fbpx

Download free GDPR compliance checklist!

Tag Archives for " compliance "

Apple hit with privacy complaints over iPhone tracking tool

A privacy group Noyb has filed complaints with the German and Spanish data protection authorities under the EU’s Cookie Law against Apple over a tool in iOS 14 that allegedly tracks iPhone user behaviour without consent.

The group claims that Apple’s Identifier for Advertisers (IDFA) activates when a user sets up an iPhone without offering a chance to consent or even notifying them of its existence.

Source: Apple hit with privacy complaints over iPhone tracking tool | IT PRO

Twitter could face its first GDPR penalty within days

European data protection regulators have inched toward an enforcement decision for a Twitter breach that the company publicly disclosed in 2019, after a majority of EU data supervisors agreed to back a draft settlement submitted earlier by Ireland’s Data Protection Commission (DPC).

Twitter disclosed the bug in its ‘Protect your tweets’ feature at the start of last year — saying at the time that some Android users who’d applied its setting to make their tweets non-public may have had their data exposed to the public Internet since as far back as 2014.

Source: Twitter could face its first GDPR penalty within days | TechCrunch

Zoom lied to users about end-to-end encryption for years, FTC says

Zoom has agreed to upgrade its security practices in a tentative settlement with the Federal Trade Commission, which alleges that Zoom lied to users for years by claiming it offered end-to-end encryption.

The FTC complaint says that Zoom claimed it offers end-to-end encryption in its June 2016 and July 2017 HIPAA compliance guides, which were intended for health-care industry users of the video conferencing service. Zoom also claimed it offered end-to-end encryption in a January 2019 white paper, in an April 2017 blog post, and in direct responses to inquiries from customers and potential customers, the complaint said.

Source: Zoom lied to users about end-to-end encryption for years, FTC says | Ars Technica

UK’s ICO faces legal action after closing adtech complaint with nothing to show

The UK’s data watchdog is facing a legal challenge after it took the decision to quietly close a complaint against the adtech industry’s high velocity background trading of personal data.

The original complaint — challenging the adtech industry’s compliance with Europe’s General Data Protection Regulation (GDPR) — was filed to the ICO in September 2018 by Jim Killock, executive director of the Open Rights Group, and Michael Veale, a lecturer in digital rights at the University College London.

Source: UK’s ICO faces legal action after closing adtech complaint with nothing to show for it | TechCrunch

More GDPR applied in the UK than in Italy & France Combined

A report released by BuyShares has revealed that the United Kingdom tops for the imposition of data breach penalties with €132.7 million in the total value of General Data Protection Regulation fines since the legislation was became enforceable on May 25 2018.

It is higher than the combined total of fines sanctioned in Germany and Italy combined. Indeed, the largest five fines for GDPR breaches in the European Union account for 70% of the total fines sanctioned since the data privacy legislation became live in 2018.

Source: More GDPR applied in the UK than in Italy & France Combined – Compliance Junction

NOYB Approved to File Class Actions and Claim Damages in Front of Belgian Courts

On October 29, 2020, the non-governmental organization co-founded by privacy activist Max Schrems, None of Your Business (NOYB), announced it can now file representative actions and claim damages on behalf of consumers for violations of various laws regarding consumer protection (including data protection law) in Belgium.

The Belgian Minister of Employment, Economy and Consumer Affairs approved NOYB as a qualified entity under the collective action scheme set forth in the Belgian Economic Code. This approval comes in anticipation of the implementation of the Collective Redress Directive, which is expected by 2022 and requires each EU Member State to provide for a collective redress mechanism.

Source: NOYB Approved to File Class Actions and Claim Damages in Front of Belgian Courts

Experian vows to drag UK’s Information Commissioner’s Office to court after being told off for data-slurping practices

Experian has been rapped over the knuckles by the UK’s Information Commissioner’s Office (ICO) after it discovered the credit reference agency was trading “millions” of people’s data for marketing purposes.

Instead of issuing a monetary fine, however, the data regulator wrapped up a two-year probe yesterday by merely insisting Experian tweaks its online privacy policies and informs consumers it acquired data about them.

In an aggressive response, Experian chief exec Brian Cassin claimed the ICO enforcement notice against his employer “risks damaging the services that help consumers, thousands of small businesses and charities, particularly as they try to recover from the COVID-19 crisis.”

Source: Experian vows to drag UK’s Information Commissioner’s Office to court after being told off for data-slurping practices • The Register

European Parliament’s COVID website overrun with US web trackers

The European Parliament’s coronavirus test management website is overrun with user tracking requests, some of which are attempting to siphon data to US-based firms at a time in which the future of transatlantic data flows is far from clear.

The website, which is run by EcoCare, a subsidiary of the United Arab Emirates firm Ecolog, requests permission to transfer the personal data of those using the platform – European Parliament staff members – to third party companies.

Those include Google and the US financial services platform Stripe, backed by Silicon Valley investor Peter Thiel, chairman of data analytics firm Palantir. 

Source: EP’s COVID website overrun with US web trackers, MEP raises data concerns – EURACTIV.com

Experian faces GDPR action after ICO finds ‘widespread data protection failings’

The Information Commissioner’s Office (ICO) has ordered credit rating giant Experian to stop profiting from the secretive enriching and processing of people’s personal data or face a massive GDPR fine.

The investigation found the three firms were trading, enriching and enhancing people’s personal data without their knowledge or consent. This resulted in products which were used by third-party commercial organisations to find new customers, identify those who were most likely to be able to afford products, and build individual profiles around people.

UK watchdog gives Experian nine-month ultimatum to change ‘illegal’ business practices or face punishment.

Source: Experian faces GDPR action after ICO finds ‘widespread data protection failings’ | IT PRO

ICO probes complaints following allegations Wagamama used Covid-19 track and trace data to survey customers

Wagamama customers in the UK have allegedly been sent a survey after sharing contact details for Covid-19 contact tracing, The Times reports. The Information Commissioner’s Office (ICO) is now making enquiries after receiving a number of complaints about the restaurant chain.

UK regulations state that hospitality venues including restaurants must ask at least one member of every party of customers to provide their name and contact details or use a QR code. Some customers reportedly received a survey after sharing contact details with Wagamama, despite not granting permission.

Source: ICO probes complaints following allegations Wagamama used Covid-19 track and trace data to survey customers

>