News & Analysis as of

General Data Protection Regulation (GDPR) Enforcement Actions Personal Data

Follow this channel for updates and analysis on all aspects of the European Union's General Data Protection Regulation, a reform of EU's data protection rules that impacts... more +
Follow this channel for updates and analysis on all aspects of the European Union's General Data Protection Regulation, a reform of EU's data protection rules that impacts individuals throughout the Union and all businesses operating therein. less -
Womble Bond Dickinson

The ICO’s Penalty Against 23andMe Brings New Emphasis on Cybersecurity Risks - Key Takeaways for U.S. Companies

Womble Bond Dickinson on

The dramatic increase in global reach that the internet provides U.S.-based companies comes as a double edge sword. While it significantly increases a company’s potential customer pool, it also subjects companies to...more

Maynard Nexsen

Irish Data Protection Commission Fines TikTok Over EEA Data Transfers to China

Maynard Nexsen on

On May 2, 2025, the Irish Data Protection Commission (“DPC”) issued a decision, as lead supervisory authority, finding that TikTok infringed the GDPR regarding (a) its cross-border transfers of EEA User Data to China, and (b)...more

Baker Botts L.L.P.

Right to Erasure in the Spotlight as EU Data Protection Board Launches 2025 Coordinated Action

Baker Botts L.L.P. on

The European Data Protection Board (EDPB), the independent EU body responsible for ensuring the consistent application of the EU General Data Protection Regulation (GDPR) across all EU member states, has kicked off its...more

Hogan Lovells

Overview of the CNIL’s enforcement actions in 2024: the simplified procedure generates an increase in sanctions

Hogan Lovells on

In 2024, the CNIL stepped up its enforcement action, issuing 87 sanctions, 180 compliance orders and 64 reprimands. However, only 12 decisions were made public, thus complicating the exercise of making the regulator’s...more

Jackson Lewis P.C.

EU Data Enforcement Sweep: Are GDPR-Covered Entities Complying Properly with Data Subjects’ Right of Erasure?

Jackson Lewis P.C. on

The European Data Protection Board (EDPB) has launched its 2025 enforcement sweep targeting organizations’ compliance with data subjects’ right of erasure (right to delete or be forgotten), focusing particularly on how...more

Sheppard Mullin Richter & Hampton LLP

Forget It!: EDPB Announces Focus on Right to Erasure in 2025

Sheppard Mullin Richter & Hampton LLP on

Right of erasure (or “right to be forgotten”) has been selected by the European Data Protection Board as its priority enforcement topic for 2025. This work is being done under the “Coordinated Enforcement Framework” or “CEF.”...more

Jenner & Block

Client Alert: New GDPR Investigations into the Use of Children’s Data

Jenner & Block on

The UK’s data protection regulator, the Information Commissioner’s Office (ICO), has recently announced investigations into three companies in connection with the use of children’s personal information. In a statement on...more

Latham & Watkins LLP

GDPR Fines to Be Determined by Reference to Global Turnover of Corporate Group

Latham & Watkins LLP on

The CJEU has decided that the maximum thresholds for GDPR fines should be calculated using the global turnover of the broader corporate group, not solely the infringing entity....more

Smith Anderson

GDPR Enforcement is Alive and Well - Key Considerations in 2025

Smith Anderson on

As 2025 progresses, one thing is clear—GDPR enforcement is not slowing down. In fact, regulators across Europe are intensifying their scrutiny, handing out significant fines and even warning executives of potential personal...more

Sheppard Mullin Richter & Hampton LLP

Don’t Forget the EU: Italy Issued First GenAI Fine of €15 Million Alleging GDPR Violations 

Sheppard Mullin Richter & Hampton LLP on

At the end of 2024 the Italian Data Protection Authority issued a 15 million euro fine in the first generative AI-related case brought under GDPR. According to Garante (the Italian authority), OpenAI trained ChatGPT with...more

DLA Piper

EU: DLA Piper GDPR Fines and Data Breach Survey: January 2025

DLA Piper on

The seventh annual edition of DLA Piper’s GDPR Fines and Data Breach Survey has revealed another significant year in data privacy enforcement, with an aggregate total of EUR1.2 billion (USD1.26 billion/GBP996 million) in...more

A&O Shearman

English Court reviews the ICOs first GDPR fine (again)

