On May 23, 2023, the UK Information Commissioner, John Edwards, delivered the opening remarks at the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs.
Continue Reading UK Information Commissioner Delivers Opening Remarks at European Parliament’s Committee on Civil Liberties, Justice and Home Affairs
European Union
Irish Regulator Fines Meta 1.2 Billion Euros and Orders it to Cease Data Transfers to the U.S.
On May 22, 2023, the Irish Data Protection Commission announced a €1.2 billion fine against Meta Ireland for unlawfully transferring personal data to the U.S. …
Continue Reading Irish Regulator Fines Meta 1.2 Billion Euros and Orders it to Cease Data Transfers to the U.S.
EDPB Adopts Guidelines on Facial Recognition in the Area of Law Enforcement
On May 17, 2023, the European Data Protection Board adopted the final version of its Guidelines on facial recognition technologies in the area of law enforcement. …
Continue Reading EDPB Adopts Guidelines on Facial Recognition in the Area of Law Enforcement
CNIL Publishes Action Plan on AI
On May 16, 2023, the French Data Protection Authority announced its action plan on artificial intelligence. …
Continue Reading CNIL Publishes Action Plan on AI
European Parliament Adopts EU-U.S. Data Privacy Framework Resolution
On May 11, 2023, at a plenary session, the European Parliament voted to adopt a resolution on the adequacy of the protection afforded by the EU-U.S. Data Privacy Framework which calls on the European Commission to continue negotiations with its U.S. counterparts with the aim of creating a mechanism that would ensure equivalence and provide the adequate level of protection required by EU data protection law. …
Continue Reading European Parliament Adopts EU-U.S. Data Privacy Framework Resolution
CJEU Determines that a Mere Infringement of the GDPR is not Sufficient to Require Compensation
On May 4, 2023, the Court of Justice of the European Union issued a judgment in the Österreichische Post case. …
Continue Reading CJEU Determines that a Mere Infringement of the GDPR is not Sufficient to Require Compensation
EDPB Initiates Procedure for Electing a New Chair
On April 26, 2023, the European Data Protection Board (“EDPB”) initiated the procedure for electing a new Chair and Deputy Chair to replace Andrea Jelinek and Ventsislav Karadjov, whose mandates will end on May 25, 2023.
Continue Reading EDPB Initiates Procedure for Electing a New Chair
CNIL issues €125,000 Fine Against E-Scooter Rental Company
On March 28, 2023, the French Data Protection Authority announced a €125,000 fine on the e-scooter rental company Cityscoot for breaching EU and French data protection rules, in particular in the context of geolocation and use of Google reCAPTCHA. …
Continue Reading CNIL issues €125,000 Fine Against E-Scooter Rental Company
International Data Transfers: Time to Rethink Binding Corporate Rules
This is an excerpt from CIPL President Bojana Bellamy’s recently published piece in the IAPP “Privacy Perspectives” blog. This piece discusses binding corporate rules as important transfer mechanism.
Continue Reading International Data Transfers: Time to Rethink Binding Corporate Rules
UK Introduces Data Protection and Digital Information (No. 2) Bill
On March 8, 2023, the UK Secretary of State for Science, Innovation and Technology, Michelle Donelan, introduced the Data Protection and Digital Information (No. 2) Bill to UK Parliament.
Continue Reading UK Introduces Data Protection and Digital Information (No. 2) Bill