Download free GDPR compliance checklist!

Tag Archives for " EU "

Monitoring of Employees Faces under Scrutiny in Europe

European privacy regulators are scrutinizing how employers collect workers’ personal data and dishing out multimillion-dollar fines for violations.

German electronics retailer notebooksbilliger.de is the latest company to be targeted. The seller of laptops, phones and other electronics online and in bricks-and-mortar shops was fined 10.4 million euros ($12.6 million), for using video surveillance cameras to monitor employees, the data protection regulator in the German state of Lower Saxony said this month.

The case reflects European authorities’ growing interest in employers’ use of technology to monitor employees.

Source: Monitoring of Employees Faces Scrutiny in Europe

An EU parliament website for COVID testing allegedly broke the EU’s privacy laws

The European Parliament is being investigated by the European Data Protection Supervisor after allegations that its COVID testing website didn’t meet EU privacy standards.

The website was set up to help MEPs schedule COVID tests, and while it didn’t handle any health information itself, sending data to the US for processing would still be illegal. According to the complaint, the testing website made over 150 requests to third parties, including Google and Stripe. Under EU law, data can only be transferred to the US if “an adequate level of protection for the personal data [can] be ensured,” and noyb argues that the companies “clearly fall under relevant US surveillance laws that allow [targeting of] EU citizens.”

The complaint also alleges that the cookie banners on the site didn’t disclose all of the cookies that would be stored on the user’s computer, and that the banners prodded users toward the “Accept All” button. Since cookies are used to track users across websites, and some of the ones found were from the aforementioned US companies, it’s understandable that EU regulators might be caught off guard.

Source: An EU parliament website for COVID testing allegedly broke the EU’s privacy laws – The Verge

Brussels zeroes in on Google’s adtech business

Brussels is not done with Google and has added the advertising technology at the heart of the search giant’s business model to its long list of concerns.

After slapping the U.S. search giant with fines exceeding €8 billion in three antitrust cases, the European Commission is now running two more investigations into Google. The first focuses on how the U.S. company gathers and uses data and the second one on how it behaves in the advertising business. The second case focuses on Brussels’ investigation into “Google’s practices in the advertising technology (“ad tech”) value chain, and its position in relation to advertisers, publishers and intermediaries, and competitors in search advertising, display advertising and ad tech services,” the document continues.

Source: Brussels zeroes in on Google’s adtech business – POLITICO

EUR 272.5m in fines imposed by European regulators under GDPR 

EUR 272.5 million of fines have been imposed for a wide range of infringements of Europe’s tough data protection laws according to international law firm DLA Piper.

EUR 158.5 million of fines imposed since 28 January 2020, a 39% increase on the previous 20 month period since the application of GDPR. Italy has imposed the highest aggregate fines with France imposing the highest individual fine to date. However, several multi-million euro fines have been successfully appealed or significantly reduced.

Source: EUR272.5m in fines imposed by European regulators under GDPR – Survey by international law firm DLA Piper | News | DLA Piper Global Law Firm

EDPB & EDPS adopt joint opinions on new sets of SCCs

The EDPB and EDPS have adopted joint opinions on two sets of contractual clauses (SCCs). One opinion on the SCCs for contracts between controllers and processors and one on the SCCs for the transfer of personal data to third countries.

Several amendments were requested in order to bring more clarity to the text and to ensure its practical usefulness in day-to-day operations of the controllers and processors. These include the interplay between the two documents, the so-called “docking clause” which allows additional entities to accede to the SCCs, and other aspects relating to obligations for processors. Additionally, the EDPB and EDPS suggest that the Annexes to the SCCs clarify as much as possible the roles and responsibilities of each of the parties with regard to each processing activity – any ambiguity would make it more difficult for controllers or processors to fulfil their obligations under the accountability principle.

Source: EDPB & EDPS adopt joint opinions on new sets of SCCs

Facebook’s EU-US data transfers face their final countdown

Ireland’s Data Protection Commission (DPC) has agreed to swiftly finalize a long-standing complaint against Facebook’s international data transfers which could force the tech giant to suspend data flows from the European Union to the US within in a matter of months.

The DPC has made the commitment to a swift resolution of Schrems’ complaint now in order to settle a judicial review of its processes which noyb, his privacy campaign group, filed last year in response to its decision to pause his complaint and opt to open a new case procedure.

Source: Facebook’s EU-US data transfers face their final countdown | TechCrunch

Court says all EU states can take data cases against Facebook

On January the 13th, the Advocate General of the Court of Justice of the European Union (CJEU) has delivered his opinion in the case opposing Facebook and the Belgian Data Protection Authority.

According to his opinion, which reiterates the principle defended by the Belgian DPA, the one-stop shop mechanism established by the GDPR does not prevent supervisory authorities from bringing proceedings to court before a national judge as long as it is in situations specifically provided for in the GDPR.

If upheld, the advocate general’s opinion, issued on Wednesday, would mean any of the 27 member states’ data authorities could take action against the social media giant headquartered in Dublin, potentially unleashing a flood of complaints against big tech companies.

Source: Court says all EU states can take data cases against Facebook

Council of the EU Released a New Draft of the ePrivacy Regulation

On January 5, 2021, the Council of the European Union released a new, draft version of the ePrivacy Regulation.

The Portuguese Presidency’s substantive amendments to the draft regulation propose to “simplify the text and to further align it with the GDPR,” and further “reflect the lex specialis relation of ePrivacy to the GDPR.”  In this respect, the Portuguese Presidency follows the same approach taken by the previous Presidencies of the Council.

Source: Council of the EU Released a (New) Draft of the ePrivacy Regulation | Inside Privacy

UK quietly shifts away from promise of ‘deep’ foreign and security links with EU

Plans for the UK to re-establish formal foreign and security policy links with the European Union, frozen during negotiations over a trade deal, may never be revived, as UK foreign policy focuses on bilateral links in Europe and developing new alliances in the Indo-Pacific and Middle East.

The freeze marks a little-discussed reversal of thinking from Theresa May’s era, when the political declaration at the time of Britain’s withdrawal spoke about negotiating deep cooperation between the UK and EU.

Full article: UK quietly shifts away from promise of ‘deep’ foreign and security links with EU | World news | The Guardian

Irish murderer appeals conviction on grounds of EU data law breach

When Graham Dwyer was convicted of murder in 2015 it was a triumph for Ireland’s police and judicial system. Phone data helped clinch murder conviction for Graham Dwyer in 2015.

Five years later, however, the conviction risks unravelling over the use of phone data – a twist that could see Dwyer walk free, and also have an impact on data privacy rules across Europe. Dwyer has now appealed on the grounds the retention and accessing of his mobile phone data breached EU law.

Court of Justice of European Union (CJEU) has ruled in recent cases involving Belgium, France and the UK that governments and service providers do not have broad rights to retain data on citizens, and legal experts expect the Dwyer decision to follow that pattern.

Source: Irish murderer appeals conviction on grounds of EU data law breach | Ireland | The Guardian

1 2 3 123