fbpx

Download free GDPR compliance checklist!

Tag Archives for " compliance "

German DPA investigates WhatsApp Terms of Use

The Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI) has brought proceedings against Facebook Ireland Ltd. which aims to issue an immediately executable order requesting not to collect any data from WhatsApp users to process it for their own purposes.

The case stems for WhatsApp’s new terms of use announced earlier this year. Terms of use contain extensive passages with which the service is granted the right to share user data with other Facebook companies. The HmbBfDI is responsible for Facebook in Germany, as the German branch of Facebook is based in Hamburg.

Source: Dringlichkeitsverfahren gegen Facebook

Google Faces Complaint in France Over Android Advertising Tool

Google’s Android advertising tool is the target of a complaint in France by privacy activist Max Schrems, accusing the tech giant of violating European Union rules by failing to get users’ consent.

Google’s software creates an advertising identifier on people’s phones without their knowledge, Noyb, a group set up by Schrems, said in a statement on Wednesday. The complaint was filed with France’s data protection watchdog CNIL.

Source: Google Faces Complaint in France Over Android Advertising Tool – Bloomberg

Italian DPA fines Fastweb $5.3M under GDPR for aggressive telemarketing

The Italian Data Protection Authority announced a fine of €4.5 million (U.S. $5.3 million) against telecommunications company Fastweb for misusing customer data for telemarketing purposes.

Fastweb was viewed as a repeat offender in Garante’s judgment after being sanctioned under laws other than the GDPR in 2012 and 2018 for similar telemarketing violations. Another aggravating factor listed is the continued presence of the vulnerabilities in the customer database.

Garante has ordered Fastweb to strengthen security measures to prevent unauthorized access to its databases, overhaul its telemarketing practices to include enrolled customers only, and discontinue use of data obtained by third parties that did not first gain user consent.

Source: Italian DPA fines Fastweb $5.3M under GDPR for aggressive telemarketing | Article | Compliance Week

French data watchdog to start checking cookie policy compliance

France’s data protection watchdog CNIL will from 1st April begin conducting checks to ensure websites are in compliance with new guidelines on advertising trackers after the deadline it granted expired.

The new rules mean that user consent for advertising cookies must be granted by a “clear and positive act” such as clicking on an “I accept” button now ubiquitous across European websites. “Simply continuing to browse a site can no longer be considered as a valid expression of the web user’s consent,” the CNIL framework states.

Source: French data watchdog to start checking cookie policy compliance – EURACTIV.com

MEPs rue lack of GDPR sanctions issued by Irish data authority

MEPs have said that “a lack of political will and resources” had resulted in a laggard approach to enforcement of the EU’s general data protection regulation (GDPR), singling out in particular the lack of sanctions dished out by the Irish data protection authority.

To date, the Irish DPC has issued six fines for GDPR breaches. These include three against Tusla, the country’s Child and Family Agency, a €65,000 penalty issued against Cork University Maternity Hospital, a €70,000 fine for University College Dublin, and, in the first fine for a cross-border case, a €450,000 charged levied against Twitter for falling short of data breach notification obligations.

Source: MEPs rue lack of GDPR sanctions issued by Irish data authority – EURACTIV.com

Dutch privacy watchdog fines Booking.com €475K

Hotel booking site Booking.com got hit with a €475,000 fine for being late to report a data breach, the company’s lead EU privacy regulator announced Wednesday.

The fine, imposed by the Dutch data protection authority because the company is legally established in Amsterdam, came after criminals stole the personal data of more than 4,000 Booking.com customers — obtaining the credit card details of nearly 300 victims.

The website received the penalty for missing a 72-hour deadline to report the breach to the regulator, which it did on February 4, 2019 — almost a month after it suffered the breach.

Source: Dutch privacy watchdog fines Booking.com €475K – POLITICO

Bavarian DPA Declares Use E-mail Marketing Service Prohibited without Assessment and Supplementary Measures

The state Data Protection Authority of Bavaria declared the use of U.S. e-mail marketing service Mailchimp by a fashion magazine (acting as controller) in Bavaria impermissible due to non-compliance with Schrems II mitigation steps in relation to the transfer of e-mail addresses to Mailchimp in the U.S.

Mailchimp provided e-mail newsletter services to the controller, which had used Mailchimp’s e-mail marketing service only twice, to send newsletters to customers. Controller relied on EU Standard Contractual Clauses for the transfer of e-mail addresses from Germany to the U.S., in order to make use of e-mail marketing services directed to German customers by Mailchimp on its behalf.

The Bavarian DPA took the position that as an e-mail marketing service, “there are at least indications” that Mailchimp could qualify as an “electronic communication service provider” under U.S. surveillance law (i.e., FISA 702) and, therefore, “the transfer could only be permissible by taking supplementary measures, if suitable.” In the Bavarian DPA’s view, the controller had failed to assess the risk and implement supplementary measures for the transfer of EU personal data to Mailchimp in the U.S.

Source: Bavarian DPA Declares Transfers to E-mail Marketing Service Prohibited Due to Lack of Controller’s Assessment and Supplementary Measures

French data protection watchdog casts doubt on Apple’s privacy compliance

Apple has put privacy at the heart of its sales pitch to users, but an internal document from France’s data regulator suggests the iPhone maker’s own targeted advertising practices may be problematic.

According to the 13-page confidential note seen by POLITICO, France’s CNIL data protection authority cast doubt on Apple’s compliance with EU privacy rules. Last week, the country’s competition authority ruled in Apple’s favor in a case over its new anti-tracking tool.

“Apple’s advertising processing requires consent when it involves reading or writing data on the user’s device,” the CNIL wrote. “Apple’s practices suggest a lack of consent collection.”

Source: French data protection watchdog casts doubt on Apple’s privacy compliance – POLITICO

EU Data Privacy Watchdogs Urged to Sort Out ‘Public Squabbles’

European Union privacy regulators must sort out their “public squabbles” over the enforcement of the bloc’s data-protection rules or its executive body may consider moving to a more centralized model to target violations.

Tensions have been building for months among national data protection watchdogs over the amount of time their Irish colleagues are taking to complete probes on big U.S. tech companies, including Facebook Inc. and Apple Inc.

Jourova’s comments follow a spat that erupted last week between the Irish watchdog and a European Parliament committee that’s been working on draft resolutions targeting data protection commissioner Helen Dixon’s office for not acting fast enough.

Source: EU Data Privacy Watchdogs Urged to Sort Out ‘Public Squabbles’ – Bloomberg

Google Will Not Run FLoC Origin Tests In Europe Due To GDPR Concerns

Google will not make FLoC-based cohorts available for testing in countries where GDPR and the ePrivacy Directive are in effect. At least for now.

During a meeting of the Improving Web Advertising Business Group (IWABG) at the World Wide Web Consortium on Tuesday, Michael Kleber, a Google engineer, acknowledged that FLoCs might not be compatible with European privacy law.

Specifically, Google will not proceed with FLoC testing in Europe due to concerns over which entity will serve as the data controller and which will serve as the data processor in the creation of cohorts.

Source: Google Will Not Run FLoC Origin Tests In Europe Due To GDPR Concerns (At Least For Now) | AdExchanger

1 2 3 73
>