fbpx

Download free GDPR compliance checklist!

Tag Archives for " sanctions "

Belgian Authority Raises Red Flag for DPOs with Multiple Roles

Following its investigation of a personal data breach, the Belgian Data Protection Authority (DPA) issued a ruling on April 28, 2020, imposing a €50,000 fine on an organization for negligence in having appointed the company’s head of compliance, risk and audit as its data protection officer (DPO).

Notably, the DPA highlighted that the organization had not implemented a policy defining the DPO’s role until at least July 2019. Although such a policy had been prepared, the DPA indicated that such preparation alone was not enough to demonstrate the DPO’s independence.

Source: Belgian Authority Raises Red Flag for DPOs with Multiple Roles

Irish regulator reaches preliminary decision in Twitter privacy probe

Twitter may be the first big technology firm to face a fine by the EU’s lead regulator under the region’s tougher data protection rules after it submitted a preliminary decision in a probe into the social media firm to other member states.

The Twitter ruling relates to a 2019 probe into a bug in its Android app, where some users’ protected tweets were made public. Twitter is the subject of two of the 20 other inquiries the DPC had open into big tech firms at the end of 2019.

The DPC is not commenting on the substance of the preliminary Twitter decision at this point, Deputy Commissioner Graham Doyle told Reuters.

Source: Irish regulator reaches preliminary decision in Twitter privacy probe – EURACTIV.com

As the GDPR turns 2, Big Tech should watch out for big sanctions

Get ready to see the EU’s landmark privacy regulation flex its muscles as it prepares for a fight.

The GDPR’s quiet first two years give a false impression of the impact the law has had on the global stage. The legislation has raised the EU’s profile among regulators and lawmakers around the world and inspired similar regulations in Brazil and India, as well as in California, home to many of the tech giants. Tech companies have had to change their privacy policies and disclosures not only in Europe but around the world, since it doesn’t make sense to observe two sets of privacy standards.

And industry watchers say more moves are coming. The regulators are just taking the time to make sure these sanctions stick.

Source: As the GDPR turns 2, Big Tech should watch out for big sanctions – CNET

GDPR enforcement held back by lack of resources

Enforcement of EU data privacy rules is being stifled by a lack of resources across national authorities, according to a new study published on 25 May, on the second anniversary of the EU’s landmark general data protection regulation (GDPR).

The report, published by the advocacy group Access Now, finds that due to a significant disparity in the funding of national data protection authorities, larger firms could try and use their economic wherewithal to potentially circumvent privacy provisions laid out in the GDPR.

Source: GDPR enforcement held back by lack of resources, report says – EURACTIV.com

Schrems calls on EU authorities to get Irish watchdog to speed up

Privacy activist Max Schrems has called on the European authorities to push the Irish regulator to speed up its handling of cases he has brought against Facebook on the second anniversary of the introduction of rules designed to help protect the data of consumers.

Max Schrems is not happy with the progress made since the introduction of the General Data Protection Regulation (GDPR) regime across Europe in 2018.

“After two years, we feel that the time has come to shine light on the shortcomings of the GDPR’s current enforcement in Ireland and bring the debate into the public,” the letter said.

Source: Schrems calls on EU authorities to get DPC to speed up

Turkish DPA Fines Amazon Turkey 160,000€

The Board of Turkish Data Protection Authority has imposed a total of 1.200.000 TL (160K €) fine against Amazon Turkey for sending commercial electronic messages to users without their consent, bundling signing up to the services as a prerequisite for providing consent, transferring personal data without obtaining explicit consent of the users and for failing to provide information in accordance with Law and regarding data processing with cookies.

It’s not only a decision to fine a tech giant for the authority but also an opportunity to show his teeth to data controllers about the Authority’s perspective about electronic messaging and cookie use (first of its kind) in Turkey.

Source: Turkish DPA’s landmark Amazon Turkey Ruling

First GDPR fine issued in Ireland

Eilis McDonald & John Magee Tusla, Ireland’s child and family agency, has become the first organisation fined under the GDPR in Ireland. The Irish Data Protection Commission (DPC) filed papers in the Circuit Court on Friday to confirm the €75,000 fine against the Agency.

Tusla collects and processes highly sensitive, often special category data concerning children, vulnerable women and families across Ireland. The DPC reported three separate statutory inquiries into Tusla in respect of a number of breaches which had been reported to it since May 2018. The breaches included various instances of inappropriate system access, accidental and inappropriate disclosure of personal data by email and unauthorised disclosure of data.

Source: IRELAND: First GDPR fine issued in Ireland

ICO Warns It Will Punish Those Abusing Data During COVID-19 Outbreak

The Information Commissioner’s Office has tweaked its approach the changing data environment that the COVID-19 pandemic is causing.

When it comes to a company’s employees and their health the data authorities stress that just because you are concerned about workers health doesn’t mean you should start collecting unnecessarily amounts of health data from them.

Source: ICO Warns It Will Punish Those Abusing Data During COVID-19 Outbreak

Belgian DPA Sanctions Company for Non-Compliance with the GDPR’s DPO Requirements

On April 28, 2020, the Litigation Chamber of the Belgian Data Protection Authority imposed a €50,000 fine on a company for non-compliance with the requirements under the General Data Protection Regulation related to the appointment of a data protection officer.

In its decision, the Litigation Chamber of the Belgian DPA upheld the alleged infringement of the GDPR’s DPO requirements (in particular Article 38(6) of the GDPR), arguing that by appointing the Head of the Compliance, Risk Management and Audit department as DPO, the company had failed to comply with its obligation to ensure that its DPO is free from any conflict of interest.

Source: Belgian DPA Sanctions Company for Non-Compliance with the GDPR’s DPO Requirements | Privacy & Information Security Law Blog

The Swedish DPA issues 18,700 euro fine against the National Government Service Centre

The Swedish Data Protection Authority imposes an administrative fine of 200,000 Swedish kronor (approximately 18,700 euro) on the National Government Service Centre for failing to notify affected parties as well as the Data Protection Authority about a personal data breach in due time.

The DPA noted that it took almost five months for the NGSC to notify the concerned parties and close to three months before the DPA received a data breach notification.

Source: The Swedish Data Protection Authority issues fine against the National Government Service Centre

1 2 3 23
>