News

22.04.2025

The Legal Pitfalls of Using AI to Land Your Dream Job

Job applicants are using AI to land new positions, with some even using AI tools to help them formulate “model” answers – in real time – during remote interviews. Despite an absence of law and regulation on the topic, there are meaningful steps employers can take to ...Mehr lesen

17.04.2025

Brazil’s New Data Protection Roadmap: A Closer Look at the ANPD’s 2025–2026 Regulatory Agenda and Its Global Relevance

Brazil’s National Data Protection Authority (ANPD) has released its most ambitious Regulatory Agenda to date, offering a detailed roadmap for upcoming regulations on artificial intelligence, biometrics, data subject rights, and more. This article provides an overview of ...Mehr lesen

08.04.2025

A new member has joined the INPLP: Emely García

...Mehr lesen

27.03.2025

A new member has joined the INPLP: Georg Schröder

...Mehr lesen

26.03.2025

10th annual INPLP conference

...Mehr lesen

25.03.2025

New members have joined the INPLP: Lorena Botelho and Caroline Teófilo

...Mehr lesen

18.02.2025

Guideline on the Transfers of Personal Data Abroad

Published in January 2025, this guideline aims to explain the processes for transferring personal data abroad under Article 9 of the Personal Data Protection Law No. 6698 (“the Law”). The guideline serves as an instructive document regarding the implementation of the Law ...Mehr lesen

16.01.2025

New Implementation Rules for PRC Data Protection

China has recently published the Regulations on Network Data Security Management, which will enter into force on January 1, 2025, refining the existing data protection requirements. In this article, we provide highlights of the notable requirements provided in the new ...Mehr lesen

14.01.2025

Initial Legislative Developments for Artificial Intelligence in Turkiye

With the rapid expansion of the use of artificial intelligence (AI) and its integration into all areas of life, it has become essential to establish a legal framework that regulates the safe and ethical development, distribution and use of AI systems, considering the ...Mehr lesen

09.01.2025

Knowing Your Data Related Rights: Romania's Schengen Full Access

After more than a decade of anticipation, Romania has officially become a full member of the Schengen Area. As of 1 January 2025, land border checks with Romania and Bulgaria are a thing of the past, building on the earlier removal of air and sea border controls on 31 ...Mehr lesen

19.12.2024

UK Data Reform: Striking the Balance Between Adequacy and Innovation

The UK Government has brought forward a new Bill that proposes several changes to UK data protection law, alongside other provisions intended to broaden use and commercialisation of data for economic and societal benefit. The Bill, introduced into the House of Lords on ...Mehr lesen

18.12.2024

Polish Supreme Administrative Court Upholds Employers' Right to Retain Rejected Applicants' Data for Defense Against Potential Discrimination Claims

The Polish Supreme Administrative Court issued a landmark ruling on February 20, 2024 case no III OSK 2700/22, affirming that employers can lawfully retain personal data of rejected job applicants based on their legitimate interest in defending against potential ...Mehr lesen

16.12.2024

New members have joined the INPLP: Daniel Stranius and Otto Lindholm (Finland)

...Mehr lesen

12.12.2024

The suppression of INAI as the personal data protection authority in Mexico.

Mexico will face multiple challenges with the suppresion of INAI as its data protection authority; a new authority will take its place and its independence and specialization has been questioned. What happened and what comes next? ...Mehr lesen

26.11.2024

Protecting Attorney Client Privilege after a Cyberattack

Maximizing the Protection of the Attorney-Client Privilege and Work-Product Doctrine in the Wake of a Cyberattack. ...Mehr lesen

12.11.2024

Data Protection and Conflict of Interest

The role of the Data Protection Officer (DPO), or Encarregado de Dados, is critical to fostering a culture of privacy and data protection in organisations. Given their unique position, DPOs must have independence, autonomy, and direct access to senior management to ...Mehr lesen

05.11.2024

Unauthorized Processing of Personal Data in Connection with a Traffic Accident

The Slovak Office for Personal Data Protection (hereinafter referred to as the “Office”) recently imposed a fine of EUR 7,500 on Company CC for repeated and serious violations of data protection rules under the GDPR. Company CC, which focuses on compensating traffic ...Mehr lesen

22.10.2024

AN INSIGHT INTO THE NEW NIGERIAN CODE OF CONDUCT FOR DATA PROTECTION COMPLIANCE ORGANIZATIONS (DPCOs) 2023

The Nigeria Data Protection Commission (the Commissi-on or NDPC), in exercise of its regulatory mandate and after a painstaking validation process involving stakehol-ders such as Data Subjects, Data Controllers, Data Proces-sors and Data Protection Compliance ...Mehr lesen

