Andreea Lisievici

The New York Governor signed the SAFE for Kids Act, targeting social media platforms' addictive feeds for minors. Defined as feeds using algorithms to engage users based on their behavior, the act prohibits such feeds for users under 18 without parental consent, and mandates platforms to use reasonable methods to verify age. If violated, the New York Attorney General can impose penalties of up to $5,000 per infraction. The act, designed to protect children's mental health, will take effect 108 days post-regulation by the AG's office.

SAFE for Kids Act Signed into Law in New York

children, United States |

The New York Governor signed the SAFE for Kids Act, targeting social media platforms’ addictive feeds for minors. Defined as feeds using algorithms to engage users based on their behavior, the act prohibits such feeds for users under 18 without parental consent, and mandates platforms to use reasonable methods to verify age. If violated, the New York Attorney General can impose penalties of up to $5,000 per infraction. The act, designed to protect children’s mental health, will take effect 108 days post-regulation by the AG’s office.

SAFE for Kids Act Signed into Law in New York Read More »

The Belgian Data Protection Authority published its 2023 annual report, highlighting a year of renewal and strengthened collaboration internally and with European partners. Key initiatives focused on cookie compliance and enhanced support for data protection officers (DPOs). The DPA participated in significant decisions involving TikTok and Meta, reflecting its commitment to robust data protection. Complaints and mediation requests rose, with notable focus on direct marketing and data breaches, underscoring the DPA's ongoing dedication to privacy and public awareness.

Belgium DPA Publishes 2023 Annual Report

Belgium, EU law, GDPR |

The Belgian Data Protection Authority published its 2023 annual report, highlighting a year of renewal and strengthened collaboration internally and with European partners. Key initiatives focused on cookie compliance and enhanced support for data protection officers (DPOs). The DPA participated in significant decisions involving TikTok and Meta, reflecting its commitment to robust data protection. Complaints and mediation requests rose, with notable focus on direct marketing and data breaches, underscoring the DPA’s ongoing dedication to privacy and public awareness.

Belgium DPA Publishes 2023 Annual Report Read More »

The Spanish data protection authority (AEPD) published a blog post discussing the shift from viewing identity as a fundamental right to treating it as a service. This shift can undermine personal control over data, impacting rights, social inclusion, and privacy. The post highlights the risks of commodifying identity, emphasizing that identity should not be a service controlled by governments or companies. It cites examples like the Aadhaar system in India, where exclusion from services has severe consequences, arguing for identity management that respects privacy and autonomy.

Spain’s AEPD Explores Identity as Service vs. Fundamental Right

AEPD, EU law, GDPR |

The Spanish data protection authority (AEPD) published a blog post discussing the shift from viewing identity as a fundamental right to treating it as a service. This shift can undermine personal control over data, impacting rights, social inclusion, and privacy. The post highlights the risks of commodifying identity, emphasizing that identity should not be a service controlled by governments or companies. It cites examples like the Aadhaar system in India, where exclusion from services has severe consequences, arguing for identity management that respects privacy and autonomy.

Spain’s AEPD Explores Identity as Service vs. Fundamental Right Read More »

The Court of Justice of the European Union (CJEU) ruled in Case C-590/22 PS, determining that mere infringement of GDPR is insufficient for compensation under Article 82(1). Claimants must demonstrate actual non-material damage, though it need not reach a specific severity. Fear of data disclosure can justify compensation if proven. The criteria for fines in Article 83 do not apply to damage awards, and compensation does not need to consider national law breaches not specifying GDPR rules.

CJEU Ruling on Compensation for Non-Material Damages based on fear [Case C-590/22 PS]

CJEU, Enforcement, EU law, GDPR |

The Court of Justice of the European Union (CJEU) ruled in Case C-590/22 PS, determining that mere infringement of GDPR is insufficient for compensation under Article 82(1). Claimants must demonstrate actual non-material damage, though it need not reach a specific severity. Fear of data disclosure can justify compensation if proven. The criteria for fines in Article 83 do not apply to damage awards, and compensation does not need to consider national law breaches not specifying GDPR rules.

CJEU Ruling on Compensation for Non-Material Damages based on fear [Case C-590/22 PS] Read More »

The Court of Justice of the European Union ruled in merged cases C-182/22 and C-189/22 Scalable Capital, addressing compensation for non-material damage under GDPR Article 82(1) due to theft of personal data. The court clarified that compensation to individuals is purely compensatory, not punitive, and the severity of GDPR infringements by controllers is irrelevant for compensation purposes. The court emphasized that data breaches causing non-material damage are significant and may warrant minimal compensation even if not serious, provided they fully address the harm suffered.

CJEU Ruling on Compensation for Data Breach [C-182/22 and C-189/22 Scalable Capital]

CJEU, Enforcement, EU law, GDPR |

The Court of Justice of the European Union ruled in merged cases C-182/22 and C-189/22 Scalable Capital, addressing compensation for non-material damage under GDPR Article 82(1) due to theft of personal data. The court clarified that compensation to individuals is purely compensatory, not punitive, and the severity of GDPR infringements by controllers is irrelevant for compensation purposes. The court emphasized that data breaches causing non-material damage are significant and may warrant minimal compensation even if not serious, provided they fully address the harm suffered.

CJEU Ruling on Compensation for Data Breach [C-182/22 and C-189/22 Scalable Capital] Read More »

Scroll to Top