Life with GDPR - Meta Fined €405 million by Irish Data Protection Commission
A recent and far-reaching decision by the Italian Data Protection Authority (Garante) has significantly altered the rules governing marketing privacy consent in Italy, introducing a potential obligation to adopt a double...more
On April 14 2025, the European Data Protection Board (EDPB) announced the outcomes of its plenary session that took place on April 8 2025, during which the EDPB adopted draft Guidelines on processing of personal data through...more
What happens when data protection collides with the relentless pace of digital innovation? That’s the question the European Data Protection Board (EDPB) seemed to confront head-on in 2024, a year marked by unprecedented...more
Right of erasure (or “right to be forgotten”) has been selected by the European Data Protection Board as its priority enforcement topic for 2025. This work is being done under the “Coordinated Enforcement Framework” or “CEF.”...more
The European Data Protection Board (EDPB) has issued an opinion on certain data protection aspects related to processing personal data in AI models. The opinion came after the Irish supervisory authority raised questions to...more
In a landmark judgment delivered on 29 January 2025, the General Court of the European Union has affirmed the European Data Protection Board‘s (EDPB) authority to require national supervisory authorities to broaden their...more
The first binding obligations of the European Union’s landmark AI legislation, the EU AI Act (the Act), came into effect on February 2, 2025. Essentially, from this date, AI practices which present an unacceptable level of...more
On January 29, 2025, the General Court of the European Union delivered a significant judgment concerning the powers and competences of the European Data Protection Board ("EDPB"). The case involved the Data Protection...more
On October 9, 2024, the European Commission (the Commission) published a report on the first periodic review of the adequacy decision of July 10, 2023. This decision determined that the EU-U.S. Data Privacy Framework (the...more
The European Data Protection Board issued draft guidelines last month that outline when processing can be considered done for “legitimate interest.” The public has until November 20 to provide comments to the draft....more
The EDPB released guidance last month to help companies understand their obligations when using newer tracking tools. These include pixels, URL tracking, IP-tracking, and the like. First, some background: an EU law that...more
This series of blogs rounds up some of the key data protection regulatory trends we have seen during 2024, focused on the EU and UK. 2024 has seen behavioural advertising and cookies continue to dominate the agenda of...more
This series of blogs rounds up some of the key data protection regulatory trends we have seen during 2024, focused on the EU and UK. 2024 has seen behavioural advertising and cookies continue to dominate the agenda of data...more
On 25 July 2024, the EU Commission published its second report on the application of the GDPR (the ‘Second Report’), following its first report published in 2020....more
This month the EDPB shed light on the question of lead supervisory authorities. The issue arose in response to a question late last month from the French supervisory authority. Some background. As most international...more
At the end of June, the European Data Protection Board (EDPB) published its Recommendations (Recs) on Binding Corporate Rules (BCRs). Among other things, the Recs require existing and in process BCRs to: - Incorporate...more
As those in the privacy world await the outcome of the EU-US privacy framework negotiations, the EDPB was in the news recently for a different mechanism for data transfers: Binding Corporate Rules. Namely, it adopted...more
Katten's Privacy, Data and Cybersecurity Quick Bytes is a monthly newsletter highlighting the latest news and legal developments involving privacy, data and cybersecurity issues across the globe. ...more
When it comes to website privacy compliance, cookies have consistently presented the most fraught issues for U.S. businesses. This is especially true for those businesses that find themselves in a sometimes new or often...more
Meta Ireland (Meta) has recently been issued with two fines by the Irish Data Protection Commission (DPC) for breaches of the EU General Data Protection Regulation (GDPR) relating to advertisements run on its Facebook and...more
The EDPB recently announced its second topic for coordinated enforcement. At a national level, data protection authorities in the EU will be looking into the position of the data protection officer. The results of these...more
Dark patterns have been a recent regulatory focus. The FTC issued an enforcement policy late last year, and the European Data Protection Board followed suit with guidelines this spring. The two have slightly different takes...more
It has been almost two years since the Privacy Shield was struck down as a valid data transfer mechanism in Schrems II. Many have been wondering “what’s next”? Will there be a replacement framework? When will that be...more