fbpx

Download free GDPR compliance checklist!

Tag Archives for " GDPR "

Privacy investments get positive ROI

Cisco’s 2020 data privacy benchmark study provide strong evidence that privacy has become an attractive investment even beyond any compliance requirements. Organizations that get privacy right improve their customer relationships, operational efficiency, and bottom-line results.

The data in this report is derived from the Cisco Annual Cybersecurity Benchmark Study, a double-blind survey of 2800 security professionals in 13 countries. Survey respondents represent all major industries and a mix of company sizes.

Source: From Privacy to Profit: Achieving Positive Returns on Privacy Investments

Like CCPA, But Make it Virginia: States Scramble to Introduce Data Privacy Legislation of Their Own

With companies still scrambling to comply with the newly effective California Consumer Privacy Act (CCPA), other states continue to introduce data privacy legislation of their own.

Virginia added itself to the ever-growing list of states considering such bills when the Virginia Privacy Act (VPA) was introduced to the General Assembly for consideration January 8. The VPA combines the CCPA’s notice requirements with consumer rights similar to those found in the European Union’s General Data Protection Regulation (GDPR).

Source: Like CCPA, But Make it Virginia: States Scramble to Introduce Data Privacy Legislation of Their Own | News & Knowledge | Adams and Reese LLP

CNIL launches a public consultation on its draft recommendation on “cookies and other trackers”

On 4 July 2019, the CNIL published guidelines on the application of Article 82 of the French Data Protection Act. This article governs actions aiming at storing or gaining access to information already stored in the terminal of a user, i.e. in particular the use of cookies or other trackers when a user visits a website.

The CNIL conducted a consultation during the fall of 2019, in order to prepare a draft recommendation proposing operational procedures for obtaining consent. This draft is now subject to public consultation until 25 February, with a view to preparing the final version of the recommendation.

Source: CNIL launches a public consultation on its draft recommendation on “cookies and other trackers”

€114 Million in Fines Imposed by EU Authorities Under GDPR

New findings from DLA Piper show that 160,000 data breach notifications reported across 28 European Union Member States and data protection authorities have imposed €114 million in monetary fines under the GDPR for a wide range of infringements. Not all fines were related to data breach infringements, however.

In terms of the total value of fines issued by geographical region, France (€51m), Germany (€24.5m) and Austria (€18m) topped the rankings, whilst the Netherlands (40,647), Germany (37,636) and the UK (22,181) had the highest number of data breaches notified to regulators.

Source: €114m in Fines Imposed by Euro Authorities Under GDPR – Infosecurity Magazine

Italy fines gas company EUR 11.5 million for unsolicited telemarketing

The Italian Supervisory Authority imposed two fines on Eni Gas and Luce (Egl), totalling EUR 11,5 million, concerning respectively illicit processing of personal data in the context of promotional activities and the activation of unsolicited contracts.

The first fine of EUR 8,5 million relates to unlawful processing in connection with telemarketing and teleselling activities – advertising calls made without the consent of the contacted person or despite that person’s refusal to receive promotional calls, or without triggering the specific procedures for verifying the public opt-out register; the absence of technical and organisational measures to take account of the indications provided by users; longer than permitted data retention periods; and the acquisition of the data on prospective customers from entities (list providers) that had not obtained any consent for the disclosure of such data.

The second fine of EUR 3 million concerns breaches due to the conclusion of unsolicited contracts for the supply of electricity and gas under ‘free market’ conditions – many individuals learned about the conclusion of a new contract only on receiving the letter of termination of the contract with the previous supplier or else the first Egl bills.

Source: THE ITALIAN SUPERVISORY AUTHORITY FINES ENI GAS E LUCE EUR 11.5 MILLION – On account of unsolicited telemarketing and contracts

Carrefour’s fingerprint payments to be investigated by Belgian privacy agency

The Belgian Data Protection Authority has stated that there is “a good chance” it will investigate Carrefour’s fingerprint payment system.

The supermarket chain announced on Tuesday that it will organise a pilot project allowing clients to pay for their groceries with their fingerprints in a store in the centre of Brussels. The clients will be able to pay by scanning their finger at the cash register, after which the money will disappear from their bank account.

Source: Carrefour’s fingerprint payments to be investigated by Belgian privacy agency

2019 registers over €400m in data protection fines in Europe

Last year, the data protection authorities in the EEA imposed 190 fines with a total cost of over €410,000,000, according to a new report by Federprivacy.

The study analyzed official sources of information in the 30 countries that are part of the European Economic Area (EEA).

The most active Authority for Data Protection was Italy (GPDP) with 30 actions in 2019, followed by Spain (AEPD) with 28, and Romania (ANSPDCP) with 20. The strictest has been the UK (ICO) with €312,000,000 of sanctions (76% of the total).

Source: #Privacy: 2019 registers over €400m in data protection fines in Europe

Research reveals that most websites are not compliant with GDPR and ePrivacy Directive

Research has found that only 11.8% of consent management platforms (CMPs) meet the minimal requirements under GDPR and Europe’s eDirective regulations regarding cookies and consent.

A study conducted by researchers at MIT CSAIL, Denmark’s Aarhus University and University College London, analysed how prevalent CMP designs impact people’s consent choices.

Full article: #Privacy: Research reveals that most websites are not compliant with GDPR

Cookie consent tools are being used to undermine EU privacy rules

Most cookie consent pop-ups served to internet users in the European Union — ostensibly seeking permission to track people’s web activity — are likely to be flouting regional privacy laws, a new study by researchers at MIT, UCL and Aarhus University suggests.

“The results of our empirical survey of CMPs [consent management platforms] today illustrates the extent to which illegal practices prevail, with vendors of CMPs turning a blind eye to — or worse, incentivising — clearly illegal configurations of their systems,” the researchers argue, adding that: “Enforcement in this area is sorely lacking.”

Full article: Cookie consent tools are being used to undermine EU privacy rules, study suggests | TechCrunch

Dutch Court Decides on Scope of GDPR Right of Access

In late December 2019, the Court of The Hague (Netherlands) published a preliminary reference procedure (see here , in Dutch). The Court was asked to decide on the scope of the right of access under the GDPR.

The Court also pointed out that the GDPR does not grant a right to obtain a copy of documents; it only grants a right to obtain a copy of personal data. In relation to documents that do not contain much personal information, such as the e-mails in question, the court held that it suffices to describe the data they contain.

Source: Dutch Court Decides on Scope of GDPR Right of Access

1 2 3 122
>