10.10.2024

The use of biometric data by the banks in Panama

Banking entities in Panama are implementing biometric validation processes without considering basic principles of personal data protection. ...Mehr lesen

08.10.2024

Food delivery companies Wolt and Glovo being ordered by information commissary to stop Labelling Their Delivery Personnel

The IC found that the food delivery companies had no legal basis for printing the identity numbers on the outside of the delivery bags of their personnel, presumably to prevent traffic violations. Both companies were ordered to stop this practice which violates the ...Mehr lesen

03.10.2024

Tracking trouble: AS Watson's €600,000 fine and Google’s Privacy Sandbox under scrutiny

Recently, two notable cases have emerged demonstrating that the consent requirement for cookies is not always adhered to. The Dutch Data Protection Authority (AP) fined AS Watson B.V., the parent company of the Dutch drugstore chain Kruidvat, €600,000 for placing ...Mehr lesen

26.09.2024

Controversial Swedish Freedom of Press Exemption challenged by the GDPR

The GDPR, designed to safeguard personal data, sometimes conflicts with rights like freedom of expression. In Sweden, online publishers can get a certificate of publication, exempting them from GDPR. This exemption, rooted in principles dated back to the second world war ...Mehr lesen

19.09.2024

Stowaways or Allies? Legal risks of using artificial intelligence (AI) transcription services in work meetings

Unlock the potential and pitfalls of AI transcription services in your workplace—while they offer unmatched convenience, they also come with serious ethical and legal challenges that could impact your business. Discover how to navigate these risks and ensure responsible ...Mehr lesen

17.09.2024

The Mischief of Mismanagement: Tale of a Breach of the GDPR

In early 2022, the Portuguese National Data Protection Supervisory Authority (“CNPD”) accused Lisbon’s Municipality of retaining demonstrators’ and protestors’ personal information for longer than necessary and sharing it with national and foreign public entities without ...Mehr lesen

13.09.2024

A new member has joined the INPLP: Jason Kravitz (United States)

...Mehr lesen

12.09.2024

New Amendment to Israeli Privacy Protection Law and Mandatory DPO Appointment

The Israeli parliament recently adopted a new amendment to the Israeli Protection of Privacy Law, 5741-1981 ("PPL") entering into force in 12 months, on August 14, 2025. ...Mehr lesen

10.09.2024

Data Protection ramifications emerging from the now in force Digital Services Act (DSA)

This article seeks to inform businesses and industry professionals such as marketing specialists and data engineers on the data protection ramifications which may have a bearing on their commercial efforts in the area of online advertising practices, notably via online ...Mehr lesen

03.09.2024

AI, ChatGPT and the EDPB: Regulatory Insights from Taskforce Report

Report on ChatGPT outlines European data protection regulator's preliminary views and early indicators about the direction of regulatory travel regarding the co-existence of GDPR and Artificial Intelligence / EU AI Act. ...Mehr lesen

29.08.2024

Transparency, personal data and the proposed reform in Mexico.

Mexico's approach to personal data protection operates through distinct frameworks for the public and private sectors. The Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP ), established in 2010, governs private entities without reform to date. ...Mehr lesen

22.08.2024

The North Macedonia Government violated the Law on PDP publishing personal data of awarded applicants in front of the European Court of Human Rights

This resolution includes data for 519 applicants i.e. their names and surnames, personal identification numbers (PIN), bank accounts with data in which bank the bank accounts are maintained ...Mehr lesen

20.08.2024

Time to Legalize Data Transfers from Turkey - Deadline: September 1, 2024.

The Turkish Data Protection Law was amended to introduce new mechanisms to transfer personal data from Turkey to other countries. One of the significant changes is that consent will not be used as a legal basis as of September 1, 2024. This deadline requires controllers ...Mehr lesen

13.08.2024

China’s Data Export Landscape - An Overview of the Regulatory Framework for Multinationals

The Chinese government's focus on regulating data exports poses a major challenge for multinationals in China. This article discusses the latest legal devlopments relating to data export regulations in China and provides insightful recommendations for complying with ...Mehr lesen

08.08.2024

DPC’s 2023 Report – increase in access requests, breach notifications and cross border co-operation

The Irish Data Protection Commission (“DPC”) published its 2023 Annual Report on 29 May 2024 (the “Report”). The Report can be accessed here and provides a helpful summary of the DPC’s actions over the course of 2023 ...Mehr lesen

