Loading

Category: Data Protection

Web Scraping is almost always unlawful under the GDPR

Under the GDPR, web scraping is almost always unlawful, except for in very few exceptional cases.    The automatic collection and storage of information from the Internet is referred to as web scraping. Through this process, a computer program automatically extracts data from the internet, for example by scanning social media platforms. Scraping involves the

Facial Recognition Technology: legal clarification from the Netherlands DPA

Netherlands DPA (AP) clarifies legal questions regarding the use of Facial Recognition Technology under the GDPR.   The Dutch Data Protection Authority, Autoriteit Persoonsgegevens (AP) has published a new guide that addresses and clarifies frequently asked legal questions about the use of facial recognition technology. The document is primarily designed for privacy professionals and organisations

Recommendations on the development of AI systems from European DPAs

DPAs across Europe have provided useful recommendations for organisations involved in the development and deployment of AI systems, aiding these organisations to remain in compliance with the GDPR and other regulations applicable to AI systems.    The French data protection authority, CNIL recently published its first recommendations on the development of AI systems. These recommendations

The EDPB releases its Opinion on ‘Pay or Ok’ Models

The EDPB highlights the need to comply with all the requirements of the GDPR, in particular those for valid consent.   In the rapidly evolving landscape of ecommerce and data protection, it is paramount for businesses to understand how any new practices involving the processing of personal data may affect their user’s privacy and the

Unlawful use of data results in significant fine for canvassing company

Unlawful use of data results in significant fine for canvassing company A company was fined by CNIL for unlawfully using data obtained from a data broker for commercial prospecting purposes.    On April 4, 2024, the French data protection authority, CNIL, imposed a significant fine of 525,000 euros on the company HUBSIDE.STORE. The fine was

CPPA Enforcement Division issues its first advisory

An Enforcement Advisory has been issued by the CPPA Enforcement Division to help businesses ensure compliance with the CCPA.   On April 2, 2024, the Enforcement Division of the California Privacy Protection Agency (CPPA) released its inaugural Enforcement Advisory, marking a significant step in its efforts to ensure compliance with the California Consumer Privacy Act

Possible fines under US data protection laws

With various state-level data protection laws coming into force across the US, what possible fines could a business face for violating any of those laws?    In the United States, while there isn’t a comprehensive federal data protection law, more and more state laws governing the protection of personal data are coming into force, imposing

EU Supervisory Authorities have a right to order the erasure of unlawfully processed data without a request from the data subject

The CJEU has ruled that EU Supervisory Authorities have a right to order the erasure of unlawfully processed data even without a prior request from the data subject.   The recent ruling by the Court of Justice of the European Union (CJEU) has significant implications for the processing of personal data by organisations within the

Texas Data Privacy and Security Act: An overview

Texas Data Privacy and Security Act brings Texas among the ranks of several states to enact comprehensive data privacy laws.   Texas Data Privacy and Security Act (TDPSA) was passed on June 16th, 2023 and will take effect on July 1, 2024, bringing Texas among the ranks of several states to enact comprehensive data privacy

New Jersey Consumer Data Privacy Act: A comprehensive overview

The New Jersey Consumer Data Privacy Act (NJCDPA), was passed in January 2024, and details distinct requirements for organizations which process the data of New Jersey residents.    The state of New Jersey has implemented a robust framework of data protection laws to safeguard the personal information of its residents. Among the key laws is