fbpx

Download free GDPR compliance checklist!

Tag Archives for " sanctions "

Google’s Right-to-Be-Forgotten Fine Toppled by French Court

Google won a battle over the right to be forgotten after France’s top administrative court canceled a fine of 100,000 euros ($111,000) for failing to remove contentious search results globally.

France’s Council of State threw out the 2016 penalty, following guidance from the European Union’s highest court which last year backed the Alphabet Inc. unit by saying it should only scrub search results on European versions of its websites.

Source: Google’s Right-to-Be-Forgotten Fine Toppled by French Court – BNN Bloomberg

Brussels Court of Appeal overrules first DPA fine to a private company

On Feb. 19, the Brussels Court of Appeal overruled one of the first decisions of the Belgian Data Protection Authority in a case involving the use of an electronic ID to get a loyalty card.

The Brussels Court of Appeal held that the customer did not give her identity card and, consequently, there was no processing of her data. Therefore, according to the court, the DPA did not demonstrate an actual personal data breach.

The court still underlined there was no prejudice for a customer because they could not get a loyalty card and therefore get a discount. There is no prejudice when one possible extra benefit is lost. It would have been different if the reading of the electronic ID was required to exercise a legal or contractual right.

Source: Brussels Court of Appeal overrules first DPA fine to a private company

Croatian DPA issues credit institution 20m GDPR fine

The Croatian data protection authority (AZOP) has imposed a fine of EUR 20m for violating the EU General Data Protection Regulation.

Since October 2018, AZOP had been receiving multiple complaints from citizens regarding one of Croatia’s credit institutions based in Zagreb, whereby citizens were asking the institution for a request for information but were being refused.

Source: #Privacy: Croatian DPA issues credit institution 20m GDPR fine

Swedish Data Protection Authority imposes €7 million administrative fine on Google

The Swedish Data Protection Authority imposes a fine of 75 million Swedish kronor (approximately 7 million euro) on Google for failure to comply with the GDPR. Google as a search engine operator has not fulfilled its obligations in respect of the right to request delisting.

Swedish Data Protection Authority criticised Google for not having removed two of the search results, as instructed in 2017. Specifically, Google was criticised for having made too narrow an assessment of which URLs ought to actually be removed from search results, and, on another occasion, had not removed a search result in a timely manner.

Furthermore, when Google removes a search result listing and notifies the website owner of which webpage link was removed and who was behind the delisting request, it was in fact doing so without a legal basis. Therefore, Swedish Data Protection Authority ordered Google to cease such practice.

Source: The Swedish Data Protection Authority imposes administrative fine on Google – Datainspektionen

Fine for processing students’ fingerprints imposed on a school

The President of the Personal Data Protection Office imposed a fine of PLN 20 000 in connection with the breach consisting in the processing of biometric data of children when using the school canteen.

The school processed special categories of data (biometric data) of 680 children without a legal basis, whereas in fact it could use other forms of students identification.

Source: Fine for processing students’ fingerprints imposed on a school

Dutch DPA fines Tennis Association EUR 525,000

The Dutch DPA imposed a fine of EUR 525,000 on tennis association KNLTB for selling the personal data of its Members.

In 2018, KNLTB unlawfully provided personal data of a few thousand of its members to two sponsors. Data included name, gender and address, so that they could approach a selection of KNLTB members with tennis-related and other offers. One sponsor received personal data from 50,000, the other from more than 300,000 members. The sponsors approached some of those KNLTB members by post or telephone.

Source: Dutch DPA fines Tennis Association

Scottish company hit with maximum fine for making nearly 200 million nuisance calls

The Information Commissioner’s Office (ICO) has fined CRDNN Limited with the maximum £500,000 fine for making more than 193 million automated nuisance calls.

Operating out of a Clydebank business park, CRDNN Limited was raided by the ICO in March 2018, with computer equipment and documents seized for further analysis of their nuisance call operation.

Source: Scottish company hit with maximum fine for making nearly 200 million nuisance calls | ICO

Cathay Pacific fined £500,000 for failing to secure its customers’ personal data

The Information Commissioner’s Office (ICO) has fined Cathay Pacific Airways Limited £500,000 for failing to protect the security of its customers’ personal data.

Between October 2014 and May 2018 Cathay Pacific’s computer systems lacked appropriate security measures which led to customers’ personal details being exposed, 111,578 of whom were from the UK, and approximately 9.4 million more worldwide.

Source: International airline fined £500,000 for failing to secure its customers’ personal data | ICO

Big tech ‘procedural queries’ delay decision on first data fines

A decision by the Ireland’s data protection watchdog – Data Protection Commissioner – on whether to issue the first fines against big tech companies has been delayed by “procedural queries” raised by the firms. These include issues around company information it will share with other EU regulators.

Data Protection Commissioner Helen Dixon said the regulator’s decision-making on whether to fine big tech firms over potential data breaches has been delayed by “a lot of procedural queries” around information sharing with other EU regulators as part of the Irish regulator’s EU-wide inquiries.

Source: Big tech ‘procedural queries’ delay decision on first data fines – watchdog

Lack of big tech GDPR decisions looms large in EU watchdog’s annual report

Ireland’s Data Protection Commissioner – the lead European Union privacy regulator for most of big tech – has put out its annual report which shows another major bump in complaints filed under the bloc’s updated data protection framework, underlining the ongoing appetite EU citizens have for applying their rights.

But what the report doesn’t show is any firm enforcement of EU data protection rules vis-a-vis big tech. The report leans heavily on stats to illustrate the volume of work piling up on desks in Dublin. But it’s light on decisions on highly anticipated cross-border cases involving tech giants including Apple, Facebook, Google, LinkedIn and Twitter.

Read more: Lack of big tech GDPR decisions looms large in EU watchdog’s annual report | TechCrunch

1 2 3 21
>