Until recently, there was no real political appetite to reopen the General Data Protection Regulation, though it was becoming increasingly necessary to align GDPR with other data-related EU laws such as the Data Act and to streamline it, Linklaters IT, data and cyber attorney Tanguy Van Overstraeten said in an interview Friday.
The French privacy authority CNIL Thursday listed its 2025 projects which aim at helping privacy professionals comply with the General Data Protection Regulation.
The Luxembourg Administrative Tribunal Wednesday upheld a July 2021 decision by the National Data Protection Commission that slapped Amazon with a fine of 746 million euros ($808 million) for General Data Protection Regulation (GDPR) breaches. The court also ordered the platform to take corrective measures or face a daily penalty of 746,000 euros.
The Massachusetts Senate will try to reach consensus on comprehensive privacy legislation this spring, two state senators told us. Privacy Daily has counted eight comprehensive privacy bills so far in the Massachusetts legislature, with four apiece in the House and the Senate.
Ever-increasing data protection requirements around the world are keeping privacy professionals on the edge of their seats, said officials from Stripe, HP and Bank of America during a BigID compliance webinar Thursday.
LONDON -- The U.K. Information Commissioner's Office is intensively engaged in the hot privacy issues of biometrics and web scraping, Regulatory Risk Executive Director Stephen Almond said at Thursday's IAPP Data Protection Intensive conference.
The European Commission's adequacy decision permitting data flows from Europe to the U.K. expires June 27 and there are concerns about U.K. legislative reforms to data protection rules, a March Parliamentary Research Services memo said.
Businesses trying to limit information they would otherwise have to disclose under data protection laws but consider trade secrets could be forced to disclose those secrets to a court or arbitrator under a recent decision by the European Court of Justice (ECJ), Pinsent Masons attorneys noted Friday. The decision involves the interplay between General Data Protection Act provisions on automated decision-making and EU trade secrets law, they wrote.
The General Data Protection Regulation shouldn't become a tiered, risk-based entity, though the European Commission should have more centralized power to enforce it, Charly Helleputte, Squire Patton Boggs EU data privacy attorney, emailed. His comments responded to Axel Voss' recent tiered GDPR proposal. Voss is a German Member of the European Parliament from the European People's Party Group. He discussed his proposal during a March 3-4 Centre for European Policy Studies Ideas Lab panel.
The European Data Protection Board (EDPB) will focus this year on enforcing people's "right to be forgotten," or right to erasure, via its coordinated enforcement framework (CEF), it announced Wednesday. It chose this topic as it's one of the most frequently exercised rights under the General Data Protection Regulation (GDPR) and one where data protection authorities (DPAs) receive the most complaints, the board said.