TikTok Sets Aside €1 Billion for Future Fines
Bytedance faces legal challenges and fines in Europe and the U.S. over TikTok’s data handling and design, setting aside €1 billion for potential penalties.
GDPR
Bundeskartellamt Concludes Meta Proceedings
The Bundeskartellamt’s decision reinforces user control over Meta’s data practices, aligning with EU data protection standards.
EDPB Issues Opinion on Processor and Sub-Processor Obligations Under GDPR
The EDPB’s recent opinion clarifies controllers’ obligations regarding processors and sub-processors under the EU GDPR, emphasizing the need for transparency and compliance.
EU-U.S. Data Privacy Framework Review Confirms U.S. Compliance
The European Commission’s first review of the EU-U.S. Data Privacy Framework confirms effective U.S. compliance, with a follow-up planned in three years.
European Commission Finds US Compliant with Data Privacy Framework Amid Criticism
The European Commission’s report finds the US compliant with a key privacy framework, but critics highlight ongoing concerns about data protection loopholes.
Court Upholds DPC Investigation into Complaints Against Google’s Data Practices
The Irish High Court upheld a DPC inquiry into Google’s data processing practices, allowing five user complaints to proceed while dismissing one for lack of data processing.
EDPB Chooses Right to Erasure for Fourth Coordinated Enforcement Action
The EDPB will launch a coordinated enforcement action in 2025 to assess the implementation of the right to erasure under GDPR.
EDPB Issues Guidelines on Legitimate Interest for Data Processing
The EDPB has issued guidelines on legitimate interests in data processing, emphasizing strict interpretation and the necessity of balancing individual rights.
Big Tech Faces EU Scrutiny Over AI Data Practices
The EU’s data protection rules are increasingly impacting Big Tech’s AI projects, with stricter enforcement and legal uncertainties hindering innovation.
Ryanair Faces Investigation Over Facial Recognition and GDPR Compliance
Ireland’s DPC investigates Ryanair’s facial recognition use for third-party bookings amid customer complaints about privacy law compliance.
Schrems wins another case over Meta
Schrem’s privacy case against Meta highlights GDPR violations regarding the processing of personal data on sexual orientation, impacting ad targeting practices.
DPA is not obliged to impose sanctions, CJEU rules
Supervisory authorities under GDPR can choose not to impose penalties for data breaches if the controller has already taken corrective actions.