Peter Craddock

Contract as Legal Ground? New CJEU Ruling Creates Risks Re Personalisation

By Peter Craddock & Fadia Ajmida on July 5, 2023

Posted in Data Privacy, Data Security, Legislation, Privacy

What kinds of processing are necessary for the performance or conclusion of a contract?

This is one of the questions the Court of Justice of the European Union (CJEU) was asked to examine in case C-252/21 between Meta Platforms and the German Federal Cartel Office, in which it delivered a judgment on July 4^th…

Soon Higher GDPR Fines in Belgium? Court Decision Paves Way for Public Fining Methodology

By Peter Craddock on June 22, 2023

Posted in Cybersecurity, Data Privacy, Data Security, Legislation, Privacy

Until now, fines by the Belgian Data Protection Authority (BDPA) had, compared to its neighbouring countries (France, Luxembourg, and the Netherlands), appeared on the low side in absolute numbers.

Last year we carried out an analysis of over 300 fines related to (alleged) infringements of the General Data Protection Regulation (GDPR), including the top 250…

EU Cyber Resilience Act: Cybersecurity Obligations for Connectable Hardware and Software Products Including IoT

By Peter Craddock on September 21, 2022

Posted in Cybersecurity, Data Privacy, Data Security, Privacy, Product Safety, Regulations

The Internet of Things (IoT) segment has grown, and with it have come many examples of vulnerable products, from babycams whose feeds could be viewed by strangers online to hackable implantable cardiac devices. There are also infamous examples of botnets (i.e., clusters of hacked devices) featuring millions of IoT devices with one common trait: weak…

Thought Those 300 GDPR Fines Were High? Think Again

By Peter Craddock on September 1, 2022

Posted in Data Privacy, Privacy

Since it started in May 2018, enforcement of the rules of the General Data Protection Regulation (GDPR) across the EU has revealed various national trends and differences in approach. Yet one difference seems to dwarf all others: the variation in the amount of the fines for GDPR violations. This has led the European Data Protection…

Meet DeFine, a GDPR Fine Calculator

By Sheila Millar, Tracy P. Marshall & Peter Craddock on August 9, 2022

Posted in Children, Cybersecurity, Data Privacy, Data Security, Privacy, Regulations

On May 12, 2022, the European Data Protection Board published guidelines with a methodology for calculating fines for violations of the General Data Protection Regulation (GDPR). These guidelines were subject to a public consultation until June 27, 2022.

Because these guidelines are likely to have an influence on future decisions by data protection authorities in…

Is a Privacy Shield Replacement on the Horizon?

By Sheila Millar, Tracy P. Marshall & Peter Craddock on March 30, 2022

Posted in Data Security, Privacy

After the EU-U.S. Privacy Shield was rendered invalid by the Court of Justice of the European Union (CJEU) in July 2020, and following a prior challenge to the U.S.-EU Safe Harbor, many businesses operating on both sides of the pond scrambled to find other ways to protect data flows between the EU and U.S. that…

EDPB on Dark Patterns: Lessons for Marketing & Technical Teams

By Peter Craddock on March 23, 2022

Posted in Privacy

“Dark patterns” – social media platform interfaces that can lead users to make unintended and potentially harmful decisions regarding the processing of their personal data – are a subject of increasing scrutiny in the EU. New guidelines of the European Data Protection Board (EDPB) on “dark patterns in social media platform interfaces” confirm the focus…

menu

Consumer Protection Connection

Peter Craddock

EU Cyber Resilience Act: Cybersecurity Obligations for Connectable Hardware and Software Products Including IoT

Is a Privacy Shield Replacement on the Horizon?

About our Firm