Data privacy case law and legislation is constantly updated in the United Kingdom and European Union to address key issues. In order to track the latest developments, we have set out a brief overview of case law updates, legislation, guidance and news.

Case Law Updates and Fines

  • On 10 May, the Austrian Data protection authority found Clearview AI Inc. in violation of Articles 5(1)(a), (b), and (c), 6(1), and 9(1) of the GDPR and ordered the same to delete the complainant's personal data and to designate a representative within the EU. Read the press release here, the European Data Protection Board summary here, and the decision, only available in German, here.
  • On 11 May, the CNIL fined Doctissimo ?380,000 for unlawful processing of personal data. Read the decision in French here.
  • On 17 May, Datatilsynet announced its decision in which it found Radius Elnet A/S's processing of personal data to be in accordance with the GDPR and national data protection rules, following complaints from individuals. Read the press release here and the decision here, both only available in Danish.

Legislation

  • On 15 May, the German Parliament and the Federal Counsel announced, on 11 and 12 May respectively, their approval of the proposed amendments to the draft Whistleblowing Protection Act. Read the press release in German here.
  • On 2 May, the Chamber of Deputies in Luxembourg adopted whistleblowing draft law. Read the draft law here and track its progress here, both only available in French.
  • On 16 May, BfDI issued an opinion on draft law for the restructured Federal Police Act. Read the press release here and the second opinion here, both only available in German.
  • On 16 May, the EU Council adopted the MiCA regulation. Read the announcement here and the MiCA Regulation here.
  • On 16 May, the EU Council adopted regulation on crypto-assets transfers. Read the announcement here and the Regulation here.
  • On 11 November 2022, in Greece, the Hellenic Parliament adopted Law 4990/2022, which transposes the Whistleblowing Directive into Greek law. Download the whistleblowing law in Greek here.

Guidance & Draft Guidance

  • On 12 May, Members of Parliament met with US officials to discuss a wide range of current policy issues, including data transfers and privacy. Read the announcement here.
  • On 16 May, the CNIL published an AI action plan. Read the action plan in French here.
  • On 16 May, the CNIL published an assessment of the cookie action plan. Read the press release in French here.
  • On 11 May, in Lithuania, the VDAI issued FAQs on the use of employee health data in the public sector. Read the FAQs in Lithuanian here.
  • On 17 May, the EDPB stressed the limits and risks of facial recognition used by law enforcement in finalised guidelines. Read the announcement here and the guidelines here.

Data Protection Authority Updates and Privacy News

  • On 15 May, the FDPIC launched an updated website in preparation for the revised Federal Act on Data Protection. Read the press release here and the reporting portal here.
  • On 15 May, the Digital Transformation Office of Turkey published its Digital Government Review. Read the DTO's press release here and information on the strategy here, both only available in Turkish, and access the report here and the brochure here.
  • On 11 May, the Personal Data Protection Authority in Turkey announced a data breach that occurred within Boyner Büyük Magazacilik Anonim Sirketi. Read the press release in Turkish here.
  • On 15 May, in Sweden, the IMY released a 2023 supervisory plan. Read the press release here and the plan here, both only available in Swedish.
  • On 16 May, the ICO issued a reprimand against Norfolk County Council for DSARs response failures. Read the press release here and the reprimand here.
  • On 16 May, the ICO issued a reprimand against Plymouth City Council for DSARs response failures. Read the press release here and the reprimand here.
  • On 10 May, in Germany, the BSI published a study on the opportunities and risks for companies and public authorities arising from AI language models. Read the announcement here and the study here, both only available in German.
  • On 17 May, the Nordic DPAs adopted a declaration for further collaboration and risk-based approaches to enforcement. Read the press release in Danish here and the declaration here.
  • On 16 May, the Interactive Advertising Bureau Europe released its Transparency & Consent Framework V2.2, which responds to the call for changes from industry and to the action plan validated by the Belgian Data Protection Authority. Read the announcement here and the supporting resources here.
  • On 15 May, the National Cyber Security Centre updated the Cyber Security Toolkit for Boards. Read the press release here and the toolkit here.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.