Data Protection

06 Sep 2021

Irish watchdog issues record fine in WhatsApp data protection ruling

The Irish Data Protection Commission (“DPC”) fined Facebook’s WhatsApp with EUR 225 million in its latest EU data protection ruling.  The fine is the second largest of its kind in the EU. So far, only Amazon paid more in a privacy case in the EU. The DPC said in its ruling on September 2 that WhatsApp’s policies were not in line with the EU’s General Data Protection Regulation (“GDPR”), noting it registered breaches of Article 5(1)(a) as well as Articles 12 through 14.  The breaches particularly include the provision of information and the transparency of that information to both users […]

Details
23 Aug 2021

Schrems, Facebook and Data Privacy

Why Schrems?  The EU’s trust in the processing of personal data seems to be shaken. With the famous case Maximillian Schrems v Facebook Ireland Limited pending before the Austrian Supreme Court (“Court“) for a while now, Maximillian Schrems requested the Court to refer four questions to the Court of Justice of the European Union (“CJEU“) concerning the lawful use of personal data of all Facebook users from the EU.   So, who is Maximilian Schrems? Maximillian Schrems is a law student from Austria and a personal data protection activist who has been extremely vocal about data protection before EU authorities. […]

Details
25 Jun 2021

Data protection and Big Tech: Is it just a bump in the road?

The topic of data protection and Big Tech keeps on giving.  It appears the subject of data protection simply does not want to leave the main stage and wishes to remain in everyone’s center of attention.  This should not come as a surprise, since the world is only starting to become more integrated in terms of digital services provided by Big Tech companies. The most recent “controversy” on data protection and Big Tech comes from Germany, or to be more precise, Hamburg’s Commissioner for Data Protection (“Commissioner”).  The Commissioner investigated Facebook’s use of personal data gathered from WhatsApp users and […]

Details
13 May 2021

TikTok May Have Gone Too Far in Child Data Collection

What do Facebook, WhatsApp and TikTok have in common?  Well, they are social media giants, with billions of users all around the world.  But there is something else that these platforms have in common that is worthy of attention.  Lately, they have all been “hunted down” by regulators over their data policies.  So, we wanted to take the time to say a few words on the TikTok case. What makes the TikTok case special?  As most of you already know, TikTok is a social media platform used to make short-form videos that last between 15 and 60 seconds.  The videos […]

Details
02 Apr 2021

EU Digital Saga Continues – Digital Services Act: A Service to Consumers, but a Disservice to Businesses?

After a short break from our previous reflections on the EU’s new set of regulations concerning digital markets (more details available here), we are back with an even more vivid and thorough breakdown of the proposed regulation. To pick up where we left off, we will be taking a closer look at the Digital Services Act (“DSA“ or „Act“). As we have already familiarized ourselves with the EU’s goals and ambitions regarding new digital market regulation, we can now fully indulge ourselves by taking a closer look at the Act.  We hope that you managed to catch your breath because […]

Details
23 Nov 2020

Are Major High-Tech Companies “Skirting the Law” in Serbia Regarding Personal Data Protection?

Although it has been more than a year since the new Personal Data Protection Act (“Act”) entered into force in Serbia, some of its provisions are not yet fully applicable.  One clear-cut example is Article 44 of the Act, which requires foreign companies (therefore those who does not have a registered business seat in Serbia) to appoint a Personal Data Protection Representative for Serbia (“Representative”). Who is the Representative? This provision, (as well as the majority of the Act’s provisions), was adopted from Article 27 of the General Data Protection Regulation (“GDPR”) and refers to any personal data controller and […]

Details
21 Jun 2017

New EU Data Protection Rules – Should Serbian Companies Be Worried?

The new EU data protection framework, set to come into force on May 24, 2018 in the form of the General Data Protection Regulation (GDPR) is directly binding in all Member States, however its scope goes beyond the boundaries of the EU – affecting foreign companies that deal with personal data of EU citizens.  National Data Protection authorities of EU member states already have certain powers over foreign enterprises, as seen in the landmark Costeja case (C‑131/12) where Google Inc., an American company, was forced to protect a Spanish national’s right to the respect of his private life.  The GDPR […]

Details
26 Apr 2017

New Data Protection Enforcement: Is Your Business Ready for It?

Businesses beware – imposing fines of up to 10% of the company’s Serbia-originated annual income in respect to enforcing Data Protection compliance will be one of the measures available to the Commissioner1  as of June 1, 2017, when the new Administrative Procedure Act is set to come into force. The changes to the Administrative Enforcement Procedure are going to allow this Data Protection Authority to enforce its decisions by fining companies in an amount considerably higher than the maximum enforcement-related fine of RSD 200,000.00 (approx. EUR 1,600.00) allowed by the current statute. This means that all companies will, if ordered […]

Details
26 Apr 2016

EU Data Protection Reform Adopted

As announced by one of our previous publications, the new rules on personal data protection were adopted at the European Union (“EU”) level on April 14, 2016.  Referred to as “the culmination of over four years of hard work” in the joint statement of the European Commission (“Commission”) First Vice-President, Vice-President in charge of the Digital Single Market and Commissioner for Justice, Consumers and Gender Equality, the new policy aims to extend the citizens’ right to personal data protection, enhance legal certainty for businesses by unifying the regulation within the EU and allow for improved cooperation of Member States’ criminal […]

Details
24 Dec 2015

EU Announces Sweeping Data Protection Reform

In a trilogue meeting held on 15 December 2015 the European Parliament, the European Commission and the European Council reached a political agreement to reform EU Data Protection policy.  The new policy has been in the works since 2011, but only now have the European Council and the European Parliament managed to reach an agreement on key issues.  The final text is expected to be formally adopted in early 2016, and its rules applicable two years thereafter.  During this period, 28 member states will be required to amend their existing data protection legislation, or to pass new legislation, whereas the […]

Details