fbpx

Download free GDPR compliance checklist!

Tag Archives for " sanctions "

EUR 272.5m in fines imposed by European regulators under GDPR 

EUR 272.5 million of fines have been imposed for a wide range of infringements of Europe’s tough data protection laws according to international law firm DLA Piper.

EUR 158.5 million of fines imposed since 28 January 2020, a 39% increase on the previous 20 month period since the application of GDPR. Italy has imposed the highest aggregate fines with France imposing the highest individual fine to date. However, several multi-million euro fines have been successfully appealed or significantly reduced.

Source: EUR272.5m in fines imposed by European regulators under GDPR – Survey by international law firm DLA Piper | News | DLA Piper Global Law Firm

German DPA fines company 10.4 million euros for monitoring employees without legal basis

The State Commissioner for Data Protection (LfD) Lower Saxony has imposed a fine of 10.4 million euros on notebooksbilliger.de AG. The company had video-monitored its employees for at least two years without any legal basis.

The illegal cameras recorded workplaces, sales rooms, warehouses and common areas, among other things. The company claimed that the aim of the installed video cameras was to prevent and investigate criminal offenses and to track the flow of goods in the warehouses. In order to prevent theft, a company must first examine milder means (e.g. random bag checks when leaving the business premises). Video surveillance to uncover criminal offenses is also only lawful if there is justified suspicion against specific persons.

Source: LfD Niedersachsen imposes a fine of 10.4 million euros on notebooksbilliger.de | The State Commissioner for Data Protection Lower Saxony

Ticketmaster Pays $10 Million Criminal Fine for Intrusions into Competitor’s Computer Systems

Ticketmaster Used Passwords Unlawfully Retained by a Former Employee of a Competitor to Access Computer Systems in Scheme to “Choke Off” the Victim’s Business.

Ticketmaster agreed to pay a $10 million fine to resolve charges that it repeatedly accessed without authorization the computer systems of a competitor. The fine is part of a deferred prosecution agreement that Ticketmaster has entered with the United States Attorney’s Office for the Eastern District of New York to resolve a five-count criminal information filed today charging computer intrusion and fraud offenses.

Source: Ticketmaster Pays $10 Million Criminal Fine for Intrusions into Competitor’s Computer Systems

Twitter fined by Ireland over bug that made private tweets public, in world first for EU data privacy law

Ireland has fined the company €450,000 for its failure to quickly report the breach, which was the result of a bug in the Android app.

It is the first time that a US company has been fined under a new data privacy system instituted in the EU as part of its General Data Protection Regulation regime.

The fine related to an issue in Twitter’s app that emerged in 2019. A technical problem meant that tweets that were supposed to be protected could be viewed by the public, the Irish Data Protection Commission said.

Source: Twitter fined by Ireland over bug that made private tweets public, in world first for EU data privacy law | The Independent

France fines Google $120M and Amazon $42M for dropping tracking cookies without consent

France’s data protection agency, the CNIL, has slapped Google and Amazon with fines for dropping tracking cookies without consent.

Google has been hit with a total of €100 million ($120 million) for dropping cookies on Google.fr and Amazon €35 million (~$42 million) for doing so on the Amazon .fr domain under the penalty notices issued on December 10.

The regulator carried out investigations of the websites over the past year and found tracking cookies were automatically dropped when a user visited the domains in breach of the country’s Data Protection Act.

Source: France fines Google $120M and Amazon $42M for dropping tracking cookies without consent

Swedish court rejects Google’s appeal in RTBF case

The Swedish Administrative Court of Stockholm confirmed Google violated the EU General Data Protection Regulation in several instances and rejected Google’s motion that Sweden’s data protection authority’s, Datainspektionen, decisions repealed due to formal deficiencies.

The court upheld the fine of SEK 50 million, while the court lowered the fine for one violation from SEK 25 million to 2 million. The fine was lowered because one complaint was partly dismissed and one instance was not considered a violation (since Google adhered to the injunction without undue delay).

Source: Swedish court rejects Google’s appeal in RTBF case

Twitter data breach decision due on December 17

Despite “very divergent views” between EU data protection authorities over a case of data breaches by Twitter, a final decision on the bloc’s first major cross-border online privacy case is due to be published on December 17th, it has been revealed.

Irish Data Commissioner Helen Dixon said on Thursday (3 December) that talks with fellow EU data protection regulators had been beset by “high levels of dispute” on a final decision as to Twitter’s punishment following a 2019 disclosure on a bug in its Android app. The bug had led to some Twitter users’ protected tweets being made public.

Source: Twitter data breach decision due on December 17: Irish data regulator – EURACTIV.com

EDPB Issues Guidance on Its Coordinated Enforcement Framework 

The European Data Protection Board has issued guidance on its Coordinated Enforcement Framework (CEF).

The CEF provides a structure for coordinating recurring annual activities by EDPB Supervisory Authorities. The annual coordinated action focuses on a pre-defined topic which participating SAs may pursue using a pre-defined methodology.

Full article: EDPB Issues Guidance on Its Coordinated Enforcement Framework | Privacy Compliance & Data Security

Facebook Pays Russia $50K Fine For Not Localizing User Data

Facebook has paid Russian authorities a 4 million ruble ($53,000) fine over its refusal to comply with controversial data localization laws.

Under laws which came into force in 2016, Russia requires all foreign technology companies to store data related to their Russian customers and users on servers located inside Russia.

Source: Facebook Pays Russia $50K Fine For Not Localizing User Data – The Moscow Times

French food retail giant Carrefour fined €3m for GDPR breaches

The French multinational retailer Carrefour has been fined €3m for multiple data protection failings.

Data protection agency CNIL has fined two companies of the Carrefour Group for breaches of GDPR in several areas, including the obligation to inform individuals, use of cookies, limiting the retention of data, the obligation to facilitate the exercise of rights and failure to respect rights.

Source: French food retail giant Carrefour fined €3m for GDPR breaches

1 2 3 26
>