GDPR Turns 5!

To celebrate the GDPR's fifth birthday, we asked Bobbie Bickerton, an associate in the international data protection practice at Stephenson Harwood, to talk about her experience over the past five years.

Breaking news: Meta receives largest GDPR fine to date

The results from the Irish Data Protection Commission's investigation are in and it has today been announced that Meta has been fined €1.2 billion – the largest GDPR fine to date – for failures to impose appropriate safeguards on the transfer of personal data to the US.

Meta vs DPC over data-scraping breach

Meta has been granted leave by the Irish High Court to appeal a November 2022 decision by the Irish Data Protection Commission ("DPC") to impose fines totalling €265 million against Meta in connection with a major data-scraping breach involving personal data of over 500 million Facebook users. 

ICO Publishes First Tech Horizons Report

The Information Commissioner's Office ("ICO") has published the first of its annual Tech Horizons Reports (the "Report") which examines the implications of technological developments for privacy law in the next two to five years.

The European Commission has concluded its first review of Japan-EU mutual adequacy decision

On 23 January 2019, the European Commission adopted its adequacy decision in respect of Japan. The effect of that decision was that personal data could flow between the EEA and businesses in Japan without further safeguards, as it was determined that Japanese data protection laws ensured an adequate level of protection for personal data transferred.

13 April – A big day for the future of Meta and its EU-US transfers

On 13 April 2023, the EDPB adopted a dispute resolution decision in relation to the Irish Data Protection Commission's ("DPC") draft decision, as lead supervisory authority, against Meta, which proposed a suspension of data transfers to the US.

Spotlight on TikTok – ICO fines TikTok £12.7 million as global concerns relating to the app's security and data privacy practices continue to mount

On 4 April 2023, the ICO announced that it has fined TikTok £12.7 million for various data protection breaches related to the misuse of children's data. The ICO investigation found that between May 2018 and July 2020 TikTok had processed the data of more than one million children under the age of 13 without parental consent. Further, TikTok had been aware that children under the age of 13 were using the platform (in direct contravention of its terms of use), but had not taken any action to remove these users' accounts or to prevent continued use, nor did it do enough to check who was actually using the platform. TikTok also failed to provide proper information to users in a concise, transparent and easy to understand manner.

ChatGPT banned in Italy over alleged privacy violations

On Friday, 31 March 2023, the Italian data protection regulator, the Garante, banned ChatGPT citing data privacy concerns.

The PRC announces the creation of a new data regulator

The People's Republic of China's ("PRC") parliament approved State Council reform plans on 10 March 2023, including the plans for the creation of a new data regulator. This body will work towards centralising the management of the PRC's data.