fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " sanctions "

Parenting club Bounty fined £400,000 for selling users’ data

The parenting club Bounty has been fined £400,000 – one of the largest penalties possible – for sharing its data with marketing agencies without users’ permission.

Company illegally shared 34.4 million records with 39 companies – data brokers including Acxiom, Equifax and Sky – without securing consent from their users.

Source: Parenting club Bounty fined £400,000 for selling users’ data

Bounty UK fined £400,000 for sharing personal data unlawfully

The Information Commissioner’s Office (ICO) has fined Bounty (UK) Limited £400,000 for illegally sharing personal information belonging to more than 14 million people.

An ICO investigation found that Bounty, a pregnancy and parenting club, collected personal information for the purpose of membership registration through its website and mobile app, merchandise pack claim cards and directly from new mothers at hospital bedsides.

Source: Bounty UK fined £400,000 for sharing personal data unlawfully

Denmark Recommends First Fine Under New EU Privacy Law

Denmark’s Data Protection Authority (DPA) has recommended fining a taxi company 1.2 million kroner ($180,000) for not deleting customers’ telephone numbers, the first Danish penalty imposed under Europe’s strict 2018 privacy rules.

The fine demonstrates that it’s not enough for companies doing business in Denmark to delete people’s names and addresses to satisfy the requirements of the European Union’s General Data Protection Regulation. They must delete all information, including telephone numbers, to avoid potentially high fines.

Source: Denmark Recommends First Fine Under New EU Privacy Law

Birmingham Court fines pair over data breaches

The Information Commissioner’s Office (ICO) has warned that employees could face criminal charges if they access or share personal data without a valid reason.

The warning came after a Birmingham Magistrates’ Court fined two workers in separate cases for breaching data protection laws in 2017. Both individuals pleaded guilty to violations under the same sections of the Data Protection Act 1998.

Source: Birmingham Court fines pair over data breaches | IT PRO

First fine imposed by the Polish privacy watchdog

The President of the Personal Data Protection Office (UODO) imposed its first fine for the amount of PLN 943 000 (around €220 000) for the failure to fulfil the information obligation.

The decision of the UODO’s President concerned the proceedings related to the activity of a company which processed the data subjects’ data obtained from publicly available sources, inter alia from the Central Electronic Register and Information on Economic Activity, and processed the data for commercial purposes. The authority verified incompliance with the information obligation in relation to natural persons conducting business activity – entrepreneurs who are currently conducting such activity or have suspended it, as well as entrepreneurs who conducted such activity in the past.

The controller fulfilled the information obligation by providing the information required under Art. 14 (1) – (3) of the GDPR only in relation to the persons whose e-mail addresses it had at its disposal. In case of the remaining persons the controller failed to comply with the information obligation – as it explained in the course of the proceedings – due to high operational costs. Therefore, it presented the information clause only on its website. In the opinion of the President of the Personal Data Protection Office, such action was insufficient.

Source: First fine imposed by the President of the Personal Data Protection Office | European Data Protection Board

German Authorities Issue 41 GDPR Fines

A survey by Handelsblatt shows that 41 fines have been issued by German privacy authorities through mid-January of this year, according to an analysis by Mondaq.

The highest fine has been €80,000 — for an entity that allowed health-related data to be publicly seen, the report continues. In addition, a €20,000 penalty was imposed on the chat portal Knuddels.de by the State Data Protection and Freedom of Information Officer for Baden-Württemberg.

Source: German Authorities Issue 41 GDPR Fines: Report 02/25/2019

e-Privacy breaches can rise GDPR fines

Businesses face higher fines if their processing of personal data is found to breach both the General Data Protection Regulation (GDPR) and EU ‘e-Privacy’ rules, according to a new opinion issued by the European Data Protection Board (EDPB).

The EDPB’s opinion, issued earlier this month, concerns the interplay between the e-Privacy Directive and the GDPR.

Full article: GDPR: ‘e-Privacy’ breaches can be factored into fines

Year 1 of GDPR: Over 200,000 cases reported, firms fined €56 meeelli… Oh, that’s mostly Google

European data protection agencies have issued fines totalling €56m for GDPR breaches since it was enforced last May, from more than 200,000 reported cases – but watchdogs have said they’re just warming up. However, almost all of it comes from French data watchdog CNIL’s €50m fine for Google.

One thing that did change immediately under GDPR, if not the fines, was the number of incident reports. This was particularly so for companies turning themselves in over data breaches. In the first nine months, there were 206,326 cases reported under the new law from the supervisory authorities in the 31 countries in the European Economic Area.

Source: Year 1 of GDPR: Over 200,000 cases reported, firms fined €56 meeelli… Oh, that’s mostly Google • The Register

The Netherlands DPA confirms its GDPR fining policy

The Netherlands’ Data Protection Authority has published its GDPR fining policy which divides breaches into four categories according to their severity.

There are 4 tiers of fines up to 1 million euro. A higher fine than 1 million euros is, of course, possible if the circumstances so require.

Source: The Netherlands DPA confirms its GDPR fining policy – Privacy Laws & Business

German Authorities Issue 41 GDPR Fines

41 fines have been issued by German privacy authorities through mid-January of this year.

The fines are low compared to the EUR50 million meted out to Google by French authorities. The highest fine has been €80,000 – for an entity that allowed health-related data to be publicly seen. But this is an indication  that companies must maintain adequate data protection policies and practices.

Source: German Authorities Issue 41 GDPR Fines: Report 02/25/2019

>