Tag: Privacy

Tag: Privacy

Spain’s Proposed Child Online Safety Law introduces major new compliance obligations for Digital Service Providers

Spain has introduced a far-reaching legal framework to protect minors online, requiring businesses to adopt proactive compliance with new digital safety and data protection obligations. Spain is advancing comprehensive legislative reforms aimed at strengthening protections for children and adolescents in the digital environment. The proposed Ley Orgánica de protección de menores en entornos digitales (Organic

ICO’s 2025 Anonymisation Guidance: Turning Personal Data into a Privacy Asset

Explore how the ICO’s March 2025 guidance helps organisations use anonymisation to unlock data value while meeting UK GDPR compliance and strengthening accountability. As the prevalence of data-driven innovation increases, organisations must ensure that this data is being handled with the necessary level of responsibility, which for some data means that anonymisation is necessary. On

COPPA Compliance in 2025: What Businesses Need to Know About Child Safety Laws

COPPA compliance is paramount for companies operating in the U.S. as this legislation remains a critical law for protecting children’s privacy. The Children’s Online Privacy Protection Act (COPPA) remains one of the most important legal safeguards in the United States, designed to protect children under 13 years old from online data collection without parental consent.

California’s Age-Appropriate Design Code: A push for increased online safety for children

California introduced the Age-Appropriate Design Code Act aimed at enhancing child online safety and data privacy.   California’s Age-Appropriate Design Code Act (CAADCA) was introduced as a groundbreaking law aimed at strengthening online protections for children under 18. Signed into law in September 2022 by Governor Gavin Newsom, the CAADCA was modeled after the UK’s

The UK’s Children’s Code: Update for businesses processing children’s data

The ICO has provided recommended business practices for businesses processing children’s data in the UK, to ensure compliance with the UK’s Children’s Code.   The UK’s Children’s Code (also known as the Age-Appropriate Design Code) sets out key data protection requirements for online services that process children’s personal data. Enforced by the Information Commissioner’s Office

Pseudonymisation guidelines adopted by the EDPB, along with steps to enhance collaboration with competition authorities

The EDPB released new guidelines on pseudonymisation and a position paper on data protection and competition law to strengthen GDPR compliance. In January 2025, the European Data Protection Board (EDPB) made a significant regulatory announcement during its plenary meeting, by adopting new pseudonymisation guidelines, as well as issuing a position paper on the interplay between

The ICO provides tips on data protection

Prioritizing data protection for your business in 2025: ICO provides tips As you undertake business operations this year, there’s one crucial element that shouldn’t be overlooked—data protection. Getting data protection right from the start will not only ensure compliance with data privacy laws but also help you build trust with customers, suppliers, and partners alike.

CNIL imposed a fine of €240,000 on KASPR for multiple GDPR violations

CNIL of France has imposed a fine of €240,000 on KASPR for multiple GDPR violations linked to the unlawful collection and retention of personal data.  KASPR, a company offering a Chrome extension to extract professional contact details from LinkedIn and other online sources, has faced regulatory action for its practices. Through its database of approximately

Coolblue was fined €40,000 for violating GDPR by unlawfully processing personal data via cookies

Coolblue was fined €40,000 by the Dutch DPA for unlawfully processing personal data via cookies, by failing to obtain explicit consent.   The Dutch Data Protection Authority (AP) recently imposed a €40,000 fine on Coolblue for unlawfully processing personal data via cookies in 2020. The violation stemmed from Coolblue’s failure to obtain explicit consent from

Draft Measures for the Certification of the Protection of Personal Information Exported Abroad published by China’s CAC

The Cyberspace Administration of China (CAC) released the draft Measures for Cross-Border Data Transfer which clarify Personal Information Protection Certification.   On January 3, 2025, the Cyberspace Administration of China (CAC) released a draft document titled “Measures for the Certification of the Protection of Personal Information Exported Abroad” (hereinafter, draft measures). These measures, comprising 20