News & Analysis as of

General Data Protection Regulation (GDPR) Enforcement Actions

Follow this channel for updates and analysis on all aspects of the European Union's General Data Protection Regulation, a reform of EU's data protection rules that impacts... more +
Follow this channel for updates and analysis on all aspects of the European Union's General Data Protection Regulation, a reform of EU's data protection rules that impacts individuals throughout the Union and all businesses operating therein. less -
Womble Bond Dickinson

From Data to Decisions: Navigating Privacy and Litigation Risks in the AI Era

Womble Bond Dickinson on

While many systems that are described as AI have been around for decades (e.g., internet search engines), today’s AI tools are much more powerful and are widely accessible. Generative AI and agentic AI extend the power of...more

DLA Piper

Italy: Garante Issues Fine for Use of Employee’s Private Chats in Disciplinary Actions

DLA Piper on

The Italian Data Protection Authority (Garante) has fined a company EUR 420,000 for violating privacy laws in the workplace. The decision focuses on the employer’s use of content from Facebook, WhatsApp, and Messenger— shared...more

Womble Bond Dickinson

The ICO’s Penalty Against 23andMe Brings New Emphasis on Cybersecurity Risks - Key Takeaways for U.S. Companies

Womble Bond Dickinson on

The dramatic increase in global reach that the internet provides U.S.-based companies comes as a double edge sword. While it significantly increases a company’s potential customer pool, it also subjects companies to...more

DLA Piper

Italy: Marketing Privacy Consent – Is Double Opt-In Now Mandatory?

DLA Piper on

A recent and far-reaching decision by the Italian Data Protection Authority (Garante) has significantly altered the rules governing marketing privacy consent in Italy, introducing a potential obligation to adopt a double...more

Alston & Bird

UK Data Protection Regulator Fines 23andMe ~$3.1 Million Following Credential Stuffing Attack

Alston & Bird on

On June 5, 2025, the UK’s Information Commissioner’s Office (ICO) fined 23andMe £2.31 million (~$3.1 million). The fine was for failing to implement adequate security measures to protect the personal data of over 155,000 UK...more

DLA Piper

Spain: Spanish Data Protection Authority Publishes Annual Report

DLA Piper on

The Spanish Data Protection Authority (“AEPD“) has published its 2024 annual report, which includes the AEPD’s awareness-raising activities; the collaboration and inspection activities of the Spanish authorities; relevant...more

Clark Hill PLC

Right To Know - June 2025, Vol. 30

Clark Hill PLC on

Cyber, Privacy, and Technology Report - Welcome to your monthly rundown of all things cyber, privacy, and technology, where we highlight all the happenings you may have missed. State Action: North Dakota Passes Law...more

A&O Shearman

UK Information Commissioner's Office launches AI and Biometrics Strategy

A&O Shearman on

In early June the UK Information Commissioner’s Office (ICO) launched its AI and Biometrics Strategy (AIBS), the first time it has published a dedicated document setting out its priorities on General Data Protection (GDPR)...more

DLA Piper

Italy: The Garante Issues First GDPR Fine Over Employees Email Metadata Privacy Breach

DLA Piper on

The Italian Data Protection Authority (the Garante) has issued its first GDPR fine for, among other breaches, unlawful retention of metadata from employees’ emails and web browsing activities. The decision applies, for the...more

Constangy, Brooks, Smith & Prophete, LLP

Constangy Clips Ep. 10 - 3 Ways the GDPR Is Evolving with Today’s Tech Landscape

Constangy, Brooks, Smith & Prophete, LLP on

In recognition of the GDPR's 7th anniversary on May 25, 2025, Constangy Cyber Team member Matthew Basilotto explores how the European Union’s General Data Protection Regulation (GDPR) continues to adapt in the face of...more

Lighthouse

Current State of Data Protection Regulations in the US and EMEA

Lighthouse on

Organizations must continuously review and refine their data governance strategies to keep pace with a regulatory environment that is shifting at an unprecedented rate. In response to mandates for stronger compliance...more

Maynard Nexsen

Irish Data Protection Commission Fines TikTok Over EEA Data Transfers to China

Maynard Nexsen on

On May 2, 2025, the Irish Data Protection Commission (“DPC”) issued a decision, as lead supervisory authority, finding that TikTok infringed the GDPR regarding (a) its cross-border transfers of EEA User Data to China, and (b)...more

