Legal.digital (Page 12)

Sign in Subscribe

Europe: CJEU holds that mere infringement of the GDPR does not give rise to a right to compensation

Europe: CJEU holds that mere infringement of the GDPR does not give rise to a right to compensation

On 4 May 2023, European Court of Justice (“CJEU”) delivered its judgment regarding the interpretation of Article 82 of the General Data Protection Regulation (“GDPR”). The CJEU held that mere infringement of the GDPR does not give rise to a right to compensation. However, there is no requirement for the

PEGA Committee does not go all the way on spyware regulation

PEGA Committee does not go all the way on spyware regulation

On 8 May 2023, the Committee of Inquiry of the European Parliament investigating the use of Pegasus and equivalent surveillance spyware (PEGA) adopted its final report and recommendation, after 14 months of hearings, studies and fact-finding missions. https://edri.org/our-work/pega-committee-does-not-go-all-the-way-on-spyware-regulation/

CJEU Determines that a Mere Infringement of the GDPR is not Sufficient to Require Compensation

CJEU Determines that a Mere Infringement of the GDPR is not Sufficient to Require Compensation

On May 4, 2023, the California Privacy Protection Agency Board announced that it will hold a public meeting on May 15, 2023 to discuss California Privacy Rights Act of 2020 regulations proposals and priorities and other CPPA activities. Continue Reading https://www.huntonprivacyblog.com/2023/05/08/cjeu-determines-that-a-mere-infringement-of-the-gdpr-is-not-sufficient-to-require-compensation/

Revolutionizing Privacy Compliance: EU Ruling Redefines Anonymity in Pseudonymized Data

Revolutionizing Privacy Compliance: EU Ruling Redefines Anonymity in Pseudonymized Data

Pseudnomized data might lead to anonymity, according to a recent ruling of the European General Court that can potentially have a massive impact on data protection compliance and sharing of (originally) personal data in the life sciences, banking, and any other sector. In the decision of April 26, 2023, T-557/

ECJ EU: breach of GDPR does not in itself constitute damages

ECJ EU: breach of GDPR does not in itself constitute damages

Background: damages under the AVG Article 82 of the AVG provides that any person who has suffered material or immaterial damage as a result of a breach of the AVG is entitled to damages. In legal practice, the application of this provision has been frequently discussed since the introduction of

Compensation for unlawful processing of personal data

Compensation for unlawful processing of personal data

"Any person who has suffered material or immaterial damage as a result of a breach of this Regulation is entitled to receive compensation from the controller or processor for the damage suffered." It follows that three requirements come into play when assessing whether there is a right to compensation: 1.

From the Digital Services package to the Digital Markets Act: the road to a (more) secure, open, and fundamental rights-friendly digital space

From the Digital Services package to the Digital Markets Act: the road to a (more) secure, open, and fundamental rights-friendly digital space

Inês Neves (Lecturer at the Faculty of Law, University of Porto | Researcher at CIJ - Centre for Legal Research | Member of the Jean Monnet Module team DigEUCit) ▪ Aware of the shortcomings arising from the lack of changes to the European Union’s legal framework governing online platforms and digital services,

CJEU: pseudonym for one may be anonymous for another, room for handling personal data

CJEU: pseudonym for one may be anonymous for another, room for handling personal data

Resolution with external independent examination The issue concerns a resolution scheme declared applicable to a Spanish bank by the Joint Resolution Board. This is complicated financial law matter and I will leave those financial aspects for the moment (thankfully). In the context of resolution, one of the issues to be

EU Court: mere violation of the GDPR does not entitle you to damages

EU Court: mere violation of the GDPR does not entitle you to damages

The right to compensation laid down in the GDPR exists only if the following three conditions are cumulatively met: a processing of personal data in violation of the provisions of the AVG, damage suffered by the data subject and a causal link between that unlawful processing and that damage. Thus,

Where artificial intelligence and climate action meet

Where artificial intelligence and climate action meet

The use of artificial intelligence (AI) has a major influence on climate action, climate change mitigation and the work of environmental defenders. It offers potential benefits, for example when it is used to enhance high-resolution mapping of deforestation, coral reef loss, and soil erosion. On the other hand, it poses

EU plan for international border data-sharing system “should not proceed”

EU plan for international border data-sharing system “should not proceed”

The European Commission’s plan for a “security-related information sharing system between frontline officers in the EU and key partner countries” should be scrapped, says a paper signed by 10 organisations, including Statewatch, who warn that it may aid political repression and underpin human rights violations. https://edri.org/our-work/

Moving from empty buzzwords to real empowerment: a framework for enabling meaningful engagement of external stakeholders in AI

Moving from empty buzzwords to real empowerment: a framework for enabling meaningful engagement of external stakeholders in AI

The use of artificial intelligence (AI) is accelerating. So is the need to ensure that AI systems are not only effective, but also fair, non-discriminatory, transparent, rights-based, accountable, and sustainable – in short, responsible https://edri.org/our-work/moving-from-empty-buzzwords-to-real-empowerment-a-framework-for-enabling-meaningful-engagement-of-external-stakeholders-in-ai/

Legal Obligation for Ziggo to Forward Brein's Warning Letter to Customer with Accessible E-Book Library

