News

Romanian Whistleblowing Law. About Protecting Data while Fostering Transparency

Romania transposed the EU Whistleblowing Directive on 22 December 2022, via Law No. 361/2022 on the protection of whistleblowers in the public interest ("Romanian Whistleblowing Law"). This article explores key aspects of the law, providing an overview of how Romanian ...Mehr lesen

Loud and Clear! CNIL sends strong privacy with new €40 million fine of CRITEO

French Data Protection Authority, the CNIL, has fined advertising company CRITEO €40 million for improper conduct in handling users’ personal data. This is one of the largest fines of its kind, and perhaps a sign of a new era. ...Mehr lesen

Data transfers across the Atlantic… a storm in a teacup?!

The European Commission's new adequacy decision concerning the United States puts a stop to the European doctrine that was taking shape on the use of American tools involving transfers of personal data across the Atlantic, not without a touch of perplexity. ...Mehr lesen

The Polish Supreme Administrative Court concluded “Morele.net saga”

In its judgement from February 2023, the Supreme Administrative Court of Poland announced a significant decision from 2019 of the Polish DPA that imposed a substantial fine of PLN 2.8 million (ca. 645,000 euros) against the online retailer, Morele.net. The decision ...Mehr lesen

Barbados urges banks to bolster cyber resilience with new guideline

The Central Bank of Barbados recently published its Technology and Cyber Risk Management Guideline. Not only does the Guideline require banks to implement a cyber risk framework, it holds them responsible for ensuring the framework’s resilience and robustness in ...Mehr lesen

New Guidelines With Updated Obligations on Cookies in Spain: Companies Have Just a Few Months to Adapt Their Websites

The Spanish DPA (AEPD) published earlier this week new guidelines on cookies in order to update the existing ones to the recommendations of the European Data Protection Board (EDPB). ...Mehr lesen

Data Privacy in Peru: Considerations for foreign personal data controllers with no physical presence in the Peruvian territory.

As in the case of other Latin American and European jurisdictions, the scope of data protection rules in Peru has been designed to be circumscribed to a territorial scope based on a local establishment criterion, which creates obligations for data controllers before ...Mehr lesen

“Another breach in the wall” – the Polish DPA’s views regarding data security and notifying data breaches under the GDPR

In the ever-evolving landscape of data protection and privacy regulations, organizations must remain vigilant in upholding the security of the personal data they handle. A recent decision issued by the Polish DPA underscores this critical aspect, as the Polish DPA ...Mehr lesen

Recommendations for reliable artificial intelligence

Argentine Information Technology Subsecretariat approves a set of recommendations for trustworthy artificial intelligence (“AI”), specifically directed to the public sector. ...Mehr lesen

Serious Criticism and Injunction Issued for using Facebook Business Tools

The Danish Data Protection Authority, Datatilsynet, has issued severe criticism of Boligportal, Denmark's largest online marketplace for rental properties, for failing to demonstrate compliance with the General Data Protection Regulation (GDPR) in their handling of ...Mehr lesen

Is the Austrian Communication-Platforms-Act contrary to EU law?

On 8th June 2023 the ECJ’s Advocate General, Maciej Szpunar, delivered his opinion in the Case C-376/22, concerning the conformity of the so-called Austrian Communications-Platforms-Act („Kommunikationsplattformen-Gesetz“ – “KoPl-G”) with EU-law. As it appears, according ...Mehr lesen

A new member has joined the INPLP: Ibrahim Can Cayirpare (Turkey)

...Mehr lesen