic Games.

As France gears up to host the 2024 Olympic and Paralympic Games, expecting several million spectators and thousands of athletes, the country is not only preparing its infrastructure and venues, but also setting up measures to guarantee the smooth running and safety of ...Mehr lesen

17.06.2024

New members have joined the INPLP: José Antonio Arochi, Verónica Siten and Montserrat Landaverde (Mexico)

...Mehr lesen

14.06.2024

A new member has joined the INPLP: Oscar Montezuma Panez

...Mehr lesen

13.06.2024

Data Governance Act: data intermediation services provider, a new player involved in personal data processing?

Data sharing is a subject of ever-increasing importance, and one that is occupying the European Union exponentially, which has sought to promote data exchange mechanisms as part of its European data strategy. The Data Governance Act, which came into force on September ...Mehr lesen

11.06.2024

Registration of data controllers commences in Jamaica

The widely anticipated registration of controllers commenced on June 1, 2024, and both local and international controllers are expected to be registered at the Office of the Information Commissioner in Jamaica. ...Mehr lesen

06.06.2024

A new member has joined the INPLP: Justine A. Collins (Jamaica)

...Mehr lesen

04.06.2024

PRECAUTIONARY MEASURE ORDERED BY THE SPANISH DPA TO HALT META’S FUNCTIONALITIES “ELECTION DAY INFORMATION” AND “VOTER INFORMATION UNIT” IN SPAIN

The Spanish DPA (AEPD) has ordered a precautionary measure against Meta Platforms Ireland Limited to immediately suspend the implementation of the Election Day Information (EDI) and Voter Information Unit (VIU) functionalities in Spain, in light of the upcoming European ...Mehr lesen

31.05.2024

A new member has joined the INPLP: Yiannis Karamanolis (Cyprus)

...Mehr lesen

30.05.2024

Navigating International Data Transfers: Complying with Barbados Data Protection Act

This article looks at the framework to achieve lawful international transfers of personal data from Barbados under its Data Protection Act, 2019-29, taking into account it’s dual requirements for adequate protection and appropriate safegaurds. In addition to highlighting ...Mehr lesen

29.05.2024

A new member has joined the INPLP: David Tang (China)

...Mehr lesen

28.05.2024

Insufficient legal basis to use Google Workspace as an educational tool in schools

The Danish Data Protection Agency has in the widely discussed Chromebook case assessed the legal basis for disclosure of personal data relative to the use of digital tools such as Google Workspace on school computers, revealing its insufficiency. As a consequence, ...Mehr lesen

23.05.2024

CCTV in Schools in order to combat crime. «Green light» from the Cyprus DPA for the operation of CCTV in school units!

Combating law violation and crime in school units in Cyprus through CCTV. ...Mehr lesen

16.05.2024

Chile stares EU: a bill of law to regulate AI.

Chile is the first country in latinamerica that seeks to regulate AI. For this purpose, the country has chosen to follow the EU, establishing a risk-based regime. ...Mehr lesen

09.05.2024

Canada introduces Bill C-63, the Online Harms Act

The recently proposed Online Harms Act, introduced in Bill C-63, is Canada’s latest attempt at addressing online harms. This article discusses the substantive provisions of the Act, and amendments to other Acts proposed by Bill C-63. ...Mehr lesen

07.05.2024

Employer care vs. data protection - when well-intentioned is not good enough.

The first of May is a public holiday in Germany, among other countries, and is known as Labour Day. To this day, the "Day of the Labour Movement" emphasizes the commitment to family-friendly working hours, fair pay, but also a healthy working environment and the care of ...Mehr lesen

06.05.2024

New members have joined the INPLP: Lukas Bühlmann and Michael Reinle (Switzerland)

...Mehr lesen

03.05.2024

The US CHIPS Act of 2022 strengthens Costa Rica's role in the global semiconductor ecosystem

In July 2023, the United States Department of State announced its partnership with the Government of Costa Rica to explore opportunities to diversify and grow the global semiconductor ecosystem and create a more transparent, secure and sustainable global semiconductor ...Mehr lesen

02.05.2024

A new member has joined the INPLP: Dalit Ben-Israel (Israel)

...Mehr lesen

25.04.2024

A new member has joined the INPLP: Eyal Roy Sage (Israel)

...Mehr lesen

25.04.2024

CJEU RULING IN THE MATTER OF “SCHUFA” NOT ONLY AFFECTS CREDIT SCORING (C-634/21)

In December 2023, the European Court of Justice (CJEU) had to decide yet another case that will have a significant effect beyond the core facts of the case. The ruling will likely affect not only credit scoring agencies but every sector and controller that works with ...Mehr lesen

23.04.2024

Does the GDPR trump the Bible? Probably not, but it might trump religious administration

Depending on where you live, religious ceremonies can trigger a certain degree of administrative follow-up. In Belgium – like in many other Member States - parishes of the Catholic Church keep baptismal records indicating who underwent this particular sacrament. But what ...Mehr lesen

18.04.2024

Turkish Personal Data Protection Law 2.0 (“PDPL 2.0”)

The first step has been taken in the long-awaited harmonisation of the Turkish Data Protection Law with the GDPR. With this step, the regulations of the Law, especially on data transfer and processing of sensitive data, have been made more applicable for data ...Mehr lesen

16.04.2024

The European Commission confirms that Argentina has adequate legislation for the international transfer of personal data

Argentina, along with 10 other countries, receives ratification from the European Union on its adequacy note for the international transfer of personal data from Europe to these countries. After a process that lasted a few years, and which was temporarily interrupted by ...Mehr lesen

11.04.2024

The Brazilian Data Protection Authority´s Regulatory Sandbox Pilot Program on Artificial Intelligence and Data Protection: A Brief Overview.

