SypherPrivacyTalks - January 2025 - Week 5
by Sypher | Published in News - January 27, 2025
Welcome to #SypherPrivacyTalks — Your news and article roundup. Bringing you the top privacy & compliance stories of the week.
GDPR fines hit €1.2 billion in 2024 on 8.3% more breach reports
📊 According to a report by international law firm DLA Piper, companies faced €1.2 billion in GDPR fines in 2024, down 33% from the previous year. This decrease ends a seven-year trend of rising fines.
DLA Piper attributes the decline to a record €1.2 billion fine levied on Meta in 2023, the largest ever, which matched the total fines issued in 2024… read more
Additional information:
- Countries with highest fines issued for General Data Protection Regulation (GDPR) violations as of September 2024 (in million euros) - see graph below. Source: Statista.
- Total fines reported since the application of GDPR legislation in 2018 now stand at €5.88billion.
Vodafone Romania fined €15,000 by the Data Protection Authority
💶 Romania's National Authority for the Supervision of Personal Data Processing (ANSPDCP) concluded an investigation into telecommunications operator Vodafone Romania S.A. for violations of the GDPR. As a result of these findings, the company was fined approximately €15,000.
The investigations were launched after Vodafone Romania reported several personal data security breaches, as required by Article 33 of GDPR, and in response to data subject requests. These reports and complaints related to recurrent incidents, which exposed clients' personal data to security risks… read more
GDPR fines might’ve dipped last year, but don’t get complacent – personal liability risks are rising
🚨Following on from an analysis of GDPR fines issued in 2024, this article points to an increased focus on governance and oversight failures, with management bodies being called out for non-compliance.
At the same time, there was a shift in GDPR enforcement in 2024 towards holding individuals personally accountable for compliance failures. The Dutch Data Protection Commission's investigation of the directors of Clearview AI for GDPR violations highlights this trend, signalling a regulatory strategy focused on personal liability to improve compliance. Experts predict that this approach could expand in 2025, further emphasising accountability at the executive level… read more
CNIL publishes 2025-2028 strategic plan
🏦 The CNIL has published its strategic plan for 2025-2028, continuing its practice of informing stakeholders of its priorities.
Over the next four years, the CNIL will focus on four key areas critical to the evolving digital landscape: artificial intelligence (AI), online protection of minors, cybersecurity, and two specific digital domains - mobile applications and digital identity… read more
Read the full CNIL 2025-2028 plan (in French).
Podcast: EDPB's opinion on AI models
inquisitiveminds.bristows.com • 1 min read | 35 min audio
🎙️In this podcast episode, Hannah Crowther and Jamie Drucker of Bristows take a deep dive into the EDPB's recent opinion on AI models, looking at what it covered, its implications and what it missed.… listen here
