Andreea Lisievici

Turkish SCCs and BCRs Now in Effect

Data Transfers, KVKK, SCCs, Turkey |

On 10 July 2024, the Personal Data Protection Authority (KVKK) in Turkey released documents on standard contracts (SCCs) and Binding Corporate Rules (BCRs) to ensure appropriate safeguards for international data transfers. These documents follow the public consultation of draft versions and align with the amended Article 9 of the Law on Protection of Personal Data No. 6698. The publications include standard contractual clauses for 4 scenarions similar to the EU ones, as well as binding corporate rules application forms and companion guides detailing essential issues for both data controllers and processors.

Turkish SCCs and BCRs Now in Effect Read More »

Italian Competition Authority Initiates Investigation into Google for Unfair Practices

Competition, EU law, Google, Italy |

The Italian Competition Authority has initiated an investigation against Google and its parent company Alphabet for potential misleading and aggressive commercial practices regarding user consent. The Authority alleges that Google’s consent requests for linking services lack adequate, complete, and clear information, potentially influencing users’ decisions on data usage. These practices might condition consumers’ freedom of choice, leading them to consent to data combination and cross-use across multiple services without full understanding.

Italian Competition Authority Initiates Investigation into Google for Unfair Practices Read More »

Nigeria’s FCCPC Fines Meta and WhatsApp USD 220M for Privacy Violations

Enforcement, Meta, Nigeria |

On 18 July 2024, the Federal Competition and Consumer Protection Commission (FCCPC) of Nigeria has imposed a $220 million fine on Meta Platforms Inc. and WhatsApp LLC for breaching data privacy laws. The breaches include enforcing an updated privacy policy that violated Nigerian consumer rights, coercing users into accepting terms without proper consent, and sharing user data with third parties. Additionally, Meta was found to have discriminated against Nigerian users compared to European users by offering fewer protections. The fine must be paid within 60 days, along with a $35,000 reimbursement for the investigation costs.

Nigeria’s FCCPC Fines Meta and WhatsApp USD 220M for Privacy Violations Read More »

EU Commission Sends Preliminary Findings to X for DSA Violations

DSA, Enforcement, EU law, X |

The EU Commission has notified X of its preliminary findings regarding breaches of the Digital Services Act (DSA), focusing on dark patterns, advertising transparency, and data access for researchers. X’s practices around “verified accounts” mislead users, its ad repository lacks transparency, and it restricts researcher access to public data. These findings result from an in-depth investigation involving internal documents and expert interviews. If confirmed, X could face fines up to 6% of its global annual turnover and enhanced supervision to ensure compliance.

EU Commission Sends Preliminary Findings to X for DSA Violations Read More »

Dutch Authority for Consumers and Markets Reports Widespread Non-Compliance with EU Digital Laws

DSA, EU law, Netherlands |

The Dutch Authority for Consumers and Markets (ACM) revealed that many online service providers are not compliant with the European Digital Services Act (DSA) and the Platform-to-Business Regulation (P2B). A recent survey of 50 businesses found significant gaps in adherence to these laws, which include requirements for complaint handling, transparency, and content moderation. The ACM clarified it is the designated regulator for both the DSA and P2B Regulation, but can only enforce their provisions after the entrance into effect of the Dutch implementation laws, expected in 2025. Guidelines have been published to assist organizations in complying with these regulations.

Dutch Authority for Consumers and Markets Reports Widespread Non-Compliance with EU Digital Laws Read More »

Scroll to Top