On November 23, 2022, the UK government’s Department for Digital, Culture, Media & Sport announced that it had completed its assessment of South Korea’s personal data legislation, and concluded that sufficiently strong privacy laws are in place to protect UK personal data transferred to South Korea while upholding the rights and protections of UK citizens.
Continue Reading UK Finalizes South Korea Adequacy Decision

On October 24, 2022, the UK Information Commissioner’s Office issued a £4.4 million fine to Interserve Group Limited for failing to keep employee personal data secure, which violates Article 5(1)(f) and Article 32 of the GDPR, during the period of March 2019 to December 2020.
Continue Reading UK Information Commissioner’s Office Fines Construction Company £4.4 Million for Breach of Security Obligations

On October 7, 2022, President Biden signed Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities, which provides a new framework for legal data transfers between the European Union and the United States.
Continue Reading President Biden Issues Executive Order on New EU-U.S. Data Transfer Pact

On September 5, 2022, the Irish Data Protection Commissioner imposed a €405,000,000 fine on Instagram for violations of the EU General Data Protection Regulation’s rules on the processing of children’s personal data.
Continue Reading Irish Data Protection Commissioner Fines Instagram for Children’s Privacy Violations

On August 5, 2022, French AdTech company Criteo announced that it had received a report from the French Data Protection Authority on August 3, 2022, claiming various infringements of the EU General Data Protection Regulation and proposing to impose 60 million euros fine against Criteo.
Continue Reading CNIL Proposes 60 Million Euros Fine Against French AdTech Company For Non-Compliance with GDPR