EU/UK Privacy & Cybersecurity News Roundup – Week of August 28, 2023

Data privacy case law and legislation is constantly updated in the United Kingdom and European Union to address key issues. In order to track the latest developments, we have set out a brief overview of case law updates, legislation, guidance and news.

Case Law Updates and Fines

  • On 18 August, the Spanish data protection authority fined Joly Digital S.L.U €20,000 for violations of the GDPR, specifically the processing of data without consent. The decision can be accessed in Spanish only here.
  • On 21 August, the Romanian data protection authority fined Uipath SRL €70,000 for violations of data security in respect of a data breach notification. The decision can be read in Romanian only here.
  • On 21 August, the Spanish data protection authority fined Fourth Party Logistics €120,000 for GDPR violation. The company were unlawfully sub-processing. The decision can be accessed in Spanish only here.
  • On 21 August, the Spanish data protection authority fined Atresmedia Corporación De Medios De Comunicación, S.A. €50,000 for GDPR violations, specifically data minimization. The decision can be accessed in Spanish only here.
  • On 22 August, the Irish data protection authority punished Airbnb Ireland and requested they implement corrective measures in respect of unlawful processing of personal data. The decision can be accessed here.

Legislation

  • On 14 August, the German Data Protection Conference (DSK) published its opinion on the proposed draft bill covering health data use. The opinion can be accessed in German only here.
  • On 22 August, the EDPS issued its opinion on the European Union proposal for the regulation on payment services. The opinion accessed here.

Guidance & Draft Guidance

  • On 18 August, the ICO announced the launch of a new public consultation on guidance on biometric data and technologies. This is the first phase of the consultation and the guidance can be accessed here.
  • On 23 August, the Polish data protection authority published guidance on the protection of personal data in election campaign. The press release can be accessed in Polish only here.
  • On 11 May, the German Data Protection published their recommendations in respect of protection of both data and consumers for credit scoring practices. The recommendations can be accessed in German only here.

Data Protection Authority Updates and Privacy News

  • On 22 August, the EDPS published an opinion on the European Commission’s latest proposal on a new legislative framework in respect of financial data access. The opinion can be accessed here.