fbpx

Download free GDPR compliance checklist!

Tag Archives for " compliance "

German DPA fines company 10.4 million euros for monitoring employees without legal basis

The State Commissioner for Data Protection (LfD) Lower Saxony has imposed a fine of 10.4 million euros on notebooksbilliger.de AG. The company had video-monitored its employees for at least two years without any legal basis.

The illegal cameras recorded workplaces, sales rooms, warehouses and common areas, among other things. The company claimed that the aim of the installed video cameras was to prevent and investigate criminal offenses and to track the flow of goods in the warehouses. In order to prevent theft, a company must first examine milder means (e.g. random bag checks when leaving the business premises). Video surveillance to uncover criminal offenses is also only lawful if there is justified suspicion against specific persons.

Source: LfD Niedersachsen imposes a fine of 10.4 million euros on notebooksbilliger.de | The State Commissioner for Data Protection Lower Saxony

Turkey investigates WhatsApp and Facebook over data privacy update

Turkey’s competition authority has opened an investigation into WhatsApp over a new update that requires users to share more data with its parent company, Facebook.

The popular messaging platform has been widely criticised for asking its users to agree to the new terms or lose access to their accounts from February 8.

The Head of Turkey’s Digital Transformation Office, Ali Taha Koc, said that foreign applications pose serious security risks.

Source: Turkey investigates WhatsApp and Facebook over data privacy update | Euronews

Italian Privacy Watchdog Initiates Proceedings Against TikTok

The investigations the Italian DPA had started in March this year did highlight data processing activities that would appear to fall short of the new legal framework applying to personal data protection.

The violations notified by the Italian DPA to TikTok include, first and foremost, the signup mechanisms that do not protect children adequately. TikTok’s signup ban for children under 13 is actually easy to circumvent by entering a false birth date. Thus, TikTok does not prevent kids from registering nor does it check that Italian privacy legislation is complied with – indeed, in Italy registration of a child under 14 with a social network requires the consent to be authorized by parents or the holders of parental authority.

Source: Tik Tok, children’s privacy at risk: the Guarantor starts the procedure … – Privacy Guarantor

Facebook and Instagram disable features in Europe

The company says some of its messaging features may need to be adapted to comply with EU rules.

From 21 December, messaging apps will fall under EU rules known as the ePrivacy directive.

There’s nothing in the ePrivacy directive that bans the use of fun stickers or polls in messaging apps, so Facebook’s move to disable them is a bit puzzling.

Source: Facebook and Instagram disable features in Europe – BBC News

UK police unlawfully processing over a million people’s data on Microsoft 365

The roll-out of Microsoft 365 to dozens of UK police forces may be unlawful, because many have failed to conduct data protection checks before deployment and hold no information on their contracts.

Police forces across the UK stand accused of unlawfully processing people’s personal data within the Microsoft 365 cloud productivity platform, after failing to carry out the required data protection checks before deploying the technology.

Source: UK police unlawfully processing over a million people’s data on Microsoft 365

Uber defends sexual assault victims’ privacy, gets fined $59 million

The California Public Utility Commission has slapped Uber with a $59 million fine for refusing to hand over detailed records about more than 1,200 alleged sexual assaults involving Uber drivers in California between 2017 and 2019.

Uber objected, noting that most of the victims had not consented to have their identities or stories shared with third parties. Even if the records were kept confidential, Uber argued, a CPUC investigation of these cases could force victims to revisit one of the most traumatic moments in their lives.

Source: Uber defends sexual assault victims’ privacy, gets fined $59 million | Ars Technica

Facebook to move UK users to California terms, avoiding EU privacy rules

Facebook Inc will shift all its users in the United Kingdom into user agreements with the corporate headquarters in California, moving them out of their current relationship with Facebook’s Irish unit and out of reach of Europe’s privacy laws.

The change takes effect next year and follows a similar move announced in February by Google. Those companies and others have European head offices in Dublin, and the UK’s exit from the EU will change its legal relationship with Ireland, which remains in the Union.

Source: Exclusive: Facebook to move UK users to California terms, avoiding EU privacy rules | Reuters

Belgian DPA to Take Down Websites Infringing GDPR

Belgian Data Protection Authority signed a cooperation agreement with DNS Belgium. The purpose of the cooperation agreement is to allow DNS Belgium to suspend “.be” websites that are linked to infringements of the GDPR.

The “Notice and Action” procedure is only available for infringements that cause very serious harm and are committed by natural or legal persons who deliberately infringe the law or who continue data processing activity despite a prior order by the Investigation Service or the Litigation Chamber of the Belgian DPA to suspend, limit, freeze (temporarily) or end the processing activity.

Source: Belgian DPA to Take Down Websites Infringing GDPR | Privacy & Information Security Law Blog

EU-US data transfer clarity may take several months, warns head of EDPS

European Data Protection Supervisor (EDPS) Wojciech Wiewiorowski says he does not expect a new solution to the Privacy Shield problem for several months, as the Biden administration grapples with other priority issues.

The head of the EDPS told Reuters said he is doubtful that EU businesses will receive clarity in the coming weeks and months over the uncertainty around EU-US data transfers.

Source: EU-US data transfer clarity may take several months, warns head of EDPB

Swedish court rejects Google’s appeal in RTBF case

The Swedish Administrative Court of Stockholm confirmed Google violated the EU General Data Protection Regulation in several instances and rejected Google’s motion that Sweden’s data protection authority’s, Datainspektionen, decisions repealed due to formal deficiencies.

The court upheld the fine of SEK 50 million, while the court lowered the fine for one violation from SEK 25 million to 2 million. The fine was lowered because one complaint was partly dismissed and one instance was not considered a violation (since Google adhered to the injunction without undue delay).

Source: Swedish court rejects Google’s appeal in RTBF case

1 2 3 69
>