fbpx

Download free GDPR compliance checklist!

Category Archives for "Other"

Facebook denies it will pull service in Europe over data transfer ban

Facebook’s head of global policy has denied the tech giant could close its service to Europeans if local regulators order it to suspend data transfers to the U.S. following a landmark Court of Justice ruling in July that has cemented the schism between U.S. surveillance laws and EU privacy rights.

However, he also warned of “profound effects” on scores of digital businesses if a way is not found by lawmakers on both sides of the pond to resolve the legal uncertainty around U.S. data transfers — making a pitch to politicians to come up with a new legal “sticking plaster” for EU-U.S. data transfers now that a flagship arrangement, called Privacy Shield, is dead.

Source: Facebook denies it will pull service in Europe over data transfer ban | TechCrunch

Facebook Threatens to Leave Europe Due to Proposed New Data-Sharing Regulations

Facebook has hit back at a proposed new regulation which would limit the sharing of European user data with the US-based company.

Earlier this month, the European Union privacy regulator sent a preliminary order to Facebook which called for it to suspend data transfers about its EU users back to the US. That would essentially force Facebook to keep EU user data in Europe, and implement new restrictions on data-sharing between nations.

And now Facebook has issued an official response, saying that, if such rules are implemented, it may be forced to stop operating both Facebook and Instagram in Europe entirely.

Source: Facebook Threatens to Leave Europe Due to Proposed New Data-Sharing Regulations | Social Media Today

Ireland’s data watchdog slammed for letting adtech carry on ‘biggest breach of all time’

A dossier of evidence detailing how the online ad targeting industry profiles Internet users’ intimate characteristics without their knowledge or consent has been published today by the Irish Council for Civil Liberties (ICCL), piling more pressure on the country’s data watchdog to take enforcement action over what complainants contend is the “biggest data breach of all time”.

The publication follows a now two-year-old complaint lodged with Ireland’s Data Protection Commission (DPC) claiming unlawful exploitation of personal data via the programmatic advertising Real-Time Bidding (RTB) process — including dominant RTB systems devised by Google and the Internet Advertising Bureau (IAB).

Full article: Ireland’s data watchdog slammed for letting adtech carry on ‘biggest breach of all time’ | TechCrunch

Facebook told it may have to suspend EU data transfers after Schrems II ruling

Ireland’s data protection watchdog, the DPC, has sent Facebook a preliminary order to suspend data transfers from the EU to the US.

The preliminary suspension order follows a landmark ruling by Europe’s top court this summer which both struck down a flagship data transfer arrangement between the EU and the US and cast doubt on the legality of an alternative transfer mechanism (aka SCCs) — certainly in cases where data is flowing to a non-EU entity that falls under US surveillance law.

Source: Facebook told it may have to suspend EU data transfers after Schrems II ruling | TechCrunch

Google, Dropbox and Apple accused of not clarifying terms and conditions of the consumers’ data in Italy

Apple, Google and Dropbox can be the center of the investigation carried out in Italy on cloud services. Complaints associated with terms and conditions about human data recorded.

As per an announcement made by the Italy competition authorities, it is said that they will be looking into the cloud storage services very soon. The cloud storage services will be from Apple, Dropbox and Google. Many types of complaints are registered against the companies.

Source: Google, Dropbox and Apple accused of not clarifying terms and conditions of the consumers’ data in Italy – Investor Telegraph

EDPB Creates Taskforces on Complaints and Supplementary Measures for Data Transfers Following Schrems II Decision

On September 4, 2020, the European Data Protection Board (EDPB) announced that it established two taskforces following the judgment of the Court of Justice of the European Union (CJEU) in the Schrems II case.

The first taskforce will process and uniformly respond to complaints received by data protection authorities following the Schrems II judgment. The second taskforce will prepare recommendations to assist data controllers and processors with their duty to identify and implement appropriate supplementary measures to ensure the adequate protection of EU personal data when transferring data to third countries.

Source: EDPB Creates Taskforces on Complaints and Supplementary Measures for Data Transfers Following Schrems II Decision

Danish hotel group fined for failing to delete customers’ details

The Arp-Hansen Hotel Group in Denmark has been fined 1.1m Danish crowns (US$170,000, €148,000) and referred to the police by the country’s data protection authority (Datatilsynet) for storing information on clients longer than necessary.

In an audit visit, the DPA found there were customer profiles which should have been deleted several years earlier. The authority considers 500,000 entries ought to have been erased from the group’s systems.

Source: Danish hotel group fined for failing to delete customers’ details

CNIL Adopts Its First Sanction as Lead Supervisory Authority

French Data Protection Authority (CNIL) has levied a fine of €250,000 on French online shoe retailer, Spartoo, for various infringements of the EU General Data Protection Regulation (GDPR). This is the first penalty under the GDPR enforced by the CNIL as the lead supervisory authority (Lead SA) in cooperation with other EU supervisory authorities.

The CNIL’s investigation focused on the processing of personal data of Spartoo’s existing and prospective customers, and on the recording of telephone conversations between customers and Spartoo’s customer service. The investigation revealed several infringements of the GDPR, including (1) absence of a defined data retention period(s), (2) no regular erasure of existing and prospective customer personal data, and (3) improper acceptance of weak passwords for online customer accounts.

Source: CNIL Adopts Its First Sanction as Lead Supervisory Authority, Fining French Online Shoe Retailer

Police Want Your Smart Speaker—Here’s Why

Requests are rising from law enforcement for information on the devices, which can include internet queries, food orders, and overheard conversations.

When police and prosecutors collect smart home or speaker data, it’s typically used as evidence against suspects. Smart home devices and wearables have a growing role in police investigations.

Full article: Police Want Your Smart Speaker—Here’s Why | WIRED

Dutch “Data Pro Code” Approved

On August 27, 2020, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) announced it approved the “Data Pro Code,” a code of conduct drafted by industry association NLdigital.

This Code is the first code of conduct approved by the Dutch DPA under the EU General Data Protection Regulation (GDPR). The Code includes, among other things, a series of practical GDPR compliance tools, such as the “Data Pro Statement” that companies may use to inform potential customers of the data protection safeguards they have in place.

Source: Dutch “Data Pro Code” Approved

>