A&O Shearman on

In December 2019, the UK Information Commissioner’s Office (ICO) imposed a fine of £275,000 on Doorstep Dispensaree Limited (DDL) for multiple contraventions of the GDPR. On December 9 2024, five years on and three judgments...more

DLA Piper

EU: CJEU Insight 

DLA Piper on

October has already been a busy month for the Court of Justice of the European Union (“CJEU”), which has published a number of judgments on the interpretation and application of the GDPR, including five important decisions,...more

Pillsbury - Consumer Protection Dispatch

GDPR Enforcement: Lessons from Recent Data Privacy Penalties

Pillsbury - Consumer Protection Dispatch on

Recent decisions by the French data protection authority (CNIL) have highlighted the importance of GDPR compliance, particularly in the areas of data retention, consent for processing sensitive personal data, and marketing...more

Goodwin

Navigating New CNIL Sanctions: What You Need to Know

Goodwin on

The Commission Nationale de l’Informatique et des Libertés (CNIL) is an independent French administrative regulatory body whose mission is to ensure that the collection, storage, and use of personal data comply with data...more

Ius Laboris

Massive fine for Uber of EUR 290 million

Ius Laboris on

On 26 August the Dutch Data Protection Authority (DPA) fined Uber EUR 290 million for a breach of the General Data Protection Regulation (GDPR). Following a number of complaints from French Uber drivers, the DPA found that...more

Osano

Will the U.S. Have a GDPR? With Rachael Ormiston of Osano

Osano on

In this episode of The Privacy Insider Podcast, host Arlo Gilbert is joined by Rachael Ormiston, Head of Privacy at Osano, to dive into the complex world of U.S. privacy regulations. How does the U.S. view privacy differently...more

Barnea Jaffa Lande & Co.

GDPR – Company Fined for Improper Data Collection

Barnea Jaffa Lande & Co. on

The French Data Protection Authority (CNIL) recently imposed a EUR 310,000 fine, representing 1% of its turnover, on FORIOU, a telemarketing company promoting loyalty programs. The fine stemmed from FORIOU’s use of...more

White & Case LLP

The Data Act – the EU's bid to "ensure fairness in the digital environment and a competitive data market" – has been adopted

White & Case LLP on

On November 27, 2023, the European Union ("EU") adopted the final text of the Data Act, marking an effort to create a harmonized, cross-sectoral data sharing framework with the stated goal of ensuring fair access to and use...more

Alston & Bird

What You Should Know About the EU Data Governance Act

Alston & Bird on

Last month, the European Union’s new Data Governance Act (DGA) came into effect. Our Privacy, Cyber & Data Strategy Group provides an overview of the key features of the DGA and discusses how the new law may impact businesses...more

Latham & Watkins LLP

CNIL Fines Health Website for Unlawful Data Processing

Latham & Watkins LLP on

The French Data Protection Authority imposed a €280,000 fine for GDPR infringements and a €100,000 fine for violation of French cookie rules. On 11 May 2023 the French Data Protection Authority (the CNIL) handed down its...more

Spirit Legal

Restitutio in Integrum

Spirit Legal on

A Fresh Perspective on Data Protection and Damages - Opening statements by Peter Hense at a University of Vienna panel titled "EU Future Talks, Non-Material Damages for GDPR Violations: Quo Vadis Österreichische Post...more

Wyrick Robbins Yates & Ponton LLP

One-Two Punch: Lessons from the Irish DPC’s WhatsApp Decision

Wyrick Robbins Yates & Ponton LLP on

2023 continues to be a busy year for European data protection authorities. Following its release of the Irish Data Protection Commission’s (DPC’s) binding decisions in cases against Facebook and Instagram, the European Data...more

McDermott Will & Emery

European Privacy Risk Exposure

McDermott Will & Emery on

2022 was yet another eventful year in terms of GDPR compliance. The continued evolution of the enforcement landscape, with increasing number of sanctions and individuals exercising their rights required time and attention...more

Wyrick Robbins Yates & Ponton LLP

Less Is More, Too Much Is Not Enough: What the Irish DPC’s €390 Million Fine Against Meta Could Mean for Your Privacy Notice

Wyrick Robbins Yates & Ponton LLP on

European data protection authorities kicked 2023 off with a bang when, on January 4, the Irish Data Protection Commission (DPC) announced that Meta Platforms Ireland would be fined a total of €390 million (roughly $414...more

100 Results
 / 
View per page
Page: of 4
Next »

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide