Extraterritorial Implications of Turkish Data Protection Legislation

This article explores the regulatory landscape for data controllers located outside Turkey and their obligations under the Turkish Data Protection Law. ...Mehr lesen

Violation of personal data protection by the City of Trnava as the Controller of personal data

In a recent decision by the Office for Personal Data Protection, we witnessed a case of violation of the Personal Data Protection Act and GDPR. The breach of personal data protection concerned the Controller, who unlawfully disclosed personal data of 47 affected ...Mehr lesen

A thin line between a typo and a data breach: A case study in enhancing data security practices

In a recent case, the Serbian Commissioner for Information of Public Importance and Personal Data Protection issued a cautionary notice to a bank, shedding light on its procedures for collecting and managing clients' email addresses for communication purposes. ...Mehr lesen

Europe’s AI Act: a new role for the Dutch Data Protection Authority?

"The genie is out of the bottle. We need to move forward on artificial intelligence development but we also need to be mindful of its very real dangers. I fear that AI may replace humans altogether." This quote from Stephen Hawking in 2017 is more relevant today than ...Mehr lesen

Financial companies for fast loans fined for processing personal data without consent from personal data subject

The North Macedonian Personal Data Protection Agency has issued several fines for financial companies for fast loans due to processing personal data contrary to the law i.e. without previous consent from the data subject. ...Mehr lesen

Activity of the personal data supervisory authority of Monaco (CCIN): Increase in the number of complaints and recommendations

This article outlines the complaints addressed to the CCIN by data subjects, the number of which, in proportion to Monaco, is rising sharply (1), and its recommendations (2). ...Mehr lesen

Processing Children’s Data Correctly: Takeaways from the Recent TikTok Decision

In September 2023, the Irish Data Protection Commission (“DPC”) adopted its final decision in an own-volition inquiry into the processing by TikTok Technology Limited (“TikTok”) of personal data relating to child users of the TikTok platform. The sanctions imposed on the ...Mehr lesen

Analysis of Legal Functionality in the Face of Technological Advancement, Case of Ecuador: Neuro-Rights.

This article analyses the impact of advancing neurotechnology on human rights, particularly regarding cognitive freedom, mental privacy, and psychological integrity. It discusses the ethical implications of brain-computer interfaces and the necessity for specific ...Mehr lesen

The Brazilian National Data Protection Authority’s View On Artificial Intelligence

Despite Brazil having it’s own all-encompassing law on data protection (i.e. the General Data Protection Law - LGPD) and its own regulatory agency (the National Data Protection Authority - ANPD), the arrival and constant development of artificial intelligence has caused ...Mehr lesen

How does India’s new privacy law compare to GDPR?

India is now one-month into its grand experiment with data privacy regulation, having replaced a decade-old set of data security rules with a bespoke Digital Personal Data Protection Act, 2023. This new law has had an interesting journey that warrants examination, to see ...Mehr lesen

A new member has joined the INPLP: Betül Çolak and Ceren Cakir (Turkey)

...Mehr lesen

Cyberattacks based on the victim´s compliance

Information security compliance has become now a new exploit that cybercriminals are taking advantage from, prompting a need for clear regulatory guidance and proactive security measures. ...Mehr lesen

New CPRA Regs are here again!

California Privacy Protection Agency issues new amendments to the CPRA regs for discussion in its upcoming December 8 meeting. What do you need to know? ...Mehr lesen

A new member has joined the INPLP: Bora Yazıcıoğlu (Turkey)

...Mehr lesen

Understanding data transfers and data transmissions under Mexican Data Protection Law

You may want to avoid getting lost in translation when preparing a data transfer to or from Mexico. We have different names to regulate what globally is known as C2C and C2P data transfers. ...Mehr lesen

Chile on the way to GDPR standards

Even though Chile was the first Latin American country to have a data privacy regulation and has developed one of the most successful economies in the region, has fallen behind regarding data protection. ...Mehr lesen


Managing cyber attacks has always been a complex task and, in almost every scenario, it implied the dismissal of the CISO of the company. However, as we will see, there are several reasons to conclude that there is no only one person who shall face responsibility. ...Mehr lesen

Data Protection vs. Anti-Doping Measures - Advocate General Ćapeta Perspective

This case highlights the challenging balance between safeguarding data privacy and preserving the integrity of sport through anti-doping measures. In a world where the internet is the primary channel for information dissemination, adapting data protection regulations to ...Mehr lesen

Cyber Security Breaches in Hong Kong: A Growing Trend and a Call to Action

Hong Kong is grappling with a surge in cyber security breaches, prompting the authority to take proactive measures. This article highlights the need for immediate action, urging organizations to bolster their data security practices to safeguard sensitive information and ...Mehr lesen

