Live Blog

In April 2024, the European Parliament approved the European Health Data Space (EHDS) regulation, which is expected to be ratified by EU member states soon. The aim of these data spaces is to unlock extensive repositories of existing data and facilitate their accessibility for research, innovation, and development, while ensuring compliance with pertinent data protection regulations.

On the 13th of March 2024, the AI Act passed the scrutiny of the European Parliament and is ready to become a law of the Union. This comprehensive regulatory framework aims to govern the development and use of artificial intelligence (AI) across the European Union (EU). The AI Act’s primary aim is to ensure that AI technologies are developed and used in a manner that is ethical, transparent, and respects fundamental rights, and covers a wide range of AI systems used in various sectors, including healthcare, transport, and finance.

After its inquiry, the European Data Protection Supervisor (EDPS) found that the European Commission breached numerous essential data protection rules while using Microsoft 365. As a consequence, the EDPS has mandated that the Commission implement specific corrective actions.

In the era where data breaches are not just a possibility but also an unavoidable threat, the Health Insurance Portability and Accountability Act (HIPAA) positions as a ray of hope and security for the healthcare industry. HIPAA is more than just a regulatory requirement.

Consent Mode v2, developed by Google, enables the transmission of consent signals from websites cookie banners directly to Google. This ensures that user consent preferences of the user are, in fact, honored. In practice, this tool provides a direct line of communication between the websites, where the user has given their preference to agree to share personal data, directly with Google for advertising purposes and personalization. It is an effective and efficient tool that streamlines procedures while at the same time providing users with more control regarding their personal data. When the user does opt to provide consent, Google can utilize these tools for detailed analytics. Conversely, if the user chooses not to consent, Google restricts the use of cookies and identifiers respectively.

In a recent development, the Italian DPA has taken decisive actions against Autostrade per l’Italia and Amazon Italia, fining them €100,000 and €40,000 respectively for having mishandled Data Subjects Access Requests (DSARs) from (former)employees. Article 15 GDPR outlines the Data Subject’s right to access, and its pivotal role has also been acknowledged by the European Data Protection Board (EDPB) guidelines 01/2022 on the right of access as updated on the 28th of March 2023. In particular, this right allows individuals to confirm the processing of their data, access personal information, and obtain details about the processing, including:

On 2024, the Dutch Data Protection Authority (AP) plans to increase its scrutiny of cookie consent practices to ensure compliance with regulations. Practice has shown that organizations quite often make use of misleading cookie banners, such as hidden rejection buttons or requiring the consumer to go through various clicks before rejecting cookies.

The Dutch Data Protection Authority (Autoriteit Persoonsgegevens or AP), in collaboration with the privacy watchdogs of Norway and Germany, is set to launch a European procedure addressing privacy concerns related to personalized advertisements. The regulators aim to present a clear stance, in conjunction with their EU counterparts, on how online platforms obtain user consent for displaying personalized ads.

On 23 January 2024, the French Data Protection Authority (“CNIL”) published its decision, which was issued on 27 December 2023, regarding the fine it imposed upon Amazon France for numerous violations of the General Data Protection Regulation (“GDPR”) following an investigation. The fine imposed amounts to €32 million. The CNIL investigated Amazon France after press articles were published on the practices implemented by Amazon France and after receiving numerous complaints from employees.