Firm But Fair: Irish DPC Publishes 2024 Annual Report

On 19 June 2025, the Data Protection Commission published its Annual Report for 2024, and the popular Case Studies Booklet 2024. The report indicates a fair, consistent regulatory approach by the DPC, which also encompasses a willingness to decisively pursue enforcement ...Mehr lesen

Regulating AI a la Suisse: Between innovation and uncertainty - No comprehensive AI Act

The Federal Council's approach on regulation AI has finally been published on 12 February 2025. ...Mehr lesen

When the GDPR Clock Never Stops: Lessons from a EUR 175,000 Fine for Delayed Data Subject...

In a recent decision (n° 1FR/2025 of 6 January 2025), the Luxembourg National Data Protection Authority (the “CNPD”) sanctioned a major credit institution for non complying with access request’s deadlines as set by the GDPR- despite arguments of force majeure and ...Mehr lesen

THE SPANISH DATA PROTECTION AUTHORITY NEW LEADERSHIP PUBLISHES STRATEGIC PLAN 2025-2030 AND...

The Spanish DPA (AEPD) has new leadership and has just published an Strategic Plan which has been submitted to public consultation and has gotten feedback from the leading professional associations. ...Mehr lesen

From Brazil to the World: Mastering Compliance in Cross-Border Data Transfers

As international data flows intensify, ensuring compliance with Brazil’s General Data Protection Law (LGPD) has become a strategic priority for businesses operating globally. This article unpacks the critical distinctions in what constitutes an international data ...Mehr lesen

New members have joined the INPLP: Marshall Situmorang and Andhitta Audria Putri

...Mehr lesen

Can Public Schools Use Google Under the GDPR? Finland’s Top Court Says “Yes, But…”

The Finnish Supreme Administrative Court recently addressed whether Finnish municipalities can rely on GDPR Article 6(1)(c), a statory obligation to process personal data, when using cloud tools like Google Workspace for Education. It confirmed that that statutory ...Mehr lesen

A new member has joined the INPLP: Cecilia Abente Stewart

...Mehr lesen

Consent as the lawful basis for monitoring the activities of employees: really?

A recent case decided by the French Court de cassation demonstrates technical disregard of the GDPR, particularly in employment litigation matters. ...Mehr lesen

Chilean data privacy new regulation: based and far from the GDPR

For 7 years Chilean Congress debated the amendment of Law 19.628 concerning data privacy. Finally, on December 13, 2024, the new regulation was published and is set to come into force on December 1st, 2026. ...Mehr lesen