Data Privacy

Data Breach Decision Highlights Security Lapses

The Singapore Personal Data Protection Commission (PDPC) issued a decision regarding a data breach affecting 665,000 individuals due to system misconfiguration. The case highlights lapses in security practices and emphasizes the need for robust technical and governance measures.

Privacy Commissioner Statement on Bunnings Facial Recognition Decision

The Australian Privacy Commissioner has issued a statement regarding the Administrative Review Tribunal's decision on Bunnings' use of facial recognition technology. The statement clarifies that while the Tribunal allowed Bunnings to use the technology for specific crime prevention purposes, significant privacy safeguards and notification requirements remain crucial.

OAIC Statement on Bunnings Facial Recognition Technology Decision

The Australian Information Commissioner (OAIC) issued a statement regarding the Administrative Review Tribunal's decision on Bunnings' use of facial recognition technology (FRT). The Tribunal affirmed findings that Bunnings contravened privacy principles by failing to provide adequate notice and conduct a formal risk assessment for its FRT system.

OAIC Highlights Improved Transparency in Government Automated Decision-Making

The Australian Information Commissioner (OAIC) has released a report highlighting opportunities for government agencies to improve transparency in automated decision-making (ADM). The report follows a review of 23 agencies and identifies a significant gap in public disclosure of ADM use, with only 17% of agencies disclosing it.

Cambridge Analytica Payment Program Registration Deadline

Eligible Australian Facebook users impacted by the Cambridge Analytica matter must register for a payment program by December 31, 2025. The program, established by Meta Platforms as part of an enforceable undertaking with the Australian Information Commissioner, offers payments to over 300,000 affected individuals.

Hungarian Information Rights System 30th Anniversary Celebration

The Hungarian data protection authority celebrated the 30th anniversary of the country's information rights system with an international conference on September 17, 2025. The event reviewed past achievements, challenges, and future tasks in data protection and freedom of information.

NAIH launches AWARE project for GDPR awareness

The National Authority for Data Protection and Freedom of Information (NAIH) has launched the EU-funded AWARE project to increase GDPR awareness among micro and small enterprises, particularly in the beauty and private healthcare sectors. The project will run from 2025 to 2027 and includes research, an information website, webinars, and training.

Hungary Ratifies Council of Europe Convention 108+

Hungary has become the 30th party to ratify the Council of Europe's Convention 108+, an international treaty concerning data protection. This action signifies Hungary's commitment to aligning its data protection laws with international standards.

Publication Obligation for Public Data Registry and Transparency Procedure

Hungary's National Authority for Data Protection and Freedom of Information has issued a notice regarding a new publication obligation for budgetary organs. All budgetary organs, except national security services, must publish financial management data bi-monthly on a new online platform, with potential fines for non-compliance.

Hungarian Data Protection Authority Launches Freedom of Information Development Project

The Hungarian National Authority for Data Protection and Freedom of Information has launched a development project funded by an EU grant to enhance the enforcement of freedom of information. The project aims to investigate current practices, identify obstacles, and develop proposals for optimisation.