Author: admin

Prepare your organization for the evolving global sustainability reporting standards landscape with our comprehensive International Sustainability Standards Board (ISSB) report, focused on the ISSB’s efforts to establish globally consistent sustainability reporting standards.

Is your organization ready to navigate the complexities of global sustainability reporting?

The global climate change and sustainability regulatory landscape is complex and fragmented, creating significant challenges for businesses worldwide.

The International Sustainability Standards Board (ISSB), established under the IFRS Foundation and aligned with the International Accounting Standards Board, aims to unify corporate sustainability reporting under a coherent global baseline of sustainability disclosure standards.

This report explores the dynamics shaping global sustainability reporting, including the ISSB’s plans to consolidate existing frameworks such as the Sustainability Accounting Standards Board (SASB) standards and the Task Force on Climate-related Financial Disclosures (TCFD) recommendations. It highlights hurdles, opportunities, and the critical role of the private sector and other stakeholders in driving convergence toward widespread adoption of IFRS sustainability disclosure standards.

Use this report to:

• Understand the evolving global sustainability reporting landscape and the ISSB’s role as a potential unifying framework for sustainability related financial disclosures and climate related financial disclosures.
• Gain insights into geopolitical and regulatory challenges impacting sustainability reporting, including the roles of the US, EU, UK government, China, and India, and their respective regulatory frameworks such as UK sustainability reporting standards (UK SRS) and the Climate Disclosure Standards Board.
• Learn how standardized sustainability disclosures can improve risk management, investor confidence, and regulatory compliance by providing material information on sustainability risks, climate related risks, and sustainability impacts.
• Explore the opportunities and risks associated with regulatory divergence and geopolitical tensions affecting financial markets and capital markets.
• Discover how your organization can prepare for and adapt to emerging disclosure requirements and integrate sustainability related information into your company’s financial statements and integrated reporting framework.

As the festive season draws near, the Court of Justice of the European Union (CJEU) has added something to the compliance calendar, a ruling that unwraps long standing uncertainty around transparency obligations under the General Data Protection Regulation (GDPR) for body worn cameras.

Background

In its decision in C‑422/24 Storstockholms Lokaltrafik (SL), the CJEU ruled that when ticket inspectors record passengers during ticket checks, the personal data captured is obtained directly from the individual. This means organisations must comply with Article 13 of the GDPR and inform individuals at the point of data collection about who is processing their data, why it is being processed, and how it will be used. This contrasts with the obligations within Article 14 of the GDPR, which applies when personal data is collected indirectly, i.e. from sources other than the individual themselves, allowing greater flexibility in when and how that information is provided. The ruling reinforces the GDPR’s core notice at collection principle, rejecting interpretations that could delay or dilute transparency where individuals themselves are the source of the data.

For businesses, this decision offers much needed clarity on the use of video surveillance technologies and is likely to set an important precedent across the EU for how such systems should be operated in compliance with data protection law.

The facts

SL, a public transport company operating in Sweden, equipped its ticket inspectors with body worn cameras to deter threats and violence and to verify passenger identity when issuing penalty fares. The devices captured audio and video recordings in short, continuous loops, automatically overwriting footage every minute unless it was saved for enforcement purposes. While intended as a safety measure, this practice operated in a legal grey area.

In 2021, the Integritetsskyddsmyndigheten (DPA) audited SL’s practices and concluded that, between December 2018 and June 2021 the use of body cameras breached several GDPR provisions, most notably the failure to provide data subjects with adequate information about the processing of their personal data at the point of collection. As a result, the DPA imposed a significant fine of approximately €1.42 million, including €355,188 specifically for non-compliance with Article 13 of the GDPR.

SL challenged the decision, arguing that the collection of personal data was indirect, meaning that Article 13 GDPR obligations did not apply. The case progressed through the Swedish courts and reached the Högsta förvaltningsdomstolen (Swedish Supreme Administrative Court), which referred two key questions to the CJEU:

1. Which GDPR provision applies when personal data is collected via body worn cameras, i.e. does this constitute direct or indirect collection of personal data?

(This distinction is crucial for determining transparency. Article 13 of the GDPR applies when personal data is collected directly from the data subject, requiring organisations to inform the individual at the point of data collection. Whereas Article 14 of the GDPR applies when personal data is obtained from sources other than the data subject, allowing organisations to provide the required information at a later stage).

2. Can failure to inform data subjects at the time of collection justify an administrative fine?

The CJEU’s bottom line on transparency

In reaching its decision the CJEU agreed with the DPA’s position, ruling that Article 13 of the GDPR applies to body worn camera recordings because the data is collected directly from the individual, and not from a third-party source. Specifically, the CJEU noted that “the classification of data collection as ‘direct’ does not require either that the data subject knowingly provide data or any particular action on his or her part. Therefore, data obtained from observing the data subject is considered to have been collected directly from him or her.”

