CJEU rules electronic communication location data can only be used to combat serious crime or to prevent serious threats to public security On 2 March 2021, the Court of Justice of the European Union ("CJEU") issued its decision in Ca…
The Italian DPA announced a EUR 50,000 fine for a health-related data breach On 19 February 2021, the Italian DPA ("Garante") published its decision to fine the local heal…
The Romanian DPA fines a private individual for disclosing personal data of 10 electoral supporters on a social media platformOn 4 March 2021, the Romanian DPA announced a fine of EUR 500 was imposed against a private individu…
CJEU imposes financial penalties amounting to EUR 15.5 M against Spain for failure to transpose the Law Enforcement Directive On 25 February 2021, the Court of Justice of the European Union (“CJEU”) issued its judgment i…
Italian regulator fines Facebook EUR 7M for unlawful processing of consumer data On 17 February 2021, the Italian Competition Authority announced a fine of EUR 7M was imposed …
The Spanish DPA discusses privacy in online meetingsOn 18 February 2021, the Spanish data protection authority (“AEPD”) published a blog post on specifi…
European Commission publishes two draft UK adequacy decisions On 19 February 2021, the European Commission initiated the process for adopting two adequacy d…
Council of the European Union agrees on negotiating position for revised ePrivacy rulesOn 10 February 2021, the Council of the European Union ("Council") announced that its Member States …
Romanian DPA fines bank for failure to ensure security of personal dataOn 10 February 2021, the Romanian DPA announced a fine of EUR 1,000 was imposed against a bank for f…
EDPB launches public consultation on guidelines on data breach notification examplesOn 18 January 2021, the EDPB announced it has adopted for public consultation guidelines on examples…