Transparency matters: WhatsApp fined EUR 225 million for violating transparency obligations under the GDPR

On 2nd September 2021 the Irish Data Protection Commission (”DPC”) imposed its biggest fine to date on WhatsApp, the messaging app owned by Facebook. In its reasoning (available here) the DPC considered both: the information provided by WhatsApp to its users, and perhaps more importantly  the lack of information provided to non-users.  Namely, it was…

South Korea: first country to pass a bill limiting Apple and Google’s control over app store payments

South Korea’s parliament has approved on the 31st of August 2021 a bill that prohibits Apple and Google from forcing app developers to only use their proprietary billing systems. The bill is an amendment to South Korea’s Telecommunications Business Act.  This decision will allow app developers to avoid paying 15 to 30% commission on every…

CMA provisional findings may lead to Facebook being forced to sell Giphy

On 12 August 2021, The Competition and Markets Authority (“CMA”) announced its provisional findings that Facebook’s completed acquisition of Giphy is likely to harm competition between social media platforms and between digital display advertising players.  The CMA considers that Facebook could restrict the use of GIFs on other social media platforms, making its competitors change…

UK Government publishes draft National Security and Investment Act 2021

On 20 July 2021, the Department for Business, Energy & Industrial Strategy (“BEIS”) published: A Draft National Security and Investment Act 2021 (Notifiable Acquisition) (Specification of Qualifying Entities) Regulations 2021; A consultation on the revised draft statement that explains how the power to call in acquisitions for consideration will be used; and  Guidance notes to…

The European Commission adopts adequacy decision for the UK

The European Commission (“EC”) has announced as of 28 June the formal adoption of two adequacy decisions for the United Kingdom under the EU General Data Protection Regulation (GDPR) and Law Enforcement Directives (LEDs). The adequacy decisions recognise the UK’s personal data safeguards as being strong and will allow UK entities to continue to receive personal data from the EEA without restriction (i.e. without…