Download free GDPR compliance checklist!

Tag Archives for " compliance "

€114 Million in Fines Imposed by EU Authorities Under GDPR

New findings from DLA Piper show that 160,000 data breach notifications reported across 28 European Union Member States and data protection authorities have imposed €114 million in monetary fines under the GDPR for a wide range of infringements. Not all fines were related to data breach infringements, however.

In terms of the total value of fines issued by geographical region, France (€51m), Germany (€24.5m) and Austria (€18m) topped the rankings, whilst the Netherlands (40,647), Germany (37,636) and the UK (22,181) had the highest number of data breaches notified to regulators.

Source: €114m in Fines Imposed by Euro Authorities Under GDPR – Infosecurity Magazine

Italy fines gas company EUR 11.5 million for unsolicited telemarketing

The Italian Supervisory Authority imposed two fines on Eni Gas and Luce (Egl), totalling EUR 11,5 million, concerning respectively illicit processing of personal data in the context of promotional activities and the activation of unsolicited contracts.

The first fine of EUR 8,5 million relates to unlawful processing in connection with telemarketing and teleselling activities – advertising calls made without the consent of the contacted person or despite that person’s refusal to receive promotional calls, or without triggering the specific procedures for verifying the public opt-out register; the absence of technical and organisational measures to take account of the indications provided by users; longer than permitted data retention periods; and the acquisition of the data on prospective customers from entities (list providers) that had not obtained any consent for the disclosure of such data.

The second fine of EUR 3 million concerns breaches due to the conclusion of unsolicited contracts for the supply of electricity and gas under ‘free market’ conditions – many individuals learned about the conclusion of a new contract only on receiving the letter of termination of the contract with the previous supplier or else the first Egl bills.

Source: THE ITALIAN SUPERVISORY AUTHORITY FINES ENI GAS E LUCE EUR 11.5 MILLION – On account of unsolicited telemarketing and contracts

‘Prepare for ICO to utilise its wider powers’: UK regulator issues warning to adtech

The UK’s data regulator, the Information Commissioner’s Office (ICO), has issued a warning to any adtech companies which have failed to “use the window of opportunity to engage and transform” their practices – it’s coming for them.

The ICO’s update on its investigation into the adtech sector reveals it focused on specific issues such as the treatment of “special category data” – like race, sexuality and health – as well as how secure data is as it’s passed through the supply chain and the thorny issue of Legitimate Interest.

Source: ‘Prepare for ICO to utilise its wider powers’: UK regulator issues warning to adtech | The Drum

Facebook is ordered to hand over data about thousands of apps that may have violated user privacy

A Massachusetts judge rejected the tech giant’s earlier attempt to withhold the evidence from state officials investigating its privacy practices.

Massachusetts revealed it was probing Facebook over its data-collection practices in September, an investigation that stemmed from the company’s entanglement with Cambridge Analytica.

Source: Massachusetts court orders Facebook to hand over data on apps that may have violated users’ privacy – The Washington Post

Carrefour’s fingerprint payments to be investigated by Belgian privacy agency

The Belgian Data Protection Authority has stated that there is “a good chance” it will investigate Carrefour’s fingerprint payment system.

The supermarket chain announced on Tuesday that it will organise a pilot project allowing clients to pay for their groceries with their fingerprints in a store in the centre of Brussels. The clients will be able to pay by scanning their finger at the cash register, after which the money will disappear from their bank account.

Source: Carrefour’s fingerprint payments to be investigated by Belgian privacy agency

2019 registers over €400m in data protection fines in Europe

Last year, the data protection authorities in the EEA imposed 190 fines with a total cost of over €410,000,000, according to a new report by Federprivacy.

The study analyzed official sources of information in the 30 countries that are part of the European Economic Area (EEA).

The most active Authority for Data Protection was Italy (GPDP) with 30 actions in 2019, followed by Spain (AEPD) with 28, and Romania (ANSPDCP) with 20. The strictest has been the UK (ICO) with €312,000,000 of sanctions (76% of the total).

Source: #Privacy: 2019 registers over €400m in data protection fines in Europe

Research reveals that most websites are not compliant with GDPR and ePrivacy Directive

Research has found that only 11.8% of consent management platforms (CMPs) meet the minimal requirements under GDPR and Europe’s eDirective regulations regarding cookies and consent.

A study conducted by researchers at MIT CSAIL, Denmark’s Aarhus University and University College London, analysed how prevalent CMP designs impact people’s consent choices.

Full article: #Privacy: Research reveals that most websites are not compliant with GDPR

Cookie consent tools are being used to undermine EU privacy rules

Most cookie consent pop-ups served to internet users in the European Union — ostensibly seeking permission to track people’s web activity — are likely to be flouting regional privacy laws, a new study by researchers at MIT, UCL and Aarhus University suggests.

“The results of our empirical survey of CMPs [consent management platforms] today illustrates the extent to which illegal practices prevail, with vendors of CMPs turning a blind eye to — or worse, incentivising — clearly illegal configurations of their systems,” the researchers argue, adding that: “Enforcement in this area is sorely lacking.”

Full article: Cookie consent tools are being used to undermine EU privacy rules, study suggests | TechCrunch

ICO Delays British Airways and Marriott GDPR Fines

Further to the publication of the ICO’s notices of intention to fine British Airways and Marriott in July 2019, the ICO has recently issued a statement delaying the issuance of both GDPR fines which had originally been expected by the end of 2019.

The ICO’s initial notices of intention to fine had stated that British Airways would face a fine of £183m ($228m) and Marriott, a fine of £99m ($123m). ICO will now have until March 31, 2020 to finalize the penalties imposed on both British Airways and Marriott, which were the result of two high-profile data breaches and subsequent ICO investigations.

Source: ICO Delays British Airways and Marriott GDPR Fines

CES 2020: The hottest product is privacy

Several of the biggest tech companies attending CES, the closely watched trade show in Las Vegas this week, are putting a special emphasis on user privacy.

Google announced on Tuesday that it has added two new voice commands for people to better control their privacy when using its voice assistant. Facebook announced a new version of its “Privacy Checkup” tool with the goal of walking users through their key privacy settings. Ring, the home security and video doorbell company owned by Amazon, announced an update to its app.

Apple is also returning to CES this year for the first time since former CEO John Sculley debuted the Newton personal digital assistant in 1992. But the company isn’t at the show to unveil a new product. It’s coming to talk privacy.

Source: CES 2020: The hottest product is privacy – CNN

1 2 3 57