fbpx

Download free GDPR compliance checklist!

Category Archives for "Other"

Record penalty of more than 8 million for Vodafone for infringing the data law

The Spanish Data Protection Authority AEPD has fined 8.15 million euros against the British telephone operator with 8.15 million euros for non-compliant use of personal databases of the company and third parties to carry out commercial campaigns between 2018 and 2020.

AEPD opened an investigation last year against the company after receiving 191 complaints about calls and messages on behalf of Vodafone “without being requested or expressly authorized and / or without addressing the exercise of the right to oppose the sending of new notifications.”

The amount of each sanction ranges from 150,000 euros in the lowest to four million euros for a serious violation of the GDPR.

Source: Record penalty of more than 8 million for Vodafone for infringing the data law | Spain’s News

Broadband Carriers Should Seek Permission Before Harnessing Web-Browsing Data For Ads

“We believe that each and every customer paying for your internet service has the right to determine how their personal data will be used, on an opt-in basis,” Mozilla, the Internet Society, PublicKnowledge and others said in an open letter to the CEOs of T-Mobile AT&T and Verizon.

The watchdogs specifically ask the mobile companies to avoid harnessing information about web traffic for secondary purposes, without subscribers’ opt-in consent.

The letter comes the same week it emerged that T-Mobile plans to draw on users’ web browsing and app usage for ad targeting, on an opt-out basis.

Source: Broadband Carriers Should Seek Permission Before Harnessing Web-Browsing Data For Ads, Groups Say 03/11/2021

Surveillance Concerns Could Hold Up European-U.S. Data Agreement for Years

One of the European Union’s top officials has warned negotiations with the U.S. over a new data-transfer agreement could take years rather than months.

EU officials hope to start new talks soon with U.S. Secretary of Commerce Gina Raimondo, whom the Senate confirmed last Tuesday and who is responsible for sealing a new trans-Atlantic data-flow deal.

It will be difficult to find a solution that protects Europeans’ data from U.S. law enforcement and intelligence authorities, EU Justice Commissioner Didier Reynders said in an interview.

Source: Surveillance Concerns Could Hold Up European-U.S. Data Agreement for Years

Ireland’s DPA publishes Annual Report 2020

In its second full year overseeing and regulating the GDPR in Ireland, the Data Protection Commission  (DPC) has published its 2020 Annual Report, highlighting key observations, emerging guidance, and large scale inquiries and decisions of 2020.

Primary areas of focus for the DPC in 2020 included enforcement (under both GDPR & ePrivacy), breach notifications, data transfers (including an increase in BCR applications) and increased focus on the lead supervisory authority (or ‘One-Stop Shop’) regulatory mechanism.

Full article: Ireland: DPC Annual Report 2020: Enforcement & Transfers Dominate Agenda – Privacy Matters

EU-U.S. data flows could face ‘massive disruption’

One of the European Union’s most powerful data regulators has warned companies may yet face massive disruption to translatlantic data flows as a result of an EU court ruling last year, despite efforts by policymakers to avoid that outcome.

Europe’s highest court last July ruled an EU-U.S. data transfer agreement was invalid, citing concerns the U.S. surveillance regime might not respect the privacy rights of citizens in the bloc.

Irish Data Protection Commissioner Helen Dixon, who was involved in the case, said the full impact would be determined by an upcoming court ruling in Ireland and efforts by EU and U.S. officials to ameliorate it.

Dixon said her office was “building momentum” after growing from 30 to 150 staff in seven year. It is was likely to issue at least six or seven decisions this year, up from two last year – against Twitter and Facebook’s WhatsApp messaging service.

Source: EU-U.S. data flows could face ‘massive disruption’ – Irish regulator | Reuters

Facebook fined €7 million by watchdog

The Italian Antitrust Authority sanctioned Facebook Ireland Ltd. and its parent company Facebook Inc. for a total of €7 million for failing to implement the provisions issued against company in November 2018.

According to Authority, Facebook misled users about commercial use of their data.

In addition to fine, the Authority prohibited the further dissemination of the misleading practice and ordered the publication of an amendment statement on the homepage of the company website for Italy, on the Facebook app, and on the personal page of each registered Italian user.

Source: AGCM – Competition and Market Guarantor Authority

BEUC files complaint against TikTok for multiple EU consumer law breaches

The European Consumer Organisation BEUC has filed a complaint with the European Commission and the network of consumer protection authorities against TikTok, a video sharing platform extremely popular with children and teenagers.

BEUC contends that TikTok falls foul of multiple breaches of EU consumer rights and fails to protect children from hidden advertising and inappropriate content. Also, TikTok’s practices for the processing of users’ personal data are misleading, says BEUC.

In addition to BEUC’s complaint, consumer organisations in 15 countries have alerted their authorities and urged them to investigate the social media giant’s conduct.

Source: BEUC files complaint against TikTok for multiple EU consumer law breaches | www.beuc.eu

CNIL Calls Organizations to Audit their Sites and Apps for Cookie Compliance

French Data Protection Authority (CNIL) announced that it sent letters and emails to approximately 300 organizations, both private and public, to remind them of the new cookie law rules and the need to audit sites and apps to comply with those rules by March 31, 2021.

On October 1, 2020, the CNIL published a revised version of its guidelines on cookies and similar technologies, its final recommendations on the practical modalities for obtaining users’ consent to store or read non-essential cookies and similar technologies on their devices and a set of questions and answers regarding the Recommendations. The CNIL decided to allow for a transition period of six months to comply with the Guidelines (i.e., until March 31, 2021), and announced that it will carry out inspections to enforce the Guidelines after that transition period.

Source: CNIL Calls Organizations to Audit their Sites and Apps for Cookie Compliance

Data watchdog rejects EU criticism over Max Schrems complaints

The Irish Data Protection Commission (DPC) has strongly refuted criticism of its processes by a European Parliament committee as “false”.

The DPC had been dealt a stinging rebuke by the EU’s Parliamentary Committee on Civil Liberties, Justice and Home Affairs – known as the LIBE committee – over its handling of the complaints of Austrian privacy activist Max Schrems.

The committee had called on the EU Commission to begin infringement proceedings against the DPC regarding its management of data rights.

Source: Data watchdog rejects EU criticism over Max Schrems complaints

Amazon says government demands for user data spiked by 800% in 2020

New transparency figures released by Amazon show the company responded to a record number of government data demands in the last six months of 2020.

Amazon said it processed 27,664 government demands for user data in the last six months of 2020, up from 3,222 data demands in the first six months of the year, an increase of close to 800%. That user data includes shopping searches and data from its Echo, Fire and Ring devices.

Source: Amazon says government demands for user data spiked by 800% in 2020 | TechCrunch

>