Data Protection Authority

On March 26, 2024, the CNIL published the 2024 edition of its Practice Guide for the Security of Personal Data, which is intended to support organizations in their efforts to implement adequate security measures in compliance with their security obligations under the GDPR.
Continue Reading CNIL Publishes Latest Edition of Its Practice Guide for the Security of Personal Data

On March 7, 2024, the Court of Justice of the European Union issued its judgment in the case of IAB Europe (Case C‑604/22). In this judgment, the CJEU assessed the role of IAB Europe in the processing operations associated with its Transparency and Consent Framework and further developed CJEU case law on the concept of personal data under the GDPR.
Continue Reading CJEU Rules on IAB Europe’s Transparency and Consent Framework

On March 1, 2024, the UK Information Commissioner’s Office announced that it had issued an enforcement notice and a warning to the UK Home Office for failing to sufficiently assess the privacy risks posed by the electronic monitoring of people arriving in the UK via unauthorized means.
Continue Reading UK ICO Issues Enforcement Notice and Warning to UK Home Office

On February 23, 2024, the UK Information Commissioner’s Office reported that it had ordered public service providers Serco Leisure, Serco Jersey and associated community leisure trusts to stop using facial recognition technology and fingerprint scanning to monitor employee attendance.
Continue Reading ICO Orders Companies to Cease Using Facial Recognition Technology and Fingerprint Scanning to Monitor Attendance

On February 9, 2024, Hunton Andrews Kurth and its Centre for Information Policy Leadership prepared an op-ed discussing the implications of the European Commission’s Draft GDPR Procedural Regulation and European Parliament’s Draft LIBE Report.
Continue Reading The European Commission Draft GDPR Procedural Regulation and European Parliament Draft LIBE Report: On the Road to Harmony?