Ireland Imposes Over Half of Europe’s GDPR Fines in 2024
Ireland imposed over half of Europe’s GDPR fines in 2024, totaling €3.5 billion since 2018, with a notable decline in penalties compared to previous years.
GDPR
CNIL Unveils AI Strategy Ahead of Paris Summit
CNIL outlines its strategic priorities for AI governance and data protection ahead of the Paris AI summit, addressing rising privacy concerns and collaboration with European authorities.
Concerns Arise Over Russian Code in Hungary’s New Digital Identification System
Hungary’s new Client Gate+ system raises security concerns due to the recommendation of a Russian-developed code generator, prompting scrutiny and calls for investigation.
Meta Appeals €91 Million GDPR Fine
Meta challenges a €91 million fine from Ireland’s DPC for improperly storing user passwords, claiming the penalty is excessive and misapplied under GDPR.
IAB Submits Feedback on EDPB’s Consent or Pay Guidelines
IAB Europe and trade associations urge the EDPB to adopt a balanced approach to “Consent or Pay” models, emphasizing user choice and economic implications.
EDPB Adopts Guidelines on Pseudonymisation and Statement on Data Protection Cooperation
The EDPB adopted guidelines on pseudonymisation and a position paper on data protection and competition law, emphasizing cooperation and compliance with GDPR.
Noyb Alleges TikTok and Others Breach GDPR by Sending Data to China
Noyb has filed a complaint against TikTok and other Chinese firms for allegedly unlawfully sending EU user data to China, highlighting GDPR violations.
EDPS Proposes Digital Clearinghouse 2.0 for Enhanced EU Regulatory Cooperation
EDPS introduces Digital Clearinghouse 2.0 to enhance cooperation and consistency in enforcing EU digital market regulations for better data protection.
EU Court Orders Commission to Pay Damages for Non-compliant Data Transfer
The EU court ordered the European Commission to pay damages for illegal data transfers, highlighting the importance of compliance with EU data transfer rules and potential for class actions.
EU Court rules GDPR complaints can’t be rejected based on frequency
The CJEU ruled that complaint frequency doesn’t invalidate GDPR complaints unless they are clearly vexatious or abusive, impacting data protection enforcement across the EU.
OpenAI Fined €15 Million for GDPR Violations in Italy
The Italian Data Protection Authority fined OpenAI €15 million for using personal data without legal grounds and lacking age verification for ChatGPT.
German DPA investigates Worldcoin’s use of biometric data
Worldcoin, now called World, faces regulatory scrutiny in Germany for GDPR compliance regarding its iris-scanning technology and data protection practices.