fbpx

Download free GDPR compliance checklist!

Tag Archives for " sanctions "

Italian DPA fines Fastweb $5.3M under GDPR for aggressive telemarketing

The Italian Data Protection Authority announced a fine of €4.5 million (U.S. $5.3 million) against telecommunications company Fastweb for misusing customer data for telemarketing purposes.

Fastweb was viewed as a repeat offender in Garante’s judgment after being sanctioned under laws other than the GDPR in 2012 and 2018 for similar telemarketing violations. Another aggravating factor listed is the continued presence of the vulnerabilities in the customer database.

Garante has ordered Fastweb to strengthen security measures to prevent unauthorized access to its databases, overhaul its telemarketing practices to include enrolled customers only, and discontinue use of data obtained by third parties that did not first gain user consent.

Source: Italian DPA fines Fastweb $5.3M under GDPR for aggressive telemarketing | Article | Compliance Week

French data watchdog to start checking cookie policy compliance

France’s data protection watchdog CNIL will from 1st April begin conducting checks to ensure websites are in compliance with new guidelines on advertising trackers after the deadline it granted expired.

The new rules mean that user consent for advertising cookies must be granted by a “clear and positive act” such as clicking on an “I accept” button now ubiquitous across European websites. “Simply continuing to browse a site can no longer be considered as a valid expression of the web user’s consent,” the CNIL framework states.

Source: French data watchdog to start checking cookie policy compliance – EURACTIV.com

MEPs rue lack of GDPR sanctions issued by Irish data authority

MEPs have said that “a lack of political will and resources” had resulted in a laggard approach to enforcement of the EU’s general data protection regulation (GDPR), singling out in particular the lack of sanctions dished out by the Irish data protection authority.

To date, the Irish DPC has issued six fines for GDPR breaches. These include three against Tusla, the country’s Child and Family Agency, a €65,000 penalty issued against Cork University Maternity Hospital, a €70,000 fine for University College Dublin, and, in the first fine for a cross-border case, a €450,000 charged levied against Twitter for falling short of data breach notification obligations.

Source: MEPs rue lack of GDPR sanctions issued by Irish data authority – EURACTIV.com

Record penalty of more than 8 million for Vodafone for infringing the data law

The Spanish Data Protection Authority AEPD has fined 8.15 million euros against the British telephone operator with 8.15 million euros for non-compliant use of personal databases of the company and third parties to carry out commercial campaigns between 2018 and 2020.

AEPD opened an investigation last year against the company after receiving 191 complaints about calls and messages on behalf of Vodafone “without being requested or expressly authorized and / or without addressing the exercise of the right to oppose the sending of new notifications.”

The amount of each sanction ranges from 150,000 euros in the lowest to four million euros for a serious violation of the GDPR.

Source: Record penalty of more than 8 million for Vodafone for infringing the data law | Spain’s News

Deutsche Wohnen fine now declared invalid by a German court

There has been a big bang in the data protection world in Berlin as the first and most spectacular GDPR fine in Germany has just been declared invalid.

The Berlin Commissioner for Data Protection for Freedom of Information  issued a EUR 14.5 million fine against a German real estate company, die Deutsche Wohnen SE.

The Regional Court (Landgericht) of Berlin has now declared this fine invalid and closed the proceedings. The Berlin DPA will ask the public prosecutor’s office to appeal the Court’s decision and escalate the case to the next instance.

Source: Deutsche Wohnen fine now declared invalid by a German court

Facebook fined €7 million by watchdog

The Italian Antitrust Authority sanctioned Facebook Ireland Ltd. and its parent company Facebook Inc. for a total of €7 million for failing to implement the provisions issued against company in November 2018.

According to Authority, Facebook misled users about commercial use of their data.

In addition to fine, the Authority prohibited the further dissemination of the misleading practice and ordered the publication of an amendment statement on the homepage of the company website for Italy, on the Facebook app, and on the personal page of each registered Italian user.

Source: AGCM – Competition and Market Guarantor Authority

Swedish Police unlawfully used facial recognition app, says Privacy Watchdog

Upon news in the media of the Swedish Police Authority using the application Clearview AI for facial recognition the Swedish Authority for Privacy Protection (IMY) initiated an investigation against the Police.

The investigation concludes that Cleaview AI has been used by the Police on a number of occasions. According to the Police a few employees have used the application without any prior authorisation.

IMY imposed an administrative fine of SEK 2,500,000 (approximately EUR 250,000) on the Police Authority for infringements of the Criminal Data Act. IMY also ordered the Police to conduct further training and education of its employees in order to avoid any future processing of personal data in breach of data protection rules and regulations.

Source: Police unlawfully used facial recognition app – Integritetsskyddsmyndigheten

Australian government ordered to compensate asylum seekers for privacy breaches

The Information Commissioner and Privacy Commissioner in Australia, Angelene Falk, has found the Department of Home Affairs interfered with the privacy of 9,251 asylum seekers by mistakenly releasing their personal information.

The case arose from the department, formerly the Department of Immigration and Border Protection, publishing a detention report on its website in error seven years ago. The document contained embedded personal information which could identify everyone in immigration detention on 31 January 2014.

Source: Australian government ordered to compensate asylum seekers for privacy breaches – PrivSec Report

Belgian DPA imposes €50,000 Fine on Family Service

The Belgian DPA has imposed a fine of 50,000 euro on the company Family Service for various breaches of the GDPR.

Family Service is a marketing company that distributes “pink boxes” that include samples, special offers and information sheets for future parents. DPA found that the company was renting and/or selling personal data for commercial purposes. However, these practices were not indicated in the communication to customers in a clear and comprehensible manner.

Source: Belgian DPA imposes €50,000 Fine on Family Service

Epsilon agrees to pay $150m fine to DoJ for selling data to fraudsters

Marketing company Epsilon Data Management has agreed a $150m settlement with the United States’ Department of Justice (DoJ) to resolve a criminal charge for selling data on more than 30 million Americans to perpetrators of fraud schemes who were targeting older people.

The deferred prosecution agreement (DPA) includes Epsilon selecting and covering the costs of an independent claims administrator to distribute $127.5m compensation to victims with established losses caused by fraud schemes which used the company’s data.

Source: Epsilon agrees to pay $150m fine to DoJ for selling data to fraudsters

1 2 3 27
>