Download free GDPR compliance checklist!

Tag Archives for " DPA "

Italian DPA launches a contest on ‘easy privacy information via icons’

Easy privacy information via icons? Yes, you can!’ This is the claim used by the Italian SA to launch a contest for solutions that can make information notices simpler, clearer and immediately understandable through icons, symbols or other graphic elements – in short, to make sure that the notices are really helpful and suitable for the purpose for which they are intended.

The information notices used by companies, public bodies, websites, social networks and search engines are often lengthy and complex and therefore cannot fulfil their essential function, which is informing data subjects about how their personal data will be used and allowing them where appropriate to give their free, informed consent to the processing of their data for whatever purpose – be it marketing, profiling, or the disclosure of information to third parties.

The Italian DPA is calling upon software developers, tech professionals, experts, lawyers, designers, university students, and anyone interested in this topic, to send a set of symbols or icons that can represent all the items that must be contained in an information notice under Articles 13 and 14 of the GDPR.

Source: ‘Easy privacy information via icons? Yes, you can!’ The Italian DPA launches a contest calling for creative ideas from all quarters | European Data Protection Board

Irish DPC probes whether Facebook data leak falls under GDPR time frame

The Irish Data Protection Commission (DPC) is probing whether any of the data records of 533 million Facebook users published over the weekend were leaked after the implementation of the General Data Protection Regulation (GDPR).

A dataset, appearing to be sourced from Facebook, appeared on a hacking website containing records of 533 million individuals, including phone numbers and email addresses. The DPC said a significant number of users were European Union residents and much of the data appears to have been scraped from Facebook profiles.

These leaks were before the implementation of GDPR in May 2018 and therefore Facebook did not notify the DPC. However, the DPC is saying that there also “additional records” in the newly published dataset “which may be from a later period” and therefore under the scope of GDPR.

Source: Irish DPC probes whether Facebook data leak falls under GDPR time frame | News | GRC World Forums

Italian DPA fines Fastweb $5.3M under GDPR for aggressive telemarketing

The Italian Data Protection Authority announced a fine of €4.5 million (U.S. $5.3 million) against telecommunications company Fastweb for misusing customer data for telemarketing purposes.

Fastweb was viewed as a repeat offender in Garante’s judgment after being sanctioned under laws other than the GDPR in 2012 and 2018 for similar telemarketing violations. Another aggravating factor listed is the continued presence of the vulnerabilities in the customer database.

Garante has ordered Fastweb to strengthen security measures to prevent unauthorized access to its databases, overhaul its telemarketing practices to include enrolled customers only, and discontinue use of data obtained by third parties that did not first gain user consent.

Source: Italian DPA fines Fastweb $5.3M under GDPR for aggressive telemarketing | Article | Compliance Week

French data watchdog to start checking cookie policy compliance

France’s data protection watchdog CNIL will from 1st April begin conducting checks to ensure websites are in compliance with new guidelines on advertising trackers after the deadline it granted expired.

The new rules mean that user consent for advertising cookies must be granted by a “clear and positive act” such as clicking on an “I accept” button now ubiquitous across European websites. “Simply continuing to browse a site can no longer be considered as a valid expression of the web user’s consent,” the CNIL framework states.

Source: French data watchdog to start checking cookie policy compliance – EURACTIV.com

MEPs rue lack of GDPR sanctions issued by Irish data authority

MEPs have said that “a lack of political will and resources” had resulted in a laggard approach to enforcement of the EU’s general data protection regulation (GDPR), singling out in particular the lack of sanctions dished out by the Irish data protection authority.

To date, the Irish DPC has issued six fines for GDPR breaches. These include three against Tusla, the country’s Child and Family Agency, a €65,000 penalty issued against Cork University Maternity Hospital, a €70,000 fine for University College Dublin, and, in the first fine for a cross-border case, a €450,000 charged levied against Twitter for falling short of data breach notification obligations.

