Enforcement
Is the EDPB’s ‘targeted update’ to data breach reporting guidance a ‘mini-budget’ moment for GDPR regulation?
You would have had to be living under a rock to have missed all the political turmoil in the U.K. over the past few weeks concerning the U.K. government’s “mini-budget.” In essence, even the staunchest government allies now accept it was a mistake to make changes to the U.K. tax…
Read More »First Jury Verdict Issued in Illinois Biometric Privacy Act Class Action
On October 12, 2022, a federal jury in the U.S. District Court for the Northern District of Illinois concluded that a company violated the Illinois Biometric Information Privacy Act (Privacy Act or BIPA) 45,600 times over six years by collecting truck drivers’ fingerprints to verify identities without the informed, written…
Read More »Facial recognition: 20 million euros penalty against CLEARVIEW AI
Following a formal notice which remained unaddressed, the CNIL imposed a penalty of 20 million euros and ordered CLEARVIEW AI to stop collecting and using data on individuals in France without a legal basis and to delete the data already collected. How does the CLEARVIEW AI’s facial recognition service works?…
Read More »Google Faces Record $4 Billion Fine In Europe After Losing Android Antitrust Appeal
TOPLINE: Google may have to pay a record €4.125 billion ($4.12 billion) fine to the European Union in an antitrust case linked to its Android operating system for smartphones after losing a court appeal on Wednesday, a ruling that is likely to bolster the bloc’s ability to crackdown on big…
Read More »CCPA enforcement action: A case study at the intersection of privacy and marketing
Beauty retailer Sephora was fined $1.2 million by California Attorney General Rob Bonta and is the first-ever California Consumer Privacy Act enforcement action. At the heart of the matter is Sephora allegedly misrepresenting its actions to California consumers (saying that it did not sell consumer personal information despite the fact…
Read More »Uber’s ex-security chief faces landmark trial over data breach that hit 57m users
Uber’s former security officer, Joe Sullivan, is standing trial this week in what is believed to be the first case of an executive facing criminal charges in relation to a data breach. The US district court in San Francisco will start hearing arguments on whether Sullivan, the former head of security at…
Read More »Instagram fined €405M for violating kids’ privacy
The Irish Data Protection Commission has fined Meta-owned social media platform Instagram €405 million for violations of the General Data Protection Regulation. The fine, which is the second-highest fine under the GDPR after a €746 million penalty against Amazon, is the third for a Meta-owned company handed down by the Irish regulator. In…
Read More »The Sephora case: Do not sell – But are you selling?
Businesses barely had time to recover from a hectic privacy summer, with U.S. privacy legislation making progress on the Hill and the U.S. Federal Trade Commission’s launch of a sweeping rulemaking initiative, when California Attorney General Rob Bonta dropped a bombshell: The first enforcement settlement under the California Consumer Privacy Act. Pursuant…
Read More »The Data Protection Commission is broken. Here is how to fix it
The EU General Data Protection Regulation (GDPR) came into effect in May 2018. It made Ireland’s Data Protection Commission (DPC) the lead EU supervisory authority for all companies that have their European headquarters here. This quirk of the law made Ireland a central jurisdiction in the global digital economy. It…
Read More »Clearview AI fined third time for GDPR violations
The European Union’s assault on controversial facial image aggregator Clearview AI continued Wednesday, with the Hellenic Data Protection Authority (HDPA) in Greece the latest to penalize the company for violations of the General Data Protection Regulation (GDPR). The HDPA fined the company 20 million euros (U.S. $19.9 million)—a record in…
Read More »












