EU law

Italian Competition Authority Initiates Investigation into Google for Unfair Practices

Competition, EU law, Google, Italy |

The Italian Competition Authority has initiated an investigation against Google and its parent company Alphabet for potential misleading and aggressive commercial practices regarding user consent. The Authority alleges that Google’s consent requests for linking services lack adequate, complete, and clear information, potentially influencing users’ decisions on data usage. These practices might condition consumers’ freedom of choice, leading them to consent to data combination and cross-use across multiple services without full understanding.

Italian Competition Authority Initiates Investigation into Google for Unfair Practices Read More »

EU Commission Sends Preliminary Findings to X for DSA Violations

DSA, Enforcement, EU law, X |

The EU Commission has notified X of its preliminary findings regarding breaches of the Digital Services Act (DSA), focusing on dark patterns, advertising transparency, and data access for researchers. X’s practices around “verified accounts” mislead users, its ad repository lacks transparency, and it restricts researcher access to public data. These findings result from an in-depth investigation involving internal documents and expert interviews. If confirmed, X could face fines up to 6% of its global annual turnover and enhanced supervision to ensure compliance.

EU Commission Sends Preliminary Findings to X for DSA Violations Read More »

AEPD Reports on Addictive Internet Patterns Impacting Minors

AEPD, children, Deceptive patterns |

The Spanish Data Protection Agency (AEPD) has released a report on the influence of addictive internet patterns, focusing on the significant impact on minors. The report highlights how service providers often use deceptive and addictive design strategies to extend user engagement and collect more personal data. These practices particularly affect vulnerable groups like children and adolescents, influencing their preferences and development. The AEPD aims to have these patterns included in the EDPB guidelines, emphasizing the high risk to data protection rights in digital environments.

AEPD Reports on Addictive Internet Patterns Impacting Minors Read More »

CNIL Launches Public Consultation on Workplace Diversity Measurement

CNIL, DPA guidance, EU law |

On 9 July 2024, the French data protection authority (CNIL) launched a public consultation on a draft recommendation for conducting diversity measurement surveys in workplaces, open until 13 September 2024. The draft emphasizes the need for anonymity, voluntary participation, and data minimization. It recommends involving a trusted third party to manage sensitive data and ensure compliance with GDPR. The goal is to help organizations measure diversity while protecting individual privacy and ensuring adherence to legal standards, including the 2007 Constitutional Council decision prohibiting ethno-racial data collection.

CNIL Launches Public Consultation on Workplace Diversity Measurement Read More »

The German Federal Financial Supervisory Authority Issues Guidelines for DORA Implementation

DORA, Germany |

On 8 July 2024, the German Federal Financial Supervisory Authority (BaFin) published guidelines for implementing the Digital Operational Resilience Act (DORA). These guidelines are intended to help supervised financial companies meet DORA requirements for ICT risk management and third-party ICT risk management. The guidelines cover governance, information risk management, IT operations, business continuity, project management, and operational security. They are aimed at banks and insurers under BaFin’s supervision and include minimum contract contents with ICT service providers. Effective 17 January 2025, these companies must comply with DORA’s comprehensive ICT risk management framework.

The German Federal Financial Supervisory Authority Issues Guidelines for DORA Implementation Read More »

Scroll to Top