News

12.11.2024

Data Protection and Conflict of Interest

The role of the Data Protection Officer (DPO), or Encarregado de Dados, is critical to fostering a culture of privacy and data protection in organisations. Given their unique position, DPOs must have independence, autonomy, and direct access to senior management to ...Mehr lesen

05.11.2024

Unauthorized Processing of Personal Data in Connection with a Traffic Accident

The Slovak Office for Personal Data Protection (hereinafter referred to as the “Office”) recently imposed a fine of EUR 7,500 on Company CC for repeated and serious violations of data protection rules under the GDPR. Company CC, which focuses on compensating traffic ...Mehr lesen

22.10.2024

AN INSIGHT INTO THE NEW NIGERIAN CODE OF CONDUCT FOR DATA PROTECTION COMPLIANCE ORGANIZATIONS (DPCOs) 2023

The Nigeria Data Protection Commission (the Commissi-on or NDPC), in exercise of its regulatory mandate and after a painstaking validation process involving stakehol-ders such as Data Subjects, Data Controllers, Data Proces-sors and Data Protection Compliance ...Mehr lesen

10.10.2024

The use of biometric data by the banks in Panama

Banking entities in Panama are implementing biometric validation processes without considering basic principles of personal data protection. ...Mehr lesen

08.10.2024

Food delivery companies Wolt and Glovo being ordered by information commissary to stop Labelling Their Delivery Personnel

The IC found that the food delivery companies had no legal basis for printing the identity numbers on the outside of the delivery bags of their personnel, presumably to prevent traffic violations. Both companies were ordered to stop this practice which violates the ...Mehr lesen

03.10.2024

Tracking trouble: AS Watson's €600,000 fine and Google’s Privacy Sandbox under scrutiny

Recently, two notable cases have emerged demonstrating that the consent requirement for cookies is not always adhered to. The Dutch Data Protection Authority (AP) fined AS Watson B.V., the parent company of the Dutch drugstore chain Kruidvat, €600,000 for placing ...Mehr lesen

26.09.2024

Controversial Swedish Freedom of Press Exemption challenged by the GDPR

The GDPR, designed to safeguard personal data, sometimes conflicts with rights like freedom of expression. In Sweden, online publishers can get a certificate of publication, exempting them from GDPR. This exemption, rooted in principles dated back to the second world war ...Mehr lesen

19.09.2024

Stowaways or Allies? Legal risks of using artificial intelligence (AI) transcription services in work meetings

Unlock the potential and pitfalls of AI transcription services in your workplace—while they offer unmatched convenience, they also come with serious ethical and legal challenges that could impact your business. Discover how to navigate these risks and ensure responsible ...Mehr lesen

17.09.2024

The Mischief of Mismanagement: Tale of a Breach of the GDPR

In early 2022, the Portuguese National Data Protection Supervisory Authority (“CNPD”) accused Lisbon’s Municipality of retaining demonstrators’ and protestors’ personal information for longer than necessary and sharing it with national and foreign public entities without ...Mehr lesen

13.09.2024

A new member has joined the INPLP: Jason Kravitz (United States)

...Mehr lesen

12.09.2024

New Amendment to Israeli Privacy Protection Law and Mandatory DPO Appointment

The Israeli parliament recently adopted a new amendment to the Israeli Protection of Privacy Law, 5741-1981 ("PPL") entering into force in 12 months, on August 14, 2025. ...Mehr lesen

10.09.2024

Data Protection ramifications emerging from the now in force Digital Services Act (DSA)

This article seeks to inform businesses and industry professionals such as marketing specialists and data engineers on the data protection ramifications which may have a bearing on their commercial efforts in the area of online advertising practices, notably via online ...Mehr lesen

03.09.2024

AI, ChatGPT and the EDPB: Regulatory Insights from Taskforce Report

Report on ChatGPT outlines European data protection regulator's preliminary views and early indicators about the direction of regulatory travel regarding the co-existence of GDPR and Artificial Intelligence / EU AI Act. ...Mehr lesen

29.08.2024

Transparency, personal data and the proposed reform in Mexico.

Mexico's approach to personal data protection operates through distinct frameworks for the public and private sectors. The Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP ), established in 2010, governs private entities without reform to date. ...Mehr lesen

22.08.2024

The North Macedonia Government violated the Law on PDP publishing personal data of awarded applicants in front of the European Court of Human Rights

This resolution includes data for 519 applicants i.e. their names and surnames, personal identification numbers (PIN), bank accounts with data in which bank the bank accounts are maintained ...Mehr lesen

20.08.2024

Time to Legalize Data Transfers from Turkey - Deadline: September 1, 2024.

