The European Data Protection Board (“EDPB“) adopted an opinion on 7 October 2024, providing guidance for data controllers relying on processors (and sub-processors) under the GDPR. The two key themes are:
For many financial institutions, the emphasis on these obligations should not come as a
Continue Reading EU: Engaging vendors in the financial sector: EDPB clarifications mean more mapping and management
October has already been a busy month for the Court of Justice of the European Union (“CJEU”), which has published a number of judgments on the interpretation and application of the GDPR, including five important decisions, all issued by the CJEU on one day – 4 October 2024.
This article provides an overview
Continue Reading EU: CJEU Insight
Summary
In its judgement of 11 July 2024 (C-757/22), the European Court of Justice (‘ECJ’) ruled that the violation of a controller’s information obligations under Art. 12 and 13 GDPR, can be subject to a representative action under Article 80(2) GDPR.
Facts of the case
Meta Platforms Ireland Limited (“
Continue Reading Europe/Germany: Right to bring collective action for violations of information obligations under GDPR
On August 21, 2024, the second expert committee appointed under the Thai Personal Data Protection Act (PDPA) of 2019, issued an administrative fine to a major private company involved in online sales. The company allowed a significant amount of personal data to leak to call center gangs without implementing adequate security measures as required by
Continue Reading THAILAND: First PDPA Enforcement in Thailand: A Landmark Case
The Data Protection Commission (DPC) has published its 2023 Annual Report, highlighting a record year with DPC fines accounting for 87% of all GDPR fines issued across the EU. A busy year for the DPC also saw a 20% increase in reported personal data breaches as Helen Dixon steps down after 10 years in
Continue Reading Ireland: DPC Issues Record 87% of EU GDPR Fines in 2023; Breach Reports Increase by 20%
The European Data Protection Board (“EDPB”) has adopted an Opinion (“EDPB Opinion”) on the validity of consent to process personal data for the purposes of behavioural advertising in the context of ‘consent or pay’ models deployed by large online platforms. The EDPB concludes that “in most cases”, the requirements of
Continue Reading Europe: EDPB issues Opinion on ‘consent or pay’ models deployed by large online platforms
2023 was a busy year for the Court of Justice of the European Union (CJEU), with the issuance of a number of far-reaching judgments on the interpretation and application of the GDPR.
In December 2023, the CJEU delivered two important decisions which supplement a growing body of jurisprudence on the issuance of administrative fines and
Continue Reading CJEU Insight
Summary
A UK court has reversed a fine imposed on the provider of a facial image database service, Clearview AI, on the basis that the (UK) GDPR did not apply to the processing of personal data by the company. In so doing, the court has provided helpful judicial interpretation of both the territorial and material scope
Continue Reading Clearview AI -v- Information Commissioner
Following the passing of the long-awaited Personal Data Protection Law (“PDPL”) in Indonesia, on 31 August 2023, the Ministry of Communications and Information Technology published the draft government regulation (“Draft Regulation”) on the implementation of the PDPL for public consultation. The public consultation will close on 14 September 2023. The Draft
Continue Reading Indonesia: prepare now for the new Personal Data Protection LawAuthors: Eilis McDonald; Marcus Walsh; John Magee; Gavin Woods; David Cook; Andreas Rüdiger
The Irish Circuit Court has recently delivered an important judgment on non-material damages for infringement of the GDPR. The judgment also establishes a list of factors for the courts to consider when assessing non-material damages.
This judgment comes in the context of
Continue Reading Ireland: Non-material damages under GDPR – Irish law developments and the international approach
