Enforcement

Indonesia awaits regulator to enforce new data law

Indonesia has passed a long-awaited personal data protection law unifying the nation’s formerly scattered approach under a comprehensive law, but questions remain about the framework’s regulator.

27 September 2022

ICO proposes £27 million fine for TikTok

TikTok could be fined as much as £27 million (€29.9 million) by the ICO for failing to adequately protect children’s privacy.

26 September 2022

Spanish DPA chief appointment back to square one

Spain’s highest court has ordered a fresh start to the process of appointing a president and vice-president of the county’s data protection authority after it was suspended earlier this year.

22 September 2022

Revolut investigated for data breach

The Lithuanian data protection authority is investigating fintech giant Revolut after a data breach exposed the data of 50,000 customers.

21 September 2022

Uber could avoid harsh penalties over latest cybersecurity intrusion

Despite a high-profile 2017 data breach and a $148 million settlement, Uber’s latest public cybersecurity incident may not face significant penalties if it remains transparent and no personal data was exposed.

20 September 2022

Morgan Stanley fined after hard drives with customer data sold on

The US Securities and Exchange Commission has ordered Morgan Stanley to pay $35 million after thousands of hard drives containing data on millions of customers were resold on online auction sites.

20 September 2022

ECJ adviser draws roadmap for antitrust enforcement into data practices

A European Court of Justice adviser has cleared the German antitrust authority’s ability to investigate Meta for practices that allegedly violate the GDPR, in a wide-ranging opinion that also clarified the law of sensitive personal data processing and large companies’ ability to validly gather consent and avoid its use altogether.

20 September 2022

Berlin e-commerce group fined €525,000 for DPO conflict of interest

The Berlin regulator has penalised the subsidiary of a Berlin-based retail group because of a conflict of interest involving the company's data protection officer.

20 September 2022

GDR 100 Elite interviews: Osborne Clarke’s Flemming Moos and Ashley Hurst

Hamburg-based Osborne Clarke data practice head Flemming Moos and international head of tech, media and comms Ashley Hurst tell GDR about dark patterns, enforcement hotspots and the recent evolution of UK data protection litigation.

20 September 2022

One year on from DSL and PIPL: challenges for multinational companies

China has rapidly evolved its legal framework in the wake of the landmark Data Security Law and Personal Information Protection Law. Morgan Lewis & Bockius partners Todd Liao and Lesli Ligorner and associate Sylvia Hu map out what companies should do to comply with a raft of new requirements.

16 September 2022

Unlock unlimited access to all Global Data Review content