fbpx

Download free GDPR compliance checklist!

Tag Archives for " DPA "

EUR 272.5m in fines imposed by European regulators under GDPR 

EUR 272.5 million of fines have been imposed for a wide range of infringements of Europe’s tough data protection laws according to international law firm DLA Piper.

EUR 158.5 million of fines imposed since 28 January 2020, a 39% increase on the previous 20 month period since the application of GDPR. Italy has imposed the highest aggregate fines with France imposing the highest individual fine to date. However, several multi-million euro fines have been successfully appealed or significantly reduced.

Source: EUR272.5m in fines imposed by European regulators under GDPR – Survey by international law firm DLA Piper | News | DLA Piper Global Law Firm

Irish DPC publishes draft Fundamentals for a Child-Oriented Approach to Data Processing

On December 18, 2020, the Irish Data Protection Commission (DPC) published its draft Fundamentals for a Child-Oriented Approach to Data Processing.

The Fundamentals introduce child-specific data protection principles and measures, which are designed to protect children against data processing risks when they access services, both online and off-line.

The DPC notes that all organizations collecting and processing children’s data should comply with the Fundamentals. The Fundamentals are open for public consultation until March 31, 2020.

Source: Irish DPC publishes draft Fundamentals for a Child-Oriented Approach to Data Processing

Facebook’s EU-US data transfers face their final countdown

Ireland’s Data Protection Commission (DPC) has agreed to swiftly finalize a long-standing complaint against Facebook’s international data transfers which could force the tech giant to suspend data flows from the European Union to the US within in a matter of months.

The DPC has made the commitment to a swift resolution of Schrems’ complaint now in order to settle a judicial review of its processes which noyb, his privacy campaign group, filed last year in response to its decision to pause his complaint and opt to open a new case procedure.

Source: Facebook’s EU-US data transfers face their final countdown | TechCrunch

Confusion over WhatsApp’s new T&Cs triggers privacy warning from Italy

Confusion over an update to Facebook-owned chat platform WhatsApp’s terms and conditions has triggered an intervention by Italy’s data protection agency.

The Italian DPA said today it has contacted the European Data Protection Board (EDPB) to raise concerns about a lack of clear information over what’s changing under the incoming T&Cs.

In recent weeks WhatsApp has been alerting users they must accept new T&Cs in order to keep using the service after February 8.

Source: Confusion over WhatsApp’s new T&Cs triggers privacy warning from Italy | TechCrunch

Ireland’s Data Protection Commission ‘acutely strained’ by big tech cases

The Data Protection Commission warned it was “acutely strained” as it grappled with cases involving giant multinational tech companies and rising complaints from members of the public.

The agency also said it faced an uphill battle as it investigated big technology firms who had access to “disproportionate resources” to fight their corner.

They said the commission was now frequently accused of lengthy delays in its investigations because they were limited in the amount of inquiries they could progress at any one time.

Source: Data Protection Commission ‘acutely strained’ by big tech cases

German DPA fines company 10.4 million euros for monitoring employees without legal basis

The State Commissioner for Data Protection (LfD) Lower Saxony has imposed a fine of 10.4 million euros on notebooksbilliger.de AG. The company had video-monitored its employees for at least two years without any legal basis.

The illegal cameras recorded workplaces, sales rooms, warehouses and common areas, among other things. The company claimed that the aim of the installed video cameras was to prevent and investigate criminal offenses and to track the flow of goods in the warehouses. In order to prevent theft, a company must first examine milder means (e.g. random bag checks when leaving the business premises). Video surveillance to uncover criminal offenses is also only lawful if there is justified suspicion against specific persons.

Source: LfD Niedersachsen imposes a fine of 10.4 million euros on notebooksbilliger.de | The State Commissioner for Data Protection Lower Saxony

Italian Privacy Watchdog Initiates Proceedings Against TikTok

The investigations the Italian DPA had started in March this year did highlight data processing activities that would appear to fall short of the new legal framework applying to personal data protection.

The violations notified by the Italian DPA to TikTok include, first and foremost, the signup mechanisms that do not protect children adequately. TikTok’s signup ban for children under 13 is actually easy to circumvent by entering a false birth date. Thus, TikTok does not prevent kids from registering nor does it check that Italian privacy legislation is complied with – indeed, in Italy registration of a child under 14 with a social network requires the consent to be authorized by parents or the holders of parental authority.

Source: Tik Tok, children’s privacy at risk: the Guarantor starts the procedure … – Privacy Guarantor

UK ICO Publishes New Data Sharing Code

On December 17, 2020, the UK Information Commissioner’s Office (ICO) published its Data Sharing Code of Practice following a public consultation which commenced in 2019.

The Code focuses mainly on data sharing among data controllers who are subject to the GDPR and the UK Data Protection Act 2018. Due to the detailed way in which the Code covers data sharing in the context of the GDPR, it will also be of wider interest to data controllers in the EU and beyond – even after the end of the Brexit transition period.

Source: UK ICO Publishes New Data Sharing Code | Alston & Bird Privacy Blog

Twitter fined by Ireland over bug that made private tweets public, in world first for EU data privacy law

Ireland has fined the company €450,000 for its failure to quickly report the breach, which was the result of a bug in the Android app.

It is the first time that a US company has been fined under a new data privacy system instituted in the EU as part of its General Data Protection Regulation regime.

The fine related to an issue in Twitter’s app that emerged in 2019. A technical problem meant that tweets that were supposed to be protected could be viewed by the public, the Irish Data Protection Commission said.

Source: Twitter fined by Ireland over bug that made private tweets public, in world first for EU data privacy law | The Independent

France fines Google $120M and Amazon $42M for dropping tracking cookies without consent

France’s data protection agency, the CNIL, has slapped Google and Amazon with fines for dropping tracking cookies without consent.

Google has been hit with a total of €100 million ($120 million) for dropping cookies on Google.fr and Amazon €35 million (~$42 million) for doing so on the Amazon .fr domain under the penalty notices issued on December 10.

The regulator carried out investigations of the websites over the past year and found tracking cookies were automatically dropped when a user visited the domains in breach of the country’s Data Protection Act.

Source: France fines Google $120M and Amazon $42M for dropping tracking cookies without consent

1 2 3 51
>