fbpx

Download free GDPR compliance checklist!

Tag Archives for " sanctions "

Irish data protection commissioner set to issue decisions on Twitter and Whatsapp probes by end of year

The Irish data protection commissioner expects to issue decisions on investigations into Twitter and Whatsapp by the end of the year, a spokeswoman has said.

However, the effect of any sanction or fine, if issued, would not occur for “months” after that due to statutory examination processes.

Helen Dixon’s office concluded its investigation several weeks ago and is formulating draft decisions, possibly with the inclusion of a sanction, fine or regulatory order for Whatsapp and Twitter to change their own processes.

Source: Irish data protection commissioner set to issue decisions on Twitter and Whatsapp probes by end of year – Independent.ie

The Polish supervisory authority imposed first administrative fine on a public entity

The President of the Personal Data Protection Office (“The President of the Office”) imposed first administrative fine of PLN 40,000 on a public entity for failure to comply with the GDPR.

The reason for imposing the fine was that the mayor of the city did not conclude a personal data processing agreement with the entities to which he transferred data.

Apart from the financial penalty, the President of the Office also ordered the controller to take action to remedy the relevant infringements within 60 days

Source: The Polish supervisory authority imposed first administrative fine on a public entity

Criminal proceedings against Österreichische Post

The Austrian data protection authority imposed an administrative fine of 18 million euros on Österreichische Post AG (Austian Postal Service) after conducting administrative fine proceedings.

Austrian DPA concluded taht Österreichische Post had violated the GDPR by processing personal data on the alleged political affinity of affected data subjects. In addition, another GDPR violation was the further processing of data on package frequency and the frequency of relocations for the purpose of direct marketing.

However, the penalty is not final, as it can be challenged before the Federal Administrative Court within four weeks after the delivery of the penalty notice.

Source: Criminal proceedings of the Austrian data protection authority against Österreichische Post AG (Austrian Postal Service) | European Data Protection Board

Facebook accepts Cambridge Analytica fine

Facebook has said it will pay the £500,000 financial penalty that the social network was issued by the UK’s data privacy watchdog, the Information Commissioner’s Office (ICO).

The fine came as a result of Facebook’s role in the Cambridge Analytica scandal, news of which first broke in March 2018.

Source: #Privacy: Facebook accepts ICO Cambridge Analytica fine

Where does the GDPR fine money go?

On 8 July 2019, the UK’s ICO issued British Airways with a £183 million penalty for violations and just one day later levied a £99 million fine against hotel chain Marriott. Google was hit with a €50 million fine by French authorities, and at least 70 enforcement actions have been taken in total across the EU little more than a year after the new regulations came into force.

But the destination of this money, which has the potential to exceed billions in the next few years, has been the subject of uncertainty. The relatively untested one-stop-shop principle, too, may lead to tensions brewing as data protection authorities wrestle over claims for jurisdiction with regards to mammoth investigations

Full article: GDPR: Where does the fine money go? | IT PRO

Spanish DPA fines company for the cookie policy with 30,000 euros

The Spanish Data Protection Authority fined the company Vueling for the cookie policy used on its website with 30,000 euros because users who access the company’s website do not have the ability to configure the cookies that are installed on their computers.

When accessing online the cookie policy of the website, users are informed about what cookies are and what cookies they use (first and third-party). What the company does not provide is a management system or cookie configuration panel that allows the user to delete them in a granular way.

Source: The Spanish Data Protection Authority fined the company Vueling for the cookie policy used on its website with 30,000 euros | European Data Protection Board

Debt Collection Agency to Pay $267 Million in Robocall Lawsuit

On September 10, 2019, California federal judge entered a $267 million judgment against a debt collection agency, Rash Curtis & Associates.

Rash Curtis & Associates contacted consumers via robocall without their prior express consent, a violation of the Telephone Consumer Protection Act (TCPA). The jury found that the debt collection company made more than 534,000 such unsolicited robocalls.

Source: Verdict: Debt Collection Agency to Pay $267 Million in Robocall Lawsuit | Top Class Actions

Polish DPA imposes €645,000 fine for insufficient organisational and technical safeguards

The President of the Personal Data Protection Office imposed a fine of an amount higher than PLN 2.8 million (ca. 645,000 euros) on Morele.net.

The company’s organisational and technical measures for the protection of personal data were not appropriate to the risk posed by the processing of personal data, which means that data of about 2.2 million people have fallen into the wrong hands.

Source: Polish DPA imposes €645,000 fine for insufficient organisational and technical safeguards

Belgian DPA: Requiring Customers to Allow Their ID Cards To Be Scanned To Receive Loyalty Cards Violates GDPR

Asking to read an electronic ID card as a condition for the provision of a service (issuing a rewards/loyalty card) is disproportionate and in violation of GDPR, says the Belgian data protection authority. The company was fined €10,000.

Source: Belgian DPA: Requiring Customers to Allow Their ID Cards To Be Scanned To Receive Loyalty Cards Violates GDPR

New Calculation Model for Data Protection Fines in Germany

In June, the conference of the German Data Protection Authorities (Datenschutzkonferenz) approved a concept for the calculation of GDPR fines.

“In a first step, the fine is calculated in daily rates derived from the worldwide company turnover of the previous year. The daily rate is multiplied by a factor which depends on the seriousness of the breach and is determined by the application of a scoring system. The sum is then reduced or increased depending on the degree of fault and on whether there have been any previous breaches. Three or more previous breaches can lead to a surcharge of 300 per cent. Mitigating factors will also be taken into account.”

Source: New Calculation Model for Data Protection Fines in Germany | Inside Privacy

1 2 3 18
>