fbpx

Download free GDPR compliance checklist!

Tag Archives for " data subject rights "

WhatsApp facing up to €50M privacy fine

As part of Ireland’s draft findings, the WhatsApp could be fined between €30 million and €50 million for not living up to transparency requirements under Europe’s privacy regime. Company could also be required to change how it handles its users’ data,

The preliminary penalty — the figure is now under consultation with the bloc’s other data protection agencies — would be one of the largest-ever fines under the EU’s General Data Protection Regulation, a set of privacy rules that came into force in 2018.

Source: WhatsApp facing up to €50M privacy fine – POLITICO

UK Case Tests the Territorial Application of the GDPR to U.S. Run Website

The recent UK case of Soriano v Forensic News and Others tested the territorial reach of the General Data Protection Regulation and represents the first UK judgment dealing with the territorial scope of the GDPR. Mr. Soriano argued that because the Forensic News site used cookies for targeted online advertising, it had engaged in monitoring of people in the EU, and thus the GDPR’s territorial scope test was met.

Court held that the use of cookies for behavioral advertising purposes was not “related to” Mr. Soriano’s real complaint. In its judgement, the Court stated that, “the Defendant’s journalistic activities have been advanced not through any deployment of these cookies.” However, he was given permission to serve proceedings outside of the UK in respect of the misuse of private information claim (for the photos only) and the defamation claim.

Source: UK Case Tests the Territorial Application of the GDPR to U.S. Run Website | Privacy & Information Security Law Blog

High Court dismisses claim where DSAR regime abused

The High Court of England and Wales has dismissed a claim against a bank for allegedly failing to provide an adequate response to the Claimant’s data subject access request (DSARs), highlighting the robust approach that the court is willing to take where it suspects the tactical deployment (or abuse) of the DSAR regime.

Individuals and claimant firms are increasingly using DSARs as a means of seeking to obtain information and documentation in support of civil claims and in parallel to or before disclosure obligations under the Civil Procedure Rules bite. Where those requests are repetitive, numerous, and the real purpose is to obtain documents and not data, businesses might reasonably resist civil claims raising similar factual issues.

Source: Data Subject Access Requests – High Court dismisses claim where DSAR regime abused

French food retail giant Carrefour fined €3m for GDPR breaches

The French multinational retailer Carrefour has been fined €3m for multiple data protection failings.

Data protection agency CNIL has fined two companies of the Carrefour Group for breaches of GDPR in several areas, including the obligation to inform individuals, use of cookies, limiting the retention of data, the obligation to facilitate the exercise of rights and failure to respect rights.

Source: French food retail giant Carrefour fined €3m for GDPR breaches

Republicans Introduce Privacy Bill That Would Override State Laws

Four Republican senators have introduced a privacy bill that would override state privacy laws, other than ones requiring notifications of data breaches.

The proposed law would require companies to obtain consumers’ affirmative consent before transferring their “sensitive” information — which the bill defines as including financial account numbers, persistent identifiers, precise geolocation data, and data revealing people’s race, ethnic origin, religion and sexual orientation.

The Setting an American Framework to Ensure Data Access, Transparency, and Accountability Act (SAFE DATA Act) would also require companies to allow consumers to access, edit and delete data about them.

Source: Republicans Introduce Privacy Bill That Would Override State Laws 09/21/2020

A Princess Is Making Google Forget Her Drunken Rant About Killing Muslims

The removal of nearly 200 links from Google search in Germany about a princess’ drunken rampage in Scotland raises questions about who has the ‘right to be forgotten.’

In 2014, German princess Theodora Sayn-Wittgenstein, 27 at the time, attended the University of St Andrews’ charity Oktoberfest, got drunk, assaulted police officers and first responders, and said: “I was doing my nails this morning and wondered how many Muslims I could kill.” Her family, with the help of Google and Europe’s right to be forgotten law, have been trying to make that night disappear.

Source: A Princess Is Making Google Forget Her Drunken Rant About Killing Muslims

The Netherlands DPA imposes EUR 830,000 fine for access request fees

On the 6 th of July 2020, the Dutch Data Protection Authority  published its decision to impose a fine of 830,000 EUR on Stichting Bureau Krediet Registratie (BKR).

BKR keeps an electronic file of the loans and debts people have in the Netherlands, stored in a central database. The fine has been imposed due to the fact that BKR’s procedure for data subjects to obtain access to their personal data was not in line with GDPR.

Source: The Netherlands – DPA imposes EUR 830,00 fine for access request fees

Hungarian Government Suspends GDPR Data Subjects Rights

On May 4, 2020, the Hungarian Government issued a Decree that suspends, during the COVID-19 created state of emergency, the one-month deadline that controllers have under the GDPR to reply to data subject rights requests.

According to the Decree, the normal one-month deadline to reply to data subject rights requests will start running once the state of emergency ends, for which there is no fixed date yet.

The Decree also allows public entities to refuse or suspend freedom of information (“FOIA”) requests in certain situations. The Decree has been heavily criticized by civil society groups and prompted the scrutiny by the European Data Protection Board (“EDPB”).

Source: Hungarian Government Suspends GDPR Data Subjects Rights

Google’s Right-to-Be-Forgotten Fine Toppled by French Court

Google won a battle over the right to be forgotten after France’s top administrative court canceled a fine of 100,000 euros ($111,000) for failing to remove contentious search results globally.

France’s Council of State threw out the 2016 penalty, following guidance from the European Union’s highest court which last year backed the Alphabet Inc. unit by saying it should only scrub search results on European versions of its websites.

Source: Google’s Right-to-Be-Forgotten Fine Toppled by French Court – BNN Bloomberg

Employers accused of abusing EU data privacy rules to hinder trade unions

The EU’s General Data Protection Regulation (GDPR) is being misused by employers across Europe as trade unions are denied access to information required to recruit and organise workers, a new study has found.

The trends highlighted in ETUC’s report bring to light the recent challenges for trade unions to mobilise their networks as a result of workplaces refusing access to employee data under the pretext that it is forbidden by the GDPR. In this vein, the report brings to attention cases in a range of EU member states including Spain, Luxembourg and Belgium.

Source: Employers accused of abusing EU data privacy rules to hinder trade unions – EURACTIV.com

1 2 3 10
>