General Data Protection Regulation

Summary

In its judgement of 11 July 2024 (C-757/22), the European Court of Justice (‘ECJ’) ruled that the violation of a controller’s information obligations under Art. 12 and 13 GDPR, can be subject to a representative action under Article 80(2) GDPR.

Facts of the case

Meta Platforms Ireland Limited (“

Continue Reading Europe/Germany:  Right to bring collective action for violations of information obligations under GDPR

On August 21, 2024, the second expert committee appointed under the Thai Personal Data Protection Act (PDPA) of 2019, issued an administrative fine to a major private company involved in online sales. The company allowed a significant amount of personal data to leak to call center gangs without implementing adequate security measures as required by

Continue Reading THAILAND: First PDPA Enforcement in Thailand: A Landmark Case

The Data Protection Commission (DPC) has published its 2023 Annual Report, highlighting a record year with DPC fines accounting for 87% of all GDPR fines issued across the EU. A busy year for the DPC also saw a 20% increase in reported personal data breaches as Helen Dixon steps down after 10 years in

Continue Reading Ireland: DPC Issues Record 87% of EU GDPR Fines in 2023; Breach Reports Increase by 20%

The European Data Protection Board (“EDPB”) has adopted an Opinion (“EDPB Opinion”) on the validity of consent to process personal data for the purposes of behavioural advertising in the context of ‘consent or pay’ models deployed by large online platforms. The EDPB concludes that “in most cases”, the requirements of

Continue Reading Europe: EDPB issues Opinion on ‘consent or pay’ models deployed by large online platforms

2023 was a busy year for the Court of Justice of the European Union (CJEU), with the issuance of a number of far-reaching judgments on the interpretation and application of the GDPR.

In December 2023, the CJEU delivered two important decisions which supplement a growing body of jurisprudence on the issuance of administrative fines and

Continue Reading CJEU Insight

Summary

A UK court has reversed a fine imposed on the provider of a facial image database service, Clearview AI, on the basis that the (UK) GDPR did not apply to the processing of personal data by the company. In so doing, the court has provided helpful judicial interpretation of both the territorial and material scope

Continue Reading Clearview AI -v- Information Commissioner

Following the passing of the long-awaited Personal Data Protection Law (“PDPL”) in Indonesia, on 31 August 2023, the Ministry of Communications and Information Technology published the draft government regulation (“Draft Regulation”) on the implementation of the PDPL for public consultation. The public consultation will close on 14 September 2023. The Draft

Continue Reading Indonesia: prepare now for the new Personal Data Protection Law

Authors: Eilis McDonald; Marcus Walsh; John Magee; Gavin Woods; David Cook; Andreas Rüdiger

The Irish Circuit Court has recently delivered an important judgment on non-material damages for infringement of the GDPR.  The judgment also establishes a list of factors for the courts to consider when assessing non-material damages.

This judgment comes in the context of

Continue Reading Ireland: Non-material damages under GDPR – Irish law developments and the international approach

Authors: Carolyn Bigg, Amanda Ge, Venus Cheung, and Gwyneth To.

Vietnam’s long-awaited, first-ever Personal Data Protection Decree (“PDPD”) has finally been passed and is scheduled to take effect from 1 July 2023 (save limited grace period exceptions).

The PDPD is the first comprehensive data protection regulation consolidating Vietnam’s existing data

Continue Reading VIETNAM: First Personal Data Protection Decree passed – What you need to know

Authors: Carolyn Bigg, Amanda Ge, Venus Cheung, Gwyneth To

China’s amended Anti-Espionage Law will take effect from 1 July 2023. However, its effects have already been felt by some international businesses. So what should international businesses do to respond to these new risks?

The new law broadens the scope of espionage activities,
Continue Reading CHINA: new Anti-Espionage Law and its impact on your China data and operations – how your organisation should respond