EU/UK Privacy & Cybersecurity News Roundup – Week of May 22, 2023 | Insights & Resources

Data privacy case law and legislation is constantly updated in the United Kingdom and European Union to address key issues. In order to track the latest developments, we have set out a brief overview of case law updates, legislation, guidance and news.

Case Law Updates and Fines

- On 10 May, the Austrian Data protection authority found Clearview AI Inc. in violation of Articles 5(1)(a), (b), and (c), 6(1), and 9(1) of the GDPR and ordered the same to delete the complainant’s personal data and to designate a representative within the EU. Read the press release here, the European Data Protection Board summary here, and the decision, only available in German, here.

- On 11 May, the CNIL fined Doctissimo €380,000 for unlawful processing of personal data. Read the decision in French here.

- On 17 May, Datatilsynet announced its decision in which it found Radius Elnet A/S’s processing of personal data to be in accordance with the GDPR and national data protection rules, following complaints from individuals. Read the press release here and the decision here, both only available in Danish.

Legislation
- On 15 May, the German Parliament and the Federal Counsel announced, on 11 and 12 May respectively, their approval of the proposed amendments to the draft Whistleblowing Protection Act. Read the press release in German here.

- On 2 May, the Chamber of Deputies in Luxembourg adopted whistleblowing draft law. Read the draft law here and track its progress here, both only available in French.

- On 16 May, BfDI issued an opinion on draft law for the restructured Federal Police Act. Read the press release here and the second opinion here, both only available in German.

- On 16 May, the EU Council adopted the MiCA regulation. Read the announcement here and the MiCA Regulation here.

- On 16 May, the EU Council adopted regulation on crypto-assets transfers. Read the announcement here and the Regulation here.

- On 11 November 2022, in Greece, the Hellenic Parliament adopted Law 4990/2022, which transposes the Whistleblowing Directive into Greek law. Download the whistleblowing law in Greek here.

Guidance & Draft Guidance
- On 12 May, Members of Parliament met with US officials to discuss a wide range of current policy issues, including data transfers and privacy. Read the announcement here.

- On 16 May, the CNIL published an AI action plan. Read the action plan in French here.

- On 16 May, the CNIL published an assessment of the cookie action plan. Read the press release in French here.

- On 11 May, in Lithuania, the VDAI issued FAQs on the use of employee health data in the public sector. Read the FAQs in Lithuanian here.

- On 17 May, the EDPB stressed the limits and risks of facial recognition used by law enforcement in finalised guidelines. Read the announcement here and the guidelines here.

Data Protection Authority Updates and Privacy News
- On 15 May, the FDPIC launched an updated website in preparation for the revised Federal Act on Data Protection. Read the press release here and the reporting portal here.

- On 15 May, the Digital Transformation Office of Turkey published its Digital Government Review. Read the DTO’s press release here and information on the strategy here, both only available in Turkish, and access the report here.

- On 11 May, the Personal Data Protection Authority in Turkey announced a data breach that occurred within Boyner Büyük Mağazacılık Anonim Şirketi.

- On 15 May, in Sweden, the IMY released a 2023 supervisory plan. Read the press release here and the plan here, both only available in Swedish.

- On 16 May, the ICO issued a reprimand against Norfolk County Council for DSARs response failures.

- On 16 May, the ICO issued a reprimand against Plymouth City Council for DSARs response failures.

- On 10 May, in Germany, the BSI published a study on the opportunities and risks for companies and public authorities arising from AI language models. Read the announcement here and the study here, both only available in German.

- On 17 May, the Nordic DPAs adopted a declaration for further collaboration and risk-based approaches to enforcement. Read the declaration here.

- On 16 May, the Interactive Advertising Bureau Europe released its Transparency & Consent Framework V2.2, which responds to the call for changes from industry and to the action plan validated by the Belgian Data Protection Authority. Read the announcement here and the supporting resources here.

- On 15 May, the National Cyber Security Centre updated the Cyber Security Toolkit for Boards. Read the press release here and the toolkit here.

The post EU/UK Privacy & Cybersecurity News Roundup – Week of May 22, 2023 appeared first on Data, Privacy & Cybersecurity Insights.

EU/UK Privacy & Cybersecurity News Roundup – Week of May 22, 2023

Related Content

SEC Chairman Atkins Speaks on Steps SEC is Taking to Encourage IPOs

FINRA’s Annual Guidance Spotlights AI and Cyber Risk Management and Governance

SEC Chairman Atkins Testifies Before Congressional Oversight Committees

The UK’s Ransomware Strategy: What the UK Government’s Response Signals

Walls Have Ears: Data, Privacy, and Real Estate

At Securities Regulation Institute, SEC Commissioner and Staff Encourage Dialogue with the Agency

AI Risk Meets Cyber Governance:
NIST’s Draft Cyber AI Profile

Cyber’s New Reality: AI, Deepfakes, and Double Extortion

Reg S-P's Ticking Clock (Private Funds CFO)

Goodwin Achieves Record Number of Rankings in Chambers Global 2026

The SEC’s Amended Reg S-P Requires Rethinking Incident Response Plans (Private Funds CFO)

Flow Neuroscience Announces FDA Approval of World’s First At-Home Brain Stimulation Treatment for Depression

A Look Ahead at Digital Policy in 2026 With Omer Tene (IAPP)

Beyond the Perimeter: Securing OAuth Tokens and API Access to Thwart Modern Cyber Attackers (Pratt’s Privacy & Cybersecurity Law Report)

Athena Summit: Boosting Your Agency

When IR Meets AI: How to Level-Up Your Organization to Respond to AI Security Incidents and Risks

Data, Privacy & Cybersecurity