General Data Protection Regulation

The European Data Protection Board (“EDPB”) has adopted an Opinion (“EDPB Opinion”) on the validity of consent to process personal data for the purposes of behavioural advertising in the context of ‘consent or pay’ models deployed by large online platforms. The EDPB concludes that “in most cases”, the requirements of

Continue Reading Europe: EDPB issues Opinion on ‘consent or pay’ models deployed by large online platforms

2023 was a busy year for the Court of Justice of the European Union (CJEU), with the issuance of a number of far-reaching judgments on the interpretation and application of the GDPR.

In December 2023, the CJEU delivered two important decisions which supplement a growing body of jurisprudence on the issuance of administrative fines and

Continue Reading CJEU Insight


A UK court has reversed a fine imposed on the provider of a facial image database service, Clearview AI, on the basis that the (UK) GDPR did not apply to the processing of personal data by the company. In so doing, the court has provided helpful judicial interpretation of both the territorial and material scope

Continue Reading Clearview AI -v- Information Commissioner

Following the passing of the long-awaited Personal Data Protection Law (“PDPL”) in Indonesia, on 31 August 2023, the Ministry of Communications and Information Technology published the draft government regulation (“Draft Regulation”) on the implementation of the PDPL for public consultation. The public consultation will close on 14 September 2023. The Draft

Continue Reading Indonesia: prepare now for the new Personal Data Protection Law

Authors: Eilis McDonald; Marcus Walsh; John Magee; Gavin Woods; David Cook; Andreas Rüdiger

The Irish Circuit Court has recently delivered an important judgment on non-material damages for infringement of the GDPR.  The judgment also establishes a list of factors for the courts to consider when assessing non-material damages.

This judgment comes in the context of

Continue Reading Ireland: Non-material damages under GDPR – Irish law developments and the international approach

Authors: Carolyn Bigg, Amanda Ge, Venus Cheung, and Gwyneth To.

Vietnam’s long-awaited, first-ever Personal Data Protection Decree (“PDPD”) has finally been passed and is scheduled to take effect from 1 July 2023 (save limited grace period exceptions).

The PDPD is the first comprehensive data protection regulation consolidating Vietnam’s existing data

Continue Reading VIETNAM: First Personal Data Protection Decree passed – What you need to know

Authors: Carolyn Bigg, Amanda Ge, Venus Cheung, Gwyneth To

China’s amended Anti-Espionage Law will take effect from 1 July 2023. However, its effects have already been felt by some international businesses. So what should international businesses do to respond to these new risks?

The new law broadens the scope of espionage activities,
Continue Reading CHINA: new Anti-Espionage Law and its impact on your China data and operations – how your organisation should respond

Authors: Verena Grentzenberg, Andreas Rüdiger, Ludwig Lauer

In his Opinion of 27.04.2023 (C 340/21), the Advocate General of the European Court of Justice (“ECJ”) commented on the interpretation of the civil non-material right to damages pursuant to Article 82 (1) GDPR as well as on the requirements and the duty of
Continue Reading Europe: Opinion of the Advocate General on presumed fault of the controller in case of unlawful third-party access to personal data

Authors: Eleni Alexiou, Katharina Pauls

On 30 March 2023, the European Court of Justice (ECJ) ruled on the requirements for national legal bases regarding employee data protection in the context of a referral procedure. Based on its ruling, the German provision that gave rise to the referral procedure (Sec. 23 (1) sentence 1 of
Continue Reading Germany: ECJ ruling on employee data protection

Authors: James Clark, Coran Darling, Andrew Dyson, Gareth Stokes, Imran Syed & Rachel de Souza

In November 2021, the UK Government (“Government”) issued the National Artificial Intelligence (AI) Strategy, with the ambition of making the UK a global AI superpower over the next decade. The strategy promised a
Continue Reading A Pro-Innovation Approach: UK Government publishes white paper on the future of governance and regulation of artificial intelligence