fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " sanctions "

The Netherlands imposes first GDPR fine of EUR 460,000

The Dutch Data Protection Authority – Autoriteit Persoonsgegevens – has issued its first GDPR-fine of EUR 460,000. The fine is imposed on the Dutch Haga Hospital for having an insufficient internal security of patient records.

The hospital did not have in place two-factor authentication, which should have been the case when it comes to patient records. Also, while the hospital did control its logs (by a random check of six patient records per year), that this wasn’t sufficient to meet the requirement of ‘systematic, risk-oriented or intelligent control’, in particular considering the scale of data processing by the hospital.

Source: The Netherlands – First GDPR fine imposed: EUR 460,000

Facebook Dodged a Bullet From the FTC. It Faces Many More. 

The social network may have escaped restrictions and financial bruising with the F.T.C.’s settlement, but its pain is just beginning around the world.

Regulators and lawmakers in Washington, Europe and in countries including Canada have already begun multiple investigations and proposing new restrictions against Facebook that will probably embroil it in policy debates and legal wrangling for years to come. And in some of these places, the authorities are increasingly coordinating to form a more united front against the company.

Full article: Facebook Dodged a Bullet From the F.T.C. It Faces Many More. – The New York Times

ICO intends to fine Marriott International, Inc more than £99m for data breach

Marriott International has received a notification from the Information Commissioner’s Office (ICO) of its intention to fine the company £99,200,396.

In November 2018, Marriott had disclosed that their Starwood reservation database had been compromised between 2014 and 2018. The breach resulted in approximately 339 million guest records globally being exposed.

Source: ICO intends to fine Marriott International, Inc more than £99m for data breach

ICO intends to fine British Airways £183m for data breach

British Airways could face a fine of £183 million as a result of a data breach that was disclosed by the airline on 6 th September 2018.

The carrier said that it had received notification from the Information Commissioner’s Office (ICO) of the regulator’s intention to issue BA with the record-breaking fine after customer data was stolen from the company’s website.

Source: ICO intends to fine British Airways £183m for data breach

Romanian DPA fines UniCredit €130,000 for data protection by design failures

The National Supervisory Authority for Personal Data Processing (‘ANSPDCP’) announced, on 4 July 2019, that it had fined UniCredit Bank S.A. €130,000 for breach of Article 25(1) of the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’) relating to the principles of data protection by design and by default.

The ANSPDCP found that failure to implement appropriate technical and organisational measures designed to effectively implement data protection principles and integrate necessary safeguards in the processing of data led to the disclosure of data concerning 300,000 data subjects during the period of 25 May 2018 to 10 December 2018

Source: Romania: ANSPDCP fines UniCredit €130,000 for data protection by design failures

Germany fines Facebook for under-reporting complaints

German authorities have fined Facebook 2 million euros for under-reporting complaints about illegal content on its social media platform in breach of the country’s law on internet transparency.

Germany’s Federal Office of Justice said that by tallying only certain categories of complaints, the web giant had created a skewed picture of the extent of violations on its platform.

Source: Germany fines Facebook for under-reporting complaints – Reuters

Facebook fined by Italian DPA €1M over Cambridge Analytica scandal 

Italy’s privacy regulator fined Facebook €1 million Friday for violations connected to the Cambridge Analytica scandal — the largest fine against the social networking giant connected to that case.

The €1 million fine follows a previous £500,000 sanction by the British privacy watchdog, which similarly found that the tech giant had not sufficiently protected people’s online data

Source: Facebook fined €1M over Cambridge Analytica scandal – POLITICO

CNIL issues fine of 20,000 euros against a small company in France regardin videosurveillance

The French data protection authority, the CNIL, announced on 18th June 2019 that it has issued a 20,000 euros fine against Uniontrad Company, a small company (9 employees) based in France and specialized in translations, for “excessive videosurveillance”.

According to the CNIL, employees of the company had filed complaints with the CNIL between 2013 and 2017 over the filming. In February 2018, the CNIL conducted an investigation at the company’s offices and found that a camera was continuously recording the staff’s activities at their work station, without sufficient information being provided to the staff.

Source: Videosurveillance: CNIL issues fine of 20,000 euros against a small company in France

CNIL Fines French Real Estate Service Provider for Data Security and Retention Failures

On June 6, 2019, the French Data Protection Authority (the “CNIL”) announced that it levied a fine of €400,000 on SERGIC, a French real estate service provider, for failure to (1) implement appropriate security measures and (2) define data retention periods for the personal data of unsuccessful rental candidates.

Source: CNIL Fines French Real Estate Service Provider for Data Security and Retention Failures

Spanish DPA fines soccer league 250K euros

La Liga has been fined 250,000 euros for violating the Spanish Data Protection Agency (AEPD) and the European General Data Protection Regulation (GDPR).

La Liga was using their mobile app to detect the bars that screen football matches without paying by activating the microphone of any user’s mobile so that it can detect sounds that bars emits if a private signal is used. AEPD found that information presented to users was opaque.

Source: Spanish DPA fines soccer league 250K euros

>