Gdpr

A record €1.2 billion fine is to be imposed on Facebook owner Meta following GDPR breaches related to personal data transfers between the EU/EEA and the US. Ireland's Data Protection Commission (DPC) initially proposed not imposing a fine on Meta in its draft decision last summer, but was overr

Ireland's Data Protection Commission (DPC) has imposed fines totalling €390 million on Meta Ireland in connection with its Facebook and Instagram platforms. Meta has said it strongly disagrees with the DPC's findings and will "appeal the substance of the decision" in the Irish courts.

Mathematician and architect of the Tesco Clubcard, Clive Humby, is said to have coined the phrase “Data is the new oil” back in 2006, and this sentiment was echoed in a later Economist report titled: “The world’s most valuable resource is no longer oil, but data”. Launc

On Thursday 18 November, the European Data Protection Board (EDPB) published its draft guidelines on the interplay between Article 3 (territorial scope) and Chapter V of the GDPR (international data transfers). This is an important development for international data transfers under the GDPR (also re

The UK is set to depart from the General Data Protection Regulation (GDPR) in a move with implications for post-Brexit data transfers between the UK and the European Union. Digital Secretary Oliver Dowden yesterday announced plans to "[reform] our own data laws so that they're based on common sense,

There are circumstances in which data protection watchdogs in the EU can bring a company to court over GDPR breaches despite not being the lead supervisory authority under the 'one-stop shop' rule, the Court of Justice of the European Union (CJEU) has ruled. The complex judgment, handed down by the

The European Commission has published the final version of the new Standard Contractual Clauses (New SCCs). This is an important development for multinational companies, and for any business that engages in international data transfers, writes Scott McGeachy. The New SCCs will be required for transf

The European Commission has published two draft “data adequacy” decisions in favour of the UK. If approved, these adequacy decisions will allow personal data to be transferred from the EU to the UK, without the need for organisations to put in place any additional safeguards. As such, th

The data protection landscape for businesses and public authorities changed beyond recognition on 25 May 2018 when the GDPR and Data Protection Act 2018 came into force. It seems remarkable that nearly two and a half years has passed. At the time, no-one could have predicted that for the majority of

Two technology companies are being sued over claims that users' personal data is being obtained using cookies and traded unlawfully for advertising purposes. A legal claim will be filed by campaigners from the non-profit organisation Privacy Collective against tech giants Oracle and Salesforce in Am

Alan Delaney looks at the approach taken by the ICO during the COVID-19 crisis. Last month the ICO updated its guidance on the regulatory approach it intends to take during the current COVID-19 crisis. This guidance provides employers with some degree of comfort that where they are struggling to com

Lawyers have expressed mixed views over the safety of the UK government's new coronavirus contact tracing app. Ross McKenzie, partner at Addleshaw Goddard who specialises in data protection compliance, said the public should have confidence in data protection laws and that they should not become a b

European organisations have been fined €114 million (£97m) under the GDPR regime, DLA Piper has found. France, Germany and Austria top the rankings for the total value of GDPR fines imposed with just over €51m, €24.5 million and €18 million respectively.

Jonathan Tait discusses the concerning details of a popular new app. The latest craze to hit social media involves an app which can edit an image you upload, to show younger or older versions of yourself. Of course it’s a bit of fun and thousands have taken to using the app and taking up the #

The Information Commissioner's Office (ICO) has issued a notice of its intention to fine Marriott International £99.2 million for infringements of the General Data Protection Regulation (GDPR). The proposed fine relates to a cyber incident which was notified to the ICO by Marriott in November