Welcome to

The
PrivacyCraft
Blog

Latest Posts

The Nordic Data Protection Authorities, led by Denmark's Datatilsynet, released guidelines to protect children's data in online gaming. This document emphasizes four key GDPR principles: fairness, transparency, data minimization, and accountability. It aims to guide game developers in ensuring responsible data practices, highlighting the special protections required for children's personal data. These guidelines were formulated in response to the growing digital gaming industry and the need for enhanced privacy measures for young players.

children DPA guidance EU law GDPR Guideline

Nordic DPAs Publish Guidance to Strengthen Children's Data Protection in Online Gaming

The Nordic Data Protection Authorities, led by Denmark's Datatilsynet, released guidelines to protect...

$The New York Governor signed the SAFE for Kids Act, targeting social media platforms' addictive feeds for minors. Defined as feeds using algorithms to engage users based on their behavior, the act prohibits such feeds for users under 18 without parental consent, and mandates platforms to use reasonable methods to verify age. If violated, the New York Attorney General can impose penalties of up to $5,000 per infraction. The act, designed to protect children's mental health, will take effect 108 days post-regulation by the AG's office.$

children United States

SAFE for Kids Act Signed into Law in New York

The New York Governor signed the SAFE for Kids Act, targeting social media platforms' addictive feeds...

The Belgian Data Protection Authority published its 2023 annual report, highlighting a year of renewal and strengthened collaboration internally and with European partners. Key initiatives focused on cookie compliance and enhanced support for data protection officers (DPOs). The DPA participated in significant decisions involving TikTok and Meta, reflecting its commitment to robust data protection. Complaints and mediation requests rose, with notable focus on direct marketing and data breaches, underscoring the DPA's ongoing dedication to privacy and public awareness.

Belgium EU law GDPR

Belgium DPA Publishes 2023 Annual Report

The Belgian Data Protection Authority published its 2023 annual report, highlighting a year of renewal...

The Spanish data protection authority (AEPD) published a blog post discussing the shift from viewing identity as a fundamental right to treating it as a service. This shift can undermine personal control over data, impacting rights, social inclusion, and privacy. The post highlights the risks of commodifying identity, emphasizing that identity should not be a service controlled by governments or companies. It cites examples like the Aadhaar system in India, where exclusion from services has severe consequences, arguing for identity management that respects privacy and autonomy.

AEPD EU law GDPR

Spain’s AEPD Explores Identity as Service vs. Fundamental Right

The Spanish data protection authority (AEPD) published a blog post discussing the shift from viewing...

The Court of Justice of the European Union (CJEU) ruled in Case C-590/22 PS, determining that mere infringement of GDPR is insufficient for compensation under Article 82(1). Claimants must demonstrate actual non-material damage, though it need not reach a specific severity. Fear of data disclosure can justify compensation if proven. The criteria for fines in Article 83 do not apply to damage awards, and compensation does not need to consider national law breaches not specifying GDPR rules.

CJEU Enforcement EU law GDPR

CJEU Ruling on Compensation for Non-Material Damages based on fear [Case C-590/22 PS]

The Court of Justice of the European Union (CJEU) ruled in Case C-590/22 PS, determining that mere infringement...

The Court of Justice of the European Union ruled in merged cases C-182/22 and C-189/22 Scalable Capital, addressing compensation for non-material damage under GDPR Article 82(1) due to theft of personal data. The court clarified that compensation to individuals is purely compensatory, not punitive, and the severity of GDPR infringements by controllers is irrelevant for compensation purposes. The court emphasized that data breaches causing non-material damage are significant and may warrant minimal compensation even if not serious, provided they fully address the harm suffered.

CJEU Enforcement EU law GDPR

CJEU Ruling on Compensation for Data Breach [C-182/22 and C-189/22 Scalable Capital]

The Court of Justice of the European Union ruled in merged cases C-182/22 and C-189/22 Scalable Capital,...

Previous 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 Next

Subscribe to my updates

Get all posts delivered to you, so you don’t need to remember to check my blog.

You can unsubscribe at any time.

My newsletter can also include occasional marketing, such as information on my product launches and discounts.

Emails are sent through a processor located in the United States. Read more in the Privacy Notice.

Welcome to

The PrivacyCraft Blog

Latest Posts

Subscribe to my updates

The
PrivacyCraft
Blog