The CJEU explained that organisations must provide information immediately at the point of collection and advised using a “multi-layered approach” that combines methods of communication such as clear signage and accessible notices that recordings are taking place. Referring to EDPB Guidelines 3/2019, the CJEU confirmed that transparency can be achieved through:

• First layer: Clear signage or a “warning sign” stating that a recording is taking place.
• Second layer: Along with other mandatory information, a full privacy notice stating the purpose, types of data collected, and identity of the controller made available in an “appropriate and complete manner, in an easily accessible place” such as via a QR code, website, or printed material.

The CJEU explained that if Article 14 of the GDPR applied “the data subject would not receive any information at the time of collection, even though he or she is the source of those data, which would allow the controller not to provide information to that data subject immediately. Therefore, such an interpretation would carry the risk of the collection of personal data escaping the knowledge of the data subject and giving rise to hidden surveillance practices.”

In essence, the CJEU confirmed that real time transparency is non-negotiable. Organisations using body worn cameras must inform individuals immediately when data is collected, not later. The CJEU has closed the door on any attempt to rely on Article 14 of the GDPR as this would allow organisations to delay or avoid informing individuals, creating a risk of hidden surveillance, an outcome incompatible with the GDPR’s objective of ensuring a high level of protection for individual rights.

What should organisations be doing in light of this decision? 

Organisations who have implemented or considering implementing body worn cameras are encouraged to:

• Review transparency measures to ensure compliance with relevant GDPR provisions and build these into operational processes and not simply hidden in a privacy policy.
• Update policies and procedures for direct data collection i.e. embed Article 13 GDPR obligations into operational workflows for systems collecting data including body worn cameras, CCTV, or similar technologies.
• Assess technical configurations so that features like short loop recording and override functions are documented and justified to demonstrate compliance with the GDPR principles of data minimisation and purpose limitation.
• Ensure appropriate employee training to understand when and how to provide information to an individual and how to respond to questions about data processing.

The acquisition will enhance the managed services portfolio of Accenture Financial Advanced Solutions & Technology (AFAST), the company’s technology center of excellence dedicated to financial services in Italy. By integrating Cabel Industry’s capabilities—along with its approx. 200 highly-skilled professionals—AFAST will be better positioned to deliver advanced IT solutions for the banking and insurance sectors, including in credit management, and accelerate technology adoption among mid-market institutions, helping them build more scalable and competitive business models.

“Core banking and credit management services are undergoing a profound transformation driven by new demands for modernization, scalability and productivity,” said Teodoro Lio, market unit lead for Accenture in Italy . “ Integrating Cabel Industry into Accenture significantly strengthens our core banking proposition. Their specialized platform and industry expertise enable us to accelerate the delivery of flexible, industrialized solutions aligned with the evolving technology priorities of Italian banks.”

“Combining Cabel Industry’s capabilities with Accenture’s existing AFAST assets will create important synergies for our clients and lead to a stronger platform for innovation and efficiency,” said Massimiliano Colangelo, Financial Services lead for Accenture in Italy and Greece. “We can further support financial institutions in their IT reinvention journeys—from core banking modernization to managed services—reinforcing our role as a trusted partner in the region.”

“Innovation in banking increasingly depends on economies of scale and Accenture’s strong expertise and global network will ensure continuity of service for our clients while providing the best opportunity for our people to expand their skillsets,” said Andrea Pettinelli, CEO of the Fibonacci Group and Chairman of Cabel Industry. “We believe that the integration of Cabel Industry’s unique capabilities into AFAST, including around credit management, will enable us to develop new technology solutions and deliver even more value to clients.”

Since 2023, Accenture has completed seven strategic acquisitions in Italy, including IQT (Engineering Managed Services), Ammagamma (AI), Intellera Consulting (Public Administration), Fibermind (5G and fiber networks), Customer Management IT and SirfinPA (Justice and Security), and SIPAL’s Integrated Product Support business (Aerospace and Defense).

Terms of the transaction were not disclosed. Completion of the acquisition is subject to customary closing conditions.

