EU law

Sweden's PTS Launches E-Service for Cyber Security Act Compliance

Sweden’s Post and Telecom Authority Launches E-Service for Cyber Security Act Compliance

cybersecurity, EU law, Sweden |

On 24 June 2024, the Swedish Post and Telecom Authority (PTS) introduced an e-service, ‘Are we covered by the CSL?’, to help companies determine if they fall under the new Cyber Security Act, effective 1 January 2025. The Act, which implements the NIS 2 Directive, mandates companies in digital infrastructure, ICT services management, space, postal and courier services, and digital supply to register with PTS. This tool is advisory and assists in evaluating compliance, though final responsibility lies with the companies.

Sweden’s Post and Telecom Authority Launches E-Service for Cyber Security Act Compliance Read More »

The Nordic Data Protection Authorities, led by Denmark's Datatilsynet, released guidelines to protect children's data in online gaming. This document emphasizes four key GDPR principles: fairness, transparency, data minimization, and accountability. It aims to guide game developers in ensuring responsible data practices, highlighting the special protections required for children's personal data. These guidelines were formulated in response to the growing digital gaming industry and the need for enhanced privacy measures for young players.

Nordic DPAs Publish Guidance to Strengthen Children’s Data Protection in Online Gaming

children, DPA guidance, EU law, GDPR, Guideline |

The Nordic Data Protection Authorities, led by Denmark’s Datatilsynet, released guidelines to protect children’s data in online gaming. This document emphasizes four key GDPR principles: fairness, transparency, data minimization, and accountability. It aims to guide game developers in ensuring responsible data practices, highlighting the special protections required for children’s personal data. These guidelines were formulated in response to the growing digital gaming industry and the need for enhanced privacy measures for young players.

Nordic DPAs Publish Guidance to Strengthen Children’s Data Protection in Online Gaming Read More »

The Belgian Data Protection Authority published its 2023 annual report, highlighting a year of renewal and strengthened collaboration internally and with European partners. Key initiatives focused on cookie compliance and enhanced support for data protection officers (DPOs). The DPA participated in significant decisions involving TikTok and Meta, reflecting its commitment to robust data protection. Complaints and mediation requests rose, with notable focus on direct marketing and data breaches, underscoring the DPA's ongoing dedication to privacy and public awareness.

Belgium DPA Publishes 2023 Annual Report

Belgium, EU law, GDPR |

The Belgian Data Protection Authority published its 2023 annual report, highlighting a year of renewal and strengthened collaboration internally and with European partners. Key initiatives focused on cookie compliance and enhanced support for data protection officers (DPOs). The DPA participated in significant decisions involving TikTok and Meta, reflecting its commitment to robust data protection. Complaints and mediation requests rose, with notable focus on direct marketing and data breaches, underscoring the DPA’s ongoing dedication to privacy and public awareness.

Belgium DPA Publishes 2023 Annual Report Read More »

The Spanish data protection authority (AEPD) published a blog post discussing the shift from viewing identity as a fundamental right to treating it as a service. This shift can undermine personal control over data, impacting rights, social inclusion, and privacy. The post highlights the risks of commodifying identity, emphasizing that identity should not be a service controlled by governments or companies. It cites examples like the Aadhaar system in India, where exclusion from services has severe consequences, arguing for identity management that respects privacy and autonomy.

Spain’s AEPD Explores Identity as Service vs. Fundamental Right

AEPD, EU law, GDPR |

The Spanish data protection authority (AEPD) published a blog post discussing the shift from viewing identity as a fundamental right to treating it as a service. This shift can undermine personal control over data, impacting rights, social inclusion, and privacy. The post highlights the risks of commodifying identity, emphasizing that identity should not be a service controlled by governments or companies. It cites examples like the Aadhaar system in India, where exclusion from services has severe consequences, arguing for identity management that respects privacy and autonomy.

Spain’s AEPD Explores Identity as Service vs. Fundamental Right Read More »

The Court of Justice of the European Union (CJEU) ruled in Case C-590/22 PS, determining that mere infringement of GDPR is insufficient for compensation under Article 82(1). Claimants must demonstrate actual non-material damage, though it need not reach a specific severity. Fear of data disclosure can justify compensation if proven. The criteria for fines in Article 83 do not apply to damage awards, and compensation does not need to consider national law breaches not specifying GDPR rules.

CJEU Ruling on Compensation for Non-Material Damages based on fear [Case C-590/22 PS]

CJEU, Enforcement, EU law, GDPR |

The Court of Justice of the European Union (CJEU) ruled in Case C-590/22 PS, determining that mere infringement of GDPR is insufficient for compensation under Article 82(1). Claimants must demonstrate actual non-material damage, though it need not reach a specific severity. Fear of data disclosure can justify compensation if proven. The criteria for fines in Article 83 do not apply to damage awards, and compensation does not need to consider national law breaches not specifying GDPR rules.

CJEU Ruling on Compensation for Non-Material Damages based on fear [Case C-590/22 PS] Read More »

Scroll to Top