The Turkish Data Protection Law was amended to introduce new mechanisms to transfer personal data from Turkey to other countries. One of the significant changes is that consent will not be used as a legal basis as of September 1, 2024. This deadline requires controllers ...Mehr lesen

13.08.2024

China’s Data Export Landscape - An Overview of the Regulatory Framework for Multinationals

The Chinese government's focus on regulating data exports poses a major challenge for multinationals in China. This article discusses the latest legal devlopments relating to data export regulations in China and provides insightful recommendations for complying with ...Mehr lesen

08.08.2024

DPC’s 2023 Report – increase in access requests, breach notifications and cross border co-operation

The Irish Data Protection Commission (“DPC”) published its 2023 Annual Report on 29 May 2024 (the “Report”). The Report can be accessed here and provides a helpful summary of the DPC’s actions over the course of 2023 ...Mehr lesen

06.08.2024

ACTIVITY OF THE PERSONAL DATA SUPERVISORY AUTHORITY OF MONACO (CCIN) IN 2023/24

This article is devoted to the positions of principle of the personal data supervisory authority of Monaco (hereinafter “CCIN”) formulated in the context of complaints or requests for authorisation to implement data processing in 2023 (I), as well as its recommendations ...Mehr lesen

01.08.2024

Overfitting: A Conversation Starter for the Next Summer Party

Overfitting in AI, where models over-specialize in training data, exemplifies the challenge faced by Transformer-based LLMs which memorize extensive details. This raises significant legal concerns regarding data protection and copyright. Addressing these issues ...Mehr lesen

31.07.2024

Upcoming: The 9th annual INPLP conference

...Mehr lesen

30.07.2024

Blockchain vs Data protection

At first sight, blockchain technology and the General Data Protection Regulation (GDPR) seem to be intrinsically incompatible. The convergence of personal data protection and blockchain technology raises therefore complex issues surrounding data privacy and data ...Mehr lesen

23.07.2024

Predicting the Next Amendment of the Japanese Privacy Law

The Personal Information Protection Commission recently publishes an interim summary of issues for the next amendment of the Japanese Privacy Law. ...Mehr lesen

16.07.2024

3 Personal Data Conundrums For India’s New Government

While India’s new Government will continue to push new digital laws, successful implementation of new concepts may require a little novel thinking. ...Mehr lesen

11.07.2024

Swiss-US Data Privacy Framework: Slowly But Steady?

Despite ongoing efforts to align with EU data protection standards, the Swiss-U.S. Privacy Framework remains a work in progress, leaving Swiss controllers with legal uncertainty and the burden of additional compliance measures when transferring data to the US. ...Mehr lesen

09.07.2024

Israel and the EU: Data Protection Adequacy

Adequacy is a status granted by the Commission of the European Union to countries outside the European Economic Area (EEA) that provide a level of personal data protection comparable to that provided in European law. When a country has been awarded adequacy status, ...Mehr lesen

04.07.2024

The Right to Compensation Under the GDPR: Key Takeaways from Recent Case Law of the Court of Justice of the European Union

Over the course of several preliminary references during 2023 and 2024, the Court of Justice of the European Union (“CJEU”) has clarified the circumstances in which data subjects will be entitled to compensation under Article 82 of the General Data Protection Regulation ...Mehr lesen

25.06.2024

Video surveillance and artificial intelligence: sanctions against a Public Body by the Italian DPA

With the decision No. 5 of 2024, the Italian Data Protection Authority (“DPA”) penalised the Municipality of Trento for the unlawful data processing in two AI surveillance projects. The DPA stated that the AI systems used did not provide adequate data anonymization ...Mehr lesen

20.06.2024

Cyprus DPC Rulings on Data Breaches by the Cyprus Football Association, Cyprus News Agency, and Arktinos Publications Ltd

On 17 June 2024, the Commissioner for Data Protection of Cyprus published her decisions (issued in February 2024) in relation to three similar complaints for infringement of the provisions of Chapter V of the GDPR due to the use of Google Analytics and Facebook Connect ...Mehr lesen

18.06.2024

French pass system to be deployed during 2024 Olympic and Paralympic Games.

As France gears up to host the 2024 Olympic and Paralympic Games, expecting several million spectators and thousands of athletes, the country is not only preparing its infrastructure and venues, but also setting up measures to guarantee the smooth running and safety of ...Mehr lesen

17.06.2024

New members have joined the INPLP: José Antonio Arochi, Verónica Siten and Montserrat Landaverde (Mexico)

...Mehr lesen

14.06.2024

A new member has joined the INPLP: Oscar Montezuma Panez

...Mehr lesen

13.06.2024

Data Governance Act: data intermediation services provider, a new player involved in personal data processing?

