CCTV in Schools in order to combat crime. «Green light» from the Cyprus DPA for the operation of CCTV in school units!

Combating law violation and crime in school units in Cyprus through CCTV. ...Mehr lesen

Chile stares EU: a bill of law to regulate AI.

Chile is the first country in latinamerica that seeks to regulate AI. For this purpose, the country has chosen to follow the EU, establishing a risk-based regime. ...Mehr lesen

Canada introduces Bill C-63, the Online Harms Act

The recently proposed Online Harms Act, introduced in Bill C-63, is Canada’s latest attempt at addressing online harms. This article discusses the substantive provisions of the Act, and amendments to other Acts proposed by Bill C-63. ...Mehr lesen

Employer care vs. data protection - when well-intentioned is not good enough.

The first of May is a public holiday in Germany, among other countries, and is known as Labour Day. To this day, the "Day of the Labour Movement" emphasizes the commitment to family-friendly working hours, fair pay, but also a healthy working environment and the care of ...Mehr lesen

New members have joined the INPLP: Lukas Bühlmann and Michael Reinle (Switzerland)

...Mehr lesen

The US CHIPS Act of 2022 strengthens Costa Rica's role in the global semiconductor ecosystem

In July 2023, the United States Department of State announced its partnership with the Government of Costa Rica to explore opportunities to diversify and grow the global semiconductor ecosystem and create a more transparent, secure and sustainable global semiconductor ...Mehr lesen

A new member has joined the INPLP: Dalit Ben-Israel (Israel)

...Mehr lesen

A new member has joined the INPLP: Eyal Roy Sage (Israel)

...Mehr lesen


In December 2023, the European Court of Justice (CJEU) had to decide yet another case that will have a significant effect beyond the core facts of the case. The ruling will likely affect not only credit scoring agencies but every sector and controller that works with ...Mehr lesen

Does the GDPR trump the Bible? Probably not, but it might trump religious administration

Depending on where you live, religious ceremonies can trigger a certain degree of administrative follow-up. In Belgium – like in many other Member States - parishes of the Catholic Church keep baptismal records indicating who underwent this particular sacrament. But what ...Mehr lesen

Turkish Personal Data Protection Law 2.0 (“PDPL 2.0”)

The first step has been taken in the long-awaited harmonisation of the Turkish Data Protection Law with the GDPR. With this step, the regulations of the Law, especially on data transfer and processing of sensitive data, have been made more applicable for data ...Mehr lesen

The European Commission confirms that Argentina has adequate legislation for the international transfer of personal data

Argentina, along with 10 other countries, receives ratification from the European Union on its adequacy note for the international transfer of personal data from Europe to these countries. After a process that lasted a few years, and which was temporarily interrupted by ...Mehr lesen

The Brazilian Data Protection Authority´s Regulatory Sandbox Pilot Program on Artificial Intelligence and Data Protection: A Brief Overview.

The current debates on artificial intelligence create a timely opportunity for the development of mechanisms that balance the promotion of innovation and the protection of fundamental rights, such as privacy and data protection. This article presents a brief overview of ...Mehr lesen

Further processing videosurveillance recordings for assessing performance of employees is inadmissible.

Bulgarian Personal Data Protection Commission has issued an opinion on the admissibility of processing video surveillance records with sound for the purposes of assessing the personal performance of the employees and for determining their bonuses. The opinion of the ...Mehr lesen

CJEU increases the requirements for claiming non-material damage within the meaning of the GDPR

Whether or not (nearly) any and all violation of the General Data Protection Regulation (GDPR) entitles data subjects to non-material damages has been the subject of substantial debate. On 14 December 2023 the Court of Justice of the European Union (CJEU) issued a first ...Mehr lesen

INPLP Activity Report 2023 published

The past year was a success for the INPLP, marked by robust collaboration and network growth. The annual conference in Dublin, hosted by Rob Corbet (Arthur Cox), was a key milestone. Our priorities included strengthening collaboration, facilitating knowledge transfer, ...Mehr lesen

Extraterritorial Implications of Turkish Data Protection Legislation

This article explores the regulatory landscape for data controllers located outside Turkey and their obligations under the Turkish Data Protection Law. ...Mehr lesen

Violation of personal data protection by the City of Trnava as the Controller of personal data

In a recent decision by the Office for Personal Data Protection, we witnessed a case of violation of the Personal Data Protection Act and GDPR. The breach of personal data protection concerned the Controller, who unlawfully disclosed personal data of 47 affected ...Mehr lesen

A thin line between a typo and a data breach: A case study in enhancing data security practices

In a recent case, the Serbian Commissioner for Information of Public Importance and Personal Data Protection issued a cautionary notice to a bank, shedding light on its procedures for collecting and managing clients' email addresses for communication purposes. ...Mehr lesen

Europe’s AI Act: a new role for the Dutch Data Protection Authority?

