fbpx

Download free GDPR compliance checklist!

Tag Archives for " sanctions "

Germany fines Facebook for under-reporting complaints

German authorities have fined Facebook 2 million euros for under-reporting complaints about illegal content on its social media platform in breach of the country’s law on internet transparency.

Germany’s Federal Office of Justice said that by tallying only certain categories of complaints, the web giant had created a skewed picture of the extent of violations on its platform.

Source: Germany fines Facebook for under-reporting complaints – Reuters

Facebook fined by Italian DPA €1M over Cambridge Analytica scandal 

Italy’s privacy regulator fined Facebook €1 million Friday for violations connected to the Cambridge Analytica scandal — the largest fine against the social networking giant connected to that case.

The €1 million fine follows a previous £500,000 sanction by the British privacy watchdog, which similarly found that the tech giant had not sufficiently protected people’s online data

Source: Facebook fined €1M over Cambridge Analytica scandal – POLITICO

CNIL issues fine of 20,000 euros against a small company in France regardin videosurveillance

The French data protection authority, the CNIL, announced on 18th June 2019 that it has issued a 20,000 euros fine against Uniontrad Company, a small company (9 employees) based in France and specialized in translations, for “excessive videosurveillance”.

According to the CNIL, employees of the company had filed complaints with the CNIL between 2013 and 2017 over the filming. In February 2018, the CNIL conducted an investigation at the company’s offices and found that a camera was continuously recording the staff’s activities at their work station, without sufficient information being provided to the staff.

Source: Videosurveillance: CNIL issues fine of 20,000 euros against a small company in France

CNIL Fines French Real Estate Service Provider for Data Security and Retention Failures

On June 6, 2019, the French Data Protection Authority (the “CNIL”) announced that it levied a fine of €400,000 on SERGIC, a French real estate service provider, for failure to (1) implement appropriate security measures and (2) define data retention periods for the personal data of unsuccessful rental candidates.

Source: CNIL Fines French Real Estate Service Provider for Data Security and Retention Failures

Spanish DPA fines soccer league 250K euros

La Liga has been fined 250,000 euros for violating the Spanish Data Protection Agency (AEPD) and the European General Data Protection Regulation (GDPR).

La Liga was using their mobile app to detect the bars that screen football matches without paying by activating the microphone of any user’s mobile so that it can detect sounds that bars emits if a private signal is used. AEPD found that information presented to users was opaque.

Source: Spanish DPA fines soccer league 250K euros

Belgian Data Protection Authority issues its first fine

On Tuesday 28 May 2019, the Belgian Data Protection Authority (DPA) imposed its first financial penalty since the entry into application of the GDPR.

The administrative fine amounts to EUR 2 000 and concerns the misuse of personal data for election purposes. Although the fine is modest, the message is not: Data protection is an important matter to us all, but data controllers must assume their responsibility, especially if they have a government mandate.

Read more: Belgium: Belgian Data Protection Authority issues its first fine

Caught between data protection and trade sanctions?

The rapid evolution of the economic sanctions environment constitutes a compliance challenge for multinationals and financial institutions in particular.

A significant emphasis is already placed on the use of technology for facilitating sanctions screening and filtering of listed individuals. While the technology will definitely improve sanctions compliance strategies, one might question to what extent these processing operations will be compatible with data protection rules?

Full article: Caught between data protection and trade sanctions? – CITIP blog

German regional data protection authorities impose fines of EUR 449,000 for GDPR breaches

German regional data protection authorities have imposed fines in 75 cases totalling EUR 449,0000 for breaches of the European General Data Protection Regulation (GDPR), since it came into effect in May 2018.

Fines have been imposed in six federal states. In Baden-Wurttemberg, for example, the data protection authorities imposed fined worth EUR 203,000 in seven cases, in Rhineland-Palatinate EUR 124,000 for nine cases, in Berlin EUR 105,600 for eighteen cases and in Hamburg, EUR 25,000 for two cases, the report added.

Source: German regional data protection authorities impose fines of EUR 449,000 for GDPR breaches – Telecompaper

Only 0.25% of reported data breach cases fined under GDPR

Data requested by digi.me shows that of 11,468 data breach cases closed by the Information Commissioner’s Office (ICO) since GDPR’s implementation, only 29 have resulted in financial penalties. That makes a penalty rate of just 0.25 per cent.

The data also revealed that 37,798 data protection concerns have been raised by members of the public since 25 May 2018. This figure is nearly three times the number of actual data breach cases investigated by the ICO during this same period (12,854).

Source: Digi.me investigation reveals only 0.25pc of reported data breach cases fined under GDPR – digi.me

Facebook facing 20-year consent agreement after privacy lapses

The social media giant Facebook is headed toward an agreement with the U.S. government over its privacy policies and practices that would put it under 20 years of oversight.

The agreement would resolve a probe of whether the company violated a similar consent pact reached in 2011. There had been expectations a deal was imminent after Facebook set aside $3 billion to pay what it said it expected to be a $3 billion to $5 billion penalty. But two sources said on Monday that no deal was expected this week.

Source: Facebook facing 20-year consent agreement after privacy lapses

>