Googles decides to make easier to Reject All

Recently, Google announced its plans to introduce a “Reject All” option within its famous cookie banner. The decision was appreciated by the Information Commissioners Office, by observing this to be a change that was long awaited to improve not only the user interaction, but also the compliance aspects. The ICO in its statement was also […]
ICO and DPC Guidance Regarding Children’s Data and the Services aimed at Children

Information Commissioners Office of the UK and the Data Protection Commission of Ireland recognise the special need for protecting the children and children’s data, including in the context of concerns around such data being used for various commercial purposes. Based on the principles of the GDPR, both authorities issued their guidance or set of standards […]
Regulating after the GDPR: Proposed changes to the role of the ICO

In Sept 2021 the UK Department for Digital, Culture, Media and Sport (DCMS) announced proposals to reform UK data protection legislation. The key changes are focused on making data protection compliance more streamlined and reducing burdens on organisations. However, it also includes proposed changes to the role of the Information Commissioner’s Office (ICO) and its […]
Transparency obligation and data controllers: enforcement across Europe

Much ink has been spilled on the September 2021 decision issued by the Irish Data Protection Commission (DPC) to impose a fine of €225 million on WhatsApp, the second heaviest fine under the General Data Protection Regulation (GDPR). It is noteworthy that the decision was issued after the activation of the dispute resolution mechanism of GDPR article 65, and the necessary intervention of the European Board given that eight National Supervisory Authorities (NSAs) triggered the draft decision of the DPC. However, the […]
The UK is set to diverge from the GDPR

On 9 September 2020, the UK Department for Digital, Culture, Media & Sport (DCMS) published its National Data Strategy, which included: “responsible data” as a core pillar and an associated “securing a pro-growth and trusted data regime” priority mission. This included a June 2021 Taskforce on Innovation, Growth and Regulatory Reform (TIGRR) proposal to: “replace the […]
GDPR fines may be susceptible to significant reductions upon appeal

The General Data Protection Regulation (GDPR) substantially increased the amount that data protection authorities (DPAs) are empowered to fine organisations, to €20m or 4% of worldwide annual turnover. The UK Information Commissioner’s Office (ICO) has issued a limited number of fines for data protection breaches in the first 5 years of the UK GDPR. It […]
Anti-Money Laundering, KYC and Data Protection

This article explores the legal framework for Anti-Money Laundering (AML) and discusses how to balance AML objectives while ensuring privacy.
Relying on public task as a lawful basis for data processing in Ireland

This article discusses the lawful basis of Public Task under the GDPR for processing personal data used by public sector organisations in Ireland.
How to achieve GDPR-compliant anonymisation according to the French CNIL

This article recommends using the acts of the French Data Protection Authority (CNIL) as a useful baseline for anonymisation processes under GDPR.
Cross-border data transfers between public authorities: the EDPB guidance

The digitalisation of the public sector and its information assets has reduced the barriers and boosted synergies in the public domain. Public authorities, now more innovative and digitalised than ever, are looking into strong synergies to better perform their tasks and execute the administrative roles efficiently. At the international level, cross-border cooperation requires a framework […]