Data Protection & Privacy

Welcome to the home of data protection & privacy on Law-Now.

To stay in touch with the latest developments, please bookmark this page on your mobile or register to receive eAlerts.

Recent Articles

  •  
    26/08/2024
    Germany

    Update: Latest news from the CJEU on GDPR compensation

    Updated version of the article published on 26 August 2024The CJEU clarifies the requirements under Art. 82 GDPRThis year, as in the previous year, the European Court of Justice (CJEU) has published several rulings on the relevant standard damages under data protection law in Art. 82 of the European General Data Protection Regulation (GDPR), in which the CJEU concretised the requirements of Art. 82 GDPR in important and previously controversial points. The CJEU relied on its Judgment dated 4 May 2023 (C-300/21) and continued with the interpretation of Art. 82 GDPR that had begun...
    Read more
  •  
    19/08/2024
    Netherlands

    Netherlands court dismisses mass damage claims in data protection case

    A recent ruling by the Amsterdam court provides insight to any party facing mass claims for GDPR breaches in the Netherlands. The case concerned a mass claim against various government bodies for the insufficient security of the personal data processed by municipal health services (GGDs). The court dismissed the damages claim on the grounds that it was insufficiently substantiated.Relevant factsThe IT systems used by the GGDs in connection with the COVID-19 pandemic contained serious security flaws. The sensitive personal data of millions of people were accessible to some 35,000 GGD employees for...
    Read more
  •  
    16/08/2024
    Europe

    CMS Data Protection Update EU and Germany, August 2024

    I.    The latest from the data protection authorities and current topics1.    AI Act: Legislative proceedings finalisedThe legislative proceedings for the AI Act have been completed and came into effect on 1 August 2024. The CMS homepage provides an overview: Looking ahead to the EU AI Act (cms.law). The data protection authorities have published the following notifications and are gearing up for their new duties: Statement 3/2024 of the European Data Protection Board (EDPB) on data protection authorities' role in the Artificial Intelligence (AI) Act...
    Read more
  •  
    14/08/2024
    Germany

    Council of Europe Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law

    This article provides an overview of the content and the effect of the Council of Europe Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law.The Council of Europe is an independent organisation from the European Union (EU) and, together with its European Court of Human Rights, is dedicated to the protection of human rights, democracy, and the rule of law. It consists of 46 member states, including all 27 EU countries, and is responsible for the protection of 680 million people, covering regions from Greenland to Azerbaijan.The 133rd Session of the Committee...
    Read more
  •  
    12/08/2024
    Saudi Arabia

    Saudi Arabia's Personal Data Protection Law and its implications for data controllers

    As the grace period for compliance with the Saudi data protection law is rapidly drawing to a close, the Saudi Data and AI Authority (“SDAIA”) has published draft rules on the operation of the national register of controllers.Data controllers subject to the Saudi Personal Data Protection Law (“PDPL”) are currently protected by an implementation grace period, but enforcement of the PDPL is due to commence in September this year, meaning the grace period will shortly end and controllers have little time left to complete compliance readiness. Given that the draft rules have...
    Read more
  •  
    25/07/2024
    Türkiye

    Türkiye adopts new legal framework for cross-border transfer of personal data

    On 12 March 2024, Türkiye adopted significant changes to its Data Protection Law (DPL) concerning conditions for processing special categories of personal data, conditions for transferring personal data abroad, and legal remedies for aligning with the EU's General Data Protection Regulation (GDPR).The changes regarding the cross-border transfer of personal data were also detailed in the Regulation on the Procedures and Principles for the Transfer of Personal Data Abroad. This article provides a comprehensive overview of these legal changes, highlighting the new mechanisms and frameworks established...
    Read more