Data sharing is a subject of ever-increasing importance, and one that is occupying the European Union exponentially, which has sought to promote data exchange mechanisms as part of its European data strategy. The Data Governance Act, which came into force on September ...Mehr lesen

11.06.2024

Registration of data controllers commences in Jamaica

The widely anticipated registration of controllers commenced on June 1, 2024, and both local and international controllers are expected to be registered at the Office of the Information Commissioner in Jamaica. ...Mehr lesen

06.06.2024

A new member has joined the INPLP: Justine A. Collins (Jamaica)

...Mehr lesen

04.06.2024

PRECAUTIONARY MEASURE ORDERED BY THE SPANISH DPA TO HALT META’S FUNCTIONALITIES “ELECTION DAY INFORMATION” AND “VOTER INFORMATION UNIT” IN SPAIN

The Spanish DPA (AEPD) has ordered a precautionary measure against Meta Platforms Ireland Limited to immediately suspend the implementation of the Election Day Information (EDI) and Voter Information Unit (VIU) functionalities in Spain, in light of the upcoming European ...Mehr lesen

31.05.2024

A new member has joined the INPLP: Yiannis Karamanolis (Cyprus)

...Mehr lesen

29.05.2024

A new member has joined the INPLP: David Tang (China)

...Mehr lesen

28.05.2024

Insufficient legal basis to use Google Workspace as an educational tool in schools

The Danish Data Protection Agency has in the widely discussed Chromebook case assessed the legal basis for disclosure of personal data relative to the use of digital tools such as Google Workspace on school computers, revealing its insufficiency. As a consequence, ...Mehr lesen

23.05.2024

CCTV in Schools in order to combat crime. «Green light» from the Cyprus DPA for the operation of CCTV in school units!

Combating law violation and crime in school units in Cyprus through CCTV. ...Mehr lesen

16.05.2024

Chile stares EU: a bill of law to regulate AI.

Chile is the first country in latinamerica that seeks to regulate AI. For this purpose, the country has chosen to follow the EU, establishing a risk-based regime. ...Mehr lesen

09.05.2024

Canada introduces Bill C-63, the Online Harms Act

The recently proposed Online Harms Act, introduced in Bill C-63, is Canada’s latest attempt at addressing online harms. This article discusses the substantive provisions of the Act, and amendments to other Acts proposed by Bill C-63. ...Mehr lesen

07.05.2024

Employer care vs. data protection - when well-intentioned is not good enough.

The first of May is a public holiday in Germany, among other countries, and is known as Labour Day. To this day, the "Day of the Labour Movement" emphasizes the commitment to family-friendly working hours, fair pay, but also a healthy working environment and the care of ...Mehr lesen

06.05.2024

New members have joined the INPLP: Lukas Bühlmann and Michael Reinle (Switzerland)

...Mehr lesen

03.05.2024

The US CHIPS Act of 2022 strengthens Costa Rica's role in the global semiconductor ecosystem

In July 2023, the United States Department of State announced its partnership with the Government of Costa Rica to explore opportunities to diversify and grow the global semiconductor ecosystem and create a more transparent, secure and sustainable global semiconductor ...Mehr lesen

02.05.2024

A new member has joined the INPLP: Dalit Ben-Israel (Israel)

...Mehr lesen

25.04.2024

A new member has joined the INPLP: Eyal Roy Sage (Israel)

...Mehr lesen

25.04.2024

CJEU RULING IN THE MATTER OF “SCHUFA” NOT ONLY AFFECTS CREDIT SCORING (C-634/21)

In December 2023, the European Court of Justice (CJEU) had to decide yet another case that will have a significant effect beyond the core facts of the case. The ruling will likely affect not only credit scoring agencies but every sector and controller that works with ...Mehr lesen

23.04.2024

Does the GDPR trump the Bible? Probably not, but it might trump religious administration

Depending on where you live, religious ceremonies can trigger a certain degree of administrative follow-up. In Belgium – like in many other Member States - parishes of the Catholic Church keep baptismal records indicating who underwent this particular sacrament. But what ...Mehr lesen

18.04.2024

Turkish Personal Data Protection Law 2.0 (“PDPL 2.0”)

The first step has been taken in the long-awaited harmonisation of the Turkish Data Protection Law with the GDPR. With this step, the regulations of the Law, especially on data transfer and processing of sensitive data, have been made more applicable for data ...Mehr lesen