Two recent decisions by Québec’s data protection authority, the Commission d’accès à l’information (the “CAI”), should serve as cautionary tales for any business contemplating the deployment of biometric information...more
At the end of 2024 the Italian Data Protection Authority issued a 15 million euro fine in the first generative AI-related case brought under GDPR. According to Garante (the Italian authority), OpenAI trained ChatGPT with...more
Cyber, Privacy, and Technology Report - Welcome to your monthly rundown of all things cyber, privacy, and technology, where we highlight all the happenings you may have missed....more
The Dutch Data Protection Authority (the “Dutch DPA”) issued a €4.75 million (approximately $5 million USD) fine on Netflix in connection with a data access investigation that started in 2019. The investigation arose out of...more
Recent decisions by the French data protection authority (CNIL) have highlighted the importance of GDPR compliance, particularly in the areas of data retention, consent for processing sensitive personal data, and marketing...more
The Commission Nationale de l’Informatique et des Libertés (CNIL) is an independent French administrative regulatory body whose mission is to ensure that the collection, storage, and use of personal data comply with data...more
On 26 August the Dutch Data Protection Authority (DPA) fined Uber EUR 290 million for a breach of the General Data Protection Regulation (GDPR). Following a number of complaints from French Uber drivers, the DPA found that...more
يُعد نظام حماية البيانات الشخصية (النظام) أول نظام شامل لحماية البيانات في المملكة العربية السعودية. من المتوقع أن تبدأ الهيئة السعودية للبيانات والذكاء الاصطناعي (الهيئة) في الإنفاذ الكامل للنظام اعتبارًا من 14 سبتمبر 2024،...more
The Brazilian Data Protection Authority (Autoridade Nacional de Proteção de Dados, “ANPD”), applied its first two sanctions of 2024 against two Brazilian governmental institutions. It is worth noting that, as both are public...more
On 18 October 2023, the Commercial Division of the French Supreme Court (Court of Cassation) issued a noteworthy ruling, in which it judged its own case law on restrictive competition practices to be "complex", a source of...more
In February 2023, the Brazilian National Data Protection Authority (ANPD) published the rules for the application of sanctions and the methodology for calculating fines for violation of their General Data Protection Law...more
On May 16, 2022, the European Data Protection Board (EDPB), the independent body of data protection supervisors that promotes consistent data protection rules and application thereof throughout the European Union (EU),...more
Danske Bank, Denmark’s largest bank, faces a fine of approximately $1.5 million from the Danish Data Protection Agency (DPA) for a failure to comply with the GDPR’s data deletion requirements. The GDPR requires all personal...more
This Update highlights some of the international data protection issues that caught our attention and the attention of our clients over the winter, including updates on European data transfers and cookie compliance,...more
The Dutch Data Protection Authority (Dutch DPA) recommends that Dutch websites stop using the IAB framework and other similar tools for tracking users, reports a Dutch newspaper (only in Dutch). The recommendation of the...more
In a decision of December 16, 2021, the Belgian Data Protection Authority (“DPA”) imposed a EUR 75,000 administrative fine on a bank located in Belgium for failure to comply with the requirement in Article 38.6 of the General...more
When GDPR became effective three years ago, companies took notice of the fines and penalties attached to violations of the stringent privacy law—4 percent of global annual sales....more
Earlier this month, the European Data Protection Board (EDPB) published a report on the resources that the EU Member States make available to their Data Protection Authorities (DPA) and on the enforcement actions initiated by...more
The French data protection authority, La Commission nationale de l’informatique et des libertés ("CNIL"), one of Europe's ("EU") most active data protection regulators, has continued to focus on the lawfulness of the use of...more
Mittlerweile haben mehrere deutsche Datenschutzaufsichtsbehörden zweistellige Millionenbußgelder nach Art. 83 DSGVO verhängt. Kurz nach Geltung der DSGVO war es teilweise noch durchaus möglich, sich mit den zuständigen...more
The 2021 edition of BakerHostetler’s annual Data Security Incident Response Report highlights some regulatory enforcement trends we saw from the European Union (EU) data protection authorities (DPAs) during the past year. EU...more
The regulation of cookies and similar tracking technologies is rapidly evolving, not only in the European Union and United Kingdom but also in the United States and globally. If you have visited a website recently, you might...more
The Bavarian Data Protection Authority recently prohibited a European company from using U.S. newsletter provider Mailchimp in a first-of-its-kind decision. Since the Schrems II decision of the Court of Justice of the...more
This quarterly update highlights some of the international data protection issues that have caught our attention, and the attention of our clients, in the past three months....more
The Spanish Data Protection Agency (“Spanish DPA”) decided to start 2021 the same way it ended 2020: by imposing the highest fines to date (EUR 5,000,000 and 6,000,000) to two large Spanish financial entities. ...more