06.08.2024

ACTIVITY OF THE PERSONAL DATA SUPERVISORY AUTHORITY OF MONACO (CCIN) IN 2023/24

This article is devoted to the positions of principle of the personal data supervisory authority of Monaco (hereinafter “CCIN”) formulated in the context of complaints or requests for authorisation to implement data processing in 2023 (I), as well as its recommendations ...Mehr lesen

01.08.2024

Overfitting: A Conversation Starter for the Next Summer Party

Overfitting in AI, where models over-specialize in training data, exemplifies the challenge faced by Transformer-based LLMs which memorize extensive details. This raises significant legal concerns regarding data protection and copyright. Addressing these issues ...Mehr lesen

31.07.2024

Upcoming: The 9th annual INPLP conference

...Mehr lesen

30.07.2024

Blockchain vs Data protection

At first sight, blockchain technology and the General Data Protection Regulation (GDPR) seem to be intrinsically incompatible. The convergence of personal data protection and blockchain technology raises therefore complex issues surrounding data privacy and data ...Mehr lesen

23.07.2024

Predicting the Next Amendment of the Japanese Privacy Law

The Personal Information Protection Commission recently publishes an interim summary of issues for the next amendment of the Japanese Privacy Law. ...Mehr lesen

16.07.2024

3 Personal Data Conundrums For India’s New Government

While India’s new Government will continue to push new digital laws, successful implementation of new concepts may require a little novel thinking. ...Mehr lesen

11.07.2024

Swiss-US Data Privacy Framework: Slowly But Steady?

Despite ongoing efforts to align with EU data protection standards, the Swiss-U.S. Privacy Framework remains a work in progress, leaving Swiss controllers with legal uncertainty and the burden of additional compliance measures when transferring data to the US. ...Mehr lesen

09.07.2024

Israel and the EU: Data Protection Adequacy

Adequacy is a status granted by the Commission of the European Union to countries outside the European Economic Area (EEA) that provide a level of personal data protection comparable to that provided in European law. When a country has been awarded adequacy status, ...Mehr lesen

04.07.2024

The Right to Compensation Under the GDPR: Key Takeaways from Recent Case Law of the Court of Justice of the European Union

Over the course of several preliminary references during 2023 and 2024, the Court of Justice of the European Union (“CJEU”) has clarified the circumstances in which data subjects will be entitled to compensation under Article 82 of the General Data Protection Regulation ...Mehr lesen

25.06.2024

Video surveillance and artificial intelligence: sanctions against a Public Body by the Italian DPA

With the decision No. 5 of 2024, the Italian Data Protection Authority (“DPA”) penalised the Municipality of Trento for the unlawful data processing in two AI surveillance projects. The DPA stated that the AI systems used did not provide adequate data anonymization ...Mehr lesen

20.06.2024

Cyprus DPC Rulings on Data Breaches by the Cyprus Football Association, Cyprus News Agency, and Arktinos Publications Ltd

On 17 June 2024, the Commissioner for Data Protection of Cyprus published her decisions (issued in February 2024) in relation to three similar complaints for infringement of the provisions of Chapter V of the GDPR due to the use of Google Analytics and Facebook Connect ...Mehr lesen

18.06.2024

French pass system to be deployed during 2024 Olympic and Paralympic Games.

As France gears up to host the 2024 Olympic and Paralympic Games, expecting several million spectators and thousands of athletes, the country is not only preparing its infrastructure and venues, but also setting up measures to guarantee the smooth running and safety of ...Mehr lesen

17.06.2024

New members have joined the INPLP: José Antonio Arochi, Verónica Siten and Montserrat Landaverde (Mexico)

...Mehr lesen

14.06.2024

A new member has joined the INPLP: Oscar Montezuma Panez

...Mehr lesen

13.06.2024

Data Governance Act: data intermediation services provider, a new player involved in personal data processing?

Data sharing is a subject of ever-increasing importance, and one that is occupying the European Union exponentially, which has sought to promote data exchange mechanisms as part of its European data strategy. The Data Governance Act, which came into force on September ...Mehr lesen

11.06.2024

Registration of data controllers commences in Jamaica

The widely anticipated registration of controllers commenced on June 1, 2024, and both local and international controllers are expected to be registered at the Office of the Information Commissioner in Jamaica. ...Mehr lesen

06.06.2024

A new member has joined the INPLP: Justine A. Collins (Jamaica)

...Mehr lesen