The European Data Protection Board will consider approving joint guidelines with the European Commission on the interplay between the Digital Markets Act and the GDPR, according to the board's agenda for this week's meeting.
GDPR
The General Data Protection Regulation (GDPR) is the European Union’s landmark privacy law governing how organizations collect, process and protect personal data. In effect since 2018 it applies to any entity handling EU residents’ information regardless of where the company is based and imposes strict requirements around consent, transparency, data minimization and user rights. GDPR enforcement has led to billions in fines against global companies setting a high bar for compliance frameworks worldwide and influencing privacy legislation in the U.S. and other regions.
Ireland's Data Protection Commission published a final decision Thursday on its investigation into whether TikTok violated the GDPR by transferring Europeans' personal data to China. The decision, including fines of 530 million euros ($600 million), was announced May 2 (see 2505020001).
The IAPP on Tuesday unveiled a guide to Europe's digital law landscape for business, policy and tech audiences. The guide explains various digital regulations, changes being made, whom the measures affect and where the main risks and opportunities lie. Among other things, it maps the intersection of the GDPR with other laws, such as the AI Act, Digital Markets Act, Digital Services Act and Data Governance Act.
A Hamburg, Germany, company from the financial industry that violated the GDPR by failing to tell several customers why their credit card applications were rejected must pay 492,000 euros ($578,000), the city's DPA announced Tuesday.
Lithuanian-based digital identity research tool Whitebridge.ai is selling "reputation reports" compiled from large amounts of scraped personal information about unsuspecting people to "anyone willing to pay" for them, privacy advocate Noyb alleged Monday. It slammed the company's "shady business model."
When carrying out enforcement actions, regulators are looking for companies to be upfront about incidents and willing to work with them to solve issues, said state and federal regulators during a panel at a Practising Law Institute (PLI) cybersecurity conference Monday.
The Irish Data Protection Commission (DPC) said Friday it identified the two companies and dataset at the heart of a scandal involving the sale of smartphone location data and is investigating. The Irish Council for Civil Liberties (ICCL) accused the DPA of failing to act on its earlier whistleblowing complaint.
Customers have a right to access their personal data contained in recorded telephone conversations, Italian DPA Garante said Thursday as it fined a bank 100,000 euros ($117,000) for failing to respond adequately to a consumer's access request.
The EU Council agreed Wednesday on its negotiating stance on several European Commission proposals, including one extending red-tape reduction rules to mid-cap enterprises, a move that will amend the GDPR.
Geolocation devices such as connected watches, toys or apps have "real consequences" for children's privacy and should be used sparingly, French data protection authority CNIL said Monday.