fbpx

Download free GDPR compliance checklist!

Tag Archives for " DPA "

Experian vows to drag UK’s Information Commissioner’s Office to court after being told off for data-slurping practices

Experian has been rapped over the knuckles by the UK’s Information Commissioner’s Office (ICO) after it discovered the credit reference agency was trading “millions” of people’s data for marketing purposes.

Instead of issuing a monetary fine, however, the data regulator wrapped up a two-year probe yesterday by merely insisting Experian tweaks its online privacy policies and informs consumers it acquired data about them.

In an aggressive response, Experian chief exec Brian Cassin claimed the ICO enforcement notice against his employer “risks damaging the services that help consumers, thousands of small businesses and charities, particularly as they try to recover from the COVID-19 crisis.”

Source: Experian vows to drag UK’s Information Commissioner’s Office to court after being told off for data-slurping practices • The Register

Experian faces GDPR action after ICO finds ‘widespread data protection failings’

The Information Commissioner’s Office (ICO) has ordered credit rating giant Experian to stop profiting from the secretive enriching and processing of people’s personal data or face a massive GDPR fine.

The investigation found the three firms were trading, enriching and enhancing people’s personal data without their knowledge or consent. This resulted in products which were used by third-party commercial organisations to find new customers, identify those who were most likely to be able to afford products, and build individual profiles around people.

UK watchdog gives Experian nine-month ultimatum to change ‘illegal’ business practices or face punishment.

Source: Experian faces GDPR action after ICO finds ‘widespread data protection failings’ | IT PRO

French Supervisory Authority Releases Strict Guidance on the Use of Facial Recognition Technology at Airports

On October 9, 2020, the French Supervisory Authority (CNIL) issued guidance on the use of facial recognition technology for identity checks at airports.

The CNIL indicates that it has issued this guidance in response to a request from several operators and service providers of airports in France who are planning to deploy this technology on an experimental basis. In this blog post, we summarize the main principles that the CNIL says airports should observe when deploying biometric technology.

Source: French Supervisory Authority Releases Strict Guidance on the Use of Facial Recognition Technology at Airports | Inside Privacy

ICO probes Klarna after newsletter emailed to customers in error

Klarna, a Swedish provider of payment solutions, surprised some UK consumers this week when it mistakenly sent a marketing email to people who had not opted in to receive the weekly newsletter.

Klarna, a Swedish provider of payment solutions, mistakenly sent a marketing email to people who had not opted in to receive the weekly newsletter. And the ICO had received more than 90 complaints from members of the public.

Source: ICO probes Klarna after newsletter emailed to customers in error – PrivSec Report

IAB Europe’s ad tracking consent framework found to fail GDPR standard

A flagship framework for gathering Internet users’ consent for targeting with behavioral ads — which is designed by ad industry body, the IAB Europe — fails to meet the required legal standards of data protection, according to findings by its EU data supervisor.

The Belgian DPA’s investigation follows complaints against the use of personal data in the real-time bidding (RTB) component of programmatic advertising which contend that a system of high velocity personal data trading is inherently incompatible with data security requirements baked into EU law.

Source: IAB Europe’s ad tracking consent framework found to fail GDPR standard | TechCrunch

Schrems gets a judicial review of the Irish DPC’s procedure

European privacy campaigner Max Schrems has been granted a judicial review of the Irish regulator’s handling of his complaint.

He’s expecting the hearing to take place before the end of the year — and is hoping the action will, at long last, lead to a suspension of Facebook’s EU-US data transfers.

Schrems says his aim is to “kick start a ‘paused’ complaints procedure’” after Ireland’s Data Protection Commission (DPC) chose to open a new case procedure last month — simultaneously pausing its handling of his original complaint, which dates back some seven years at this point.

Source: Facebook EU-US data transfer complaint: Schrems gets a judicial review of the Irish DPC’s procedure | TechCrunch

ICO fines British Airways £20m for data breach affecting more than 400,000 customers

The Information Commissioner’s Office (ICO) has fined British Airways (BA) £20m for failing to protect the personal and financial details of more than 400,000 of its customers.

An ICO investigation found the airline was processing a significant amount of personal data without adequate security measures in place. This failure broke data protection law and, subsequently, BA was the subject of a cyber-attack during 2018, which it did not detect for more than two months.

Source: ICO fines British Airways £20m for data breach affecting more than 400,000 customers | ICO

France’s Health Data Hub to move to European cloud infrastructure to avoid EU-US data transfers

France’s data regulator CNIL has issued some recommendations for French services that handle health data, as Mediapart first reported.

Those recommendations follow a landmark ruling by Europe’s top court in July. The ruling, dubbed Schrems II, struck down the EU-U.S. Data Privacy Shield. Under the Privacy Shield, companies could outsource data processing from the EU to the U.S. in bulk. Due to concerns over U.S. surveillance laws, that mechanism is no longer allowed.

The CNIL is going one step further by saying that services and companies that handle health data should also avoid doing business with American companies — it’s not just about processing European data in Europe. Once again, this is all about avoiding falling under U.S. regulation and rulings.

Source: France’s Health Data Hub to move to European cloud infrastructure to avoid EU-US data transfers | TechCrunch

ICO Launches Consultation on Its Draft Statutory Guidance

On October 1, 2020, the UK Information Commissioner’s Office (ICO) launched a public consultation on its draft Statutory Guidance.

The Guidance provides an overview of the ICO’s powers and how it intends to regulate and enforce data protection legislation in the UK, including its approach to calculating fines.

Source: ICO Launches Consultation on Its Draft Statutory Guidance

The UK’s Department for Education ‘failed to protect children’s data’

A National Pupil Database held by the UK’s Department of Education had ‘no formal proactive oversight’ to protect children’s data, the Information Commissioner’s Office has found.

The ICO concluded in its compulsory audit this week that DfE had ‘no formal proactive oversight of any function of information governance’ relating to data for millions of children.

Source: The UK’s Department for Education ‘failed to protect children’s data’

>