On 4 July 2023, the Court of Justice of the European Union (“CJEU”) delivered judgment in Case C-252/21 Meta Platforms and Others v German Federal Cartel Office, finding that national competition authorities are allowed to investigate and issue sanctions for a Company’s non-compliance with the General Data Protection Regulation (“GDPR”)….
On April 26, 2023, the General Court of the European Union issued a ruling in Case T-557/20, SRB v EDPS, finding that pseudonymized data shared by one party with another will not be considered personal data in the hands of the recipient, if the recipient does not have legal means…
On January 12, 2023, the Court of Justice of the European Union (“CJEU”) ruled in case C-154/21 | Österreichische Post AG that controllers must provide the specific identity of any “recipient” of personal data in response to a GDPR access request. While the GDPR itself states that controllers may inform…
On August 5, 2022 news broke that the French Data Protection Authority (“CNIL”) proposes fining adtech company Criteo €60 million for undisclosed GDPR violations as part of an ongoing investigation opened by the CNIL in 2020. The investigation followed a 2018 complaint by the privacy NGO Privacy International against Criteo…
On March 25, 2022, President Biden and the President of the European Commission (“EC”) von der Leyen announced that the US and EU reached an agreement in principle on a new Trans-Atlantic Data Privacy framework for transatlantic data flows (the New Framework). The parties now need to translate the consensus…
On 17 December 2021, the Irish Data Protection Commission (“DPC”) published the final version of its guidance “Children Front and Centre: Fundamentals for a Child-Oriented Approach to Data Processing” (“the Fundamentals”). The Fundamentals set out principles and recommendations for companies to follow when processing children’s data in Ireland. The Fundamentals seek…
On 18 November 2021 the European Data Protection Board (“EDPB”) released its Guidelines 05/2021 on the Interplay between the application of Article 3 and the provisions on international transfers as per Chapter V of the GDPR (“Guidelines”) for public consultation. The Guidelines clarify one of the most vexing issues in…