Summary
On 19 March 2026, the Court of Justice of the European Union (CJEU) handed down its judgment in Case C-526/24, Brillen Rottler, clarifying that a data subject’s first request for access to personal data under Article 15 of the General Data Protection Regulation (GDPR) may be refused as “excessive”.
Continue Reading EU: CJEU Rules That a Single DSAR Can Be Refused as AbusiveOn 16 September 2024, the UK’s data protection authority, the Information Commissioner’s Office (ICO), issued a reprimand against Sky Betting and Gaming (SkyBet) for unlawfully processing people’s data through advertising cookies without their consent.
Between 10 January and 3 March 2023, SkyBet’s website dropped third-party AdTech cookies to visitors’ browsers before
Continue Reading UK: Data protection authority issues reprimand to gambling operator for unlawfully processing personal data
