fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " compliance "

Irish privacy watchdog may launch another Google investigation

Google may have to face further investigations by the Irish Data Protection Commission after reports of contractors being able to hear users’ audio footage submitted to the tech firm’s digital assistant.

The prospective measures follow a data breach notification sent to the Irish data watchdog last week. The news of the Irish DPC’s prospective investigation comes two months after Google revealed upgraded privacy and data protection features at the firm’s annual developer conference.

Source: Irish privacy watchdog may launch another Google investigation

A few practical tips for managing subject access requests

Subject access requests are the bane of many an in-house privacy professional’s life.

It may seem curious that, on the one hand, we take seriously as privacy professionals our responsibility to uphold data subjects rights while, on the other, the exercise of one of the most fundamental of these rights – that of access to data – will typically cause even the most dedicated of privacy professionals to elicit a small whimper.

Full article: A few practical tips for managing subject access requests

ICO intends to fine Marriott International, Inc more than £99m for data breach

Marriott International has received a notification from the Information Commissioner’s Office (ICO) of its intention to fine the company £99,200,396.

In November 2018, Marriott had disclosed that their Starwood reservation database had been compromised between 2014 and 2018. The breach resulted in approximately 339 million guest records globally being exposed.

Source: ICO intends to fine Marriott International, Inc more than £99m for data breach

ICO intends to fine British Airways £183m for data breach

British Airways could face a fine of £183 million as a result of a data breach that was disclosed by the airline on 6 th September 2018.

The carrier said that it had received notification from the Information Commissioner’s Office (ICO) of the regulator’s intention to issue BA with the record-breaking fine after customer data was stolen from the company’s website.

Source: ICO intends to fine British Airways £183m for data breach

Romanian DPA fines UniCredit €130,000 for data protection by design failures

The National Supervisory Authority for Personal Data Processing (‘ANSPDCP’) announced, on 4 July 2019, that it had fined UniCredit Bank S.A. €130,000 for breach of Article 25(1) of the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’) relating to the principles of data protection by design and by default.

The ANSPDCP found that failure to implement appropriate technical and organisational measures designed to effectively implement data protection principles and integrate necessary safeguards in the processing of data led to the disclosure of data concerning 300,000 data subjects during the period of 25 May 2018 to 10 December 2018

Source: Romania: ANSPDCP fines UniCredit €130,000 for data protection by design failures

Duch privacy watchdog warns banks not to use payments for marketing

On Wednesday Duch data protection authority – Autoriteit Persoonsgegevens –  announced that banks should not offer their customers products on the basis of their confidential spending patterns. It added that all banks ‘should therefore take a good look at their policies around direct marketing.’

It its letter, it warns that certain transactions are considered particularly sensitive in terms of privacy law, such as payments to ‘hospitals, pharmacies, casinos, sex clubs….religious groups [and political parties]’ and that bank clients have an expectation of privacy.

Source: Look away: privacy watchdog warns banks not to use payments for marketing – DutchNews.nl – Live

EU regulator launches third Apple investigation

The principle regulator for Apple in Europe, the Irish Data Protection Commission, has begun a third investigation into data privacy standards at the tech giant.

Speaking this week, a spokesperson for the Irish DPC confirmed that Apple’s compliancy with the EU’s General Data Protection Regulation (GDPR) will go under examination for the third time in the last month.

Source: EU regulator launches third Apple investigation

Cookie consent – What “good” compliance looks like according to the ICO

On 3 July 2019, the UK data protection authority (the ICO) updated its guidance on the rules that apply to the use of cookies and other similar technologies.

The ICO has also changed the cookie control mechanism on its own website to mirror the changes in the new guidance.

Full article: Cookie consent – What “good” compliance looks like according to the ICO

French lawsuit accuses Google of violating EU privacy rules

A leading French consumer group has filed a class-action lawsuit accusing Google of violating the European Union’s landmark 2018 privacy rules.

In its filing Wednesday, the UFC Que Choisir group is seeking 1,000 euros in damages for each one of the 200 Google users involved so far. It’s among the first cases challenging tech giants over their application of the EU’s new rules, known as the General Data Protection Regulation or GDPR.

Source: French lawsuit accuses Google of violating EU privacy rules | WWMT

FTC Takes Action Against Companies Misrepresenting Compliance with the EU-U.S. Privacy Shield 

The Federal Trade Commission announced that it has taken action against a number of companies that allegedly misrepresented their compliance with the EU-U.S., as well as Swiss-U.S. Privacy Shield frameworks and other international privacy agreements.

FTC and SecurTest, Inc. reached a settlement agreement over allegations that SecurTest falsely claimed to participate in the Privacy Shield. The FTC also reported that it sent warning letters to 13 companies for claiming to participate in the U.S.-EU and U.S.-Swiss Safe Harbor frameworks and to two companies for falsely claiming to participate in the Asia-Pacific Economic Cooperation Cross-Border Privacy Rules system.

Source: FTC Takes Action Against Companies Misrepresenting Compliance with the EU-U.S. Privacy Shield and Other International Privacy Agreements

>