After the scandal around Facebook and Cambridge Analytica broke in the first half of 2018, another data protection authority has fined Facebook for personal data misuse. The Italian Data Protection Authority fined Facebook for €1M for violating the provisions of national privacy laws by misusing personal data of Italian citizens.
On 29 May 2019 the EU Commission published a guidance on the interaction between the Regulation on the free flow of non-personal data (FFD Regulation) and the General Data Protection Regulation
In the middle of April 2019, new rules on the protection of persons reporting on breaches of European Union law were adopted by the European Parliament, and as a next step the directive must be approved by EU ministers.
On 1 April 2019 the Hungarian Parliament adopted a new act on the amendments necessary for the implementation of the European Union’s data protection reform (“Data Protection Reform Act”).
The European Data Protection Board (EDPB) adopted an opinion on 12 March 2019 on the interplay between the ePrivacy Directive and the General Data Protection Regulation. The opinion seeks to provide an answer to the question whether the fact that the processing of personal data triggers the material scope of both the GDPR and the ePrivacy Directive, limits the competences, tasks and powers of data protection authorities under the GDPR.
In the absence of an agreement between the EEA and the UK (no-deal Brexit), the UK becomes a „third country” as of 00.00 am CET on 30 March 2019