Free tools and resources for Data Protection Officers!

Tag Archives for " DPA "

Irish DPA issues guidance on the Use of CCTV

Irelands data protection authority – Data Protection Commission – has issued a guidance on use of CCTVs and video surveillance.

This guidance is intended to assist owners and occupiers of premises, in particular those that are workplaces or are otherwise accessible to the public, to understand their responsibilities and obligations regarding data protection when using CCTV.

Access guidance: Guidance on the Use of CCTV – For Data Controllers • DPO.guide

French DPA to take action on online targeted advertisements

French data protection authority CNIL has received an important number of individual and collective complaints (La Quadrature du Net, Privacy International, NOYB) relating to online marketing. In 2018, 21% of the complaints were related to marketing in the broad sense.

Therefore, the CNIL has decided to make targeted online advertising a priority topic for 2019. In July, the CNIL will repeal its 2013 cookie recommendation that has become outdated in some respects (in particular for what concerns the expression of consent), and publish guidelines outlining the applicable rules of law.

Working sessions will be held in the second half of 2019 between the CNIL services and each category of stakeholders (content editors, advertisers, service providers and intermediaries in the marketing ecosystem, civil society), through their representative organizations.

The CNIL will carry out inspections on this the final recommendation 6 months after its final adoption.

Source: Online targeted advertisement: what action plan for the CNIL?

Facebook fined by Italian DPA €1M over Cambridge Analytica scandal 

Italy’s privacy regulator fined Facebook €1 million Friday for violations connected to the Cambridge Analytica scandal — the largest fine against the social networking giant connected to that case.

The €1 million fine follows a previous £500,000 sanction by the British privacy watchdog, which similarly found that the tech giant had not sufficiently protected people’s online data

Source: Facebook fined €1M over Cambridge Analytica scandal – POLITICO

CNIL issues fine of 20,000 euros against a small company in France regardin videosurveillance

The French data protection authority, the CNIL, announced on 18th June 2019 that it has issued a 20,000 euros fine against Uniontrad Company, a small company (9 employees) based in France and specialized in translations, for “excessive videosurveillance”.

According to the CNIL, employees of the company had filed complaints with the CNIL between 2013 and 2017 over the filming. In February 2018, the CNIL conducted an investigation at the company’s offices and found that a camera was continuously recording the staff’s activities at their work station, without sufficient information being provided to the staff.

Source: Videosurveillance: CNIL issues fine of 20,000 euros against a small company in France

ICO publishes update report on adtech

For several months ICO has been reviewing how personal data is used in real time bidding (RTB) in programmatic advertising, engaging with key stakeholders directly to understand the views and concerns of those involved.

As a result of research, ICO published Update report into adtech and real time bidding which summarises findings so far. If you operate in the adtech space, it’s time to look at what you’re doing now, and to assess how you use personal data.

Source: Blog: ICO Adtech update report published following industry engagement | ICO

UK’s DPA Publishes Report on Impact of GDPR

On 30 May 2019, the United Kingdom’s data protection authority – Information Commissionner’s Office (ICO) – released a report, “GDPR: One Year On”, discussing the impact of the GDPR and its associated learnings after one year following its implementation.

Report provides valuable insight into the enforcement practices, EU-wide cooperation, support functions, innovative practices and further growth plans of the ICO.

Source: ICO Publishes Report on Impact of GDPR

France enacts Decree on application of data protection

On 1 June 2019 Decree No. 2019-536 of 29 May 2019 Enacted For the Application of Act No. 78-17 of 6 January 1978 on Data Processing, Files and Individual Liberties came into force.

The Decree clarifies procedural rules of the French data protection authority, including its control and sanctions, and further specifies data subject rights. It also brings Act on Data Processing, Files and Individual Liberties in line with the General Data Protection Regulation (GDPR) and the Data Protection Directive with Respect to Law Enforcement.

Read the Decree here (in French).

CNIL Fines French Real Estate Service Provider for Data Security and Retention Failures

On June 6, 2019, the French Data Protection Authority (the “CNIL”) announced that it levied a fine of €400,000 on SERGIC, a French real estate service provider, for failure to (1) implement appropriate security measures and (2) define data retention periods for the personal data of unsuccessful rental candidates.

Source: CNIL Fines French Real Estate Service Provider for Data Security and Retention Failures

Spanish DPA fines soccer league 250K euros

La Liga has been fined 250,000 euros for violating the Spanish Data Protection Agency (AEPD) and the European General Data Protection Regulation (GDPR).

La Liga was using their mobile app to detect the bars that screen football matches without paying by activating the microphone of any user’s mobile so that it can detect sounds that bars emits if a private signal is used. AEPD found that information presented to users was opaque.

Source: Spanish DPA fines soccer league 250K euros