Source: MEPs rue lack of GDPR sanctions issued by Irish data authority – EURACTIV.com

Dutch privacy watchdog fines Booking.com €475K

Hotel booking site Booking.com got hit with a €475,000 fine for being late to report a data breach, the company’s lead EU privacy regulator announced Wednesday.

The fine, imposed by the Dutch data protection authority because the company is legally established in Amsterdam, came after criminals stole the personal data of more than 4,000 Booking.com customers — obtaining the credit card details of nearly 300 victims.

The website received the penalty for missing a 72-hour deadline to report the breach to the regulator, which it did on February 4, 2019 — almost a month after it suffered the breach.

Source: Dutch privacy watchdog fines Booking.com €475K – POLITICO

Microsoft says Ireland should have ‘a bigger voice’ on EU regulation

Microsoft would like Ireland to have “a bigger voice” in influencing European regulation on technology issues, according to the company’s senior European policy director.

He said that countries which favour “light regulation rather than heavy regulation have become a little less vocal” since Brexit and that Ireland’s voice was now “critical” in striking a balance.

He said that Microsoft has been in discussions with Irish Government ministers over the last week to raise its voice on a number of tech-related issues.

Source: Microsoft says Ireland should have ‘a bigger voice’ on EU regulation – Independent.ie

Bavarian DPA Declares Use E-mail Marketing Service Prohibited without Assessment and Supplementary Measures

The state Data Protection Authority of Bavaria declared the use of U.S. e-mail marketing service Mailchimp by a fashion magazine (acting as controller) in Bavaria impermissible due to non-compliance with Schrems II mitigation steps in relation to the transfer of e-mail addresses to Mailchimp in the U.S.

Mailchimp provided e-mail newsletter services to the controller, which had used Mailchimp’s e-mail marketing service only twice, to send newsletters to customers. Controller relied on EU Standard Contractual Clauses for the transfer of e-mail addresses from Germany to the U.S., in order to make use of e-mail marketing services directed to German customers by Mailchimp on its behalf.

The Bavarian DPA took the position that as an e-mail marketing service, “there are at least indications” that Mailchimp could qualify as an “electronic communication service provider” under U.S. surveillance law (i.e., FISA 702) and, therefore, “the transfer could only be permissible by taking supplementary measures, if suitable.” In the Bavarian DPA’s view, the controller had failed to assess the risk and implement supplementary measures for the transfer of EU personal data to Mailchimp in the U.S.

Source: Bavarian DPA Declares Transfers to E-mail Marketing Service Prohibited Due to Lack of Controller’s Assessment and Supplementary Measures

French data protection watchdog casts doubt on Apple’s privacy compliance

Apple has put privacy at the heart of its sales pitch to users, but an internal document from France’s data regulator suggests the iPhone maker’s own targeted advertising practices may be problematic.

According to the 13-page confidential note seen by POLITICO, France’s CNIL data protection authority cast doubt on Apple’s compliance with EU privacy rules. Last week, the country’s competition authority ruled in Apple’s favor in a case over its new anti-tracking tool.

“Apple’s advertising processing requires consent when it involves reading or writing data on the user’s device,” the CNIL wrote. “Apple’s practices suggest a lack of consent collection.”

Source: French data protection watchdog casts doubt on Apple’s privacy compliance – POLITICO

EU Data Privacy Watchdogs Urged to Sort Out ‘Public Squabbles’

European Union privacy regulators must sort out their “public squabbles” over the enforcement of the bloc’s data-protection rules or its executive body may consider moving to a more centralized model to target violations.

Tensions have been building for months among national data protection watchdogs over the amount of time their Irish colleagues are taking to complete probes on big U.S. tech companies, including Facebook Inc. and Apple Inc.

Jourova’s comments follow a spat that erupted last week between the Irish watchdog and a European Parliament committee that’s been working on draft resolutions targeting data protection commissioner Helen Dixon’s office for not acting fast enough.

Source: EU Data Privacy Watchdogs Urged to Sort Out ‘Public Squabbles’ – Bloomberg

1 2 3 53