fbpx

Download free GDPR compliance checklist!

Tag Archives for " DPA "

French food retail giant Carrefour fined €3m for GDPR breaches

The French multinational retailer Carrefour has been fined €3m for multiple data protection failings.

Data protection agency CNIL has fined two companies of the Carrefour Group for breaches of GDPR in several areas, including the obligation to inform individuals, use of cookies, limiting the retention of data, the obligation to facilitate the exercise of rights and failure to respect rights.

Source: French food retail giant Carrefour fined €3m for GDPR breaches

WhatsApp Ireland sets aside €77.5m for possible data compliance fines

The Irish arm of messaging platform WhatsApp recorded an €11.2 million loss last year after setting aside €77.5 million to cover possible fees linked to an investigation undertaken by the Irish Data Protection Commissioner.

The Data Protection Commission investigation into WhatsApp examined its compliance with Articles 12 to 14 of the General Data Protection Regulation (GDPR) in relation to transparency around what information is shared with Facebook.

Source: WhatsApp Ireland sets aside €77.5m for possible data compliance fines

The Spanish Supervisory Authority Approves a GDPR Code of Conduct on Advertising

On September 16, 2020, the Spanish Supervisory Authority (AEPD) approved a “Code of Conduct for Data Processing in Advertising”. This is the first GDPR approved Code of Conduct with an accredited monitoring body in the European Union.

The Code broadly applies to any processing of personal data carried out for advertising purposes, including sending direct marketing communications and using cookies and other technologies for targeted advertising.

Source: The Spanish Supervisory Authority Approves a GDPR Code of Conduct on Advertising

Vodafone fined over 12 million Euro by Italian DPA for aggressive telemarketing practices

The Italian data protection supervisory authority (Garante per la protezione dei dati personali) ordered Vodafone to pay a fine in excess of Euro 12,250,000 on account of having unlawfully processed the personal data of millions of users for telemarketing purposes.

As well as having to pay the fine, the company is required to implement several measures set out by the Garante in order to comply with national and EU data protection legislation.

Investigations revealed the use of fake telephone numbers or numbers that were not registered with the ROC (i.e. the National Consolidated Registry of Communication Operators) in order to place the marketing calls. This practice is under Vodafone’s own spotlight and is seemingly related to a shady set of unauthorised call centres that carry out telemarketing activities in utter disregard of personal data protection legislation.

Additional violations could be established as for the handling of contact lists purchased from external providers.

Source: Aggressive telemarketing practices: Vodafone fined over 12 million Euro by Italian DPA

Canadian privacy watchdog publishes recommendations on regulating use of AI

The Office of the Privacy Commissioner of Canada (the OPC) yesterday outlined recommendations for regulating the use of artificial intelligence, including a rights-based approach.

The recommendations include creating a right for a meaningful explanation of automated decisions, and a right of subjects to contest these decisions. It also wants to require organisations to design AI systems from their conception in a way that protects privacy. The OPC is also suggesting it receives powers to issue binding orders and financial penalties to ensure compliance.

Source: Canadian privacy watchdog publishes recommendations on regulating use of AI

Apple hit with privacy complaints over iPhone tracking tool

A privacy group Noyb has filed complaints with the German and Spanish data protection authorities under the EU’s Cookie Law against Apple over a tool in iOS 14 that allegedly tracks iPhone user behaviour without consent.

The group claims that Apple’s Identifier for Advertisers (IDFA) activates when a user sets up an iPhone without offering a chance to consent or even notifying them of its existence.

Source: Apple hit with privacy complaints over iPhone tracking tool | IT PRO

Twitter could face its first GDPR penalty within days

European data protection regulators have inched toward an enforcement decision for a Twitter breach that the company publicly disclosed in 2019, after a majority of EU data supervisors agreed to back a draft settlement submitted earlier by Ireland’s Data Protection Commission (DPC).

Twitter disclosed the bug in its ‘Protect your tweets’ feature at the start of last year — saying at the time that some Android users who’d applied its setting to make their tweets non-public may have had their data exposed to the public Internet since as far back as 2014.

Source: Twitter could face its first GDPR penalty within days | TechCrunch

UK’s ICO faces legal action after closing adtech complaint with nothing to show

The UK’s data watchdog is facing a legal challenge after it took the decision to quietly close a complaint against the adtech industry’s high velocity background trading of personal data.

The original complaint — challenging the adtech industry’s compliance with Europe’s General Data Protection Regulation (GDPR) — was filed to the ICO in September 2018 by Jim Killock, executive director of the Open Rights Group, and Michael Veale, a lecturer in digital rights at the University College London.

Source: UK’s ICO faces legal action after closing adtech complaint with nothing to show for it | TechCrunch

ICO Publishes Report on Compliance in Direct Marketing Data Broking Sector

On October 27, 2020, the UK Information Commissioner’s Office (ICO) published a report following its investigation into data protection compliance in the direct marketing data broking sector, alongside its enforcement action against Experian.

During the investigation, the ICO conducted audits of the direct marketing data broking businesses of the UK’s three largest credit reference agencies  – Experian, Equifax and TransUnion – and found “significant data  protection failures at each” that were “deeply embedded” within the businesses.

Source: ICO Publishes Report on Compliance in Direct Marketing Data Broking Sector

Marriott International fined £18.4m for 2014 data breach

The UK data regulator has issued Marriott International with a watered-down £18.4 million fine for a data breach that affected 339 million guest records worldwide.

The sum has been significantly reduced from the initial £99 million notice of intent to fine that the Information Commissioner’s Office (ICO) first issued the hotel chain in July 2019. The decision to issue a substantially lower fine once again raises questions as to the effectiveness of GDPR enforcement.

Source: Marriott International fined £18.4m for 2014 data breach | IT PRO

>