fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " compliance "

The French Data Protection Authority Announces Stricter Enforcement

On April 15, 2019, the French Data Protection Authority (CNIL) published its 2018 activity report and announced its 2019 enforcement agenda.

The CNIL’s message is clear: if some leniency was tolerated in 2018, this transitional period for GDPR enforcement is now over. Going forward, the CNIL will adopt a stricter approach when investigating companies’ GDPR compliance and make full use of its enforcement powers, including the power to fine.

Source: The French Data Protection Authority Announces Stricter Enforcement

Even ticking a box does not necessarily mean consent is freely given

Digiday spoke to Giovanni Buttarelli, European data protection supervisor, to hear whether media and advertising businesses have done enough to comply. He believes Google and Facebook must work harder to achieve compliance.

Full article: Giovanni Buttarelli on state of GDPR adoption: ‘Even ticking a box does not necessarily mean consent is freely given’ – Digiday

People have no absolute right to fadas in names

Irish people don’t have an “absolute right” to have their names spelt correctly, the State data watchdog has ruled.

Ciarán Ó Cofaigh complained to the Data Protection Commission after medics refused to include the fada on his name because computer software does not allow for fadas. He alleges the Health Service Executive (HSE) was in breach of Article 16 of the GDPR that gives the right to people to have “inaccurate personal data” held by organisations corrected “without undue delay”.

Source: People have no absolute right to fadas in names, watchdog finds

GDPR at a critical stage, says information commissioner

The ICO is calling on data protection officials to help kick off the next phase of the GDPR by embedding sound data governance at its annual conference.

Information Commissioner Elizabeth Denham said the GDRP enshrines in law an onus on companies to understand the risks that they create for others with their data processing, and to mitigate those risks. It also formalises the move away from box ticking to seeing data protection as something that is part of the cultural and business fabric of an organisation, and it reflects that people increasingly demand to be shown how their data is being used, and how it is being looked after, she added.

Source: GDPR at a critical stage, says information commissioner

Privacy UX: Better Cookie Consent Experiences

With the advent of the EU General Data Protection Regulation (GDPR) in May 2018, the web has turned into a vast exhibition of consent pop-ups, notifications, toolbars, and modals.

While the intent of most cookie-related prompts is the same — to get a user’s consent to keep collecting and evaluating their behavior the same ol’ way they’ve been doing for years — implementations differ significantly, often making it ridiculously difficult or simply impossible for customers to opt out from tracking.

Full article: Privacy UX: Better Cookie Consent Experiences

French court issues decision on legality of Privacy Rules and Terms of Use under data protection and consumer law

Five years after the commencement of legal proceedings against Google by leading French consumer association UFC Que Choisir, the Paris “Tribunal de Grande Instance” (TGI), in a decision dated 12 February 2019, issued its ruling on the legality of the Google+ Terms of Use and Privacy Rules, both with respect to consumer law and personal data protection regulations.

Full article: French court issues decision on legality of Privacy Rules and Terms of Use under data protection and consumer law

Parenting club Bounty fined £400,000 for selling users’ data

The parenting club Bounty has been fined £400,000 – one of the largest penalties possible – for sharing its data with marketing agencies without users’ permission.

Company illegally shared 34.4 million records with 39 companies – data brokers including Acxiom, Equifax and Sky – without securing consent from their users.

Source: Parenting club Bounty fined £400,000 for selling users’ data

EU to check for GDPR violations in Microsoft’s contracts with EU institutions

The European Data Protection Supervisor (EDPS), the European Union’s data protection watchdog, has started an investigation into Microsoft’s contracts with EU institutions.

The investigation will focus on the contracts EU institutions have signed with Microsoft and if clauses in these contracts comply with the EU’s new data protection regulation -also known as the General Data Protection Rules (GDPR).

Source: EU to check for GDPR violations in Microsoft’s contracts with EU institutions | ZDNet

Bounty UK fined £400,000 for sharing personal data unlawfully

The Information Commissioner’s Office (ICO) has fined Bounty (UK) Limited £400,000 for illegally sharing personal information belonging to more than 14 million people.

An ICO investigation found that Bounty, a pregnancy and parenting club, collected personal information for the purpose of membership registration through its website and mobile app, merchandise pack claim cards and directly from new mothers at hospital bedsides.

Source: Bounty UK fined £400,000 for sharing personal data unlawfully

ICO: businesses falling short on GDPR accountability

Businesses are falling short of meeting the General Data Protection Regulation’s (GDPR’s) accountability requirements, the UK’s information commissioner has said.

Elizabeth Denham highlighted the issue in a speech at the 2019 Data Protection Practitioners’ Conference on Monday.

Source: ICO: businesses falling short on GDPR accountability

1 2 3 46
>