fbpx

Download free GDPR compliance checklist!

Tag Archives for " compliance "

Law enforcement is using location tracking on mobile devices to identify suspects, but is it unconstitutional?

As the use of geofence warrants has grown, so have controversies surrounding them. Defense attorneys argue they’re unconstitutional, and prosecutors say their use is a valid and valuable crime-solving technique. Litigation questioning the constitutionality of geofence warrants is now surfacing.

Privacy and civil rights advocates also say the geographic scope of these warrants gives police information about people in private locales, such as their homes or doctors’ offices. But prosecutors say these warrants help authorities catch criminals.

Full article: Law enforcement is using location tracking on mobile devices to identify suspects, but is it unconstitutional?

Homeland Security Watchdog to Probe Department’s Use of Phone Location Data

The Department of Homeland Security’s internal watchdog said it would open an investigation into the use of mobile-phone surveillance technologies to track Americans without a warrant.

The department’s inspector general told five Democratic senators that his office would initiate an audit “to determine if the Department of Homeland Security (DHS) and its components have developed, updated, and adhered to policies related to cell-phone surveillance devices,” according to a letter sent last week to Capitol Hill and shared with The Wall Street Journal.

Source: Homeland Security Watchdog to Probe Department’s Use of Phone Location Data – WSJ

GDPR enforcement must level up to catch big tech, report warns

A new report by European consumer protection umbrella group Beuc, reflecting on the barriers to effective cross-border enforcement of the EU’s flagship data protection framework, makes awkward reading for the regional lawmakers and regulators as they seek to shape the next decades of digital oversight across the bloc.

Beuc’s report — which it’s called “The long and winding road: Two years of the GDPR: A cross-border data protection case from a consumer perspective” — details the procedural obstacles its member organizations have faced in seeking to obtain a decision related to the original complaints, which were filed with a variety of DPAs around the EU.

Source: GDPR enforcement must level up to catch big tech, report warns | TechCrunch

Activists Call for Scrutiny of Palantir Over Partnerships With EU Law Enforcement Agencies

SOMI, a Dutch privacy group, is calling for a large-scale investigation into the partnerships that data analytics company Palantir Technologies has with a number of law enforcement and intelligence agencies throughout the European Union.

SOMI contends that the firm could be participating in both knowing and unknowing privacy violations based on its associations with agencies that are making use of “predictive policing” technologies.

Source: Dutch Group Calls for Scrutiny of Palantir Over Opaque Partnerships With EU Law Enforcement Agencies, Possible Privacy Violations – CPO Magazine

French food retail giant Carrefour fined €3m for GDPR breaches

The French multinational retailer Carrefour has been fined €3m for multiple data protection failings.

Data protection agency CNIL has fined two companies of the Carrefour Group for breaches of GDPR in several areas, including the obligation to inform individuals, use of cookies, limiting the retention of data, the obligation to facilitate the exercise of rights and failure to respect rights.

Source: French food retail giant Carrefour fined €3m for GDPR breaches

European recommendations following Schrems II Privacy Shield ruling cast doubt on cloud encryption practices

The European Data Protection Board (EDPB) has issued guidance that calls into question recommendations to cloud services providers in responding to the Schrems II ruling, which struck down the Privacy Shield arrangement for moving data from the EU to the US.

The EDPB, which is responsible for European data protection law, said encryption could safeguard against contravening the ruling, but only when keys remain within the EU or trusted third countries.

Full article: European recommendations following Schrems II Privacy Shield ruling cast doubt on cloud encryption practices • The Register

WhatsApp Ireland sets aside €77.5m for possible data compliance fines

The Irish arm of messaging platform WhatsApp recorded an €11.2 million loss last year after setting aside €77.5 million to cover possible fees linked to an investigation undertaken by the Irish Data Protection Commissioner.

The Data Protection Commission investigation into WhatsApp examined its compliance with Articles 12 to 14 of the General Data Protection Regulation (GDPR) in relation to transparency around what information is shared with Facebook.

Source: WhatsApp Ireland sets aside €77.5m for possible data compliance fines

Vodafone fined over 12 million Euro by Italian DPA for aggressive telemarketing practices

The Italian data protection supervisory authority (Garante per la protezione dei dati personali) ordered Vodafone to pay a fine in excess of Euro 12,250,000 on account of having unlawfully processed the personal data of millions of users for telemarketing purposes.

As well as having to pay the fine, the company is required to implement several measures set out by the Garante in order to comply with national and EU data protection legislation.

Investigations revealed the use of fake telephone numbers or numbers that were not registered with the ROC (i.e. the National Consolidated Registry of Communication Operators) in order to place the marketing calls. This practice is under Vodafone’s own spotlight and is seemingly related to a shady set of unauthorised call centres that carry out telemarketing activities in utter disregard of personal data protection legislation.

Additional violations could be established as for the handling of contact lists purchased from external providers.

Source: Aggressive telemarketing practices: Vodafone fined over 12 million Euro by Italian DPA

How the NYPD gets people’s personal data with no oversight

The NYPD has used tens of thousands of questionable subpoenas over the last decade to intimidate private companies into handing over the personal information of cops and civilians alike — all with no oversight from the city or the courts.

While most of the subpoenas are believed to target cops, some have also gone after journalists in an attempt to uncover their sources — and the four orders obtained by The Post reveal they can be sweeping in nature, potentially creating a trove of personal data on cops and those in their orbit.

Source: How the NYPD gets people’s personal data with no oversight

German Court Slashes a GDPR Privacy Fine by 90%

A German appeals court has slashed by 90% a General Data Protection Regulation fine levied by the nation’s federal privacy watchdog against 1&1 Telecom over call center data protection shortcomings.

In December 2019, Germany’s Federal Commissioner for Data Protection and Freedom of Information, or BfDI, announced a fine of 9.6 million euros ($11.3 million) – at the time, the second-largest privacy fine ever announced in Germany – against 1&1 Telecom.

Source: German Court Slashes a GDPR Privacy Fine by 90%

>