fbpx

Download free GDPR compliance checklist!

Tag Archives for " compliance "

UK data watchdog having a hard time making GDPR fines stick

British Airways expects the fine for its 2018 credit card data leak to be just 10.8 per cent of the £183m proposed by the UK data watchdog – while US hotel chain Marriott has both halved and kicked its own data blunder punishment into the long grass once again.

Mishcon’s Baines pondered whether the amount of ICO effort devoted to the two cases had disrupted its other data protection enforcement work: “One wonders if the effect of the BA and Marriott investigations has also been to cause work on other enforcement action to be paused, or at least delayed,” he mused, referring to boasts from Information Commissioner Elizabeth Denham last year that she was about to announce more big GDPR fines.

Source: UK data watchdog having a hard time making GDPR fines stick: Marriott scores another extension, BA prepares to pay 11% of £183m penalty threat • The Register

The countdown is on for TikTok after Schrems II

Given the US’ threatened actions against TikTok and the outcome of Schrems II, it is clear that the spotlight is now firmly on international data transfers.

That European ruling, referred to in the media as Schrems II, dealt a ‘deathblow’ to transfers of personal data to the US pursuant to the Privacy Shield mechanism. However, the ruling went much further, sending General Data Protection Regulation (GDPR) shockwaves across all international personal data transfers from within the EU, whether to the US, China, India or elsewhere.

However, the comments from the US over the past weekend about TikTok suggest that the US is now also potentially looking at a more US-centric approach to data retention and access.

Source: The countdown is on for TikTok after Schrems II

No grace period after Schrems II Privacy Shield ruling, warn EU data watchdogs

European data watchdogs have issued updated guidance in the wake of last week’s landmark ruling striking down a flagship transatlantic data transfer mechanism called Privacy Shield.

In an FAQ on the Schrems II judgement, the European Data Protection Board (EDPB) warns there will be no regulatory grace period.

Source: No grace period after Schrems II Privacy Shield ruling, warn EU data watchdogs | TechCrunch

South Korean regulator fines TikTok over mishandling child data

The Korea Communications Commission (KCC), the country’s telecommunications watchdog, said it has fined the company 186 million won — around $155,000 — for failing to protect users’ private data.

The Korea Communications Commission said the Chinese company collected the data of children without consent from their legal guardians.

Source: South Korean regulator fines TikTok over mishandling child data | ZDNet

Facial recognition developed by Clearview AI likely illegal in Europe

The European Data Protection Board warned that Clearview AI’s technology is likely to be illegal in Europe.

Clearview AI’s software allows organizations to match pictures of people’s faces to a database containing more than 3 billion images that have been taken from social media platforms and other websites.

Source: Facial recognition developed by Clearview AI likely illegal in Europe

More than half of organisations subject to GDPR collect more data than the regulation permits

A Data Risk and Security report released by the security software company Netwrix has revealed that companies are failing to follow GDPR and security best practices.

The survey of just over a thousand respondents revealed that security professionals are often bypassing many of the six stages of the data lifecycle. While security issues are mitigated at some stages, many important stages are being overlooked, resulting in vulnerable systems.

Source: More than half of organisations subject to GDPR collect more data than the regulation permits, a study has found

Tech companies to pay $100,000 for collecting data on kids without parental consent

Attorney General Bob Ferguson announced that California-based technology company Super Basic LLC and its parent company Maple Media LLC will pay $100,000 to resolve an investigation by the Attorney General’s Office.

Ferguson’s investigation found the companies’ social media platform, “We Heart It,” allowed children to create accounts, collected their personal information and allowed third-party advertisers to collect data from them, all without legally required parental consent.

Source: AG Ferguson: Tech companies to pay $100,000 for violating Children’s Online Privacy Protection Act by collecting data on kids without parental consent | Washington State

The CNIL Can’t Legally Forbid Cookie Walls Under GDPR

France’s highest administrative court has ruled that the country’s data protection authority, the CNIL, does not have the right to ban cookie walls.

The Conseil d’État, a division of the French government that serves as its supreme court of administrative justice, issued a ruling on Friday in response to litigation initiated last year by French trade organizations.

Source: The CNIL Can’t Legally Forbid Cookie Walls Under GDPR | AdExchanger

The EU’s Plans to Build a Wall Around GDPR-Protected Data

An ambitious German- and French-lead European Union (EU) initiative could wrestle tighter management, and eventually, control of data from commercial cloud providers.

The project, dubbed as “Gaia-X,” is also intended to offer firewall-like protection for data sources from the EU. The initiative could have repercussions on how DevOps teams from outside of the EU manage data from European users, as well as from operations they might have that are physically based in EU member states.

Source: The EU’s Plans to Build a Wall Around GDPR-Protected Data – DevOps.com

EU fires warning shot to UK over post-Brexit US data-sharing

Safeguards outlined in a preliminary data-sharing agreement struck between the UK and US last year may not be sufficient, the EU’s data protection watchdog has declared.

The UK entered into an agreement with the US in October 2019 to reduce the barriers to data-sharing to better equip law enforcement agencies to fight crime. However, terms of this agreement may undermine the UK’s hopes of achieving a data adequacy decision with the EU once the Brexit transition period ends on 31 December.

The European Data Protection Board (EDPB), which oversees the application of GDPR consistently across EU member states, has cast doubt over whether safeguards outlined in the agreement are compatible with existing data protection laws.  Without an adequacy decision, free data flows between the EU and the UK would be disrupted, with data unable to flow from European countries to the UK.

Source: EU fires warning shot to UK over post-Brexit US data-sharing | IT PRO

1 2 3 63
>