Hungary is prepared to introduce a new act which would further digitize the services provided by the state to its citizens

The new Hungarian Digital Citizenship Act would make communication with public administration, as well as management of official documents easier and more user-friendly. The new Act would also enable consent management in respect of electronic collection and use of ...Mehr lesen

Privacy of war crimes victims

The right for Privacy is a fundamental right according to Israeli law but it is a relative right. How should State interests to publish war crimes be considered in this balance? ...Mehr lesen

This is how Costa Rica closes 2023 in terms of privacy and data protection

2023 has been a year of growth and learning for Costa Rica in terms of privacy. Two takeaways on local supervisory authority dynamics and a landmark controversy with political and social impact are introduced below. ...Mehr lesen

Extraterritorial Implications of Turkish Data Protection Legislation

This article explores the regulatory landscape for data controllers located outside Turkey and their obligations under the Turkish Data Protection Law. ...Mehr lesen

CaliforniAI: New Executive Order takes on Generative AI

California Governor, Gavin Newsom, issues Executive Order on Generative AI, which echoes some points in the recent Texas and Connecticut AI laws and goes further, imposing detailed, time limited obligations on California State agencies. ...Mehr lesen

Constitutional Court: The Criteria for Access to Traffic Data Too Loose

Slovenia’s Constitutional Court found the provisions of the Criminal Procedure Act (CPA) enabling the prosecution (police) to access and seize traffic data (data about the circumstances of a communication) to be disproportionate and therefore in violation of the ...Mehr lesen

A thin line between a typo and a data breach: A case study in enhancing data security practices

In a recent case, the Serbian Commissioner for Information of Public Importance and Personal Data Protection issued a cautionary notice to a bank, shedding light on its procedures for collecting and managing clients' email addresses for communication purposes. ...Mehr lesen

Finding the balance between fighting crime and privacy: an Update to the use of Metadata in Criminal Prosecution

On October 13, 2023, the Portuguese Parliament approved an updated version of Law No. 32/2008, which had been declared unconstitutional in April 2022. The community is now waiting for a new preventive judgement of constitutionality on the use of communications metadata ...Mehr lesen

Insurance company fined SEK 35 million for security failures and putting data subjects’ data at risk.

The Swedish Authority for Privacy Protection issued an administrative fine of SEK 35 million (3MEUR+) against the insurance company Trygg-Hansa due to severe security flaws that enabled unauthorized access to information via the internet and put 650 000 customers’ data ...Mehr lesen

AUSTRIA: Is legal advice by software solutions and/or AI permitted in Austria?

In its judgment 4 Ob 77/23m from 27th June 2023 the Austrian Supreme Court, among other things, ruled that the provision of recommendations for action by software solutions and/or AI to lawyers in a legal advisory or automated manner is permissible and that the ...Mehr lesen

The 8th annual conference

Successful event held in Dublin with representatives from 20 countries. ...Mehr lesen

ChaptGPT: the Italian Data Protection Authority leads the way and imposes GDPR compliance.

The Italian Data Protection Authority recently gained international attention for being the first to address the privacy risks of generative artificial intelligence, ordering the temporary restriction of the Italians’ data processing to OpenAI because of the violation of ...Mehr lesen

Czech Data Protection Office record breaking penalty for spam

The Czech Data Protection Office (Úřad pro ochranu osobních údajů or ÚOOÚ, further as “CZDPA”) is the authority supervising compliance with GDPR and related agenda. One of these is the area of the spam – unwanted electronic communication (usually called as newsletters by ...Mehr lesen

Waiting for Cjeu Ruling in the Matter of “Deutsche Wohnen” (C-807/21)

Since the end of December 2021, the preliminary ruling of the European Court of Justice (CJEU) on the conditions under which an administrative fine may be imposed on a legal entity for violating the GDPR has been pending. Since then, the Austrian Data Protection ...Mehr lesen

Unveiling some salient features of Nigeria’s novel Nigeria Data Protection Act (NDPA) 2023.

For a period, the Nigeria Data Protection regulation (NDPR) 2019 was the reference point for data privacy and protection compliance in Nigeria. The enactment of the Nigeria Data Protection Act (“NDPA”) on June 12 2023 launched a new era in data privacy and protection ...Mehr lesen

AI Act and GDPR: managing the world of data in the world of privacy.

