On March 7, 2024, the Court of Justice of the European Union issued its judgment in the case of Endemol Shine (Case C‑604/22). In this case, the CJEU was called upon to assess whether oral disclosure of information could be considered as processing of personal data under the GDPR and to clarify the relationship between personal data protection and public access to documents.
Continue Reading CJEU Rules That Oral Disclosure May Be Considered as Processing of Personal Data Under the GDPR

On March 7, 2024, the Court of Justice of the European Union issued its judgment in the case of IAB Europe (Case C‑604/22). In this judgment, the CJEU assessed the role of IAB Europe in the processing operations associated with its Transparency and Consent Framework and further developed CJEU case law on the concept of personal data under the GDPR.
Continue Reading CJEU Rules on IAB Europe’s Transparency and Consent Framework

President Biden recently released an Executive Order “addressing the extraordinary and unusual national security threat posed by the continued effort of certain countries of concern to access Americans’ bulk sensitive personal data and certain U.S. Government-related data.”
Continue Reading DOJ Regulations and White House Executive Order Will Target Protections for Americans’ Sensitive Personal Data Against Foreign Threat Actors

On March 1, 2024, the UK Information Commissioner’s Office announced that it had issued an enforcement notice and a warning to the UK Home Office for failing to sufficiently assess the privacy risks posed by the electronic monitoring of people arriving in the UK via unauthorized means.
Continue Reading UK ICO Issues Enforcement Notice and Warning to UK Home Office

On February 23, 2024, the UK Information Commissioner’s Office reported that it had ordered public service providers Serco Leisure, Serco Jersey and associated community leisure trusts to stop using facial recognition technology and fingerprint scanning to monitor employee attendance.
Continue Reading ICO Orders Companies to Cease Using Facial Recognition Technology and Fingerprint Scanning to Monitor Attendance

On February 20, 2024, The Centre for Information Policy Leadership at Hunton Andrews Kurth LLP and Theodore Christakis, Professor of International, European and Digital Law at University Grenoble Alpes, released a comprehensive study titled The “Zero Risk” Fallacy: International Data Transfers, Foreign Governments’ Access to Data and the Need for a Risk-Based Approach.
Continue Reading CIPL Publishes The Zero Risk Fallacy Paper