On 11 June 2025, the UK’s Data (Use and Access) Act 2025 (“DUA Act“) was passed and now awaits Royal Assent.
The government first announced plans for the new DUA Act in the King’s speech back in July 2024. The DUA Act introduces reforms to data protection and e-privacy laws and also includes
Continue Reading UK: Data (Use and Access) Bill passes through Parliament
The Italian Data Protection Authority (the Garante) has issued its first GDPR fine for, among other breaches, unlawful retention of metadata from employees’ emails and web browsing activities. The decision applies, for the first time, the Garante’s highly discussed guidelines of 2024 on the use of metadata in workplace email systems.
The Processing
Continue Reading Italy: The Garante Issues First GDPR Fine Over Employees Email Metadata Privacy Breach
On 20 March 2025, the Nigeria Data Protection Commission (Commission), issued the General Application and Implementation Directive (GAID). The GAID serves as a regulatory framework for implementing the Nigeria Data Protection Act (NDPA) 2023. It provides practical guidance for organisations handling personal data and aims to ensure uniform compliance
Continue Reading Nigeria: NDPC Issues GAID – Key Compliance Insights
In a decision on immaterial damages under Article 82 of the EU General Data Protection Regulation (GDPR), the Higher Regional Court of Dresden, Germany (case number 4 U 940/24), set out important monitoring and auditing obligations of controllers with respect to their processors.
The controller (defendant) operates an online music
Continue Reading Germany: Monitoring and auditing obligations of controllers with respect to their processors
On April, 8 2025, the Department of Justice’s final rule, implementing the Biden-era Executive Order 14117 restricting the transfer of Americans’ Sensitive Personal Data and United States Government-Related Data to countries of concern (the “Final Rule“), came into force. The Final Rule imposes new requirements on US companies when transferring certain types
Continue Reading US: Department of Justice issues final rule restricting the transfer of Sensitive Personal Data and United States Government-Related Data to “countries of concern”
Recently, the Cyberspace Administration of China (CAC), which is the primary data regulator in China, published a newsletter about the government authorities’ enforcement of Apps and websites that violated personal data protection and cybersecurity laws during the year 2024.
Based on the official statistics, during 2024, the CAC interviewed 11,159 website platforms, imposed warnings or
Continue Reading CHINA: Recent Enforcement Trends
Following Malaysia’s introduction of data breach notification and data protection officer (“DPO”) appointment requirements in last year’s significant amendments to the Personal Data Protection Act (“PDPA”) (click here for our summary), the Personal Data Protection Commissioner of Malaysia (“Commissioner”) recently released guidelines that flesh out such requirements, titled the
Continue Reading Malaysia: Guidelines Issued on Data Breach Notification and Data Protection Officer Appointment
Chinese data regulators are intensifying their focus on the data protection compliance audit obligations under the Personal Information Protection Law (“PIPL“), with the release of the Administrative Measures for Personal Information Protection Compliance Audits (“Measures“), effective 1 May 2025.
The Measures outline the requirements and procedures for both self-initiated and regulator-requested
Continue Reading CHINA: Mandatory Data Protection Compliance Audits from 1 May 2025
In a December, the Information Commissioner’s Office (ICO) responded to Google’s decision to lift a prohibition on device fingerprinting (which involves collecting and combining information about a device’s software and hardware, for the purpose of identifying the device) for organisations using its advertising products, effective from 16 February 2025 (see an overview of
Continue Reading UK: Google’s U-Turn on Device Fingerprinting: ICO’s Response and Subsequent Guidance
The seventh annual edition of DLA Piper’s GDPR Fines and Data Breach Survey has revealed another significant year in data privacy enforcement, with an aggregate total of EUR1.2 billion (USD1.26 billion/GBP996 million) in fines issued across Europe in 2024.
Ireland once again remains the preeminent enforcer issuing EUR3.5 billion (USD3.7 billion/GBP2.91 billion) in fines since
Continue Reading EU: DLA Piper GDPR Fines and Data Breach Survey: January 2025
