Tag Archives for " sanctions "

DPAs to pros: There’s no grace period, folks

While privacy professionals and companies have been working to get their processes in order, so too have the regulators who are tasked with watching over those processes.

What that’s meant for the Irish, French and U.K. data protection authorities has been an increase in staff and budget across the board.

Source: DPAs to pros: There’s no grace period, folks

GDPR: UK watchdog promises ‘proportionate and pragmatic’ enforcement

The UK’s information commissioner has promised to use new powers to issue “hefty fines” for breaches of data protection law sparingly.

From 25 May, Elizabeth Denham will have the power to issue fines of up to 4% of a business’ annual global turnover, or €20 million, whichever is highest, where they are responsible for certain breaches of the new General Data Protection Regulation (GDPR). Other types of breaches could attract fines of up to 2% of annual global turnover, or €10m.

Source: GDPR: UK watchdog promises ‘proportionate and pragmatic’ enforcement

GDPR will give Dutch privacy watchdog its teeth

The Netherlands’ privacy watchdog, Autoriteit Persoonsgegevens (AP), has been criticised in the past for its lack of action on data breaches.

Chairman Aleid Wolfsen has often said that the AP will “finally start showing its teeth” and threatened to fine companies that do not comply with the Netherlands’ privacy laws – but this hasn’t happened so far.

Source: Interview: GDPR will give Dutch privacy watchdog its teeth

CNIL’s notice on collection of smart meters data shows likely approach of DPAs post-GDPR

The French data protection authority (‘CNIL’) announced, on 27 March 2018, that it had issued a formal notice to DIRECT ENERGIE, Société Anonyme, for failing to obtain consent for the collection of customer usage data from its Linky smart meters, and ordered it to collect valid consent for the processing, including from those whose data has already been processed, within three months of receiving of the notice.

Source: France: CNIL notice to DIRECT ENERGIE on collection of smart meters data “indication of likely approach of DPAs post-GDPR”

UK investigates Facebook over data breach, to raid Cambridge Analytica

Britain is investigating whether Facebook did enough to protect data after a whistleblower said a London-based political consultancy hired by Donald Trump improperly accessed information on 50 million Facebook users to sway public opinion.

Elizabeth Denham, the head of Britain’s Information Commission, is seeking a warrant to search the offices of consultancy Cambridge Analytica after a whistleblower revealed it had harvested the private information of millions of people to support Trump’s 2016 U.S. presidential campaign.

Source: UK investigates Facebook over data breach, to raid Cambridge Analytica

WhatsApp will not share user data with Facebook until it complies with GDPR

Facebook, its popular messaging app WhatsApp, and the UK’s Information Commissioner’s Office (ICO) have reached a truce in their long-running investigation over how Facebook and WhatsApp share user data.

The ICO today announced that it has closed its investigation and concluded that WhatsApp and Facebook, in fact, cannot and do not share user data for anything other than basic data processing.

The two most significant upshots of this: WhatsApp (and Facebook) will not be fined; and the ICO has gotten WhatsApp to sign an undertaking in which it has committed publicly not to share personal data with Facebook in the future until the two services can do it in a way that is compliant with General Data Protection Regulation (GDPR).

Source: WhatsApp will not share user data with Facebook until it complies with GDPR, ICO closes investigation | TechCrunch

French businesses urged to have compliance plan for GDPR

Businesses operating in France will need to have a compliance plan in place if they want to avoid potential sanctions for breaches of the EU’s General Data Protection Regulation (GDPR).

Commission Nationale de l’information et des Liberties (CNIL), the French data protection authority, would be likely to consider the steps businesses were taking towards compliance in determining whether to take enforcement action once the GDPR begins to apply. This is because most businesses in France are unlikely to be fully compliant with the GDPR by 25 May this year, the date on which the new Regulation takes effect, she said. Richard said it was welcome that the CNIL had recognised this fact in a recent statement.

Source: French businesses urged to have compliance plan for GDPR

Equifax breach could be most costly in corporate history

Equifax Inc. said it expects costs related to its massive 2017 data breach to surge by $275 million this year, suggesting the incident at the credit reporting bureau could turn out to be the most costly hack in corporate history.

The projection, which was disclosed on a Friday morning earnings conference call, is on top of $164 million in pretax costs posted in the second half of 2017. That brings expected breach-related costs through the end of this year to $439 million, some $125 million of which Equifax said will be covered by insurance.

Source: Equifax breach could be most costly in corporate history

CNIL flexible on enforcement of new obligations for first months of GDPR regime

France’s Data Protection Authority, the CNIL, announced last month that in the first months of implementation of the GDPR, it may not sanction beaches of new obligations or rights resulting from the GDPR, such as the right to data portability and impact assessments.

This period of grace, however, requires that the organisations are engaged in the compliance process, are of ‘good faith’ and cooperate with the CNIL. However, if the CNIL detects breaches of well-established data protection principles, it will act immediately.

Source: CNIL flexible on enforcement of new obligations for first months of GDPR regime – Privacy Laws & Business

The FTC-Venmo Privacy Settlement is All About Design

Paypal has settled charges from the Federal Trade Commission (FTC) that stated its popular money transferring app, Venmo, misled customers with confusing privacy settings. The FTC complaint is a lesson in the importance of user-friendly design in app privacy settings, as well as the privacy risks of combining financial transactions with social networking.

Money transferring apps are a popular—and sometimes necessary—modern convenience. While some users enjoy the social aspect of Venmo, others just want to split the bill without sharing. For the second camp, there seemed to be an easy solution: you could change the default audience for your transactions from “public” to “participants only.”

Source: The FTC-Venmo Privacy Settlement is All About Design

1 2 3 6
>