fbpx

Download free GDPR compliance checklist!

Tag Archives for " sanctions "

ICO Delays British Airways and Marriott GDPR Fines

Further to the publication of the ICO’s notices of intention to fine British Airways and Marriott in July 2019, the ICO has recently issued a statement delaying the issuance of both GDPR fines which had originally been expected by the end of 2019.

The ICO’s initial notices of intention to fine had stated that British Airways would face a fine of £183m ($228m) and Marriott, a fine of £99m ($123m). ICO will now have until March 31, 2020 to finalize the penalties imposed on both British Airways and Marriott, which were the result of two high-profile data breaches and subsequent ICO investigations.

Source: ICO Delays British Airways and Marriott GDPR Fines

First Ever UK GDPR Penalty is €325k for London Pharmacy

The first ever General Data Protection Regulation (GDPR) penalty in the United Kingdom has been sanctioned against a London-based pharmacy by the Information Commissioner’s Office (ICO).

ICO has fined Doorstep Dispensaree €325,000 (UK£275,000) by the Information Commissioner’s Office (ICO) in relation to its ‘cavalier attitude to data protection’. This decision was taken after it was discovered that that Burnt Oak Broadway, Edgware based pharmacy placed 500,000 medical documents that included sensitive information in unsecured and unlocked containers, disposal bags and in a cardboard box.

Source: First Ever UK GDPR Penalty is €325k for London Pharmacy – Compliance Junction

European tech regulator despairs over lack of enforcement

The world’s toughest privacy law proves toothless in the eyes of many critics.

More than 18 months after the European Union began implementing the world’s toughest privacy law, the bloc’s ability to rein in Big Tech is increasingly in doubt amid growing frustration over a lack of enforcement actions and weak cooperation on investigations.

side from a €50 million fine that France’s privacy regulator imposed on Google in January, there have been no fines or remedies levied at a U.S. giant since the GDPR came into effect. And the two nations most directly responsible for policing the tech sector — Ireland and Luxembourg, where the largest tech firms have their European headquarters — have yet to wrap up a single investigation of any magnitude concerning a U.S. firm.

Full article: ‘We have a huge problem’: European tech regulator despairs over lack of enforcement – POLITICO

Brazil fines Facebook $1.6 million over improper data sharing

Brazil announced that it had fined Facebook $1.6 million over improperly sharing user data with Cambridge Analytica.

In issuing the fine, the Department of Consumer Protection said the data of 443,000 Facebook users was “misused” by developers of the Facebook app “thisisyourdigitallife.”

The agency ruled the data was used “for questionable purposes and without the represented parties being able to demonstrate any modifying fact that that number was actually smaller.”

Source: Brazil fines Facebook $1.6 million over improper data sharing | TheHill

Belgian Supervisory Authority Imposes Cookie Fine

On December 17, 2019, the Belgian Supervisory Authority imposed a fine of €15,000 on an company operating a legal information website with approximately 35,000 unique monthly visitors for violations regarding use of cookies.

According to supervisory authority, company provided insufficient information about the cookies deployed on the website. Moreover, the cookie policy was only available in English, whereas the website targeted Dutch and French-speaking readers.

Further, the website did not obtain opt-in consent for certain types of cookies used, including first-party analytics cookies, and where consent was obtained, it was not sufficiently granular. Also, there was no easy way for users to withdraw consent.

Source: Belgian Supervisory Authority Imposes Cookie Fine

German Telecommunications Company Fined 9.5 Million Euros for GDPR Violation

German Federal Data Protection Supervisory Authority (BfDI) imposed a 9.55 million Euro fine on the telecommunications company 1&1 Telecom GmbH.

The BfDI found that the authentication procedures used by 1&1’s customer helpline were insufficient and failed to satisfy the requirements of Art. 32 GDPR. The company announced that it will challenge the order, arguing that the size of the fine is disproportionate.

Source: German Telecommunications Company Fined 9.5 Million Euros for GDPR Violation | Inside Privacy

TikTok to Pay $1.1 Million to Settle Kids’ Data Collection Suit

TikTok and its parent company ByteDance have agreed to pay $1.1 million to settle a proposed class action alleging that the app Musical.ly violated children’s privacy laws by collecting their data and operating the app “in a reckless and unlawful manner for commercial gain.”

Complaint against TikTok alleged that Musical.ly—which was acquired by ByteDance 2017 and later rebranded as TikTok— “surreptitiously tracked, collected, and disclosed the personally identifiable information and/or viewing data … of minor children, and then sold that data to third-party advertisers so they could, in turn, market their products and services” on the app.

Source: TikTok to Pay $1.1 Million to Settle Kids’ Data Collection Suit

Hungary imposed a fine of EUR 3.6 M on Facebook

The Hungarian Competition Authority – GVH – found that Facebook Ireland Ltd. had infringed competition law when it advertised its services as being free of charge on its home page and Help Centre.

While it was true that users did not have to pay for the concerned services, Facebook benefited economically from the users’ data and activities, with users in this way paying for the services provided by the undertaking. The GVH imposed a fine amounting to a total of EUR 3.6 M, which is the highest fine that the Authority has ever imposed in a consumer protection case.

Source: GVH imposed a fine of EUR 3.6 M on Facebook – GVH

Top 10 GDPR Breaches in 2019 Cause €402.6 Million Fines

Enormous fines imposed for data breaches in 2019 prove that regulators have become severe about penalizing companies and organizations that don’t adequately protect consumer information.

The ten most significant GDPR breaches in 2019 have caused €402.6 million fines in total. The three highest data breach penalties in 2019 make nearly 90 percent of this sizeable amount:

  • British Airways was fined a record €204.6 by UK’s ICO;
  • Marriott International was fined a €110.3 million by UK’s ICO;
  • Google inc. was fined a €50 million by french DPA.

Source: Top 10 GDPR Breaches in 2019 Cause €402.6 Million Fines – Virus Solution and Removal

The ICO are owed £7m in unpaid fines

The Information Commissioner’s Office (ICO) are struggling to collect monetary penalties from organisations it has fined since 2015.

152 fines have been issued since 2015, equating to £16.6 million – however, 30% are still unpaid which amounts to over £7 million.

Fines handed to charities and public organisations have all been paid, however the main culprits for non-payment are in the claims management industry. The industry has received a total of £3.2 million in fines, yet only £490,000 has been collected, and an overwhelming 84% remains unpaid.

Source: #Privacy: The ICO are owed £7m in unpaid fines

>