fbpx

Download free GDPR compliance checklist!

Tag Archives for " GDPR "

Belgian DPA to Take Down Websites Infringing GDPR

Belgian Data Protection Authority signed a cooperation agreement with DNS Belgium. The purpose of the cooperation agreement is to allow DNS Belgium to suspend “.be” websites that are linked to infringements of the GDPR.

The “Notice and Action” procedure is only available for infringements that cause very serious harm and are committed by natural or legal persons who deliberately infringe the law or who continue data processing activity despite a prior order by the Investigation Service or the Litigation Chamber of the Belgian DPA to suspend, limit, freeze (temporarily) or end the processing activity.

Source: Belgian DPA to Take Down Websites Infringing GDPR | Privacy & Information Security Law Blog

EU-US data transfer clarity may take several months, warns head of EDPS

European Data Protection Supervisor (EDPS) Wojciech Wiewiorowski says he does not expect a new solution to the Privacy Shield problem for several months, as the Biden administration grapples with other priority issues.

The head of the EDPS told Reuters said he is doubtful that EU businesses will receive clarity in the coming weeks and months over the uncertainty around EU-US data transfers.

Source: EU-US data transfer clarity may take several months, warns head of EDPB

France fines Google $120M and Amazon $42M for dropping tracking cookies without consent

France’s data protection agency, the CNIL, has slapped Google and Amazon with fines for dropping tracking cookies without consent.

Google has been hit with a total of €100 million ($120 million) for dropping cookies on Google.fr and Amazon €35 million (~$42 million) for doing so on the Amazon .fr domain under the penalty notices issued on December 10.

The regulator carried out investigations of the websites over the past year and found tracking cookies were automatically dropped when a user visited the domains in breach of the country’s Data Protection Act.

Source: France fines Google $120M and Amazon $42M for dropping tracking cookies without consent

Swedish court rejects Google’s appeal in RTBF case

The Swedish Administrative Court of Stockholm confirmed Google violated the EU General Data Protection Regulation in several instances and rejected Google’s motion that Sweden’s data protection authority’s, Datainspektionen, decisions repealed due to formal deficiencies.

The court upheld the fine of SEK 50 million, while the court lowered the fine for one violation from SEK 25 million to 2 million. The fine was lowered because one complaint was partly dismissed and one instance was not considered a violation (since Google adhered to the injunction without undue delay).

Source: Swedish court rejects Google’s appeal in RTBF case

EDPB Issues Guidance on Its Coordinated Enforcement Framework 

The European Data Protection Board has issued guidance on its Coordinated Enforcement Framework (CEF).

The CEF provides a structure for coordinating recurring annual activities by EDPB Supervisory Authorities. The annual coordinated action focuses on a pre-defined topic which participating SAs may pursue using a pre-defined methodology.

Full article: EDPB Issues Guidance on Its Coordinated Enforcement Framework | Privacy Compliance & Data Security

GDPR enforcement must level up to catch big tech, report warns

A new report by European consumer protection umbrella group Beuc, reflecting on the barriers to effective cross-border enforcement of the EU’s flagship data protection framework, makes awkward reading for the regional lawmakers and regulators as they seek to shape the next decades of digital oversight across the bloc.

Beuc’s report — which it’s called “The long and winding road: Two years of the GDPR: A cross-border data protection case from a consumer perspective” — details the procedural obstacles its member organizations have faced in seeking to obtain a decision related to the original complaints, which were filed with a variety of DPAs around the EU.

Source: GDPR enforcement must level up to catch big tech, report warns | TechCrunch

IAB releases DPIA guidance for Digital Advertising under GDPR

IAB has developed and published practical guide to carrying out data protection impact assessments (DPIA) under the EU’s General Data Protection Regulation (GDPR).

Guide provides background and describes the DPIA process in the context of processing data for digital advertising generally and for real-time bidding (RTB), in order to help companies understand their obligations and how to comply with them in practice. It explains how to incorporate the DPIA process into a company’s normal course of product design and development.

Source: GDPR Data Protection Impact Assessments (DPIA) for Digital Advertising under GDPR – IAB Europe

Activists Call for Scrutiny of Palantir Over Partnerships With EU Law Enforcement Agencies

SOMI, a Dutch privacy group, is calling for a large-scale investigation into the partnerships that data analytics company Palantir Technologies has with a number of law enforcement and intelligence agencies throughout the European Union.

SOMI contends that the firm could be participating in both knowing and unknowing privacy violations based on its associations with agencies that are making use of “predictive policing” technologies.

Source: Dutch Group Calls for Scrutiny of Palantir Over Opaque Partnerships With EU Law Enforcement Agencies, Possible Privacy Violations – CPO Magazine

French food retail giant Carrefour fined €3m for GDPR breaches

The French multinational retailer Carrefour has been fined €3m for multiple data protection failings.

Data protection agency CNIL has fined two companies of the Carrefour Group for breaches of GDPR in several areas, including the obligation to inform individuals, use of cookies, limiting the retention of data, the obligation to facilitate the exercise of rights and failure to respect rights.

Source: French food retail giant Carrefour fined €3m for GDPR breaches

EU Parliament Approves Collective Redress Directive

On November 24, 2020, the European Parliament endorsed the new directive on representative actions for the protection of the collective interests of consumers.

The Collective Redress Directive requires all EU Member States to put in place at least one effective procedural mechanism allowing qualified entities to bring representative actions to court for the purpose of injunction or redress.

Source: EU Parliament Approves Collective Redress Directive

>