Catagory:Privacy, Data Protection & Information Management

1
UK Data Use and Access Bill Becomes Law
2
New EDPB Guidelines: Processing Personal Data on Blockchain
3
Privacy Awareness Week 2025
4
Pay the Price, Now ‘Fess Up’: Reporting Obligations for Ransomware Payments Are Live
5
New EDPB Statement on Age Assurance: What You Need to Know
6
Navigating the Intersection of Data Scraping and Artificial Intelligence–A Global Data Protection Authorities Take
7
Clarifications of Legal Bases for Cross-Border Data Transfers in Landmark Judgment by the Guangzhou Internet Court in China
8
Higher Regional Court of Hamm (Germany): Claims for Moral Damages Under Art. 82 GDPR are Assignable – German Class Actions Coming?
9
Decision by German Higher Regional Court Koblenz: Consent for Publication of Interview not Revocable
10
Illinois Reigns in Excesses of Biometric Information Privacy Act: Form of Consent Expanded and Claims Limited

New EDPB Guidelines: Processing Personal Data on Blockchain

By: Claude-Étienne Armingaud and Josefine Beil

The European Data Protection Board recently published its draft Guidelines 02/2025, which remain open to consultation until 09 June 2025. Stakeholders in the blockchain industry are encouraged to submit any observations before the finalization of these Guidelines.

Read More

Privacy Awareness Week 2025

By: Cameron Abbott, Rob Pulham, Stephanie Mayhew and Emre Cakmakcioglu

In Australia, last week was the 2025 Privacy Awareness Week (PAW), with this year’s theme ‘Privacy – it’s everyone’s business’. Among other things in PAW, the Office of the Australian Information Commissioner (OAIC) produced a Privacy Foundations self-assessment tool, which provides a privacy maturity score on the basis of tenets such as Accountability, Transparency, Collection and Data breach management. The tool, and PAW more broadly emphasise that privacy is not just about compliance, but good business and building trust. NSW, Vic and QLD state governments have each run parallel PAW events.

Read More

Pay the Price, Now ‘Fess Up’: Reporting Obligations for Ransomware Payments Are Live

By: Cameron Abbott, Rob Pulham, Stephanie Mayhew, Emre Cakmakcioglu

As of 29 May 2025, the requirement on businesses to report ransomware payments they make has come into effect.

Read More

New EDPB Statement on Age Assurance: What You Need to Know

By: Claude-Etienne Armingaud, and Josefine Beil

On 11 February 2024, the European Data Protection Board (EDPB) adopted a new statement on age assurance. This statement, while not legally binding, will guide the enforcement of age-gating methods across the EU. Age assurance refers to the methods used to determine an individual’s age or age range with varying levels of confidence or certainty.

Read More

Navigating the Intersection of Data Scraping and Artificial Intelligence–A Global Data Protection Authorities Take

By: Claude-Etienne Armingaud and Anna Gaentzhirt

In alignment with the ongoing concerns from several European data protection authorities publishing guidelines on data scrapping (i.e., the Dutch DPA, the Italian DPA and the UK Information Commissioner’s Office), the Global Privacy Assembly (GPA)’s International Enforcement Cooperation Working Group (IEWG) recently published a Joint statement on data scraping and the protection of privacy (signed by the Canadian, British, Australian, Swiss, Norwegian, Moroccan, Mexican, and Jersey data protection authorities) to provide further input for businesses when considering data.

Read More

Clarifications of Legal Bases for Cross-Border Data Transfers in Landmark Judgment by the Guangzhou Internet Court in China

By: Sarah Kwong, Dan Wu, and Amigo Lan Xie

The Guangzhou Internet Court in China (Court) issued a landmark judgment under the Personal Information Protection Law (PIPL) (Judgment). This marked the first court decision in China regarding cross-border personal information transfers. In the case, the plaintiff expressed concerns about his personal information being transferred internationally without his explicit consent, while the defendants argued that the data processing was necessary for contractual obligations and aligned with industry standards.

Read More

Higher Regional Court of Hamm (Germany): Claims for Moral Damages Under Art. 82 GDPR are Assignable – German Class Actions Coming?

By Dr. Thomas Nietsch and Andreas Müller

On July 24, 2024, the OLG Hamm ruled that claims for moral damages under Art. 82 GDPR are generally assignable (case number: 11 U 69/23).

Read More

Decision by German Higher Regional Court Koblenz: Consent for Publication of Interview not Revocable

By: Dr. Thomas Nietsch and Andreas Müller

On 31 July 2024 the Higher Regional Court of Koblenz (Oberlandesgericht Koblenz) has rejected an appeal to a verdict of the Regional Court of Koblenz (Landgericht Koblenz) for deletion of an interview published on YouTube, due to lacking a prospect of success (case number 4 U 238/23).

Read More

Illinois Reigns in Excesses of Biometric Information Privacy Act: Form of Consent Expanded and Claims Limited

By: Cameron Abbott and Rob Pulham

In their recent article available here, Joseph Wylie, Kenn Brotman, and J. Morgan Dixon from our Chicago office discuss what changes to privacy law in Illinois will mean for company’s collecting or sharing individual’s biometric data.

Copyright © 2025, K&L Gates LLP. All Rights Reserved.