fbpx

Download free GDPR compliance checklist!

Tag Archives for " compliance "

How long should it take to risk-score a privacy incident?

If you’ve been in the privacy world for any amount of time, you recognize there has been a marked increase in the speed at which our world operates.

New threats to our data are introduced every day. With the expanding scope of what constitutes protected and sensitive data, the number of privacy cases we must manage at any given time is increasing. Privacy professionals are being asked to do more and faster than ever.

Full article: How long should it take to risk-score a privacy incident?

YouTube Said to Be Fined Up to $200 Million for Children’s Privacy Violations

The Federal Trade Commission has voted to fine Google $150 million to $200 million to settle accusations that its YouTube subsidiary illegally collected personal information about children, according to three people briefed on the matter.

The case could have significant repercussions for other popular platforms used by young children in the United States.

The settlement would be the largest civil penalty ever obtained by the F.T.C. in a children’s privacy case. It dwarfs the previous record fine of $5.7 million for children’s privacy violations the agency levied this year against the owners of TikTok, a social video-sharing app.

Source: YouTube Said to Be Fined Up to $200 Million for Children’s Privacy Violations – The New York Times

NRA fined with BGN 5.1 million for personal data leakage

Bulgarian data protection authority announced that it had completed its investigation into the NRA over a breach of personal data security affecting over 5 million Bulgarian citizens.

The fine of the National Revenue Agency for the leakage of personal data of millions of Bulgarians amounts to BGN 5.1 million.

Source: BGN 5.1 million is the NRA’s fine for personal data leakage – News from Economic.bg

How to interpret Sweden’s first GDPR fine on facial recognition in school

The school used facial-recognition software via camera to capture and register 22 students’ participation in class. The school board claimed that automizing taking the class register would save 17,280 hours of work each year at the school.

However, neither a risk assessment nor prior consultation with the Swedish DPA was executed. August 20, the Swedish DPA fined the school SEK 200,000, its first fine under the EU General Data Protection Regulation, and issued a warning against further processing.

Full article: How to interpret Sweden’s first GDPR fine on facial recognition in school

Data Scraping – Considering the Privacy Issues

Data scraping is a general term that describes a plethora of Internet-based data retrieval methodologies, used without the permission of the data owner.

Often, businesses think to capture as much data as possible on the off chance the data serves a future use or purpose. This, however, carries the risk that it may go against some of the GDPR’s key principles, purpose limitation and data minimisation.

Full article: Data Scraping – Considering the Privacy Issues

IAB Europe issues updated GDPR-compliancy protocol

IAB Europe and the IAB Tech Lab have released the second iteration of the Transparency and Consent Framework (TCF), a guide to help digital advertisers comply with the market’s General Data Protection Regulation (GDPR).

The policy updates come after the groups put version 2.0 of the standard up for public comment in April, accepting submissions for 30 days. A steering group of 10 national IAB chapters and 55 companies drafted the current version of the policy.

Source: IAB Europe issues updated GDPR-compliancy protocol | The Drum

Anonymisation does not work for big data

Recently, well-publicised research by data scientists at Imperial College in London and Université Catholique de Louvain in Belgium as well as a ruling by Judge Michal Agmon-Gonen of the Tel Aviv District Court have highlighted the shortcomings of outdated data protection techniques like “Anonymisation” in today’s big data world.

Anonymisation reflects an outdated approach to data protection developed when the processing of data was limited to isolated (siloed) applications prior to the popularity of “big data” processing that involves widespread sharing and combining of data.

Source: Anonymisation does not work for big data due to lack of protection for direct & indirect identifiers and easy re-identification vs pseudonymisation

Facial recognition in school renders Sweden’s first GDPR fine

The Swedish DPA has fined a municipality 200 000 SEK (approximately 20 000 euros) for using facial recognition technology to monitor the attendance of students in school.

A school in northern Sweden has conducted a pilot using facial recognition to keep track of students’ attendance in school.

Source: Facial recognition in school renders Sweden’s first GDPR fine

Joint statement on global privacy expectations of the Libra network

On August 8, representatives of the global community of data protection and privacy enforcement authorities issued a joint statement on global privacy expectations of the Libra network.

Data protection authorities may individually follow up with Libra with more specific questions as the proposals and service offering develops.

Source: Joint statement on global privacy expectations of the Libra network | European Data Protection Supervisor

PwC fined 150,000 euros for infringements of the GDPR

The Hellenic Data Protection Authority, in response to a complaint, conducted an ex officio investigation of the lawfulness of the processing of personal data of the employees of the company ‘PriceWaterhouseCoopers Business Solutions SA’ (PwC).

According to the complaint, employees were required to give consent to the processing of their personal data. Hellenic DPA’s fined PwC €150,000 for selection and application of inappropriate legal basis and violation of the principle of accountability.

Source: Company fined 150,000 euros for infringements of the GDPR

>