fbpx

Download free GDPR compliance checklist!

Tag Archives for " consent "

South Korean regulator fines TikTok over mishandling child data

The Korea Communications Commission (KCC), the country’s telecommunications watchdog, said it has fined the company 186 million won — around $155,000 — for failing to protect users’ private data.

The Korea Communications Commission said the Chinese company collected the data of children without consent from their legal guardians.

Source: South Korean regulator fines TikTok over mishandling child data | ZDNet

No cookie consent walls — and no, scrolling isn’t consent, says EU data protection body

On 4 May, the European Data Protection Board (“EDPB”) adopted an updated version of its guidelines on consent.

EDPB stated that you can’t make access to your website’s content dependent on a visitor agreeing that you can process their data — aka a ‘consent cookie wall’. EDPB also stated that scrolling on a website or digital service can not — in any way — be interpreted as consent.

Source: No cookie consent walls — and no, scrolling isn’t consent, says EU data protection body | TechCrunch

France issues first legal decision on facial recognition

The Administrative Court (TA) of Marseille has made its decision regarding the use of facial recognition technology at two French high schools.

In a hearing before the TA, with La Quadrature du Net, The Human Rights League, the FCPE and CGT Educ’Action des Alpes Maritimes, the installation of a facial recognition system at the entrance of two French high schools were discussed.

TA ruled against the installation of the technology, stating that its deployment violated the EU General Data Protection Regulation (GDPR), as students were not able to provide consent “to the collection of personal data in a free and informed manner.”

Additionally, the court ruled that the technology was a disproportionate measure to manage the high school, especially with other alternative measures being available and less detrimental to students’ rights.

Source: #Privacy: France issues first legal decision on facial recognition

German court sides with consumer groups against Facebook data collection

Facebook has suffered a blow against its data collection practices in Europe, with a German court ruling some of the social media giant’s user terms.

Last week a Berlin Court ruled in favour of the Federation of German Consumer Organisations, known locally as VZBV, in its case against Facebook. VZBZ alleged the tech giant is violating GDPR’s “informed consent” requirements with its privacy settings and some of its terms and conditions.

Source: German court sides with consumer groups against Facebook data collection – Which-50

Cookie consent tools are being used to undermine EU privacy rules

Most cookie consent pop-ups served to internet users in the European Union — ostensibly seeking permission to track people’s web activity — are likely to be flouting regional privacy laws, a new study by researchers at MIT, UCL and Aarhus University suggests.

“The results of our empirical survey of CMPs [consent management platforms] today illustrates the extent to which illegal practices prevail, with vendors of CMPs turning a blind eye to — or worse, incentivising — clearly illegal configurations of their systems,” the researchers argue, adding that: “Enforcement in this area is sorely lacking.”

Full article: Cookie consent tools are being used to undermine EU privacy rules, study suggests | TechCrunch

German court decides that GDPR consent can be tied to receiving advertising

On June 27, 2019, the High Court of Frankfurt decided that a consent for data processing tied to a consent for receiving advertising can be considered as freely given under the GDPR.

The claimant’s consent had been obtained in connection with his participation in a sweepstakes contest. The court decided that bundling consent for advertising with the participation in a sweepstakes contest does not prevent it from being “freely given”. According to the court, “freely given” consent is a consent that is given without “coercion” or “pressure”.

Source: Participation in a raffle of consent to future e-mail advertising

Fingerprint case highlights importance of biometric policies and consent

An unfair dismissal case has highlighted the need for companies to update policies and procedures and to obtain full consent before using biometric data in the workplace.

The Fair Work Commission in Australia found that Superior Wood employee’s dismissal for refusing to use a fingerprint scanner was unfair because the company did not have a privacy policy in place; it didn’t obtain consent before collecting sensitive information, and it failed to issue a privacy collection notice.

Full article: Fingerprint case highlights importance of biometric policies and consent

Dutch DPA Issues Opinion on Use of Cookie Walls

Recently, the Dutch Data protection Authority has taken the position that the use of so-called “cookie walls,” whereby website access is made conditional upon the provision of consent to tracking cookies, is not compliant with the EU General Data Protection Regulation (GDPR).

According to the Dutch SA, use of online tracking technology is one of the most invasive data processing activities considering that virtually everyone is active on the internet and therefore potentially subject to online tracking. It is therefore key to obtain valid consent from website users before engaging in any tracking activity. nd such consent shall meet GDPR requirements.

Source: Dutch Supervisory Authority Opines on Use of Cookie Walls

Denmark Data Protection Auth. on GDPR & Voice Recordings

The Denmark Data Protection Authority (DPA) ruled on April 11, 2019, that affirmative consent is required when companies record customer telephone calls.

In this case company provided disclosures to its customers that calls may be recorded for training purposes, but did not offered a mechanism for customers to opt-in or opt-out of the recording. DPA rejected the company’s arguments that its recording practices served a legitimate interest, such as the improvement of its customer service, and concluded that the company’s telephone recording practices violated the GDPR.

Source: Denmark Data Protection Auth. on GDPR & Voice Recordings

Facebook Custom Audience illegal without explicit user consent, Bavarian Data Protection Authority rules

Online shops and marketers routinely share customer data with Facebook to reach them with targeted advertising.

Turns out: in many cases this is illegal. A ground-breaking decision by a German Data Protection Authority recently ruled that matching customers’ email addresses with their Facebook accounts requires their explicit consent.

Source: Facebook Custom Audience illegal without explicit user consent, Bavarian Data Protection Authority rules – netzpolitik.org

1 2 3 8
>