Multinational organizations are facing an increasingly complex landscape of global privacy and artificial intelligence (AI) regulations. Recent developments highlight the need for companies to stay informed about evolving legal requirements, particularly as governments introduce new frameworks to address data protection, AI governance, and cross-border data transfers. Organizations must proactively assess their compliance strategies, adapt internal
Privacy & Management

Direct marketing ad profiling: Recent fines
Data protection authorities across Europe have recently imposed significant fines on companies for violations of data protection laws. We bring to your attention decisions related to breaches of direct marketing and profiling below.
A telecommunications company fined €50 million by the French Supervisory Authority
On 23 January 2025, the French Supervisory Authority (CNIL) fined a…

ECJ Allows National Competition Authorities to Consider Non-Competition Law Violations in Dominance Abuse Cases
Please click here to access the source post from our Global Regulatory Enforcement Law Blog.
In this blog, the authors delve into a significant decision by the German Federal Cartel Office (FCO) four years ago, accusing a major technology company of abusive behavior due to alleged violations of the General Data Protection Regulation (GDPR). Recently…
NIST Publishes Introduction to Privacy Engineering and Risk Management to Assist Agencies and Organizations in Designing Privacy-Compliant Systems
On January 4, 2017, the National Institute of Standards and Technology (“NIST”) published the final version of NIST IR 8062 “An Introduction to Privacy Engineering and Risk management in Federal Systems.” The report introduces the concept of applying systems engineering practices to privacy and provides a new model for conducting privacy risk assessments on systems. In the blog post accompanying the release, NIST notes that the report is intended to address the absence of a vocabulary for talking about privacy outcomes and to produce “processes that are repeatable and could lead to measurable results.”
To this end, the report introduces three (3) privacy engineering objectives, which are intended to help system designers, engineers and policy teams to help “bridge the gap between high-level privacy principles and their implementation within systems.” These objectives are defined as follows:
Continue Reading NIST Publishes Introduction to Privacy Engineering and Risk Management to Assist Agencies and Organizations in Designing Privacy-Compliant Systems
San Francisco Launches First “Internet of Things” Wireless Network in United States
With the onslaught of smart watches, smart thermostats, and even smart refrigerators that allow you to Tweet hangry messages to your followers, it’s only natural that a “smart city” would follow.
This week, San Francisco city officials agreed to run a one-year pilot project with Sigfox – an FCC certified French start-up that builds low-power wireless networks – to create an Internet of Things (“IoT”) wireless network that caters exclusively to smart devices with low-bandwidth apps. While the term “wireless network” typically conjures up thoughts of the ubiquitous Wi-Fi symbol, this low-power, wide area network (“LPWAN”) on which Sigfox will operate is entirely separate from traditional cellular networks, which require a much higher level of data streaming and power usage.
Sigfox and city technology crews have installed about 20 of its base stations throughout San Francisco, using libraries and other city buildings. Each base station covers about 12 to 18 miles and is roughly the size of a briefcase. Device makers who want to join the network must install a radio chip that costs less than $2 and comes loaded with the Sigfox firmware.
Continue Reading San Francisco Launches First “Internet of Things” Wireless Network in United States
Update: Proposed Settlement in Target Data Breach Litigation
The proposed settlement agreement in the Target data breach consumer litigation that we reported on on March 19, 2015 has been approved by the judge, and a final approval hearing set for November 10, 2015. Based on this order, class members should start to receive notice of the settlement within 45 days of yesterday’s
Proposed Settlement in Target Data Breach Litigation
A proposed settlement has been reached in the multi-district consumer litigation Target faces following a data breach that compromised at least 40 million credit cards during the 2013 holiday shopping season. The settlement, which requires Target to pay $10 million into a settlement fund and adopt specific data security measures, still needs court approval.
If…
Enforced subject access requests now a criminal offence in the UK
In September 2014 we reported on the UK’s intention to stamp out a practice commonly known as “enforced subject access requests”. This concerned the previously dormant section 56 of the UK Data Protection Act 1998 (‘DPA’), which, following an announcement from the Ministry of Justice, was implemented on March 10, 2015. Under this section, it…
Update on State Attorneys General: Connecticut Creates a Permanent Privacy Department; NAAG Covers Big Data, Cybersecurity, and Cloud Computing; and States Amend Breach Laws
The federal government may be pushing a cybersecurity and data privacy agenda, but that doesn’t mean that the states are taking a back seat. The state attorneys general are maintaining their focus on issues relating to privacy and data security and expanding the scope of that focus to address the ever-evolving nature of those…
French courts are competent to judge over a French Facebook user’s complaint
It is foreseeable that not many of Facebook’s millions of users every day have ever had a look at the social network’s Terms & Conditions.
Only the readers of the fine print may know that these Terms & Conditions provide that any claim related to Facebook must be resolved exclusively in the United States District…