fbpx

Download free GDPR compliance checklist!

Tag Archives for " DPA "

Watchdog approves use of UK phone data to help fight coronavirus

The UK’s privacy watchdog has said the government can legally use personal data from people’s mobile phones to track and monitor behaviour if it helps fight the spread of coronavirus.

It emerged last week that the government was in talks with UK mobile phone companies to potentially use anonymous location and usage data to create movement maps, with a 12- to 24-hour delay, to discover whether the public are abiding by lockdown rules.

Source: Watchdog approves use of UK phone data to help fight coronavirus | World news | The Guardian

Brussels Court of Appeal overrules first DPA fine to a private company

On Feb. 19, the Brussels Court of Appeal overruled one of the first decisions of the Belgian Data Protection Authority in a case involving the use of an electronic ID to get a loyalty card.

The Brussels Court of Appeal held that the customer did not give her identity card and, consequently, there was no processing of her data. Therefore, according to the court, the DPA did not demonstrate an actual personal data breach.

The court still underlined there was no prejudice for a customer because they could not get a loyalty card and therefore get a discount. There is no prejudice when one possible extra benefit is lost. It would have been different if the reading of the electronic ID was required to exercise a legal or contractual right.

Source: Brussels Court of Appeal overrules first DPA fine to a private company

CNIL Unveils 2020 Inspection Strategy and Announces Cookie Investigations

On March 12, 2020, the French Data Protection Authority (the “CNIL”) released its annual inspection strategy for 2020.

The CNIL carries out approximately 300 inspections every year. These inspections are initiated (1) following complaints lodged with the CNIL; (2) in light of current topics in the news; (3) after the CNIL has adopted corrective measures ( e.g. , formal notices, sanctions) in order to verify whether the organization in question adopted the measures or remedied the situation; and (4) as part of the CNIL’s annual inspection strategy.

Source: CNIL Unveils 2020 Inspection Strategy and Announces Cookie Investigations

Croatian DPA issues credit institution 20m GDPR fine

The Croatian data protection authority (AZOP) has imposed a fine of EUR 20m for violating the EU General Data Protection Regulation.

Since October 2018, AZOP had been receiving multiple complaints from citizens regarding one of Croatia’s credit institutions based in Zagreb, whereby citizens were asking the institution for a request for information but were being refused.

Source: #Privacy: Croatian DPA issues credit institution 20m GDPR fine

Adtech giant Criteo is being investigated by France’s data watchdog

Adtech giant Criteo is under investigation by the French data protection watchdog, the CNIL, following a complaint filed by privacy rights campaign group Privacy International.

Privacy International has been campaigning for more than a year for European data protection agencies to investigate several adtech players and data brokers involved in programmatic advertising.

Source: Adtech giant Criteo is being investigated by France’s data watchdog | TechCrunch

Swedish Data Protection Authority imposes €7 million administrative fine on Google

The Swedish Data Protection Authority imposes a fine of 75 million Swedish kronor (approximately 7 million euro) on Google for failure to comply with the GDPR. Google as a search engine operator has not fulfilled its obligations in respect of the right to request delisting.

Swedish Data Protection Authority criticised Google for not having removed two of the search results, as instructed in 2017. Specifically, Google was criticised for having made too narrow an assessment of which URLs ought to actually be removed from search results, and, on another occasion, had not removed a search result in a timely manner.

Furthermore, when Google removes a search result listing and notifies the website owner of which webpage link was removed and who was behind the delisting request, it was in fact doing so without a legal basis. Therefore, Swedish Data Protection Authority ordered Google to cease such practice.

Source: The Swedish Data Protection Authority imposes administrative fine on Google – Datainspektionen

EU DPAs Issue Green and Red Lights for Processing Health Data During the COVID-19 Epidemic

As Europe is grappling with an exponential increase in COVID-19 cases, some European Data Protection Authorities issued public interest guidance on the limits of collecting, sharing and using personal data relating to health in these exceptional circumstances.

Particular areas of concern are related to the breadth of measures that employers can legally take to monitor the health of their employees, as well as the collection of health data by government agencies. Overall, regulators highlight that data protection law is by no means a barrier to public health, but advise organizations against “systematic and generalized” monitoring and collection of data related to health of their employees outside official requests and measures of public health authorities.

Source: EU DPAs Issue Green and Red Lights for Processing Health Data During the COVID-19 Epidemic

The Belgian DPA Publishes Recommendation on Direct Marketing

The Belgian Data Protection Authority (DPA) published Recommendation  providing Guidance on direct marketing.

The Recommendation provides a methodology on how to comply with the General Data Protection Regulation (GDPR) when conducting direct marketing. The Recommendation applies to all kinds of promotions, including sales and advertising, and is not limited to promotions of a commercial nature.

Source: The Belgian Data Protection Authority Publishes Recommendation Concerning Data Processing for Direct Marketing Purposes

Scottish company hit with maximum fine for making nearly 200 million nuisance calls

The Information Commissioner’s Office (ICO) has fined CRDNN Limited with the maximum £500,000 fine for making more than 193 million automated nuisance calls.

Operating out of a Clydebank business park, CRDNN Limited was raided by the ICO in March 2018, with computer equipment and documents seized for further analysis of their nuisance call operation.

Source: Scottish company hit with maximum fine for making nearly 200 million nuisance calls | ICO

Cathay Pacific fined £500,000 for failing to secure its customers’ personal data

The Information Commissioner’s Office (ICO) has fined Cathay Pacific Airways Limited £500,000 for failing to protect the security of its customers’ personal data.

Between October 2014 and May 2018 Cathay Pacific’s computer systems lacked appropriate security measures which led to customers’ personal details being exposed, 111,578 of whom were from the UK, and approximately 9.4 million more worldwide.

Source: International airline fined £500,000 for failing to secure its customers’ personal data | ICO

1 2 3 42
>