The UK's Financial Conduct Authority (FCA) has fined consumer credit rating agency Equifax £11 million for one of the largest cyber security breaches in history.

The FCA announced that Equifax Inc, Equifax's parent company in the US, suffered a major cyber attack in 2017, which resulted in the personal data of 147.9 million US consumers being accessed. It was also revealed that the data of 13.8 million UK consumers was also accessed, as the data was stored on servers in the US.

The Official Gazette of 14 October 2023, number 32339, published an amendment to the Regulation of the Ministry of National Education on pre-school and primary education institutions.

The amendment stipulates that the images of students taken during educational activities, social and cultural activities, excursions and observation activities in and out of school may not be shared on social media platforms and communication groups under any name.

It is stated that sharing can only be done with the written consent of the parents and the student under the supervision of the guidance teacher.

In this context, it is important to obtain the written consent of the child in order to share images of the student (the data subject), even if the child is of pre-school or primary school age.

Google and YouTube have released a framework to better protect children and young people online. The framework will be shared with governments, regulators and experts to help protect children and young people.

The framework, which has the key headings of respecting the best interests and developmental stages of children and young people, providing age-appropriate controls and features, reducing risks while providing useful services, and ensuring oversight and accountability, consists of 11 articles in total.

The CNIL, the French data protection authority, has published frequently asked questions and answers on the adequacy decision issued by the European Commission under the EU-US Data Protection Protocol, which entered into force on 10 July 2023.

These include what the adequacy decision is, when it will enter into force, how long it will remain in force, the consequences of this decision for organisations wishing to transfer data to the US, and the key elements of the Protocol.

European Union General Court has rejected an application to suspend the recently signed US-EU data protection protocol.

The case, brought by French MEP Phillippe Latombe, was dismissed on the grounds that the applicant had not fully explained the damage allegedly caused by the agreement.