Legal Obligation for Ziggo to Forward Brein's Warning Letter to Customer with Accessible E-Book Library

Ziggo is required to forward a warning letter from Brein to its customer through whose IP address a library of e-books is accessible to Internet users online and, if necessary, to provide the name and address details of this customer to Brein. Both Ziggo and Brein may process these (criminal)

A comparative analysis of non-discrimination law in Europe

A comparative analysis of non-discrimination law in Europe

This comparative analysis, drafted by Isabelle Chopin and Catharina Germaine (Migration Policy Group), compares and analyses the information set out in the country reports relating to 2021 in a format mirroring that of the country reports themselves and draws some conclusions from the information contained in them. The report further

EDPB: Process personal data lawfully - Data Protection guide for small business

EDPB: Process personal data lawfully - Data Protection guide for small business

Data controllers need to rely on a “legal basis” in order to process personal data lawfully. It is essential to identify the appropriate legal basis as it may come with specific requirements (e.g. consent must be free, specific, informed and unambiguous) and have consequences on individuals’ rights (e.g.

Europe: Opinion of the Advocate General on presumed fault of the controller in case of unlawful third-party access to personal data

Europe: Opinion of the Advocate General on presumed fault of the controller in case of unlawful third-party access to personal data

Authors: Verena Grentzenberg, Andreas Rüdiger, Ludwig Lauer In his Opinion of 27.04.2023 (C 340/21), the Advocate General of the European Court of Justice (“ECJ”) commented on the interpretation of the civil non-material right to damages pursuant to Article 82 (1) GDPR as well as on the requirements

EDPB Launches Data Protection Guide for small business

EDPB Launches Data Protection Guide for small business

The EDPB has launched a Data Protection Guide to help small business owners on their way to become more data protection compliant. The Guide aims to raise awareness about the GDPR and to provide practical information to SMEs about GDPR compliance in an accessible and easily understandable format. Andrea Jelinek

EDPS publishes Annual Report 2022

Supervisory Authorities

EDPS publishes Annual Report 2022

European Data Protection Supervisor Wojciech Wiewiórowski published his Annual Report 2022. International data transfers continued to be a priority in 2022, while the EDPS offered guidance and expertise on health, artificial intelligence and other areas. Wiewiórowski said he is proud of the office's "dedication to make the fundamental right to

Meta expects order to stop EU-US transfers, GDPR fine

Meta expects order to stop EU-US transfers, GDPR fine

Meta's quarterly filings with the U.S. Securities and Exchange Commission show it's bracing for a stop on EU-U.S. data flows and a "substantial" EU General Data Protection Regulation fine. Meta said the formal enforcement order by Ireland's Data Protection Commission, due by 12 May, could force a halt

Analysis of a Decade of Israeli Judicial Decisions Related to Data Protection (2012-2022)

Analysis of a Decade of Israeli Judicial Decisions Related to Data Protection (2012-2022)

Adv. Rivki Dvash with the assistance of Mr. Guy Zomer1The Future of Privacy Forum’s office in Tel Aviv (Israel Technology Policy Institute – ITPI) sought to examine the judicial decisions in civil actions under Israel’s Privacy Law, which includes rules that regulate data protection. We examined the extent to

Legal ruling: Surveillance at Tata Steel not unlawful, privacy of employees unlikely to be breached.

Camera surveillance of harmful emissions at Tata Steel's cooking plant is not unlawful. Spoken of effective surveillance that is not directed at individuals. Very low likelihood of invasion of employees' privacy. Dismissal of claims. https://deeplink.rechtspraak.nl/uitspraak?id=ECLI:NL:RBNHO:2023:3821&pk_campaign=rss&pk_medium=

Retrospective facial recognition surveillance conceals human rights abuses in plain sight

Retrospective facial recognition surveillance conceals human rights abuses in plain sight

Following the burglary of a French logistics company in 2019, facial recognition technology (FRT) was used on security camera footage of the incident in an attempt to identify the perpetrators. In this case, the FRT system listed two hundred people as potential suspects. From this list, the police singled out

AI expert Meredith Broussard: ‘Racism, sexism and ableism are systemic problems’

AI expert Meredith Broussard: ‘Racism, sexism and ableism are systemic problems’

The bias encoded in artificial intelligence systems can’t be fixed with better data alone - it requires significant societal change. Meredith Broussard, a data journalist and academic, has written a new book called "More Than a Glitch: Confronting Race, Gender and Ability Bias in Tech," which highlights the real

Records of Processing (Article 30) Guidance

Records of Processing (Article 30) Guidance

The General Data Protection Regulation (GDPR) requires Data Controllers to maintain a Record of Processing Activities (RoPA) containing specific information. Controllers and processors must be able to provide these records to the Data Protection Commission (DPC) upon request. A well-drafted RoPA demonstrates compliance with the principle of accountability set out

Data Act approved: What changes on IoT trade secrets protection

Data Act approved: What changes on IoT trade secrets protection

On March 14, 2023, the European Parliament approved the bill for the Data Act, legislation that is part of the European data strategy and aims to contribute to the development of new digital services through increased data sharing, with a considerable impact on trade secrets. Below are the most relevant