Skadden, Arps, Slate, Meagher & Flom LLP

Key Themes From the 2025 IAPP Global Privacy Summit

Skadden, Arps, Slate, Meagher & Flom LLP on

On April 23 and 24, 2025, regulators, industry leaders and data privacy leaders from across the globe convened in Washington, D.C. for the 2025 International Association of Privacy Professionals (IAPP) Global Privacy Summit....more

Venable LLP

State Privacy Law Enforcement Coordination - Cookie Banners in the Crosshairs

Venable LLP on

On April 16, data privacy law regulators in seven states announced the creation of the Consortium of Privacy Regulators, a bipartisan group of state regulators seeking to “share expertise and resources, as well as coordinate...more

Hogan Lovells

Dutch DPA intensifies cookie enforcement – key takeaways

Hogan Lovells on

On 15 April 2025, the Dutch Data Protection Authority (DPA) issued warnings to 50 organisations, including online retailers, media companies, and insurers, for deploying misleading cookie banners or unlawfully placing...more

Clark Hill PLC

Right To Know - April 2025, Vol. 28

Clark Hill PLC on

Welcome to your monthly rundown of all things cyber, privacy, and technology, where we highlight all the happenings you may have missed. ...more

Skadden, Arps, Slate, Meagher & Flom LLP

UK GDPR Regulator Fines Data Processor After Ransomware Attack

Skadden, Arps, Slate, Meagher & Flom LLP on

On 27 March 2025, the UK Information Commissioner’s Office (ICO) issued a £3.07 million fine to an IT services provider following a ransomware attack in 2022 that affected the company’s health care business. The ransomware...more

Baker Botts L.L.P.

Right to Erasure in the Spotlight as EU Data Protection Board Launches 2025 Coordinated Action

Baker Botts L.L.P. on

The European Data Protection Board (EDPB), the independent EU body responsible for ensuring the consistent application of the EU General Data Protection Regulation (GDPR) across all EU member states, has kicked off its...more

Hogan Lovells

Overview of the CNIL’s enforcement actions in 2024: the simplified procedure generates an increase in sanctions

Hogan Lovells on

In 2024, the CNIL stepped up its enforcement action, issuing 87 sanctions, 180 compliance orders and 64 reprimands. However, only 12 decisions were made public, thus complicating the exercise of making the regulator’s...more

Jackson Lewis P.C.

EU Data Enforcement Sweep: Are GDPR-Covered Entities Complying Properly with Data Subjects’ Right of Erasure?

Jackson Lewis P.C. on

The European Data Protection Board (EDPB) has launched its 2025 enforcement sweep targeting organizations’ compliance with data subjects’ right of erasure (right to delete or be forgotten), focusing particularly on how...more

Sheppard Mullin Richter & Hampton LLP

Forget It!: EDPB Announces Focus on Right to Erasure in 2025

Sheppard Mullin Richter & Hampton LLP on

Right of erasure (or “right to be forgotten”) has been selected by the European Data Protection Board as its priority enforcement topic for 2025. This work is being done under the “Coordinated Enforcement Framework” or “CEF.”...more

Jenner & Block

Client Alert: New GDPR Investigations into the Use of Children’s Data

Jenner & Block on

The UK’s data protection regulator, the Information Commissioner’s Office (ICO), has recently announced investigations into three companies in connection with the use of children’s personal information. In a statement on...more

Cozen O'Connor

Unpacking Dark Patterns

Cozen O'Connor on

“Dark patterns” have increasingly been the focus of legislative and regulatory scrutiny. Yet the phrase is never used in business. No business designs a website, mobile app, or business process with the instruction, “let’s...more

Morrison & Foerster LLP - Social Media

Just a Minor Threat: Online Safety Legislation Takes Off

Morrison & Foerster LLP - Social Media on

The year 2025 is certain to be a watershed for social media legislation and litigation. As it continues to shape how we connect, share, and consume information, social media remains at the forefront of public discourse due to...more

Latham & Watkins LLP

GDPR Fines to Be Determined by Reference to Global Turnover of Corporate Group

Latham & Watkins LLP on

The CJEU has decided that the maximum thresholds for GDPR fines should be calculated using the global turnover of the broader corporate group, not solely the infringing entity....more

234 Results
 / 
View per page
Page: of 10
Next »

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide