Download free GDPR compliance checklist!

Tag Archives for " complaint "

Ireland’s data watchdog slammed for letting adtech carry on ‘biggest breach of all time’

A dossier of evidence detailing how the online ad targeting industry profiles Internet users’ intimate characteristics without their knowledge or consent has been published today by the Irish Council for Civil Liberties (ICCL), piling more pressure on the country’s data watchdog to take enforcement action over what complainants contend is the “biggest data breach of all time”.

The publication follows a now two-year-old complaint lodged with Ireland’s Data Protection Commission (DPC) claiming unlawful exploitation of personal data via the programmatic advertising Real-Time Bidding (RTB) process — including dominant RTB systems devised by Google and the Internet Advertising Bureau (IAB).

Full article: Ireland’s data watchdog slammed for letting adtech carry on ‘biggest breach of all time’ | TechCrunch

EDPB Creates Taskforces on Complaints and Supplementary Measures for Data Transfers Following Schrems II Decision

On September 4, 2020, the European Data Protection Board (EDPB) announced that it established two taskforces following the judgment of the Court of Justice of the European Union (CJEU) in the Schrems II case.

The first taskforce will process and uniformly respond to complaints received by data protection authorities following the Schrems II judgment. The second taskforce will prepare recommendations to assist data controllers and processors with their duty to identify and implement appropriate supplementary measures to ensure the adequate protection of EU personal data when transferring data to third countries.

Source: EDPB Creates Taskforces on Complaints and Supplementary Measures for Data Transfers Following Schrems II Decision

EU websites’ use of Google Analytics and Facebook Connect targeted by post-Schrems II privacy complaints

A month after Europe’s top court struck down a flagship data transfer arrangement between the EU and the US as unsafe, European privacy campaign group, noyb, has filed complaints against 101 websites with regional operators which it’s identified as still sending data to the US via Google Analytics and/or Facebook Connect integrations.

Among the entities listed in its complaint are ecommerce companies, publishers & broadcasters, telcos & ISPs, banks and universities — including Airbnb Ireland, Allied Irish Banks, Danske Bank, Fastweb, MTV Internet, Sky Deutschland, Takeaway.com and Tele2, to name a few.

Source: EU websites’ use of Google Analytics and Facebook Connect targeted by post-Schrems II privacy complaints | TechCrunch

GDPR complaint lodged with UK data watchdog over coronavirus Test and Trace programme

Open Rights Group has instructed lawyers to lodge a complaint with the UK’s data watchdog over the rollout of the Test and Trace system because it says the system breaches the General Data Protection Regulation (GDPR).

The complaint to the ICO relates to the failure by the NHS and Public Health England (PHE), which runs the Test and Trace programme, to conduct a Data Protection Impact Assessment (DPIA), which is required under the GDPR before processing of data in high-risk situations.

Source: Legal complaint lodged with UK data watchdog over claims coronavirus Test and Trace programme flouts GDPR • The Register

EU privacy regulators investigate Apple’s handling of Siri snippets again

Apple is facing fresh questions from its lead data protection regulator in Europe following a public complaint by a former contractor who revealed last year that workers doing quality grading for Siri were routinely overhearing sensitive user data.

Responding to the latest Apple complaint from le Bonniec, the DPC’s deputy commissioner, Graham Doyle, told TechCrunch: “The DPC engaged with Apple on this issue when it first arose last summer and Apple has since made some changes. However, we have followed up again with Apple following the release of this public statement and await responses.”

Source: Apple’s handling of Siri snippets back in the frame after letter of complaint to EU privacy regulators | TechCrunch

Austrian citizen files GDPR legal complaint against Google over Android Advertising ID

Privacy pressure group Noyb has filed a legal complaint against Google on behalf of an Austrian citizen, claiming the Android Advertising ID on every Android device is “personal data” as defined by the EU’s GDPR and that this data is illegally processed.

The complaint against Google, which was filed with the Austrian Data Protection Authority, is based on the claim that Google’s Android operating system generates the advertising ID without user choice as required by GDPR.

Source: Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID • The Register

Max Schrems Files GDPR Complaints with French DPA on Cookie Use

European privacy advocacy group None of your business (NOYB)—led by Max Schrems—announced it had filed three formal complaints with the French data protection authority (CNIL) against three French websites for  sending digital signals to tracking companies claiming that users had agreed to be tracked online, despite the same users rejecting such cookies.

Despite users going through the trouble of “rejecting” countless cookies on the French eCommerce page CDiscount, the movie guide Allocine.fr and the fashion magazine Vanity Fair, these webpages have sent digital signals to tracking companies claiming that users have agreed to being tracked online.

Source: Say “NO” to cookies – yet see your privacy crumble? | noyb.eu

Swedish DPA digs into Spotify’s responses to SARs

The Swedish data protection authority – Datainspektionen – had initiated a review of Spotify Technology S.A.’s responses to data subject access requests (SARs).

Investigation was initiated following a number of complaints regarding how Spotify manages data subject access requests (SARs). Article 15 of the General Data Protection Regulation (GDPR) provides individuals with right to access their data any company holds about them.

Swedish DPA noted that the information Spotify provided to users in response to a SAR is incomplete and not sufficiently clear. Therefore Datainspektionen asked Spotify to detail how it handles SARs, in particular, what information it provides, what information the copy of personal data includes, and how the information is presented to data subjects.

Source: Datainspektionen granskar rätten till registerutdrag

EU DPAs urged to act against online ad auctions

Panoptykon Foundation, the Warsaw based digital rights organization, has joined in the complaints filed in the UK and Ireland in September by Jim Killock of the Open Rights Group, Michael Veale of University College London, and Dr Johnny Ryan of Brave.

Together, the complainants in Ireland, Poland, and the UK, have also filed new evidence today with the national data protection authorities of Ireland, Poland, and the United Kingdom, that reveals how ad auction companies, including Google, unlawfully profile Internet users’ religious beliefs, ethnicities, diseases, disabilities, and sexual orientation.

Full article: Update on GDPR complaint (RTB ad auctions)