Data privacy case law and legislation is constantly updated in the United Kingdom and European Union to address key issues. In order to track the latest developments, we have set out a brief overview of case law updates, legislation, guidance and news.

Case Law Updates and Fines

  • On 24 May, the Court of Justice of the European Union dismissed a request brought by Meta against the Commission in recent competition case. This was dismissed on the basis that Meta failed to demonstrate enough evidence for the action for annulment. The full press release can be accessed here.
  • On 22 June, the Spanish data protection authority announced it had fined Sociedad Vascongada de Publicaciones ?150,000 (which was reduced down to ?90,000) for violation of GDPR Article 5(1)(c) regarding data minimisation. The decision can be accessed in Spanish only here.
  • On 22 June, the Italian data protection authority announced it had fined the municipality Roma Capitale ?176,000 for their mishandling of abortion related data. The decision can be accessed here.
  • On 22 June, the Italian data protection authority announced it has fined AMA ?239,000 for GDPR violations in relation to the mishandling of abortion data. The decision can be accessed in Italian only here.
  • On 22 June, in addition to the issue of two fines, the Italian data protection authority imposed a reprimand on the Local Health Authority Roma 1 for violations of GDPR. The decision can be accessed in Italian only here.
  • On 28 June, the ICO announced that they had issued a fine to Fortis Insolvency Limited for £30,000 for unsolicited marketing calls. Press release can be accessed here.

Legislation

  • On 27 June, the Council of the European Union adopted rules which allow for authorities to request 'e-evidence' from service providers as part of cross-border investigations. The press release can be accessed here, along with the full directive here.
  • On 27 June, the Council of the European Union and the European Parliament announced they had reached a provisional agreement on the draft Data Act. The press release can be accessed here.
  • On 28 June, the European Consumer Organisation (BEUC) released a statement criticizing the provisional agreement reached regarding the draft Data Act. The criticism was in reference to a lack of protection given to consumers. The press release can be accessed here.
  • On 29 June, the European Commission announced new legislative proposals to improve consumer protection and competition in electronic payments and encourage consumers to share their data. The proposals can be accessed here.
  • On 29 June, the Council of the European Union announced that it had reached a provisional agreement with the European Parliament in respect of the core elements of a framework on European digital identity. Press release can be accessed here.

Guidance & Draft Guidance

  • On 26 June, the National Cyber Security Centre updated their risk management guidance with three new sections covering an eight step risk management framework, a risk management tool box and basic risk assessment and management method to act as an introduction to risk management. The press release can be accessed here.
  • On 22 June, the European Commission presented revised version of the draft adequacy decision for the EU-US Data Privacy Framework. This is not publicly available yet.

Data Protection Authority Updates and Privacy News

  • On 26 June, The Danish data protection authority published updates to its guidance on codes of conduct. The guidance includes reason for the creation of a code of conduct and details on how these are monitored, among other things. Full guidance can be accessed here in Danish only.
  • On 27 June, the Dutch data protection authority released a paper on their position on cybersecurity. The paper can be accessed in Dutch only here.
  • On 27 June, the Danish data protection authority published new guidance on CCTV surveillance. The guidance is available in Danish only here.
  • On 28 June, the Irish data protection authority shared their concerns over failure of share information with a nursing home about one of the resident's criminal convictions. The press release can be accessed here.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.