On March 28, 2023, the French Data Protection Authority announced a €125,000 fine on the e-scooter rental company Cityscoot for breaching EU and French data protection rules, in particular in the context of geolocation and use of Google reCAPTCHA.
Continue Reading CNIL issues €125,000 Fine Against E-Scooter Rental Company
International
UK Government Publishes AI White Paper
On March 29, 2023, the UK government published a white paper on artificial intelligence entitled “A pro-innovation approach to AI regulation.” …
Continue Reading UK Government Publishes AI White Paper
Brazilian DPA Enacts Regulation on the Setting and Application of Administrative Penalties Under the Brazilian General Data Protection Law
The Brazilian law firm BMA Advogados reports that the Brazilian National Data Protection Authority adopted a landmark and long-awaited regulation for the enforcement of the Brazilian General Data Protection Law. …
Continue Reading Brazilian DPA Enacts Regulation on the Setting and Application of Administrative Penalties Under the Brazilian General Data Protection Law
UK ICO Issues Updated Guidance on AI and Data Protection
On March 15, 2023, the UK Information Commissioner’s Office published an updated version of its guidance on AI and data protection, following requests from UK industry to clarify requirements for fairness in AI. …
Continue Reading UK ICO Issues Updated Guidance on AI and Data Protection
International Data Transfers: Time to Rethink Binding Corporate Rules
This is an excerpt from CIPL President Bojana Bellamy’s recently published piece in the IAPP “Privacy Perspectives” blog. This piece discusses binding corporate rules as important transfer mechanism.
Continue Reading International Data Transfers: Time to Rethink Binding Corporate Rules
UK Introduces Data Protection and Digital Information (No. 2) Bill
On March 8, 2023, the UK Secretary of State for Science, Innovation and Technology, Michelle Donelan, introduced the Data Protection and Digital Information (No. 2) Bill to UK Parliament.
Continue Reading UK Introduces Data Protection and Digital Information (No. 2) Bill
Irish Data Protection Commission Publishes Annual Report for 2022
On March 7, 2023, the Irish Data Protection Commission published its Annual Report for 2022. …
Continue Reading Irish Data Protection Commission Publishes Annual Report for 2022
EDPB issues Its Opinion on the EU-U.S. Data Privacy Framework
On February 28, 2023, the European Data Protection Board issued its Opinion 5/2023 on the European Commission Draft Implementing Decision on the adequate protection of personal data under the EU-U.S. Data Privacy Framework. …
Continue Reading EDPB issues Its Opinion on the EU-U.S. Data Privacy Framework
EDPB Adopts Three Sets of Guidelines in Final Form
On February 24, 2023, following public consultation, the European Data Protection Board published the following three sets of adopted guidelines. …
Continue Reading EDPB Adopts Three Sets of Guidelines in Final Form
UK Tribunal Rules on Direct Marketing ICO Case Against Experian
On February 20, 2023, in the case of Experian Limited v The Information Commissioner, the First-Tier Tribunal in the UK ruled on the ICO’s action to require Experian to change how it processes personal data for direct marketing purposes.
Continue Reading UK Tribunal Rules on Direct Marketing ICO Case Against Experian