On February 27, 2025, the Court of Justice of the European Union (“CJEU”) issued a significant decision on the right of data subjects to request access to their personal data under Article 15 GDPR, specifically as it relates to automated decision-making and striking an appropriate balance between informing data subjects and protecting trade secrets (Case C‑203/22).Continue Reading CJEU Clarifies GDPR Rights on Automated Decision-Making and Trade Secrets
Automated decision-making
California Privacy Protection Agency Seeks Comments on Preliminary CPRA Issues
The California Privacy Protection Agency (CPPA), which is responsible for issuing regulations implementing the California Privacy Rights Act (CPRA), has posted its approved discussion draft for seeking public comments in preparation for its CPRA rulemaking activities. The CPPA indicated that it is particularly interested in receiving comments on the following eight topics:
Continue Reading California Privacy Protection Agency Seeks Comments on Preliminary CPRA Issues
Italian Supervisory Authority Fines Foodinho Over Its Use of Performance Management Algorithms
By Dan Cooper on
Posted in GDPR
On July 5, 2021, the Italian Supervisory Authority (“Garante”) announced that it has fined Foodinho S.r.l. (“Foodinho”) 2.6 million EUR for its use of performance algorithms in connection with its employees. The authority held Foodinho in breach of the principles of transparency, security, privacy by default and by design, and held it responsible for not implementing suitable measures to safeguard its employees’ (i.e., riders’) rights and freedoms against discriminatory automated decision making. The Garante’s decision is the first of its kind in the realm of the algorithmic management of gig workers. According to the Garante, Foodinho’s management violated Article 22(3) of the GDPR.
Continue Reading Italian Supervisory Authority Fines Foodinho Over Its Use of Performance Management Algorithms