"The genie is out of the bottle. We need to move forward on artificial intelligence development but we also need to be mindful of its very real dangers. I fear that AI may replace humans altogether." This quote from Stephen Hawking in 2017 is more relevant today than ...Mehr lesen

Financial companies for fast loans fined for processing personal data without consent from personal data subject

The North Macedonian Personal Data Protection Agency has issued several fines for financial companies for fast loans due to processing personal data contrary to the law i.e. without previous consent from the data subject. ...Mehr lesen

Activity of the personal data supervisory authority of Monaco (CCIN): Increase in the number of complaints and recommendations

This article outlines the complaints addressed to the CCIN by data subjects, the number of which, in proportion to Monaco, is rising sharply (1), and its recommendations (2). ...Mehr lesen

Processing Children’s Data Correctly: Takeaways from the Recent TikTok Decision

In September 2023, the Irish Data Protection Commission (“DPC”) adopted its final decision in an own-volition inquiry into the processing by TikTok Technology Limited (“TikTok”) of personal data relating to child users of the TikTok platform. The sanctions imposed on the ...Mehr lesen

Analysis of Legal Functionality in the Face of Technological Advancement, Case of Ecuador: Neuro-Rights.

This article analyses the impact of advancing neurotechnology on human rights, particularly regarding cognitive freedom, mental privacy, and psychological integrity. It discusses the ethical implications of brain-computer interfaces and the necessity for specific ...Mehr lesen

The Brazilian National Data Protection Authority’s View On Artificial Intelligence

Despite Brazil having it’s own all-encompassing law on data protection (i.e. the General Data Protection Law - LGPD) and its own regulatory agency (the National Data Protection Authority - ANPD), the arrival and constant development of artificial intelligence has caused ...Mehr lesen

How does India’s new privacy law compare to GDPR?

India is now one-month into its grand experiment with data privacy regulation, having replaced a decade-old set of data security rules with a bespoke Digital Personal Data Protection Act, 2023. This new law has had an interesting journey that warrants examination, to see ...Mehr lesen

A new member has joined the INPLP: Betül Çolak and Ceren Cakir (Turkey)

...Mehr lesen

Cyberattacks based on the victim´s compliance

Information security compliance has become now a new exploit that cybercriminals are taking advantage from, prompting a need for clear regulatory guidance and proactive security measures. ...Mehr lesen

New CPRA Regs are here again!

California Privacy Protection Agency issues new amendments to the CPRA regs for discussion in its upcoming December 8 meeting. What do you need to know? ...Mehr lesen

A new member has joined the INPLP: Bora Yazıcıoğlu (Turkey)

...Mehr lesen

Understanding data transfers and data transmissions under Mexican Data Protection Law

You may want to avoid getting lost in translation when preparing a data transfer to or from Mexico. We have different names to regulate what globally is known as C2C and C2P data transfers. ...Mehr lesen

Chile on the way to GDPR standards

Even though Chile was the first Latin American country to have a data privacy regulation and has developed one of the most successful economies in the region, has fallen behind regarding data protection. ...Mehr lesen


Managing cyber attacks has always been a complex task and, in almost every scenario, it implied the dismissal of the CISO of the company. However, as we will see, there are several reasons to conclude that there is no only one person who shall face responsibility. ...Mehr lesen

Data Protection vs. Anti-Doping Measures - Advocate General Ćapeta Perspective

This case highlights the challenging balance between safeguarding data privacy and preserving the integrity of sport through anti-doping measures. In a world where the internet is the primary channel for information dissemination, adapting data protection regulations to ...Mehr lesen

Cyber Security Breaches in Hong Kong: A Growing Trend and a Call to Action

Hong Kong is grappling with a surge in cyber security breaches, prompting the authority to take proactive measures. This article highlights the need for immediate action, urging organizations to bolster their data security practices to safeguard sensitive information and ...Mehr lesen

