Decoding the Draft Adequacy Decision on the EU-US Data Privacy Framework 

Introduction: Last December, the European Commission (EC) published a draft adequacy decision on the EU-US Data Privacy Framework (DPF). This is the beginning of a new chapter to the Schrems Saga, which already has two chapters in the form of Schrems I and Schrems II decisions of the Court of Justice of the European Union […]

Challenges and recommendations when moving to the cloud

On 18 January 2023, the EDPB published on its website two interesting documents about  the use of cloud-based services by the public sector. These two documents are connected to the Coordinated Enforcement Framework under Regulation 2016/679 (CEF), which was adopted by the EDPB on the 20th  October 2020. Both documents are the result of the […]

Irish Data Protection Commission fines Meta for GDPR violations related to behavioural advertising

On January 4,2023, the Irish Data Protection Commission (hereafter “the DPC”) announced the imposition of two administrative fines of total amount € 390 million on Meta Platforms Ireland Limited (“Meta Ireland”). The fines concerned data protection violations related to Facebook and Instagram services regarding behavioural advertising. The DPC ordered Meta to bring its data processing […]

French Privacy Watchdog, CNIL fines Apple over lack of consent regarding Personalised Ads

On December 29, 2022, the French Data Protection Authority (hereafter “CNIL”) announced the imposition of an administrative fine of €8 million on Apple Distribution International. The penalty was imposed in response to a complaint and related to the use of personalised advertisements that were set to default settings in violation of Article 82 of the […]

Seventy years on, the great smog reminds us why air pollution matters

It was a cold winter’s day in London, and you couldn’t see ten feet in front of your face. Cars were reduced to a crawl. Pedestrians stepped out of the road and took the lives into their hands. The city came to a standstill. And 12,000 people died.  The great smog of December 1952 is […]

Data protection challenges and priorities 2023: The Annual IAPP-EY Privacy Governance Report

Each year the International Association of Privacy Professionals and Ernst & Young team up to survey the privacy landscape across the globe. To do so they survey hundreds of privacy professionals in different regions, sectors and countries to identify key trends in professionals’ and organisations’ experience and expectations to guide activities for the following year. […]

The ICO’s Transfer Risk Assessment and How it works in Practice

On 17 November 2022 the Information Commissioner’s Office (ICO) published much needed guidance on international data transfers alongside a Transfer Risk Assessment (TRA) tool. The tool is designed to assist data controllers in assessing whether restricted data transfers can be made. Restricted transfers (UK) are data transfers made from the UK to a third country […]

“Data scraping” investigation results in €265m data protection fine for Meta

Meta fined in Ireland

Background Meta Ireland Platforms Limited (“Meta”, formerly Facebook Ireland Limited) is the subject of another fine from the Irish Data Protection Commission (“the DPC”) following what it termed its “Data Scraping” investigation into Meta platforms. This investigation by the DPC had commenced in Spring of 2021 after news broke of a leaked dataset online containing […]