Data Economy, Privacy and Cybersecurity Newsletter - December 2024

España - 12 / 19 / 2024

Download newsletter

In this newsletter, we offer the latest updates on everything related to the data economy (technology law, technological innovations, artificial intelligence, digital law, e-Commerce), privacy (data protection and related fundamental rights), and cybersecurity (information security and the protection of the networks and systems that process it). We cover the most recent rulings from relevant authorities and agencies, key court decisions, and the most important news in this field.

Data centers as a key part of the digital economy. Challenges and new horizons

Alejandro Padín

A data center is the physical location that stores information and enables cloud services to exist and be created. Although this may seem a simple description it is not at all, if we take into account that the cloud is now the economy itself.

KEEP READING

When is there a right - and when not - to receive compensation for damages due to an infringement of data protection legislation according to the CJEU?

Cecilia Rosende, Ana López, Alberto Pimenta and Antonio Entrena

The breach of data protection legislation can lead not just to penalties from the competent authorities, but also to the obligation to compensate the data subjects for the damages sustained. The Court of Justice of the European Union (CJEU) has recently ruled on the subject, creating case law regarding the requirements and limits of civil liability in this area. In this article we will analyze the criteria offered to date by the CJEU.

KEEP READING

Data protection authorities’ decisions

A hospital chain is fined €200,000 for infringing article 32 GDPR, in relation to the maintenance of a piece of software for managing electronic medical records and invoicing
AEPD imposes a fine for infringement of article 6.1 GDPR by disclosing and including private phone numbers of local police officers in a local council’s emergency plan
AEPD levies a €50,000 fine for not protecting workers’ data correctly in a mediation process related to workplace harassment
Disclosing personal data without a lawful basis can carry a €100,000 fine
AEPD imposes a €300,000 fine on a bank for accessing personal data contained in a solvency file without having a contractual relationship with the data subject
AEPD levies a €30,000 fine for each website of a repeat infringer breaching cookie requirements
Irish data protection authority (DPC) fines LinkedIn €310,000,000 for engaging in behavioral analysis and targeted advertising without a legal basis
Italian data protection authority, Garante, fines a software company €900,000 for not adapting its security measures and facilitating a cyberattack
A company has been fined for sending more than 200 advertising text messages to a private individual without their consent
A private individual is fined for installing surveillance cameras capturing images of private areas
A political party is fined for using the image of a private individual in its election manifesto without authorization
AEPD levies a €6.5 million fine on a telecommunications distributor for a security breach
AEPD fines a telecommunications company €200,000 for issuing duplicate SIM cards to third parties
A content creator is fined €10,000 for publishing a video of a minor answering questions relating to her sex life
AEPD fines an automotive company €20,000 because its cookies policy is not compliant with the rules
AEPD fines a bank €200,000 for carrying out a processing of personal data without a sufficient lawful basis
Three companies fined for their use of Google Analytics cookies

VIEW MORE

Judgments

The CJEU tackles the lawfulness of the processing of sensitive data by Meta Platforms in the Schrems case
The GDPR does not preclude national legislation that allows an infringement of the data protection legislation to be challenged by a competing company
The CJEU rules on attempts to access personal data stored on a mobile phone
The CJEU rules on the disclosure of personal data for promotional purposes in return for remuneration
The Supreme Court confirms the €200,000 fine levied by the AEPD on a telecommunications services company
The Supreme Court allows the AEPD to review in depth the privacy policies of a bank within a penalty proceeding, setting aside an earlier decision by the National Appellate Court
The Supreme Court decides a cassation appeal lodged against Google on balancing the right to protection of personal data and the public disclosure of judgments

VIEW MORE

News update

Peru: New Regulations for the Data Protection Law have been published
The travelers register: Royal Decree 933/2021: challenges and issues
The UN publishes its final report on Governing AI for Humanity
Publication of the provisional version of the EDPB’s guidelines for using legitimate interest as a lawful basis
Publication of Opinion 22/2024 on certain obligations following from the reliance on processor(s) and sub-processor(s)
The fourth Roundtable of G7 Data Protection Authorities has been held
The EDPB launches new guidance on the technical scope of article 5.3 of the ePrivacy Directive
Has the period for transposing the NIS 2 directive into Spanish law run out before Spain has done so
The AEPD presents a new methodology for privacy and data protection threat modeling
A report has been published on article 36 of Decision 2007/533/JAI on the establishment, operation and use of the second generation Schengen Information System (SIS II)
Costa Rica: First country to use artificial intelligence to create its country brand strategy
The EDPB and the European Commission have published their report on the first year of operation of the Data Privacy Framework between the EU and the U.S.
The first seven proposed AI factories in the EU have been presented
Meta launches a new advertising model
New cybersecurity requirements have been approved for products with digital elements