Hungary is prepared to introduce a new act which would further digitize the services provided by the state to its citizens

The new Hungarian Digital Citizenship Act would make communication with public administration, as well as management of official documents easier and more user-friendly. The new Act would also enable consent management in respect of electronic collection and use of ...Mehr lesen

Privacy of war crimes victims

The right for Privacy is a fundamental right according to Israeli law but it is a relative right. How should State interests to publish war crimes be considered in this balance? ...Mehr lesen

This is how Costa Rica closes 2023 in terms of privacy and data protection

2023 has been a year of growth and learning for Costa Rica in terms of privacy. Two takeaways on local supervisory authority dynamics and a landmark controversy with political and social impact are introduced below. ...Mehr lesen

Extraterritorial Implications of Turkish Data Protection Legislation

This article explores the regulatory landscape for data controllers located outside Turkey and their obligations under the Turkish Data Protection Law. ...Mehr lesen

CaliforniAI: New Executive Order takes on Generative AI

California Governor, Gavin Newsom, issues Executive Order on Generative AI, which echoes some points in the recent Texas and Connecticut AI laws and goes further, imposing detailed, time limited obligations on California State agencies. ...Mehr lesen

Constitutional Court: The Criteria for Access to Traffic Data Too Loose

Slovenia’s Constitutional Court found the provisions of the Criminal Procedure Act (CPA) enabling the prosecution (police) to access and seize traffic data (data about the circumstances of a communication) to be disproportionate and therefore in violation of the ...Mehr lesen

A thin line between a typo and a data breach: A case study in enhancing data security practices

In a recent case, the Serbian Commissioner for Information of Public Importance and Personal Data Protection issued a cautionary notice to a bank, shedding light on its procedures for collecting and managing clients' email addresses for communication purposes. ...Mehr lesen

Finding the balance between fighting crime and privacy: an Update to the use of Metadata in Criminal Prosecution

On October 13, 2023, the Portuguese Parliament approved an updated version of Law No. 32/2008, which had been declared unconstitutional in April 2022. The community is now waiting for a new preventive judgement of constitutionality on the use of communications metadata ...Mehr lesen

Insurance company fined SEK 35 million for security failures and putting data subjects’ data at risk.

The Swedish Authority for Privacy Protection issued an administrative fine of SEK 35 million (3MEUR+) against the insurance company Trygg-Hansa due to severe security flaws that enabled unauthorized access to information via the internet and put 650 000 customers’ data ...Mehr lesen

AUSTRIA: Is legal advice by software solutions and/or AI permitted in Austria?

In its judgment 4 Ob 77/23m from 27th June 2023 the Austrian Supreme Court, among other things, ruled that the provision of recommendations for action by software solutions and/or AI to lawyers in a legal advisory or automated manner is permissible and that the ...Mehr lesen

The 8th annual conference

Successful event held in Dublin with representatives from 20 countries. ...Mehr lesen

ChaptGPT: the Italian Data Protection Authority leads the way and imposes GDPR compliance.

The Italian Data Protection Authority recently gained international attention for being the first to address the privacy risks of generative artificial intelligence, ordering the temporary restriction of the Italians’ data processing to OpenAI because of the violation of ...Mehr lesen

Czech Data Protection Office record breaking penalty for spam

The Czech Data Protection Office (Úřad pro ochranu osobních údajů or ÚOOÚ, further as “CZDPA”) is the authority supervising compliance with GDPR and related agenda. One of these is the area of the spam – unwanted electronic communication (usually called as newsletters by ...Mehr lesen

Waiting for Cjeu Ruling in the Matter of “Deutsche Wohnen” (C-807/21)

Since the end of December 2021, the preliminary ruling of the European Court of Justice (CJEU) on the conditions under which an administrative fine may be imposed on a legal entity for violating the GDPR has been pending. Since then, the Austrian Data Protection ...Mehr lesen

Unveiling some salient features of Nigeria’s novel Nigeria Data Protection Act (NDPA) 2023.

For a period, the Nigeria Data Protection regulation (NDPR) 2019 was the reference point for data privacy and protection compliance in Nigeria. The enactment of the Nigeria Data Protection Act (“NDPA”) on June 12 2023 launched a new era in data privacy and protection ...Mehr lesen