Data privacy case law and legislation is constantly updated in the United Kingdom and European Union to address key issues. In order to track the latest developments, we have set out a brief overview of case law updates, legislation, guidance and news.
Case Law Updates and Fines
- On 4 August, the Italian data protection authority issued a €20,000 fine on the Toscana Sud Est local authority for violations of the GDPR. The decision can be accessed in Italian only here.
- On 8 August, the Norwegian data protection authority announce that they will fine Meta just under €100,000 a day starting from the 14 August if they fail to comply with the processing ban that was issued on 17 July. The announcement can be accessed in Norwegian only here.
- On 8 August, the Spanish data protection authority issued a € 90,000 fine on Masluz Energy for processing data with no lawful basis. The decision can be accessed in Spanish only here.
- On 2 August, the ICO announced it had issued warnings to the Patient and Client Council and the Executive Office’s Interim Advocate’s Office for GDPR violations. The press release can be accessed here.
Legislation
- On 3 August, the European Data Protection Board announced that it had settled outstanding disputes in the draft DPC’s decision about TikTok’s processing of children’s data. The press release can be accessed here.
- On 3 August, the Presidency of the Council of the European Union has released a document that the different EU bodies priorities that were stated in the first trialogue on the draft AI Act. The document can be accessed here.
Guidance & Draft Guidance
- On 9 August, the ICO published a blog post on harmful design of websites including advice of language relating to privacy policies. The blog post can be accessed here.
Data Protection Authority Updates and Privacy News
- On 1 August, the French data protection authority request comments from the public on a draft guide on opening and re-using publicly accessible data. The draft guide can be accessed in French only here.
- On 4 August, the Italian data protection authority announced they had issued a favourable opinion on the draft whistleblowing guidelines. The opinion can be accessed in Italian only here.
- On 3 August, the French data protection authority announced that they were making changes to their DPO certification mechanism. The press release with further details can be accessed in French only here.
- On 8 August, the Norwegian data protection authority issued an advance notification of its intention to prohibit transfers of Yango (a ride hailing service) user’s data to Russia. This ban will come into place 1 September 2023. The decision is available here.
- On 8 August, the ICO released a statement in respect of the Electoral Commission. The Electoral Commission had reported an incident regarding suspicious activities on their systems. The ICO have announced they are making further enquiries. The statement can be accessed here.
- On 9 August, the ICO released a statement in response to reports about a data breach at the Police Service of Northern Ireland. The importance of protection of personal information and consequences of data breaches were highlighted. The statement can be accessed here.
- The Estonia data protection authority issued guidance for employers on how the contents of an employee’s inbox can be processed. The guidelines can be access in Estonian only here.