Tag: GDPR

Tag: GDPR

EDPB Guidelines on Blockchain and GDPR Compliance: Key Considerations for Data Controllers

The EDPB has issued draft guidelines to clarify how the GDPR applies to blockchain technologies. The European Data Protection Board (EDPB) has issued draft Guidelines to provide clarity on the application of the GDPR to blockchain-based processing operations. While blockchain technologies offer benefits in transparency, decentralisation, and resilience, their technical characteristics pose considerable challenges to

Spain’s Proposed Child Online Safety Law introduces major new compliance obligations for Digital Service Providers

Spain has introduced a far-reaching legal framework to protect minors online, requiring businesses to adopt proactive compliance with new digital safety and data protection obligations. Spain is advancing comprehensive legislative reforms aimed at strengthening protections for children and adolescents in the digital environment. The proposed Ley Orgánica de protección de menores en entornos digitales (Organic

ICO’s 2025 Anonymisation Guidance: Turning Personal Data into a Privacy Asset

Explore how the ICO’s March 2025 guidance helps organisations use anonymisation to unlock data value while meeting UK GDPR compliance and strengthening accountability. As the prevalence of data-driven innovation increases, organisations must ensure that this data is being handled with the necessary level of responsibility, which for some data means that anonymisation is necessary. On

Child safety regulations: For businesses and organizations operating in the EU

The European Commission strengthens child safety regulations with the Digital Services Act and Age-Appropriate Design code.  In 2024, the European Commission made significant progress in advancing child safety regulations under the Digital Services Act (DSA). As digital platforms play an increasingly central role in children’s lives, the EU has intensified its focus on ensuring their

Children’s Data Privacy Practices fuel investigations into various businesses

The UK’s ICO launched investigations into TikTok, Reddit, and Imgur over Children’s Data Privacy Practices. The UK’s Information Commissioner’s Office (ICO) has launched an investigation into the data privacy practices of TikTok, Reddit, and Imgur, focusing on how these platforms handle the personal information of children. The probe aims to determine whether these companies comply

Pseudonymisation guidelines adopted by the EDPB, along with steps to enhance collaboration with competition authorities

The EDPB released new guidelines on pseudonymisation and a position paper on data protection and competition law to strengthen GDPR compliance. In January 2025, the European Data Protection Board (EDPB) made a significant regulatory announcement during its plenary meeting, by adopting new pseudonymisation guidelines, as well as issuing a position paper on the interplay between

The ICO provides tips on data protection

Prioritizing data protection for your business in 2025: ICO provides tips As you undertake business operations this year, there’s one crucial element that shouldn’t be overlooked—data protection. Getting data protection right from the start will not only ensure compliance with data privacy laws but also help you build trust with customers, suppliers, and partners alike.

CNIL imposed a fine of €240,000 on KASPR for multiple GDPR violations

CNIL of France has imposed a fine of €240,000 on KASPR for multiple GDPR violations linked to the unlawful collection and retention of personal data.  KASPR, a company offering a Chrome extension to extract professional contact details from LinkedIn and other online sources, has faced regulatory action for its practices. Through its database of approximately

Coolblue was fined €40,000 for violating GDPR by unlawfully processing personal data via cookies

Coolblue was fined €40,000 by the Dutch DPA for unlawfully processing personal data via cookies, by failing to obtain explicit consent.   The Dutch Data Protection Authority (AP) recently imposed a €40,000 fine on Coolblue for unlawfully processing personal data via cookies in 2020. The violation stemmed from Coolblue’s failure to obtain explicit consent from

GDPR’s role in responsible AI development: CEPD publishes opinion on AI models

The CEPD’s recent opinion on AI models highlights the GDPR’s role in responsible AI development. The European Data Protection Board (CEPD) issued an opinion on December 18, 2024, emphasizing the importance of GDPR principles in the ethical development and deployment of AI models. This comprehensive opinion, requested by the Irish Data Protection Authority (DPA), focuses