On December 7, 2023, the Court of Justice of the European Union ruled that credit scoring constitutes automated decision-making, which is prohibited under Article 22 of the EU General Data Protection Regulation unless certain conditions are met.
Continue Reading CJEU Rules that GDPR Prohibition on Automated Decision-Making Applies to Credit Scoring

On March 15, 2021, the state Data Protection Authority of Bavaria declared the use of U.S. e-mail marketing service Mailchimp by a fashion magazine in Bavaria impermissible due to lack of compliance with Schrems II mitigation steps for the transfer of e-mail addresses to the U.S.
Continue Reading Bavarian DPA Declares Transfers to E-mail Marketing Service Prohibited Due to Lack of Controller’s Assessment and Supplementary Measures

On June 3, 2020, the Presidency of the Council of the European Union published a progress report on the proposed Regulation concerning the Respect for Private Life and the Protection of Personal Data in Electronic Communications and Repealing Directive 2002/58/EC, better known as “the Draft ePrivacy Regulation.”
Continue Reading EU Council Presidency Releases Progress Report on Draft ePrivacy Regulation