GDPR

The Eu’s Regulatory Framework Was Never Meant To Be Easy. It Was Meant To Be Right

The EU’s Regulatory Framework Was Never Meant To Be Easy. It Was Meant To Be Right

three developments highlight an important moment for Europe’s regulatory future. The narrative that regulations are stifling innovation is gaining momentum, but it misrepresents the real stakes. This article is a call to reconsider the path forward: Europe must not compromise on its values or weaken the protections that define its digital landscape. Better implementation of regulations is essential, but the solution is not to lower standards – it’s to ensure that technological progress serves people, not just profits.

The EU’s Regulatory Framework Was Never Meant To Be Easy. It Was Meant To Be Right Read More »

AG de la Tour's Opinion on 'Excessive' GDPR Complaints

AG de la Tour’s Opinion on ‘Excessive’ GDPR Complaints

On 5 September 2024, Advocate General Richard de la Tour provided an opinion in the case Österreichische Datenschutzbehörde (C-416/23), clarifying whether a large number of complaints filed in a short time can be automatically considered “excessive” under the GDPR. The case originated when the Austrian Data Protection Authority (DSB) declined to act on 77 complaints

AG de la Tour’s Opinion on ‘Excessive’ GDPR Complaints Read More »

Norwegian University Fined for Weak Access Controls in Microsoft Teams

Norwegian University Fined for Weak Access Controls in Microsoft Teams

On 4 September 2024, the Norwegian Data Protection Authority imposed a fine of NOK 150,000 on the University of Agder (UiA) following a six-year-long breach of personal data security. UiA had been storing sensitive personal data in open Microsoft Teams folders without proper access controls, making this information available to unauthorized employees and students. Scope

Norwegian University Fined for Weak Access Controls in Microsoft Teams Read More »

Dutch DPA Fines Clearview AI for Illegal Facial Recognition

Dutch DPA Fines Clearview AI for Illegal Facial Recognition

  On 16 May 2024, the Dutch Data Protection Authority (AP) imposed a fine of €30.5 million on Clearview AI, a U.S. company that offers facial recognition services. Clearview built a vast database of over 30 billion images, scraped from publicly accessible online sources, and converted these into biometric data. This practice violates the GDPR

Dutch DPA Fines Clearview AI for Illegal Facial Recognition Read More »

wedish DPA Fines Apoteket and Apohem for Meta Pixel Misuse

Swedish DPA Fines Apoteket and Apohem for Meta Pixel Misuse

On 29 August 2024, the Swedish Privacy Protection Authority (IMY) issued two fines against major pharmacy companies, Apoteket AB and Apohem AB, for violations of Article 32 of the GDPR. Both cases involved the misuse of Meta’s analytics tool, Meta Pixel, which led to the unintentional transfer of sensitive customer data to Meta Platforms Ireland.

Swedish DPA Fines Apoteket and Apohem for Meta Pixel Misuse Read More »

Scroll to Top