fbpx

Download free GDPR compliance checklist!

Tag Archives for " DPA "

ICO concerned by mass health data-sharing with advertisers

The UK’s data regulator has expressed deep concerns over reports that some of the most popular health websites are sharing sensitive data with advertisers across the world.

The majority of prominent health websites embed tracking cookies in users’ browsers without explicit consent to allow third-party companies to track them while surfing the internet.

This data is then transmitted to a swathe of advertising platforms including Amazon and Facebook, with the majority of data sent to Google’s DoubleClick targeted ad platform. This includes information like medical symptoms, diagnoses, drug names and fertility information.

Source: ICO concerned by mass health data-sharing with advertisers | IT PRO

Data Protection Commissioner investigating micro-targeting on social media

The Data Protection Commissioner Helen Dixon has said her office is conducting a number of investigations into the micro-targeting of individuals on large social media platforms as it raised issues of compliance with new General Data Protection Regulation rules.

Current investigations are open into the use of platforms, data brokers, and ad exchanges. Micro-targeting individuals with specific content has the potential of amplifying the harmful effects of disinformation. Commissioner hopes to conclude all investigations by next year.

Source: Data Protection Commissioner investigating micro-targeting on social media

Data Protection Commission engaging with Revolut as a “matter of urgency”

The Irish Data Protection Commission (DPC) has said that it will be engaging with financial technology company Revolut as “a matter of urgency” over their new privacy policy and cookies policy changes Revolut announced this week.

Revolut’s new privacy policy means that users will have their data shared with social media and analytics companies for marketing purposes and also with credit bureaus, unless they actively opt-out.

Source: Data Protection Commission engaging with Revolut as a “matter of urgency” over privacy changes | JOE is the voice of Irish people at home and abroad

Spanish Supervisory Authority and EDPS release guidance on hashing for data pseudonymization and anonymization purposes

On November 4, 2019, the Spanish Supervisory Authority (“AEPD”), in collaboration with the European Data Protection Supervisor, published guidance on the use of hashing techniques for pseudonymization and anonymization purposes. In particular, the guidance analyses what factors increase the probability of re-identifying hashed messages.

The guidance provides examples of how controllers can make the re-identification of hashed messages more difficult. These examples include encrypting the message (prior to hashing), encrypting the hash value, or adding “salt” or “noise” (i.e., a random number) to the original message.

Source: Spanish Supervisory Authority and EDPS release guidance on hashing for data pseudonymization and anonymization purposes

Data for money: App facilitating data portability now under the EDPB’s scrutiny

A number of Italian retailers submitted to the Italian Data Protection Authority, the Garante, very similar complaints concerning massive data subject requests received from Italian startup Weople.

Weople exercised, on behalf of the individuals that subscribed to its services via a mobile app, the right to data portability in connection to the personal data collected by the retailers’ loyalty programs. The transfer of such data was to go directly to Weople.

Full article: Data for money: App facilitating data portability now under the EDPB’s scrutiny

Irish data protection commissioner set to issue decisions on Twitter and Whatsapp probes by end of year

The Irish data protection commissioner expects to issue decisions on investigations into Twitter and Whatsapp by the end of the year, a spokeswoman has said.

However, the effect of any sanction or fine, if issued, would not occur for “months” after that due to statutory examination processes.

Helen Dixon’s office concluded its investigation several weeks ago and is formulating draft decisions, possibly with the inclusion of a sanction, fine or regulatory order for Whatsapp and Twitter to change their own processes.

Source: Irish data protection commissioner set to issue decisions on Twitter and Whatsapp probes by end of year – Independent.ie

Sweden authorises the use of facial recognition technology by the police

Sweden’s data protection authority has approved the use of facial recognition technology by the police, to help identify criminal suspects.

According to the Swedish authority, the processing and storage measures comply with Sweden’s Crime Data Act and the EU’s Data Protection Law Enforcement Directive (GDPR).

The decision is controversial following successive bans of this technology in US cities. The technology is widely used in China.

Source: Sweden authorises the use of facial recognition technology by the police | New Europe

Criminal proceedings against Österreichische Post

The Austrian data protection authority imposed an administrative fine of 18 million euros on Österreichische Post AG (Austian Postal Service) after conducting administrative fine proceedings.

Austrian DPA concluded taht Österreichische Post had violated the GDPR by processing personal data on the alleged political affinity of affected data subjects. In addition, another GDPR violation was the further processing of data on package frequency and the frequency of relocations for the purpose of direct marketing.

However, the penalty is not final, as it can be challenged before the Federal Administrative Court within four weeks after the delivery of the penalty notice.

Source: Criminal proceedings of the Austrian data protection authority against Österreichische Post AG (Austrian Postal Service) | European Data Protection Board

Facebook accepts Cambridge Analytica fine

Facebook has said it will pay the £500,000 financial penalty that the social network was issued by the UK’s data privacy watchdog, the Information Commissioner’s Office (ICO).

The fine came as a result of Facebook’s role in the Cambridge Analytica scandal, news of which first broke in March 2018.

Source: #Privacy: Facebook accepts ICO Cambridge Analytica fine

Ireland publishes note on data breach trends

Ireland’s Data Protection Commission has published information note on data breach trends from the first year of the General Data Protection Regulation (GDPR).

The total number of breach notifications received by the DPC during that time amounted to 5,818. Of all breach notifications received by the DPC, approximately 4% have been classified a ‘non-breaches’ and did not meet the definition of a personal data breach.

a total of 13% failed to satisfy the requirement of notification to the DPC ‘without undue delay’ (normally within 72 hours), as required under the provisions of GDPR.

Source: Data Breach Trends from the First Year of the GDPR

1 2 3 39
>