fbpx

Download free GDPR compliance checklist!

Tag Archives for " sanctions "

UK data watchdog having a hard time making GDPR fines stick

British Airways expects the fine for its 2018 credit card data leak to be just 10.8 per cent of the £183m proposed by the UK data watchdog – while US hotel chain Marriott has both halved and kicked its own data blunder punishment into the long grass once again.

Mishcon’s Baines pondered whether the amount of ICO effort devoted to the two cases had disrupted its other data protection enforcement work: “One wonders if the effect of the BA and Marriott investigations has also been to cause work on other enforcement action to be paused, or at least delayed,” he mused, referring to boasts from Information Commissioner Elizabeth Denham last year that she was about to announce more big GDPR fines.

Source: UK data watchdog having a hard time making GDPR fines stick: Marriott scores another extension, BA prepares to pay 11% of £183m penalty threat • The Register

South Korean regulator fines TikTok over mishandling child data

The Korea Communications Commission (KCC), the country’s telecommunications watchdog, said it has fined the company 186 million won — around $155,000 — for failing to protect users’ private data.

The Korea Communications Commission said the Chinese company collected the data of children without consent from their legal guardians.

Source: South Korean regulator fines TikTok over mishandling child data | ZDNet

The Netherlands DPA imposes EUR 830,000 fine for access request fees

On the 6 th of July 2020, the Dutch Data Protection Authority  published its decision to impose a fine of 830,000 EUR on Stichting Bureau Krediet Registratie (BKR).

BKR keeps an electronic file of the loans and debts people have in the Netherlands, stored in a central database. The fine has been imposed due to the fact that BKR’s procedure for data subjects to obtain access to their personal data was not in line with GDPR.

Source: The Netherlands – DPA imposes EUR 830,00 fine for access request fees

Tech companies to pay $100,000 for collecting data on kids without parental consent

Attorney General Bob Ferguson announced that California-based technology company Super Basic LLC and its parent company Maple Media LLC will pay $100,000 to resolve an investigation by the Attorney General’s Office.

Ferguson’s investigation found the companies’ social media platform, “We Heart It,” allowed children to create accounts, collected their personal information and allowed third-party advertisers to collect data from them, all without legally required parental consent.

Source: AG Ferguson: Tech companies to pay $100,000 for violating Children’s Online Privacy Protection Act by collecting data on kids without parental consent | Washington State

GDPR Enforcement Loosens Amid Pandemic

The European Union has given some organizations more breathing room to remedy violations, yet no one should think regulators are planning to abandon the privacy legislation in the face of COVID-19.

While many expected GDPR to lead to “mega-fines” to punish organizations for data breaches and other failures to protect European consumer data after it first went into effect in 2018, punitive action thus far has depended on which country regulators are based.

Full article: GDPR Enforcement Loosens Amid Pandemic

Google Loses Its Appeal On 50 Million Euro GDPR Fine

Google lost on appeal of 50 million euro fine levied against Google in January 2019 for GDPR breaches.

On Friday, the Conseil d’État, a division of the French government that serves as the supreme court of administrative justice, sided with France’s data protection authority, the CNIL, which levied the fine against Google.

Source: Google Loses Its Appeal On 50 Million Euro GDPR Fine | AdExchanger

Belgian Data Protection Authority Imposes Fine on Non-Profit Organization for Unlawful Direct Marketing Practices

On May 29, 2020, the Litigation Chamber of the Belgian Data Protection Authority  imposed a fine of €1,000 on a non-profit organization.

The decision followed a complaint filed by an individual who continued to receive promotional materials from the organization after he had objected to the processing of his contact details for direct marketing purposes and had requested that the organization erase his data from its database.

Source: Belgian Data Protection Authority Imposes Fine on Non-Profit Organization for Unlawful Direct Marketing Practices

Finland DPA imposes €72,000 GDPR fine against taxi company

The Office of the Data Protection Ombudsman has imposed an administrative fine against taxi company Taksi Helsinki for data protection violations.

Last summer, the company had replaced its camera surveillance system with one that recorded both audio and video, but failed to assess the legality of the related personal data processing as required by the EU General Data Protection Regulation (GDPR). Additionally, the taxi company also failed to conduct the impact assessments required by GDPR before the start of processing.

Source: #Privacy: Finland DPA imposes GDPR fine against taxi company

Belgian Authority Raises Red Flag for DPOs with Multiple Roles

Following its investigation of a personal data breach, the Belgian Data Protection Authority (DPA) issued a ruling on April 28, 2020, imposing a €50,000 fine on an organization for negligence in having appointed the company’s head of compliance, risk and audit as its data protection officer (DPO).

Notably, the DPA highlighted that the organization had not implemented a policy defining the DPO’s role until at least July 2019. Although such a policy had been prepared, the DPA indicated that such preparation alone was not enough to demonstrate the DPO’s independence.

Source: Belgian Authority Raises Red Flag for DPOs with Multiple Roles

Irish regulator reaches preliminary decision in Twitter privacy probe

Twitter may be the first big technology firm to face a fine by the EU’s lead regulator under the region’s tougher data protection rules after it submitted a preliminary decision in a probe into the social media firm to other member states.

The Twitter ruling relates to a 2019 probe into a bug in its Android app, where some users’ protected tweets were made public. Twitter is the subject of two of the 20 other inquiries the DPC had open into big tech firms at the end of 2019.

The DPC is not commenting on the substance of the preliminary Twitter decision at this point, Deputy Commissioner Graham Doyle told Reuters.

Source: Irish regulator reaches preliminary decision in Twitter privacy probe – EURACTIV.com

1 2 3 23
>