On March 7, 2024, the Court of Justice of the European Union issued its judgment in the case of IAB Europe (Case C‑604/22). In this judgment, the CJEU assessed the role of IAB Europe in the processing operations associated with its Transparency and Consent Framework and further developed CJEU case law on the concept of personal data under the GDPR.
Continue Reading CJEU Rules on IAB Europe’s Transparency and Consent Framework
Data Protection Authority
UK ICO Issues Enforcement Notice and Warning to UK Home Office
On March 1, 2024, the UK Information Commissioner’s Office announced that it had issued an enforcement notice and a warning to the UK Home Office for failing to sufficiently assess the privacy risks posed by the electronic monitoring of people arriving in the UK via unauthorized means.
Continue Reading UK ICO Issues Enforcement Notice and Warning to UK Home Office
ICO Orders Companies to Cease Using Facial Recognition Technology and Fingerprint Scanning to Monitor Attendance
On February 23, 2024, the UK Information Commissioner’s Office reported that it had ordered public service providers Serco Leisure, Serco Jersey and associated community leisure trusts to stop using facial recognition technology and fingerprint scanning to monitor employee attendance.
Continue Reading ICO Orders Companies to Cease Using Facial Recognition Technology and Fingerprint Scanning to Monitor Attendance
EDPB Adopts Opinion on the Notion of Main Establishment
On February 13, 2024, the European Data Protection Board (“EDPB”) adopted Opinion 04/2024 on the notion of the main establishment of a controller in the Union under Article 4(16)(a) of the EU General Data Protection Regulation (“GDPR”) (the “Opinion”).Continue Reading EDPB Adopts Opinion on the Notion of Main Establishment
The European Commission Draft GDPR Procedural Regulation and European Parliament Draft LIBE Report: On the Road to Harmony?
On February 9, 2024, Hunton Andrews Kurth and its Centre for Information Policy Leadership prepared an op-ed discussing the implications of the European Commission’s Draft GDPR Procedural Regulation and European Parliament’s Draft LIBE Report.
Continue Reading The European Commission Draft GDPR Procedural Regulation and European Parliament Draft LIBE Report: On the Road to Harmony?
EDPB Publishes One-Stop-Shop Digest on Data Security and Breach Notification
On January 18, 2024, the European Data Protection Board published a thematic one-stop-shop case digest titled, “Security of Processing and Data Breach Notification.”…
Continue Reading EDPB Publishes One-Stop-Shop Digest on Data Security and Breach Notification
UK ICO Launches Consultation Series on Generative AI
On January 15, 2024, the UK Information Commissioner’s Office announced that it has launched a consultation series on generative AI.
Continue Reading UK ICO Launches Consultation Series on Generative AI
French DPA Issues Guidelines on Data Protection and AI
On October 11, 2023, the French Data Protection Authority (the “CNIL”) published a new set of guidelines addressing the research and development of AI systems from a data protection perspective. …
Continue Reading French DPA Issues Guidelines on Data Protection and AI
UK ICO Publishes Guidance on Workplace Monitoring
On October 3, 2023, the UK Information Commissioner’s Office published new Guidance on lawful monitoring in the workplace, designed to help employers comply with their obligations under the UK General Data Protection Regulation and the Data Protection Act 2018.
Continue Reading UK ICO Publishes Guidance on Workplace Monitoring
Joint Statement Published on Data Scraping and the Protection of Privacy
On August 24, 2023, 12 data protection authorities published a joint statement calling for the protection of personal data from unlawful data scraping.
Continue Reading Joint Statement Published on Data Scraping and the Protection of Privacy