fbpx

Download free GDPR compliance checklist!

Tag Archives for " DPA "

14% of Android app privacy policies contain contradictions about data collection

An analysis of 11,430 Play Store apps found that 14.2% used a privacy policy with contradicting statements about user data collection practices.

Examples include privacy policies that stated in one section that they do not collect personal data, only to contradict themselves in subsequent sections, where they state they collect emails or customer names — which are clearly personally-idenfiable information. Self-contradictions can lead to the identification of deceptive statements, which are enforceable by the FTC and the DPAs (data protection authorities) of the EU.

Source: 14% of Android app privacy policies contain contradictions about data collection | ZDNet

CNIL launches a public consultation on its draft recommendation on “cookies and other trackers”

On 4 July 2019, the CNIL published guidelines on the application of Article 82 of the French Data Protection Act. This article governs actions aiming at storing or gaining access to information already stored in the terminal of a user, i.e. in particular the use of cookies or other trackers when a user visits a website.

The CNIL conducted a consultation during the fall of 2019, in order to prepare a draft recommendation proposing operational procedures for obtaining consent. This draft is now subject to public consultation until 25 February, with a view to preparing the final version of the recommendation.

Source: CNIL launches a public consultation on its draft recommendation on “cookies and other trackers”

ICO Publishes Final Version of Its Age Appropriate Design Code

On January 21, 2020, the UK Information Commissioner’s Office (ICO) published the final version of its Age Appropriate Design Code, which sets out the standards that online services need to meet in order to protect children’s privacy.

The code lists 15 standards that organizations must meet, including requirements to (1) take into consideration the best interests of children, (2) refrain from using children’s personal data in ways that are detrimental to their wellbeing, and (3) ensure that settings are “high privacy” by default.

Source: ICO Publishes Final Version of Its Age Appropriate Design Code

€114 Million in Fines Imposed by EU Authorities Under GDPR

New findings from DLA Piper show that 160,000 data breach notifications reported across 28 European Union Member States and data protection authorities have imposed €114 million in monetary fines under the GDPR for a wide range of infringements. Not all fines were related to data breach infringements, however.

In terms of the total value of fines issued by geographical region, France (€51m), Germany (€24.5m) and Austria (€18m) topped the rankings, whilst the Netherlands (40,647), Germany (37,636) and the UK (22,181) had the highest number of data breaches notified to regulators.

Source: €114m in Fines Imposed by Euro Authorities Under GDPR – Infosecurity Magazine

Italy fines gas company EUR 11.5 million for unsolicited telemarketing

The Italian Supervisory Authority imposed two fines on Eni Gas and Luce (Egl), totalling EUR 11,5 million, concerning respectively illicit processing of personal data in the context of promotional activities and the activation of unsolicited contracts.

The first fine of EUR 8,5 million relates to unlawful processing in connection with telemarketing and teleselling activities – advertising calls made without the consent of the contacted person or despite that person’s refusal to receive promotional calls, or without triggering the specific procedures for verifying the public opt-out register; the absence of technical and organisational measures to take account of the indications provided by users; longer than permitted data retention periods; and the acquisition of the data on prospective customers from entities (list providers) that had not obtained any consent for the disclosure of such data.

The second fine of EUR 3 million concerns breaches due to the conclusion of unsolicited contracts for the supply of electricity and gas under ‘free market’ conditions – many individuals learned about the conclusion of a new contract only on receiving the letter of termination of the contract with the previous supplier or else the first Egl bills.

Source: THE ITALIAN SUPERVISORY AUTHORITY FINES ENI GAS E LUCE EUR 11.5 MILLION – On account of unsolicited telemarketing and contracts

‘Prepare for ICO to utilise its wider powers’: UK regulator issues warning to adtech

The UK’s data regulator, the Information Commissioner’s Office (ICO), has issued a warning to any adtech companies which have failed to “use the window of opportunity to engage and transform” their practices – it’s coming for them.

The ICO’s update on its investigation into the adtech sector reveals it focused on specific issues such as the treatment of “special category data” – like race, sexuality and health – as well as how secure data is as it’s passed through the supply chain and the thorny issue of Legitimate Interest.

Source: ‘Prepare for ICO to utilise its wider powers’: UK regulator issues warning to adtech | The Drum

ICO Delays British Airways and Marriott GDPR Fines

Further to the publication of the ICO’s notices of intention to fine British Airways and Marriott in July 2019, the ICO has recently issued a statement delaying the issuance of both GDPR fines which had originally been expected by the end of 2019.

The ICO’s initial notices of intention to fine had stated that British Airways would face a fine of £183m ($228m) and Marriott, a fine of £99m ($123m). ICO will now have until March 31, 2020 to finalize the penalties imposed on both British Airways and Marriott, which were the result of two high-profile data breaches and subsequent ICO investigations.

Source: ICO Delays British Airways and Marriott GDPR Fines

ICO launches consultation on draft direct marketing code of practice

The Information Commissioner’s Office (ICO) has launched a public consultation on a draft direct marketing code of practice.

The ICO has previously produced direct marketing guidance and the draft code builds on this, as well as taking into account the input received during the initial call for views. The code takes a practical life-cycle approach to direct marketing.

The code is out for consultation until 4 March 2020 and the final version is expected later this year. You can read the code and take part in the consultation through the ICO website.

Source: ICO launches consultation on draft direct marketing code of practice | ICO

First Ever UK GDPR Penalty is €325k for London Pharmacy

The first ever General Data Protection Regulation (GDPR) penalty in the United Kingdom has been sanctioned against a London-based pharmacy by the Information Commissioner’s Office (ICO).

ICO has fined Doorstep Dispensaree €325,000 (UK£275,000) by the Information Commissioner’s Office (ICO) in relation to its ‘cavalier attitude to data protection’. This decision was taken after it was discovered that that Burnt Oak Broadway, Edgware based pharmacy placed 500,000 medical documents that included sensitive information in unsecured and unlocked containers, disposal bags and in a cardboard box.

Source: First Ever UK GDPR Penalty is €325k for London Pharmacy – Compliance Junction

Max Schrems Files GDPR Complaints with French DPA on Cookie Use

European privacy advocacy group None of your business (NOYB)—led by Max Schrems—announced it had filed three formal complaints with the French data protection authority (CNIL) against three French websites for  sending digital signals to tracking companies claiming that users had agreed to be tracked online, despite the same users rejecting such cookies.

Despite users going through the trouble of “rejecting” countless cookies on the French eCommerce page CDiscount, the movie guide Allocine.fr and the fashion magazine Vanity Fair, these webpages have sent digital signals to tracking companies claiming that users have agreed to being tracked online.

Source: Say “NO” to cookies – yet see your privacy crumble? | noyb.eu

1 2 3 41
>