fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " DPA "

ICO publishes update report on adtech

For several months ICO has been reviewing how personal data is used in real time bidding (RTB) in programmatic advertising, engaging with key stakeholders directly to understand the views and concerns of those involved.

As a result of research, ICO published Update report into adtech and real time bidding which summarises findings so far. If you operate in the adtech space, it’s time to look at what you’re doing now, and to assess how you use personal data.

Source: Blog: ICO Adtech update report published following industry engagement | ICO

UK’s DPA Publishes Report on Impact of GDPR

On 30 May 2019, the United Kingdom’s data protection authority – Information Commissionner’s Office (ICO) – released a report, “GDPR: One Year On”, discussing the impact of the GDPR and its associated learnings after one year following its implementation.

Report provides valuable insight into the enforcement practices, EU-wide cooperation, support functions, innovative practices and further growth plans of the ICO.

Source: ICO Publishes Report on Impact of GDPR

France enacts Decree on application of data protection

On 1 June 2019 Decree No. 2019-536 of 29 May 2019 Enacted For the Application of Act No. 78-17 of 6 January 1978 on Data Processing, Files and Individual Liberties came into force.

The Decree clarifies procedural rules of the French data protection authority, including its control and sanctions, and further specifies data subject rights. It also brings Act on Data Processing, Files and Individual Liberties in line with the General Data Protection Regulation (GDPR) and the Data Protection Directive with Respect to Law Enforcement.

Read the Decree here (in French).

CNIL Fines French Real Estate Service Provider for Data Security and Retention Failures

On June 6, 2019, the French Data Protection Authority (the “CNIL”) announced that it levied a fine of €400,000 on SERGIC, a French real estate service provider, for failure to (1) implement appropriate security measures and (2) define data retention periods for the personal data of unsuccessful rental candidates.

Source: CNIL Fines French Real Estate Service Provider for Data Security and Retention Failures

Spanish DPA fines soccer league 250K euros

La Liga has been fined 250,000 euros for violating the Spanish Data Protection Agency (AEPD) and the European General Data Protection Regulation (GDPR).

La Liga was using their mobile app to detect the bars that screen football matches without paying by activating the microphone of any user’s mobile so that it can detect sounds that bars emits if a private signal is used. AEPD found that information presented to users was opaque.

Source: Spanish DPA fines soccer league 250K euros

ICO’s Interim Report on Explaining AI

On June 3, 2019, the UK Information Commissioner’s Office (ICO), released an Interim Report on a collaboration project with The Alan Turing Institute called “Project ExplAIn.”

The purpose of this project, according to the ICO, is to develop “practical guidance” for organizations on complying with UK data protection law when using artificial intelligence (AI) decision-making systems; in particular, to explain the impact AI decisions may have on individuals.

Source: ICO’s Interim Report on Explaining AI

Belgian Data Protection Authority issues its first fine

On Tuesday 28 May 2019, the Belgian Data Protection Authority (DPA) imposed its first financial penalty since the entry into application of the GDPR.

The administrative fine amounts to EUR 2 000 and concerns the misuse of personal data for election purposes. Although the fine is modest, the message is not: Data protection is an important matter to us all, but data controllers must assume their responsibility, especially if they have a government mandate.

Read more: Belgium: Belgian Data Protection Authority issues its first fine

Supreme Court dismisses Facebook appeal over transfer of user personal data to the US

Ireland’s Supreme Court has dismissed Facebook’s appeal over a High Court decision to refer key issues concerning the validity of European Commission decisions approving EU-US data transfer channels to the Court of Justice of the EU.

The referral was made by the High Court in proceedings by the Data Protection Commissioner (DPC) arising from complaints by Austrian lawyer Max Schrems the transfer of his personal data by Facebook to the US breached his data privacy rights as an EU citizen.

Source: Supreme Court dismisses Facebook appeal over transfer of user personal data to the US – Independent.ie

How Ireland became Europe’s data watchdog

Most of the major US tech companies, including Facebook, Google, Microsoft, Twitter, Apple, LinkedIn, Airbnb and Dropbox, are registered for processing personal data in Ireland.

So the responsibility for policing their compliance with the EU’s General Data Protection Regulation (GDPR) falls on the country’s Data Protection Commission (DPC).

Full article: How Ireland became Europe’s data watchdog – BBC News

Irish regulator investigates Google’s Ad Exchange

The Irish Data Protection Commission will look into whether Google’s Ad Exchange system is GDPR-compliant.

Ad Exchange system is used by companies to target people with adverts across the internet.

The investigation followed a formal complaint by Johnny Ryan, chief policy officer at Brave, the private web browser which blocks ads and trackers. He accused Google’s internet ad services business, DoubleClick/Authorized Buyers, of leaking users’ intimate data to thousands of companies.

Sources:

1 2 3 35
>