fbpx

Download free GDPR compliance checklist!

Tag Archives for " GDPR "

Microsoft promises to challenge all government requests for customer data

Microsoft has vowed to challenge all requests that any government or security agency makes to access its customers’ data, and will even compensate firms where it’s forced to legally grant access.

The firm will challenge every government request for public sector or enterprise customer data, from any government, where there’s a lawful basis for doing so. Where customer data is handed to authorities in violation of GDPR, Microsoft will provide financial compensation to affected customers, it has said.

Source: Microsoft promises to challenge all government requests for customer data | IT PRO

European Commission Publishes Draft ‘Article 28’ Standard Contractual Clauses

In addition to issuing new (draft) standard contractual clauses for transferring personal data outside of the EEA, on November 12, the European Commission published a draft decision on standard contractual clauses between controllers and processors for the matters referred to in Article 28 of GDPR.

Use of the Clauses is not compulsory, and controllers and processors may still choose to negotiate individual contracts to satisfy the requirements of Article 28 GDPR and allow a certain degree of flexibility.

The Clauses are currently open for public consultation until 10 December 2020.

Source: European Commission Publishes Draft ‘Article 28’ Standard Contractual Clauses | Alston & Bird Privacy Blog

The Spanish Supervisory Authority Approves a GDPR Code of Conduct on Advertising

On September 16, 2020, the Spanish Supervisory Authority (AEPD) approved a “Code of Conduct for Data Processing in Advertising”. This is the first GDPR approved Code of Conduct with an accredited monitoring body in the European Union.

The Code broadly applies to any processing of personal data carried out for advertising purposes, including sending direct marketing communications and using cookies and other technologies for targeted advertising.

Source: The Spanish Supervisory Authority Approves a GDPR Code of Conduct on Advertising

Vodafone fined over 12 million Euro by Italian DPA for aggressive telemarketing practices

The Italian data protection supervisory authority (Garante per la protezione dei dati personali) ordered Vodafone to pay a fine in excess of Euro 12,250,000 on account of having unlawfully processed the personal data of millions of users for telemarketing purposes.

As well as having to pay the fine, the company is required to implement several measures set out by the Garante in order to comply with national and EU data protection legislation.

Investigations revealed the use of fake telephone numbers or numbers that were not registered with the ROC (i.e. the National Consolidated Registry of Communication Operators) in order to place the marketing calls. This practice is under Vodafone’s own spotlight and is seemingly related to a shady set of unauthorised call centres that carry out telemarketing activities in utter disregard of personal data protection legislation.

Additional violations could be established as for the handling of contact lists purchased from external providers.

Source: Aggressive telemarketing practices: Vodafone fined over 12 million Euro by Italian DPA

German Court Slashes a GDPR Privacy Fine by 90%

A German appeals court has slashed by 90% a General Data Protection Regulation fine levied by the nation’s federal privacy watchdog against 1&1 Telecom over call center data protection shortcomings.

In December 2019, Germany’s Federal Commissioner for Data Protection and Freedom of Information, or BfDI, announced a fine of 9.6 million euros ($11.3 million) – at the time, the second-largest privacy fine ever announced in Germany – against 1&1 Telecom.

Source: German Court Slashes a GDPR Privacy Fine by 90%

European Commission Publishes Draft of New Standard Contractual Clauses

On November 12, 2020, the European Commission published a draft implementing decision on standard contractual clauses for the transfer of personal data to third countries pursuant to the EU General Data Protection Regulation (GDPR), along with its draft set of new standard contractual clauses (SCC).

The SCCs are open for public consultation until December 10, 2020, and feedback may be submitted here. The adoption process for the SCCs requires an opinion of the European Data Protection Board and the European Data Protection Supervisor, and the positive vote of EU Member States through the comitology procedure. The final SCCs are expected to be adopted in early 2021.

Source: European Commission Publishes Draft of New Standard Contractual Clauses

Ticketmaster fined £1.25m over personal data breach

Ticketmaster has been fined £1.25m for failing to keep the personal data of millions of customers secure.

The online events ticket seller failed to put “appropriate security measures in place” to prevent a cyber-attack on a chat-bot installed on its online payment page, the Information Commissioner’s Office (ICO) in the UK said.

The breach potentially affected 9.4million customers across Europe. As a result, 60,000 payment cards belonging to Barclays Bank customers were subjected to fraud, and another 6,000 cards were replaced by Monzo bank after suspected fraud.

Source: Ticketmaster fined £1.25m over personal data breach

Twitter could face its first GDPR penalty within days

European data protection regulators have inched toward an enforcement decision for a Twitter breach that the company publicly disclosed in 2019, after a majority of EU data supervisors agreed to back a draft settlement submitted earlier by Ireland’s Data Protection Commission (DPC).

Twitter disclosed the bug in its ‘Protect your tweets’ feature at the start of last year — saying at the time that some Android users who’d applied its setting to make their tweets non-public may have had their data exposed to the public Internet since as far back as 2014.

Source: Twitter could face its first GDPR penalty within days | TechCrunch

EU finance ministers call for GDPR clarity as they back greater info-sharing to tackle money laundering

EU finance ministers are calling for clarity on data protection rules as they seek to harmonise anti money laundering regulations across Europe.

The European Union’s ECOFIN council yesterday backed plans to establish a single rule-book and centralised supervision of anti-money laundering and terrorist financing.

As part of the reform plan, ministers want the European Commission to “consider the expansion of information-sharing possibilities within groups of companies as well as between other obliged entities not belonging to the same group or the same sector, so as to allow better monitoring and compliance.”

Source: EU finance ministers call for GDPR clarity as they back greater info-sharing to tackle money laundering

Data protection scofflaws failed to pay £2m or 68% of fines from UK watchdog

Scofflaws have failed to pay nearly £2m in fines handed out by the UK Information Commissioner’s Office over the past 18 months, according to new research.

Between January 2019 and August 2020, the ICO issued a total of £3.2m in monetary penalty notices but just £1.03m has been paid, according to research from SMS API biz The SMS Works.

When measured as a percentage of the fine amount, nuisance-call operators were the least likely to have paid their fines, with The SMS Works finding that just 13 per cent of penalties handed to such firms had been paid.

Source: Data protection scofflaws failed to pay £2m in fines from UK watchdog – and 68% of penalties are still outstanding • The Register

>