Contrary to some persisting beliefs that the AI Act and GDPR are inherently incompatible, GDPR may in fact be interpreted in a way that concords with the purposes of the AI Act. Processing personal data through an artificial intelligence (AI) system’s algorithm triggers ...Mehr lesen

Generative AI and the Protection of Personal Information under the Japanese Law

While generative AI has been getting attention in business, there has been a concern on the protection of personal information when using them. Recently, the Japanese Personal Information Protection Commission (“PPC”) has issued an Alert on the use of generative AI ...Mehr lesen

Cross-Border Data Transfer: Navigating Compliance under the Nigerian Data Protection Act 2023

The recently enacted Nigeria Data Protection Act (“the Act”) 2023 is now the principal data privacy and protection legislation in Nigeria, and it establishes the Nigeria Data Protection Commission (the Commission) to oversee the implementation of the Act. The Act ...Mehr lesen

Brazil's innovative approaches to data protection: the main differences between GDPR and LGPD.

The General Data Protection Regulation (GDPR) and the Brazilian General Data Protection Act (LGPD) are two comprehensive data protection regulations that have gained significant attention worldwide. Both regulations emphasize the importance of obtaining individuals' ...Mehr lesen

AdTech Update: CJEU landmark data protection ruling for online and behavioral advertising

Online advertising is one of the largest online industries. However, it also has long faced issues with data protection regulators. The CJEU has handed down a landmark ruling that clarifies what legal bases controllers can rely on for online and behavioral advertising. ...Mehr lesen

Romanian Whistleblowing Law. About Protecting Data while Fostering Transparency

Romania transposed the EU Whistleblowing Directive on 22 December 2022, via Law No. 361/2022 on the protection of whistleblowers in the public interest ("Romanian Whistleblowing Law"). This article explores key aspects of the law, providing an overview of how Romanian ...Mehr lesen

Loud and Clear! CNIL sends strong privacy with new €40 million fine of CRITEO

French Data Protection Authority, the CNIL, has fined advertising company CRITEO €40 million for improper conduct in handling users’ personal data. This is one of the largest fines of its kind, and perhaps a sign of a new era. ...Mehr lesen

Data transfers across the Atlantic… a storm in a teacup?!

The European Commission's new adequacy decision concerning the United States puts a stop to the European doctrine that was taking shape on the use of American tools involving transfers of personal data across the Atlantic, not without a touch of perplexity. ...Mehr lesen

The Polish Supreme Administrative Court concluded “ saga”

In its judgement from February 2023, the Supreme Administrative Court of Poland announced a significant decision from 2019 of the Polish DPA that imposed a substantial fine of PLN 2.8 million (ca. 645,000 euros) against the online retailer, The decision ...Mehr lesen

Barbados urges banks to bolster cyber resilience with new guideline

The Central Bank of Barbados recently published its Technology and Cyber Risk Management Guideline. Not only does the Guideline require banks to implement a cyber risk framework, it holds them responsible for ensuring the framework’s resilience and robustness in ...Mehr lesen

New Guidelines With Updated Obligations on Cookies in Spain: Companies Have Just a Few Months to Adapt Their Websites

The Spanish DPA (AEPD) published earlier this week new guidelines on cookies in order to update the existing ones to the recommendations of the European Data Protection Board (EDPB). ...Mehr lesen

Data Privacy in Peru: Considerations for foreign personal data controllers with no physical presence in the Peruvian territory.

As in the case of other Latin American and European jurisdictions, the scope of data protection rules in Peru has been designed to be circumscribed to a territorial scope based on a local establishment criterion, which creates obligations for data controllers before ...Mehr lesen

“Another breach in the wall” – the Polish DPA’s views regarding data security and notifying data breaches under the GDPR

In the ever-evolving landscape of data protection and privacy regulations, organizations must remain vigilant in upholding the security of the personal data they handle. A recent decision issued by the Polish DPA underscores this critical aspect, as the Polish DPA ...Mehr lesen

Recommendations for reliable artificial intelligence

Argentine Information Technology Subsecretariat approves a set of recommendations for trustworthy artificial intelligence (“AI”), specifically directed to the public sector. ...Mehr lesen

Serious Criticism and Injunction Issued for using Facebook Business Tools

The Danish Data Protection Authority, Datatilsynet, has issued severe criticism of Boligportal, Denmark's largest online marketplace for rental properties, for failing to demonstrate compliance with the General Data Protection Regulation (GDPR) in their handling of ...Mehr lesen

Is the Austrian Communication-Platforms-Act contrary to EU law?

On 8th June 2023 the ECJ’s Advocate General, Maciej Szpunar, delivered his opinion in the Case C-376/22, concerning the conformity of the so-called Austrian Communications-Platforms-Act („Kommunikationsplattformen-Gesetz“ – “KoPl-G”) with EU-law. As it appears, according ...Mehr lesen