fbpx

Download free GDPR compliance checklist!

Category Archives for "Other"

EDPS Publishes Annual Report 2019

The Annual Report provides an insight into all European Data Protection Superviser’s (EDPS) activities in 2019.

EDPS activities therefore focused on consolidating the achievements of previous years, assessing the progress made and starting to define priorities for the future. Of particular note were EDPS efforts to ensure that new EU rules on data protection are put into practice.

Source: EDPS Annual Report 2019: new EU data protection rules must produce promised result | European Data Protection Supervisor

Google Says It Doesn’t ‘Sell’ Your Data. Here’s How the Company Shares, Monetizes, and Exploits It.

Although big tech companies like Google keep the lights on by harvesting and monetizing your personal data, they can be quick to mince words and deny the strawman scenario of exchanging hard drives full of your data for a suitcase of money.

Google, the adtech oligarch, devourer of data, surveyor of souls, That Which Knows All That Is Known, has decided that it doesn’t sell data. So what is happening with all of that data, which Google says it’s not selling, but from which it makes tens of billions of dollars a year?

Read full article: Google Says It Doesn’t ‘Sell’ Your Data. Here’s How the Company Shares, Monetizes, and Exploits It. | Electronic Frontier Foundation

Deutsche Telekom shares location data to fight Coronavirus

Deutsche Telekom wants to support the Robert Koch Institute in containing the coronavirus pandemic with cell phone data.

Therefore Deutsche Telekom provides RKI with customer data that can be used to track the movement of mobile phone users. For this purpose, the company is said to have already made part of its customer data accessible to the authority in an anonymous form.

Source: (7) How does the corona virus spread ?: RKI receives cell phone data from Deutsche Telekom – Wissen – Tagesspiegel

Brave files GDPR complaint against Google 

Brave has filed a GDPR complaint v Google for infringing the GDPR “purpose limitation” principle. Enforcement would be tantamount to a functional separation of Google’s business.

The purpose limitation principle requires that organizations must scrupulously ring fence data for specific purposes. These purposes must be made clear, and be very specific. However, Google’s purposes are so vaguely defined as to have no meaning or limit. The result is an internal data free-for-all that infringes the GDPR’s purpose limitation principle.

Source: Formal GDPR complaint against Google’s internal data free-for-all

CNIL Unveils 2020 Inspection Strategy and Announces Cookie Investigations

On March 12, 2020, the French Data Protection Authority (the “CNIL”) released its annual inspection strategy for 2020.

The CNIL carries out approximately 300 inspections every year. These inspections are initiated (1) following complaints lodged with the CNIL; (2) in light of current topics in the news; (3) after the CNIL has adopted corrective measures ( e.g. , formal notices, sanctions) in order to verify whether the organization in question adopted the measures or remedied the situation; and (4) as part of the CNIL’s annual inspection strategy.

Source: CNIL Unveils 2020 Inspection Strategy and Announces Cookie Investigations

Croatian DPA issues credit institution 20m GDPR fine

The Croatian data protection authority (AZOP) has imposed a fine of EUR 20m for violating the EU General Data Protection Regulation.

Since October 2018, AZOP had been receiving multiple complaints from citizens regarding one of Croatia’s credit institutions based in Zagreb, whereby citizens were asking the institution for a request for information but were being refused.

Source: #Privacy: Croatian DPA issues credit institution 20m GDPR fine

Swedish Data Protection Authority imposes €7 million administrative fine on Google

The Swedish Data Protection Authority imposes a fine of 75 million Swedish kronor (approximately 7 million euro) on Google for failure to comply with the GDPR. Google as a search engine operator has not fulfilled its obligations in respect of the right to request delisting.

Swedish Data Protection Authority criticised Google for not having removed two of the search results, as instructed in 2017. Specifically, Google was criticised for having made too narrow an assessment of which URLs ought to actually be removed from search results, and, on another occasion, had not removed a search result in a timely manner.

Furthermore, when Google removes a search result listing and notifies the website owner of which webpage link was removed and who was behind the delisting request, it was in fact doing so without a legal basis. Therefore, Swedish Data Protection Authority ordered Google to cease such practice.

Source: The Swedish Data Protection Authority imposes administrative fine on Google – Datainspektionen

EU DPAs Issue Green and Red Lights for Processing Health Data During the COVID-19 Epidemic

As Europe is grappling with an exponential increase in COVID-19 cases, some European Data Protection Authorities issued public interest guidance on the limits of collecting, sharing and using personal data relating to health in these exceptional circumstances.

Particular areas of concern are related to the breadth of measures that employers can legally take to monitor the health of their employees, as well as the collection of health data by government agencies. Overall, regulators highlight that data protection law is by no means a barrier to public health, but advise organizations against “systematic and generalized” monitoring and collection of data related to health of their employees outside official requests and measures of public health authorities.

Source: EU DPAs Issue Green and Red Lights for Processing Health Data During the COVID-19 Epidemic

Fine for processing students’ fingerprints imposed on a school

The President of the Personal Data Protection Office imposed a fine of PLN 20 000 in connection with the breach consisting in the processing of biometric data of children when using the school canteen.

The school processed special categories of data (biometric data) of 680 children without a legal basis, whereas in fact it could use other forms of students identification.

Source: Fine for processing students’ fingerprints imposed on a school

EU-UK Brexit talks: Differences clear after first week – BBC News

The two sides are far apart on key issues as the UK team heads home

If the sensitive personal data of EU citizens, such as DNA or criminal records, is going to be shared with the UK for crime-fighting purposes, then the EU wants the European Court of Justice (CJEU) to be the ultimate arbiter of the rules.

The EU also wants the European Convention on Human Rights (ECHR) to apply.

The UK does not want the CJEUto be mentioned anywhere in any deal. It also says that committing to the ECHR in an international agreement ties the government’s hands at a time when it’s carrying out its own review into the operation of human rights law in the UK.

Source: EU-UK Brexit talks: Differences clear after first week – BBC News

1 2 3 87
>