Data Protection by Design: Imperatives for Educational Institutions
The recent decision by the Slovenian Supervisory Authority (SI SA) underscores the critical importance of adopting the principle of data protection by design and by default within educational institutions. After investigating a data breach at a Slovenian high school, it became clear that key safeguards were disregarded, resulting in unauthorized access of student information by […]
CNIL’s 2025 Control Agenda: Spotlight on Mobile Applications and Cybersecurity
As we progress into 2025, the CNIL has outlined its focal areas for the year, zeroing in on the scrutiny of mobile applications, the cybersecurity measures of local authorities, and data processing by penitentiary administrations. This strategic focus underlines CNIL’s dedication to safeguarding personal data amid the evolving digital landscape. Mobile Applications and Data Collection […]
German Court Decision on Meta AI: Implications for Data Protection
In a significant development in the ongoing dispute over data privacy and artificial intelligence, a German Region Court in Cologne has opted not to grant an interim injunction against Meta. This decision was made amid claims by the German Consumer Rights Organisation “Verbraucherzentrale NRW” that Meta’s practices of utilizing vast amounts of user data without […]
Italian Data Protection Authority Sanctions Luka Inc. Over Chatbot Data Practices
In a significant development for data protection professionals, the Italian Data Protection Authority (DPA) has imposed a €5 million fine on Luka Inc., the US-based company responsible for managing the chatbot Replika. This decision highlights ongoing concerns about the data handling practices of generative AI systems and underscores the importance of robust compliance mechanisms. Insights […]
Marktenhof’s Judgement: Implications for IAB Europe and Data Protection
As data protection professionals, understanding key legal decisions and their ramifications is critical to our role. A recent ruling by the Marktenhof (Court of Appeal) in Belgium regarding IAB Europe highlights important developments in data privacy law, specifically concerning the Transparency and Consent Framework (TCF). Background and Context In early 2022, the Belgian Data Protection […]
Inspection Alert: Dutch Data Authority to Audit Municipalities on Privacy Practices
The Dutch Supervisory Authority for Data Protection, Autoriteit Persoonsgegevens (AP), has announced planned inspections across various municipalities in the Netherlands over the coming months. These inspections aim to assess how municipalities handle citizens’ personal data and privacy rights, offering guidance where improvement is needed. Inspection Objectives: AP’s upcoming audits are designed to ensure municipalities are […]
The AP’s Final Call to Object to Meta’s Use of Personal Data for AI Training
As data protection professionals and privacy experts, it is crucial to stay informed about the latest movements in personal data processing by major corporations like Meta. The Autoriteit Persoonsgegevens (AP), the Dutch data protection agency, recently issued a significant notice: stakeholders must act promptly if they wish to prevent their public posts and photos on […]