On 25 March 2025, the Irish Data Protection Commission (‘DPC’) confirmed that it received no objections to its draft decision on how TikTok Technology Limited (‘TikTok’) transfers personal data to China. The DPC, in its role as the lead supervisory authority for the Irish-headquartered TikTok, opened two ex officio inquiries…
On February 11, 2025, the European Data Protection Board (“EDPB”) issued a statement outlining its expectations for aligning the proliferating use of age assurance checks with the GDPR (the “Statement”). Aiming to promote a harmonized approach across the EU, the Statement provides guidance and high-level principles for online service providers…
On December 7, 2023, the Court of Justice of the European Union (“CJEU”) delivered a landmark decision against SCHUFA Holding AG (“SCHUFA”) that will likely impact how the EU General Data Protection Regulation (“GDPR”) applies to credit scoring agencies. In the decision, OQ v. Land Hessen, the CJEU decided that…
On December 14, 2023, the EU Court of Justice (“CJEU”) issued its first ever ruling on the scope of data security requirements under the GDPR. In VB v. NAP, the CJEU held that an organization is not liable for a security breach unless it failed to implement appropriate security measures….
Data privacy case law and legislation is constantly updated in the United Kingdom and European Union to address key issues. In order to track the latest developments, we have set out a brief overview of case law updates, legislation, guidance and news. Case Law Updates and Fines On 3 August,…
Data privacy case law and legislation is constantly updated in the United Kingdom and European Union to address key issues. In order to track the latest developments, we have set out a brief overview of case law updates, legislation, guidance and news. Case Law Updates and Fines On June 22,…
On 4 July 2023, the Court of Justice of the European Union (“CJEU”) delivered judgment in Case C-252/21 Meta Platforms and Others v German Federal Cartel Office, finding that national competition authorities are allowed to investigate and issue sanctions for a Company’s non-compliance with the General Data Protection Regulation (“GDPR”)….
Data privacy case law and legislation is constantly updated in the United Kingdom and European Union to address key issues. In order to track the latest developments, we have set out a brief overview of case law updates, legislation, guidance and news. Case Law Updates and Fines On 25 August,…
Data privacy case law and legislation is constantly updated in the United Kingdom and European Union to address key issues. In order to track the latest developments, we have set out a brief overview of case law updates, legislation, guidance and news. Case Law Updates and Fines On 18 August,…
Data privacy case law and legislation is constantly updated in the United Kingdom and European Union to address key issues. In order to track the latest developments, we have set out a brief overview of case law updates, legislation, guidance and news. Case Law Updates and Fines On August 3,…