fbpx

Download free GDPR compliance checklist!

Tag Archives for " GDPR "

UK Supreme Court says employer not liable for data breach by a disgruntled employee

The U.K.’s top court ruled that a British supermarket can’t be held responsible for a data breach by a disgruntled employee who leaked personal details of thousands of staff members online.

The Supreme Court concluded that the Court of Appeal had misunderstood the principles governing vicarious liability in their previous judgments in the case. This decision sets aside a significant liability risk which had arisen following the previous decisions in the case.

Source: Morrisons Wins U.K. Supreme Court Ruling Over 2014 Data Breach – Bloomberg

Brazil Senate Approves Bill Delaying LGPD Enforcement

The Brazil Senate unanimously approved a bill today that would delay implementation of the Brazil General Law for Data Protection, or LGPD, until January 1, 2021 and enforcement of fines and penalties until August 1, 2021.

The LGPD is currently scheduled to take effect on August 15, 2020. Passed in August 2018, the LGPD is the first comprehensive general data protection law in Latin America to be modeled after the European Union General Data Protection Regulation (“GDPR”).

Source: Brazil Senate Approves Bill Delaying LGPD Enforcement

EU Commission looks for feedback on GDPR

The European Commission will report on the application of the General Data Protection Regulation (GDPR) later this year. In accordance with Article 97 of the GDPR Commission is obliged to provide the report two years after its entry into application.

Commission opened for feedback its roadmap on the report on the application of the GDPR. Feedback will be taken into account for further development and fine tuning of the initiative.

You can provide feedback until 29 April 2020.

Source: Report on the application of the General Data Protection Regulation

GDPR ushers in civil litigation claims across the EU

The EU General Data Protection Regulation ushered in an enhanced private right of action for violations of the law, both for material or non-material damage.

Plaintiffs can sue for compensation based on the damage suffered. Attorneys say there’s now a significant uptick in cases brought alleging such a grievance has occurred, often as a “follow-on” to data protection authorities’ investigations. And depending on any given judge’s sympathy for plaintiffs alleging data misuse, as well as how sizable the class is, the cost to organizations could be significant.

Full article: GDPR ushers in civil litigation claims across the EU

Brussels Court of Appeal overrules first DPA fine to a private company

On Feb. 19, the Brussels Court of Appeal overruled one of the first decisions of the Belgian Data Protection Authority in a case involving the use of an electronic ID to get a loyalty card.

The Brussels Court of Appeal held that the customer did not give her identity card and, consequently, there was no processing of her data. Therefore, according to the court, the DPA did not demonstrate an actual personal data breach.

The court still underlined there was no prejudice for a customer because they could not get a loyalty card and therefore get a discount. There is no prejudice when one possible extra benefit is lost. It would have been different if the reading of the electronic ID was required to exercise a legal or contractual right.

Source: Brussels Court of Appeal overrules first DPA fine to a private company

Employers accused of abusing EU data privacy rules to hinder trade unions

The EU’s General Data Protection Regulation (GDPR) is being misused by employers across Europe as trade unions are denied access to information required to recruit and organise workers, a new study has found.

The trends highlighted in ETUC’s report bring to light the recent challenges for trade unions to mobilise their networks as a result of workplaces refusing access to employee data under the pretext that it is forbidden by the GDPR. In this vein, the report brings to attention cases in a range of EU member states including Spain, Luxembourg and Belgium.

Source: Employers accused of abusing EU data privacy rules to hinder trade unions – EURACTIV.com

Study reveals the global impact of GDPR

With the introduction in May 2018 of the European Union’s (EU) General Data Protection Regulation (GDPR), 2019 was expected to be the year of enforcement, with regulators using extended powers to set a higher bar for managing individuals’ data.

The latest Beazley Breach Insights report analyses the actions of data protection regulators across the EU in 2019 and the impact on organizations based elsewhere that are nonetheless subject to the rules through their business structure or customer base.

Source: #Privacy: Study reveals the global impact of GDPR – PrivSec Report

Brave files GDPR complaint against Google 

Brave has filed a GDPR complaint v Google for infringing the GDPR “purpose limitation” principle. Enforcement would be tantamount to a functional separation of Google’s business.

The purpose limitation principle requires that organizations must scrupulously ring fence data for specific purposes. These purposes must be made clear, and be very specific. However, Google’s purposes are so vaguely defined as to have no meaning or limit. The result is an internal data free-for-all that infringes the GDPR’s purpose limitation principle.

Source: Formal GDPR complaint against Google’s internal data free-for-all

France issues first legal decision on facial recognition

The Administrative Court (TA) of Marseille has made its decision regarding the use of facial recognition technology at two French high schools.

In a hearing before the TA, with La Quadrature du Net, The Human Rights League, the FCPE and CGT Educ’Action des Alpes Maritimes, the installation of a facial recognition system at the entrance of two French high schools were discussed.

TA ruled against the installation of the technology, stating that its deployment violated the EU General Data Protection Regulation (GDPR), as students were not able to provide consent “to the collection of personal data in a free and informed manner.”

Additionally, the court ruled that the technology was a disproportionate measure to manage the high school, especially with other alternative measures being available and less detrimental to students’ rights.

Source: #Privacy: France issues first legal decision on facial recognition

Croatian DPA issues credit institution 20m GDPR fine

The Croatian data protection authority (AZOP) has imposed a fine of EUR 20m for violating the EU General Data Protection Regulation.

Since October 2018, AZOP had been receiving multiple complaints from citizens regarding one of Croatia’s credit institutions based in Zagreb, whereby citizens were asking the institution for a request for information but were being refused.

Source: #Privacy: Croatian DPA issues credit institution 20m GDPR fine

1 2 3 124
>