fbpx

Download free GDPR compliance checklist!

Tag Archives for " GDPR "

EDPB Issues Guidance on Its Coordinated Enforcement Framework 

The European Data Protection Board has issued guidance on its Coordinated Enforcement Framework (CEF).

The CEF provides a structure for coordinating recurring annual activities by EDPB Supervisory Authorities. The annual coordinated action focuses on a pre-defined topic which participating SAs may pursue using a pre-defined methodology.

Full article: EDPB Issues Guidance on Its Coordinated Enforcement Framework | Privacy Compliance & Data Security

GDPR enforcement must level up to catch big tech, report warns

A new report by European consumer protection umbrella group Beuc, reflecting on the barriers to effective cross-border enforcement of the EU’s flagship data protection framework, makes awkward reading for the regional lawmakers and regulators as they seek to shape the next decades of digital oversight across the bloc.

Beuc’s report — which it’s called “The long and winding road: Two years of the GDPR: A cross-border data protection case from a consumer perspective” — details the procedural obstacles its member organizations have faced in seeking to obtain a decision related to the original complaints, which were filed with a variety of DPAs around the EU.

Source: GDPR enforcement must level up to catch big tech, report warns | TechCrunch

IAB releases DPIA guidance for Digital Advertising under GDPR

IAB has developed and published practical guide to carrying out data protection impact assessments (DPIA) under the EU’s General Data Protection Regulation (GDPR).

Guide provides background and describes the DPIA process in the context of processing data for digital advertising generally and for real-time bidding (RTB), in order to help companies understand their obligations and how to comply with them in practice. It explains how to incorporate the DPIA process into a company’s normal course of product design and development.

Source: GDPR Data Protection Impact Assessments (DPIA) for Digital Advertising under GDPR – IAB Europe

Activists Call for Scrutiny of Palantir Over Partnerships With EU Law Enforcement Agencies

SOMI, a Dutch privacy group, is calling for a large-scale investigation into the partnerships that data analytics company Palantir Technologies has with a number of law enforcement and intelligence agencies throughout the European Union.

SOMI contends that the firm could be participating in both knowing and unknowing privacy violations based on its associations with agencies that are making use of “predictive policing” technologies.

Source: Dutch Group Calls for Scrutiny of Palantir Over Opaque Partnerships With EU Law Enforcement Agencies, Possible Privacy Violations – CPO Magazine

French food retail giant Carrefour fined €3m for GDPR breaches

The French multinational retailer Carrefour has been fined €3m for multiple data protection failings.

Data protection agency CNIL has fined two companies of the Carrefour Group for breaches of GDPR in several areas, including the obligation to inform individuals, use of cookies, limiting the retention of data, the obligation to facilitate the exercise of rights and failure to respect rights.

Source: French food retail giant Carrefour fined €3m for GDPR breaches

EU Parliament Approves Collective Redress Directive

On November 24, 2020, the European Parliament endorsed the new directive on representative actions for the protection of the collective interests of consumers.

The Collective Redress Directive requires all EU Member States to put in place at least one effective procedural mechanism allowing qualified entities to bring representative actions to court for the purpose of injunction or redress.

Source: EU Parliament Approves Collective Redress Directive

Microsoft promises to challenge all government requests for customer data

Microsoft has vowed to challenge all requests that any government or security agency makes to access its customers’ data, and will even compensate firms where it’s forced to legally grant access.

The firm will challenge every government request for public sector or enterprise customer data, from any government, where there’s a lawful basis for doing so. Where customer data is handed to authorities in violation of GDPR, Microsoft will provide financial compensation to affected customers, it has said.

Source: Microsoft promises to challenge all government requests for customer data | IT PRO

European Commission Publishes Draft ‘Article 28’ Standard Contractual Clauses

In addition to issuing new (draft) standard contractual clauses for transferring personal data outside of the EEA, on November 12, the European Commission published a draft decision on standard contractual clauses between controllers and processors for the matters referred to in Article 28 of GDPR.

Use of the Clauses is not compulsory, and controllers and processors may still choose to negotiate individual contracts to satisfy the requirements of Article 28 GDPR and allow a certain degree of flexibility.

The Clauses are currently open for public consultation until 10 December 2020.

Source: European Commission Publishes Draft ‘Article 28’ Standard Contractual Clauses | Alston & Bird Privacy Blog

The Spanish Supervisory Authority Approves a GDPR Code of Conduct on Advertising

On September 16, 2020, the Spanish Supervisory Authority (AEPD) approved a “Code of Conduct for Data Processing in Advertising”. This is the first GDPR approved Code of Conduct with an accredited monitoring body in the European Union.

The Code broadly applies to any processing of personal data carried out for advertising purposes, including sending direct marketing communications and using cookies and other technologies for targeted advertising.

Source: The Spanish Supervisory Authority Approves a GDPR Code of Conduct on Advertising

Vodafone fined over 12 million Euro by Italian DPA for aggressive telemarketing practices

The Italian data protection supervisory authority (Garante per la protezione dei dati personali) ordered Vodafone to pay a fine in excess of Euro 12,250,000 on account of having unlawfully processed the personal data of millions of users for telemarketing purposes.

As well as having to pay the fine, the company is required to implement several measures set out by the Garante in order to comply with national and EU data protection legislation.

Investigations revealed the use of fake telephone numbers or numbers that were not registered with the ROC (i.e. the National Consolidated Registry of Communication Operators) in order to place the marketing calls. This practice is under Vodafone’s own spotlight and is seemingly related to a shady set of unauthorised call centres that carry out telemarketing activities in utter disregard of personal data protection legislation.

Additional violations could be established as for the handling of contact lists purchased from external providers.

Source: Aggressive telemarketing practices: Vodafone fined over 12 million Euro by Italian DPA

1 2 3 137
>