Free tools and resources for Data Protection Officers!

Tag Archives for " DPA "

Uber fined more than $1 million by U.K. and Dutch authorities

Uber was fined a combined $1.17 million by British and Dutch authorities Tuesday for a 2016 data breach that exposed the personal details of millions of customers. The penalties come from the U.K.’s Information Commissioner’s Office and the Dutch Data Protection Authority.

Source: Uber fined more than $1 million by U.K. and Dutch authorities

LinkedIn violated data protection by using 18M email addresses of non-members to buy targeted ads on Facebook

LinkedIn has been called out a number of times for how it is able to suggest uncanny connections to you, when it’s not even clear how or why LinkedIn would know enough to make those suggestions in the first place.

Ireland’s Data Protection Commissioner had conducted — and concluded — an investigation of Microsoft-owned LinkedIn, originally prompted by a complaint from a user in 2017, over LinkedIn’s practices regarding people who were not members of the social network.

Full article: LinkedIn violated data protection by using 18M email addresses of non-members to buy targeted ads on Facebook | TechCrunch

Uber fined £385,000 for data breach affecting millions of passengers

Uber’s European operation has been fined £385,000 for a data breach that affected almost 3 million British users, the Information Commissioner’s Office has announced.

In November 2016, attackers obtained credentials to access Uber’s cloud servers and downloaded 16 large files, including the records of 35 million users worldwide. The records included passengers’ full names, phone numbers, email addresses, and the location where they had signed up.

Source: Uber fined £385,000 for data breach affecting millions of passengers

Belgian DPA provides first status update after six months of GDPR

The Belgian DPA has released a first status update six months after the GDPR became applicable. Some interesting statistics relate to the number of data breach notifications and complaints received. In the six months ‪since May 25th, the Belgian Data Protection Authority was notified of 317 data breaches (compared to last year when only 13 breaches were notified).

Full article: BELGIUM: Belgian DPA provides first status update after six months of GDPR

Irish watchdog clarifies record keeping and DPIAs interaction under GDPR

Ireland’s data protection authority has clarified how record keeping obligations under the General Data Protection Authority (GDPR) interact with the duties of businesses to carry out data protection impact assessments (DPIAs).

Full article: GDPR: Irish watchdog clarifies record keeping and DPIAs interaction

How a small French privacy ruling could remake adtech for good

A ruling in late October against a little-known French adtech firm that popped up on the national data watchdog’s website earlier this month is causing ripples of excitement to run through privacy watchers in Europe who believe it signals the beginning of the end for creepy online ads.

CNIL’s decision suggests that bundling consent to partner processing in a contract is not, in and of itself, valid consent under the European Union’s General Data Protection Regulation (GDPR) framework.

Full article: How a small French privacy ruling could remake adtech for good | TechCrunch

UK ICO Issues Warning to Washington Post Over Cookie Consent Practices

UK Information Commissioner’s Office (“ICO”) issued a warning to the U.S.-based The Washington Post over its approach to obtaining consent for cookies to access the service. The Washington Post presents readers with option of free access to a limited number of articles dependent on consent to the use of cookies and tracking for the delivery of personalized ads. To avoid a third party ad tracking (and advertising), a higher fee premium subscription should be choosed.

ICO concluded that since The Washington Post has not offered a free alternative to accepting cookies, consent cannot be freely given and the newspaper is in contravention of Article 7(4) of the EU General Data Protection Regulation (“GDPR”).

Source: UK ICO Issues Warning to Washington Post Over Cookie Consent Practices

UK police ‘gang matrix’ breached data laws

The Metropolitan police’s list of gang suspects breached data protection laws, potentially causing damage and distress to a disproportionate number of young black men, an investigation by the Information Commissioner’s Office (ICO) has found.

The list, called the gangs violence matrix, has also been criticised by human rights campaigners, who say it racialises the war on gangs and stigmatises black youngsters.

Source: Met’s ‘gang matrix’ breached data laws, investigation finds

Dutch government report says Microsoft telemetry breaks GDPR

The telemetry data collection mechanism used by Microsoft Office breaks the EU General Data Protection Regulation (GDPR), Dutch authorities said in a report. Investigators said they’ve identified the “large scale and covert collection of personal data” through Office’s built-in telemetry collection capabilities, which is done without properly informing users.

Full article: Dutch government report says Microsoft Office telemetry collection breaks GDPR | ZDNet

>