Enforcement

Italy fines Uber €4 million

Italy’s data protection regulator has found that Uber provided inadequate privacy notices to both drivers and riders, and failed to obtain the necessary consent to carry out scoring for fraud risk.

20 May 2022

Google slapped with €10 million GDPR fine

Spain’s data watchdog has issued its highest fine to date after finding that Google unlawfully transferred personal data to a US database.

18 May 2022

More companies are disclosing cyberattacks to the government despite no legal requirement

Companies are increasingly disclosing their cyberattacks to government agencies even when they aren’t legally required to do so, encouraged by the normalcy of cyber incidents and the growing trend for corporate transparency.

17 May 2022

Spanish data watchdog expands surveillance footage retention rules

The Spanish data regulator has found that an individual’s right of access to video surveillance footage in the context of a damages claim outweighed a supermarket’s obligation under national data laws to delete the data within one month.

17 May 2022

Bedoya confirmation brings deep data privacy experience to the FTC

Senate confirmation of Alvaro Bedoya to the Federal Trade Commission provides the agency with a Democratic majority that might reimagine its enforcement, litigation strategy and privacy prioritisation.

13 May 2022

Data regulators seek greater role in digital rules - CNIL report

European data watchdogs are suggesting they should be designated as national supervisory authorities for both the DGA and the AI Act according to the French regulator’s 2021 annual report, which also covered the CNIL’s approach to cookies and penalties.

12 May 2022

German antitrust regulator overstepped by invoking GDPR, Meta tells ECJ

A Meta lawyer has told the European Court of Justice that Germany’s antitrust regulator had no jurisdiction to issue a GDPR-based finding that the company abused its dominant position on the social media market by collecting and processing data without consent.

10 May 2022

Slovenian court finds covid processing decrees unconstitutional

The Slovenian constitutional court has held that the processing of personal data carried out as part of the government’s response to the covid pandemic interfered with the fundamental right to the protection of personal data and must be provided for by law.

09 May 2022

Court upholds Spanish football league GDPR fine

Spain’s national high court has confirmed the data regulator’s €250,000 fine against La Liga for recording audio to combat piracy without proper user consent, after the company appealed the watchdog's decision.

09 May 2022

Austrian watchdog rejects risk-based approach to data transfers

Following a complaint filed in 2020 by NGO noyb, the Austrian regulator held that the operator of an online comparison website unlawfully used Google Analytics and could not rely on a risk-based approach to transfer data to third countries.

03 May 2022

Get unlimited access to all Global Data Review content