Forward-Looking Statements
Except for the historical information and discussions contained herein, statements in this news release may constitute forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. Words such as “may,” “will,” “should,” “likely,” “anticipates,” “aspires,” “expects,” “intends,” “plans,” “projects,” “believes,” “estimates,” “positioned,” “outlook,” “goal,” “target” and similar expressions are used to identify these forward-looking statements. These statements are not guarantees of future performance nor promises that goals or targets will be met, and involve a number of risks, uncertainties and other factors that are difficult to predict and could cause actual results to differ materially from those expressed or implied. These risks include, without limitation, risks that: Accenture and Cabel Industry will not be able to close the transaction in the time period anticipated, or at all, which is dependent on the parties’ ability to satisfy certain closing conditions; the transaction might not achieve the anticipated benefits for Accenture; Accenture’s results of operations have been, and may in the future be, adversely affected by volatile, negative or uncertain economic and geopolitical conditions and the effects of these conditions on the company’s clients’ businesses and levels of business activity; Accenture’s business depends on generating and maintaining client demand for the company’s solutions and services including through the adaptation and expansion of its solutions and services in response to ongoing changes in technology and offerings, and a significant reduction in such demand or an inability to respond to the evolving technological environment could materially affect the company’s results of operations; risks and uncertainties related to the development and use of AI, including advanced AI, could harm the company’s business, damage its reputation or give rise to legal or regulatory action; if Accenture is unable to match people and their skills with client demand around the world and attract and retain professionals with strong leadership skills, the company’s business, the utilization rate of the company’s professionals and the company’s results of operations may be materially adversely affected; Accenture faces legal, reputational and financial risks from any failure to protect client and/or company data from security incidents or cyberattacks; the markets in which Accenture operates are highly competitive, and Accenture might not be able to compete effectively; if Accenture does not successfully manage and develop its relationships with its ecosystem partners or fails to anticipate and establish new alliances in new technologies, the company’s results of operations could be adversely affected; Accenture’s ability to attract and retain business and employees may depend on its reputation in the marketplace; Accenture’s profitability could materially suffer due to pricing pressure, if the company is unable to remain competitive, if its cost-management strategies are unsuccessful or if it experiences delivery inefficiencies or fail to satisfy certain agreed-upon targets or specific service levels; changes in Accenture’s level of taxes, as well as audits, investigations and tax proceedings, or changes in tax laws or in their interpretation or enforcement, could have a material adverse effect on the company’s effective tax rate, results of operations, cash flows and financial condition; Accenture’s results of operations could be materially adversely affected by fluctuations in foreign currency exchange rates; Accenture’s debt obligations could adversely affect its business and financial condition; as a result of Accenture’s geographically diverse operations and strategy to continue to grow in key markets around the world, the company is more susceptible to certain risks; if Accenture is unable to manage the organizational challenges associated with its size, the company might be unable to achieve its business objectives; Accenture might not be successful at acquiring, investing in or integrating businesses, entering into joint ventures or divesting businesses; Accenture’s business could be materially adversely affected if the company incurs legal liability; Accenture’s work with government clients exposes the company to additional risks inherent in the government contracting environment; Accenture’s global operations expose the company to numerous and sometimes conflicting legal and regulatory requirements; if Accenture is unable to protect or enforce its intellectual property rights or if Accenture’s solutions or services infringe upon the intellectual property rights of others or the company loses its ability to utilize the intellectual property of others, its business could be adversely affected; Accenture may be subject to criticism and negative publicity related to its incorporation in Ireland; as well as the risks, uncertainties and other factors discussed under the “Risk Factors” heading in Accenture plc’s most recent Annual Report on Form 10-K and other documents filed with or furnished to the Securities and Exchange Commission. Statements in this news release speak only as of the date they were made, and Accenture undertakes no duty to update any forward-looking statements made in this news release or to conform such statements to actual results or changes in Accenture’s expectations.

About Accenture
Accenture is a leading solutions and services company that helps the world’s leading enterprises reinvent by building their digital core and unleashing the power of AI to create value at speed across the enterprise, bringing together the talent of our approximately 784,000 people, our proprietary assets and platforms, and deep ecosystem relationships. Our strategy is to be the reinvention partner of choice for our clients and to be the most client-focused, AI-enabled, great place to work in the world. Through our Reinvention Services we bring together our capabilities across strategy, consulting, technology, operations, Song and Industry X with our deep industry expertise to create and deliver solutions and services for our clients. Our purpose is to deliver on the promise of technology and human ingenuity, and we measure our success by the 360° value we create for all our stakeholders. Visit us at accenture.com.

# # #

Contacts:

Alberto Morici
Accenture
+39 340 2255389
[email protected]

Armando Barone
Accenture
+39 348 5608969
[email protected]

Michael McGinn
Accenture
+1 312 693 5707
[email protected]

Copyright © 2025 Accenture. All rights reserved. Accenture and its logo are registered trademarks of Accenture.