Tuesday, 24th June 2025
The Hanover District Court delivered a decisive victory for Volkswagen AG in June 2025, overturning a €4.3 million GDPR penalty. The case was based on allegations that Volkswagen was not transparent when sharing employee data with a US monitor.
After several rounds, reprimands and appeals, the District Court found Volkswagen to be fully GDPR compliant. Privacy lawyers emphasized that employees had been repeatedly informed about data processing activities in privacy notices, company newsletters, and inside news channels.
What does this mean for companies?
• Robust and repeated communication to employees about how their data is processed is key - people have to be informed and know what happens to their data - this decreases their feeling of risk and lowers the likelihood of a complaint
• Detailed records have to be on hand to demonstrate GDPR compliance in case someone files a complaint
• Robust data protection frameworks have to already be in place before regulatory scrutiny begins
At ALLNET Law we provide you with the tools on how to make your business compliant with EU data-related laws. Interested? Find out more.
---
The UK's Data (Use and Access) Bill passed Parliament on 11 June 2025, and is now awaiting Royal Assent. This bill proposes some amendments to the current UK GDPR, though it does not differ significantly.
Some Differences from Current GDPR...
---
France has long been the subject of criticism for their discrimination issues when hiring employees. To combat this CNIL has released recommendations for racial and diversity workplace surveys.
Here are the main insights based on the latest CNIL recommendations...
---
Ofcom has launched nine investigations under the UK's Online Safety Act, targeting platforms including 4chan and multiple file-sharing services for failing to respond to safety standards.
The platforms 4chan and seven file-sharing services face probes after ignoring Ofcom's information requests since April. Ofcom investigations focus on potential child sexual abuse material and inadequate age verification systems...
---
The ICO has unveiled its AI and Biometrics strategy to address the growing public concerns about how AI impacts public life. Trust is crucial for AI adoption, and the ICO wants to make sure organisations handle personal data correctly within the AI sphere.
Statistics show that public worries are real: 54% of adults in policing have concerns about facial recognition use, 64% worry about AI bias in hiring. Only 8% of UK organisations currently use AI decision-making tools.
What the ICO will focus on:
- New AI Statutory Code of Practice - Provide clear instructions on how to build and use AI responsibly
- Work with developers to make sure they know how to use people's data responsibly when training AI models
- Police facial recognition - Ensure that facial recognition technology (FRT) is used fairly
Let's watch this space.
---
The European Data Protection Board has adopted the final version of the guidelines on international data transfers and provided new AI training resources for compliance professionals.
On the Article 48 GDPR guidelines, the EBPB clarified how organizations can legally respond to data requests from non-EU authorities. Key updates include...
---
In an effort to protect kids online from social media apps, Texas has passed legislation requiring Apple and Google app stores to verify ages by obtaining parental identification for all users under 18. Naturally, Apple has opposed this; Google has refused to comment so far.
According to Apple, this law forces the collection of "sensitive personal identifying information for every Texan who wants to download an app, even if it's an app that simply provides weather updates or sports scores."...
---
The North Face and Cartier have suffered cyber attacks, joining a growing list of major retailers hit by data breaches in recent weeks, following alongside Adidas, Victoria's Secret, Harrods, M&S, and Co-op.
What happened:
• Customer names, emails, and shipping addresses compromised
• Financial data is reportedly safe
North Face told customers hackers used a technique called "credential stuffing", where attackers try usernames and passwords stolen from another data breach in the hope customers have reused the same passwords across multiple accounts.
Key takeaways:
- Make sure your passwords do not repeat and are secure
- Enable two-factor authentication where possible
