Tagged as: GDPR

EU Supervisory Authorities Approve Irish Data Protection Commission’s Decision on TikTok’s International Data Flows

On 25 March 2025, the Irish Data Protection Commission (‘DPC’) confirmed that it received no objections to its draft decision on how TikTok Technology Limited (‘TikTok’) transfers personal data to China. The DPC, in its role as the lead supervisory authority for the Irish-headquartered TikTok, opened two ex officio inquiries…

Read More

Protecting Children Online: EDPB Weighs in on Age Assurance Methods

On February 11, 2025, the European Data Protection Board (“EDPB”) issued a statement outlining its expectations for aligning the proliferating use of age assurance checks with the GDPR (the “Statement”). Aiming to promote a harmonized approach across the EU, the Statement provides guidance and high-level principles for online service providers…

Read More

CJEU ADM Decision Casts Wide Net Over Credit Scoring Agencies

On December 7, 2023, the Court of Justice of the European Union (“CJEU”) delivered a landmark decision against SCHUFA Holding AG (“SCHUFA”) that will likely impact how the EU General Data Protection Regulation (“GDPR”) applies to credit scoring agencies. In the decision, OQ v. Land Hessen, the CJEU decided that…

Read More

EU Court of Justice Confirms GDPR Security Measures Can Be “Appropriate” Even If Not Foolproof

On December 14, 2023, the EU Court of Justice (“CJEU”) issued its first ever ruling on the scope of data security requirements under the GDPR. In VB v. NAP, the CJEU held that an organization is not liable for a security breach unless it failed to implement appropriate security measures….

Read More

EU/UK Privacy & Cybersecurity News Roundup – Week of October 2, 2023

Data privacy case law and legislation is constantly updated in the United Kingdom and European Union to address key issues. In order to track the latest developments, we have set out a brief overview of case law updates, legislation, guidance and news. Case Law Updates and Fines On 3 August,…

Read More

EU/UK Privacy & Cybersecurity News Roundup – Week of September 18, 2023

Data privacy case law and legislation is constantly updated in the United Kingdom and European Union to address key issues. In order to track the latest developments, we have set out a brief overview of case law updates, legislation, guidance and news. Case Law Updates and Fines On June 22,…

Read More

CJEU Confirms Competition Authorities’ Power to Investigate GDPR Violations and Provides Insights into Personalised Social Media Advertising and GDPR Compliance

On 4 July 2023, the Court of Justice of the European Union (“CJEU”) delivered judgment in Case C-252/21 Meta Platforms and Others v German Federal Cartel Office, finding that national competition authorities are allowed to investigate and issue sanctions for a Company’s non-compliance with the General Data Protection Regulation (“GDPR”)….

Read More

EU/UK Privacy & Cybersecurity News Roundup – Week of September 4, 2023

Data privacy case law and legislation is constantly updated in the United Kingdom and European Union to address key issues. In order to track the latest developments, we have set out a brief overview of case law updates, legislation, guidance and news. Case Law Updates and Fines On 25 August,…

Read More

EU/UK Privacy & Cybersecurity News Roundup – Week of August 28, 2023

Data privacy case law and legislation is constantly updated in the United Kingdom and European Union to address key issues. In order to track the latest developments, we have set out a brief overview of case law updates, legislation, guidance and news. Case Law Updates and Fines On 18 August,…

Read More

EU/UK Privacy & Cybersecurity News Roundup – Week of August 21, 2023

Data privacy case law and legislation is constantly updated in the United Kingdom and European Union to address key issues. In order to track the latest developments, we have set out a brief overview of case law updates, legislation, guidance and news. Case Law Updates and Fines On August 3,…

Read More