Spanish data watchdog expands surveillance footage retention rules

The Spanish data regulator has found that an individual’s right of access to video surveillance footage in the context of a damages claim outweighed a supermarket’s obligation under national data laws to delete the data within one month.

17 May 2022

EDPB clarifies GDPR fine regime

The European Data Protection Board’s much-anticipated GDPR fining calculator is designed to harmonise diverging approaches to penalties across Europe.

16 May 2022

Inside a ransomware attack: How companies negotiate with threat actors

When responding to a ransomware attack, companies rely on a remote team of third parties to negotiate ransoms and confirm the veracity of attacks and tools. But in some instances, vendors need to first convince victims to even acknowledge threat actors.

16 May 2022

DPA dropped from Google/DeepMind claim

A new representative action against Google and subsidiary DeepMind for their use of UK National Health Service data is being pleaded on the basis of misuse of private information, after a similar lawsuit brought under the Data Protection Act was discontinued.

16 May 2022

Commission launches call for views on open finance

The European Commission has opened another front in the battle against the dominance of Big Tech with a call for views on the prospect of new open finance rules to complement the market reforms already undertaken in the payments sector.

16 May 2022

Bedoya confirmation brings deep data privacy experience to the FTC

Senate confirmation of Alvaro Bedoya to the Federal Trade Commission provides the agency with a Democratic majority that might reimagine its enforcement, litigation strategy and privacy prioritisation.

13 May 2022

EU could blacklist NSO Group in battle against spyware

The European Union could follow the US in blacklisting the company that developed the Pegasus spyware, as the bloc launches an inquiry into the technology.

13 May 2022

Bifurcated class actions might not be a Lloyd v Google fix

A procedure that might avoid some of the issues in Lloyd v Google might not be workable for litigation funders, a defence-side solicitor and a litigation funder have agreed.

13 May 2022

NIST’s cybersecurity supply chain guidelines emphasise multilayered assessments

Overhauled NIST federal government procurement guidelines remain lengthy and complex, but new templates may help companies assess their cybersecurity supply chain risk more easily.

12 May 2022

Data regulators seek greater role in digital rules - CNIL report

European data watchdogs are suggesting they should be designated as national supervisory authorities for both the DGA and the AI Act according to the French regulator’s 2021 annual report, which also covered the CNIL’s approach to cookies and penalties.

12 May 2022

Get unlimited access to all Global Data Review content