fbpx

Download free GDPR compliance checklist!

Tag Archives for " sanctions "

Italy tops GDPR penalty list with €46m worth of fines this year

Businesses operating within the European Union have been hit with a total of €68 million in fines relating to GDPR breaches so far in 2020.

Over €45 million of that came from Italian-owned companies, as result of 13 separate investigations. Sweden came in second, with €7.3 million in fines from 4 cases, while the Netherlands were ranked third with €2.8 million worth of penalties.

Source: Italy tops GDPR penalty list with €46m worth of fines this year | IT PRO

Belgian DPA imposes a €600,000 fine on Google Belgium for non-compliance with right to be forgotten

On 14 July 2020, the Belgian DPA imposed a fine of EUR600,000 on Google Belgium SA/NV (Google Belgium) for not respecting a Belgian resident’s right to be forgotten. This is the highest fine ever imposed by the Belgian DPA.

The complainant, an executive at an unnamed large company, had requested the removal of 12 URLs which he considered to be harmful to his reputation. These URLs concerned, on the one hand, search results regarding alleged links with a certain political party, and on the other hand, a harassment complaint declared unfounded in 2010. As Google had refused to remove several of the concerned links, the complainant referred the case to the Belgian DPA.

Source: Belgium: Belgian DPA imposes a EUR600,000 fine, its highest fine ever, on Google Belgium for non-compliance with right to be forgotten

EU regulators wrangle over Twitter data privacy penalty

European Union privacy regulators are wrangling over the penalty Ireland’s data privacy watchdog was set to issue Twitter for a data breach, pushing back the case’s long awaited conclusion under the bloc’s tough new data privacy rules.

The Irish Data Privacy Commission was expected to issue its decision in the Twitter case, which would be its first involving a US technology company since the new privacy law, known as GDPR, took effect in 2018, allowing for hefty fines.

But it said on Aug 20 that its counterparts in other countries – so-called concerned supervisory authorities – challenged a draft decision it circulated in May.

Source: EU regulators wrangle over Twitter data privacy penalty | The Star

GDPR supervisory authorities issued €2.9 million in fines in Q2 2020

There were at least 46 administrative fines under the GDPR in the past three months, with the penalties totalling nearly €2.9 million.

The Spanish Data Protection Authority led the way this quarter, issuing 16 fines. Meanwhile, Nordic countries were a large contributor to the quarter’s totals, with both the Norwegian Data Protection Authority and Finland’s Office of the Data Protection Ombudsman meting out four fines, and Sweden’s supervisory authority handing out three fines.

Source: GDPR supervisory authorities issued £2.6 million in fines in Q2 2020 – IT Governance UK Blog

UK data watchdog having a hard time making GDPR fines stick

British Airways expects the fine for its 2018 credit card data leak to be just 10.8 per cent of the £183m proposed by the UK data watchdog – while US hotel chain Marriott has both halved and kicked its own data blunder punishment into the long grass once again.

Mishcon’s Baines pondered whether the amount of ICO effort devoted to the two cases had disrupted its other data protection enforcement work: “One wonders if the effect of the BA and Marriott investigations has also been to cause work on other enforcement action to be paused, or at least delayed,” he mused, referring to boasts from Information Commissioner Elizabeth Denham last year that she was about to announce more big GDPR fines.

Source: UK data watchdog having a hard time making GDPR fines stick: Marriott scores another extension, BA prepares to pay 11% of £183m penalty threat • The Register

South Korean regulator fines TikTok over mishandling child data

The Korea Communications Commission (KCC), the country’s telecommunications watchdog, said it has fined the company 186 million won — around $155,000 — for failing to protect users’ private data.

The Korea Communications Commission said the Chinese company collected the data of children without consent from their legal guardians.

Source: South Korean regulator fines TikTok over mishandling child data | ZDNet

The Netherlands DPA imposes EUR 830,000 fine for access request fees

On the 6 th of July 2020, the Dutch Data Protection Authority  published its decision to impose a fine of 830,000 EUR on Stichting Bureau Krediet Registratie (BKR).

BKR keeps an electronic file of the loans and debts people have in the Netherlands, stored in a central database. The fine has been imposed due to the fact that BKR’s procedure for data subjects to obtain access to their personal data was not in line with GDPR.

Source: The Netherlands – DPA imposes EUR 830,00 fine for access request fees

Tech companies to pay $100,000 for collecting data on kids without parental consent

Attorney General Bob Ferguson announced that California-based technology company Super Basic LLC and its parent company Maple Media LLC will pay $100,000 to resolve an investigation by the Attorney General’s Office.

Ferguson’s investigation found the companies’ social media platform, “We Heart It,” allowed children to create accounts, collected their personal information and allowed third-party advertisers to collect data from them, all without legally required parental consent.

Source: AG Ferguson: Tech companies to pay $100,000 for violating Children’s Online Privacy Protection Act by collecting data on kids without parental consent | Washington State

GDPR Enforcement Loosens Amid Pandemic

The European Union has given some organizations more breathing room to remedy violations, yet no one should think regulators are planning to abandon the privacy legislation in the face of COVID-19.

While many expected GDPR to lead to “mega-fines” to punish organizations for data breaches and other failures to protect European consumer data after it first went into effect in 2018, punitive action thus far has depended on which country regulators are based.

Full article: GDPR Enforcement Loosens Amid Pandemic

Google Loses Its Appeal On 50 Million Euro GDPR Fine

Google lost on appeal of 50 million euro fine levied against Google in January 2019 for GDPR breaches.

On Friday, the Conseil d’État, a division of the French government that serves as the supreme court of administrative justice, sided with France’s data protection authority, the CNIL, which levied the fine against Google.

Source: Google Loses Its Appeal On 50 Million Euro GDPR Fine | AdExchanger

>