Data privacy case law and legislation is constantly updated in the United Kingdom and European Union to address key issues. In order to track the latest developments, we have set out a brief overview of case law updates, legislation, guidance and news.
Case Law Updates and Fines
- On 17 July, the Spanish data protection authority have fined Real Federación Española de Balonmano €27,000 for violations of GDPR. The decision can be accessed in Spanish only here.
- On 17 July, the Italian data protection authority have fined Autostrade per l’Italia S.p.A. €1 million for unlawful processing of the personal data of over 100,000 individuals. The decision can be accessed here in Italian only here.
- On 18 July, the Spanish data protection authority fined Digi Spain Telecom, S.L.U. €40,000 for GDPR violations in respect of a lack of legal basis. The decision can accessed in Spanish only here.
Legislation
- On 11 July, the Mecklenburg-Western Pomerania data protection authority announced draft amendments to the State Hospitals Act. This would enable health data to be used securely without causing any data privacy issues. The press release is available in German only here.
- On 19 July, the Council of the European Union announced that they had agreed with the position proposed by the European Commission on the Cyber Resilience Act. They have also proposed some additional amendments. The press release can be accessed here.
- On 14 July, the Council of the European Union Committee announced they had approved a draft of the Data Act. The announcement can be accessed here.
Guidance & Draft Guidance
- On 14 July, the Danish data protection authority published new guidance on how to process personal data in the context of research projects. The guidance is available in Danish only here.
- On 17 July, the Dutch data protection authority published a report on algorithm risk reporting. The report has highlighted issues surrounding transparency and explanation about uses of such algorithms. The report is available in Dutch only here.
- On 7 July, the UK Government has finalised their first law enforcement adequacy decision. This would allow UK law enforcement to freely personal data to authorities in Guernsey. The adequacy decision can be accessed here.
- On 19 July, the European Medicines Agency have release a draft paper on the use of AI in the life cycle of medicines. They have also launched a public consultation which is accepting comments until the end of the year. The draft paper can be accessed here.
Data Protection Authority Updates and Privacy News
- On 17 July, the Norwegian data protection authority announced their decision to temporarily ban behavioural advertising for three months on Facebook and Instagram. The decision can be accessed in Norwegian only here.
- On 17 July, the ICO published a blog outlining their efforts to tackle unlawful marketing calls and messages. The blog is available here.
- On 17 July, the US Dept of Commerce have stated their commitment to the joint to EU-US Data Protection framework. The press release can be accessed here.
- On 18 July, the ICO published their annual report. The report can be accessed here.
- On 18 July, the Federal Data Protection and Information Commissioner has released a factsheet that summarises investigations into data protection violations to provide more context on their interpretation of the Federal Act on Data Protection. The factsheet can be accessed here.
- On 18 July, the ICO and FCA sent a joint letter to the UK’s Finance and Building Societies Association in respect of their customers data protection and communications. The letter can be accessed here.
- On 18 July, the Turkish data protection authority announced a Vodafone data breach affecting around 27,000 individuals. The press release can be accessed in Turkish only here.
- On 19 July, the ICO published a list of their lessons learned from reprimands that have been issued in the past 3 months. These can be accessed here.