The current debates on artificial intelligence create a timely opportunity for the development of mechanisms that balance the promotion of innovation and the protection of fundamental rights, such as privacy and data protection. This article presents a brief overview of ...Mehr lesen

20.03.2024

Further processing videosurveillance recordings for assessing performance of employees is inadmissible.

Bulgarian Personal Data Protection Commission has issued an opinion on the admissibility of processing video surveillance records with sound for the purposes of assessing the personal performance of the employees and for determining their bonuses. The opinion of the ...Mehr lesen

14.03.2024

CJEU increases the requirements for claiming non-material damage within the meaning of the GDPR

Whether or not (nearly) any and all violation of the General Data Protection Regulation (GDPR) entitles data subjects to non-material damages has been the subject of substantial debate. On 14 December 2023 the Court of Justice of the European Union (CJEU) issued a first ...Mehr lesen

13.03.2024

INPLP Activity Report 2023 published

The past year was a success for the INPLP, marked by robust collaboration and network growth. The annual conference in Dublin, hosted by Rob Corbet (Arthur Cox), was a key milestone. Our priorities included strengthening collaboration, facilitating knowledge transfer, ...Mehr lesen

16.02.2024

Extraterritorial Implications of Turkish Data Protection Legislation

This article explores the regulatory landscape for data controllers located outside Turkey and their obligations under the Turkish Data Protection Law. ...Mehr lesen

13.02.2024

Violation of personal data protection by the City of Trnava as the Controller of personal data

In a recent decision by the Office for Personal Data Protection, we witnessed a case of violation of the Personal Data Protection Act and GDPR. The breach of personal data protection concerned the Controller, who unlawfully disclosed personal data of 47 affected ...Mehr lesen

09.02.2024

A thin line between a typo and a data breach: A case study in enhancing data security practices

In a recent case, the Serbian Commissioner for Information of Public Importance and Personal Data Protection issued a cautionary notice to a bank, shedding light on its procedures for collecting and managing clients' email addresses for communication purposes. ...Mehr lesen

07.02.2024

Europe’s AI Act: a new role for the Dutch Data Protection Authority?

"The genie is out of the bottle. We need to move forward on artificial intelligence development but we also need to be mindful of its very real dangers. I fear that AI may replace humans altogether." This quote from Stephen Hawking in 2017 is more relevant today than ...Mehr lesen

05.02.2024

Financial companies for fast loans fined for processing personal data without consent from personal data subject

The North Macedonian Personal Data Protection Agency has issued several fines for financial companies for fast loans due to processing personal data contrary to the law i.e. without previous consent from the data subject. ...Mehr lesen

02.02.2024

Activity of the personal data supervisory authority of Monaco (CCIN): Increase in the number of complaints and recommendations

This article outlines the complaints addressed to the CCIN by data subjects, the number of which, in proportion to Monaco, is rising sharply (1), and its recommendations (2). ...Mehr lesen

31.01.2024

Processing Children’s Data Correctly: Takeaways from the Recent TikTok Decision

In September 2023, the Irish Data Protection Commission (“DPC”) adopted its final decision in an own-volition inquiry into the processing by TikTok Technology Limited (“TikTok”) of personal data relating to child users of the TikTok platform. The sanctions imposed on the ...Mehr lesen

29.01.2024

Analysis of Legal Functionality in the Face of Technological Advancement, Case of Ecuador: Neuro-Rights.

This article analyses the impact of advancing neurotechnology on human rights, particularly regarding cognitive freedom, mental privacy, and psychological integrity. It discusses the ethical implications of brain-computer interfaces and the necessity for specific ...Mehr lesen

26.01.2024

The Brazilian National Data Protection Authority’s View On Artificial Intelligence

Despite Brazil having it’s own all-encompassing law on data protection (i.e. the General Data Protection Law - LGPD) and its own regulatory agency (the National Data Protection Authority - ANPD), the arrival and constant development of artificial intelligence has caused ...Mehr lesen

24.01.2024

How does India’s new privacy law compare to GDPR?

India is now one-month into its grand experiment with data privacy regulation, having replaced a decade-old set of data security rules with a bespoke Digital Personal Data Protection Act, 2023. This new law has had an interesting journey that warrants examination, to see ...Mehr lesen

22.01.2024

A new member has joined the INPLP: Betül Çolak and Ceren Cakir (Turkey)

...Mehr lesen

22.01.2024

Cyberattacks based on the victim´s compliance

Information security compliance has become now a new exploit that cybercriminals are taking advantage from, prompting a need for clear regulatory guidance and proactive security measures. ...Mehr lesen

19.01.2024

New CPRA Regs are here again!

California Privacy Protection Agency issues new amendments to the CPRA regs for discussion in its upcoming December 8 meeting. What do you need to know? ...Mehr lesen

19.01.2024

A new member has joined the INPLP: Bora Yazıcıoğlu (Turkey)

...Mehr lesen

17.01.2024

Understanding data transfers and data transmissions under Mexican Data Protection Law

You may want to avoid getting lost in translation when preparing a data transfer to or from Mexico. We have different names to regulate what globally is known as C2C and C2P data transfers. ...Mehr lesen

15.01.2024

Chile on the way to GDPR standards

Even though Chile was the first Latin American country to have a data privacy regulation and has developed one of the most successful economies in the region, has fallen behind regarding data protection. ...Mehr lesen