Data Protection Authority

On September 5, 2022, the Irish Data Protection Commissioner imposed a €405,000,000 fine on Instagram for violations of the EU General Data Protection Regulation’s rules on the processing of children’s personal data.
Continue Reading Irish Data Protection Commissioner Fines Instagram for Children’s Privacy Violations

On June 23, 2022, Italy’s data protection authority determined that a website’s use of the audience measurement tool Google Analytics is not compliant with the EU General Data Protection Regulation, as the tool transfers personal data to the United States, which does not offer an adequate level of data protection.
Continue Reading Italian Garante Bans Google Analytics

On February 2, 2022, the Litigation Chamber of the Belgian Data Protection Authority imposed a 250,000 Euro fine against the Interactive Advertising Bureau Europe for several alleged infringements of the GDPR, following an investigation into IAB Europe’s Transparency and Consent Framework.
Continue Reading Belgian DPA Finds IAB Europe Transparency and Consent Framework in Violation of the GDPR

The Austrian data protection authority recently published a decision finding that the use of Google Analytics cookies violates both Chapter V of the GDPR, which establishes the rules on international data transfers, and the Schrems II judgment of the Court of Justice of the European Union.
Continue Reading Austrian DPA Finds Data Transfers Resulting from Analytics Cookie Use to Be in Violation of GDPR Data Transfer Requirements

The CNIL recently published guidelines on the re-use of personal data by data processors for their own purposes (such as product improvement or development of new products and services) under the GDPR. We have outlined key takeaways from the Guidelines in this blog post.
Continue Reading CNIL Published Guidelines on Re-Use of Personal Data by Data Processors