fbpx

Download free GDPR compliance checklist!

Category Archives for "Other"

Privacy browser Brave under fire for violating users’ trust

The Chromium-based browser, Brave has been profiting from redirect links to affiliate crypto companies.

Unlike the “opt-in” principle by which the company abides—advertisements are optional on the browser and pay out cryptocurrency to anyone who views them—Brave never asked its 15 million monthly users about these redirects.

Source: Privacy browser Brave under fire for violating users’ trust – Decrypt

UK contracts grant Amazon, Microsoft, Google and AI firms access to COVID-19 health data

UK government has published the contracts it holds with private tech firms and the NHS for the creation of a COVID-19 data store, just days after campaigners fired legal shots over a lack of transparency.

The contracts describe how the arrangements between the NHS and Amazon, Microsoft, Google, and AI firms Faculty and Palantir (which subcontracts to AWS) will operate. The documents show the tech firms were set to build data models for commercial purposes from NHS training data before being challenged.

Source: UK govt publishes contracts granting Amazon, Microsoft, Google and AI firms access to COVID-19 health data • The Register

Belgian Data Protection Authority Imposes Fine on Non-Profit Organization for Unlawful Direct Marketing Practices

On May 29, 2020, the Litigation Chamber of the Belgian Data Protection Authority  imposed a fine of €1,000 on a non-profit organization.

The decision followed a complaint filed by an individual who continued to receive promotional materials from the organization after he had objected to the processing of his contact details for direct marketing purposes and had requested that the organization erase his data from its database.

Source: Belgian Data Protection Authority Imposes Fine on Non-Profit Organization for Unlawful Direct Marketing Practices

Finland DPA imposes €72,000 GDPR fine against taxi company

The Office of the Data Protection Ombudsman has imposed an administrative fine against taxi company Taksi Helsinki for data protection violations.

Last summer, the company had replaced its camera surveillance system with one that recorded both audio and video, but failed to assess the legality of the related personal data processing as required by the EU General Data Protection Regulation (GDPR). Additionally, the taxi company also failed to conduct the impact assessments required by GDPR before the start of processing.

Source: #Privacy: Finland DPA imposes GDPR fine against taxi company

Belgian Authority Raises Red Flag for DPOs with Multiple Roles

Following its investigation of a personal data breach, the Belgian Data Protection Authority (DPA) issued a ruling on April 28, 2020, imposing a €50,000 fine on an organization for negligence in having appointed the company’s head of compliance, risk and audit as its data protection officer (DPO).

Notably, the DPA highlighted that the organization had not implemented a policy defining the DPO’s role until at least July 2019. Although such a policy had been prepared, the DPA indicated that such preparation alone was not enough to demonstrate the DPO’s independence.

Source: Belgian Authority Raises Red Flag for DPOs with Multiple Roles

UK is lowering privacy standards, says EU officials

In his remarks following Round 3 of negotiations for a new partnership between the European Union and the United Kingdom Michel Barnier has pointed out that United Kingdom insists on lowering current standards and deviating from agreed mechanisms of data protection – “to the point that it is even asking the Union to ignore its own law and the jurisprudence of the European Court of Justice on passenger data (“PNR rules”)”.

Michel Barnier also notet that “The UK refuses to commit, in an agreement with us, to guarantees protecting fundamental rights and individual freedoms resulting from the European Convention on Human Rights, as agreed in the Political Declaration”.

Source: Remarks by Michel Barnier following Round 3 of negotiations for a new partnership between the European Union and the United Kingdom

HSE will no longer tell employers workers’ test results

The Health Service Executive has said it is to suspend the practice of informing employers of Covid-19 test results and is to seek guidance from the Data Protection Commissioner (DPC).

In some cases, the results were sent to employers who informed workers before the HSE. The DPC has said this is not legitimate.

In view of the concerns raised by some employees in relation to this issue, the HSE will reconsider the use of exceptions and has suspended the practice while it seeks guidance from the Data Protection Commissioner.

Source: HSE will no longer tell employers workers’ test results

As the GDPR turns 2, Big Tech should watch out for big sanctions

Get ready to see the EU’s landmark privacy regulation flex its muscles as it prepares for a fight.

The GDPR’s quiet first two years give a false impression of the impact the law has had on the global stage. The legislation has raised the EU’s profile among regulators and lawmakers around the world and inspired similar regulations in Brazil and India, as well as in California, home to many of the tech giants. Tech companies have had to change their privacy policies and disclosures not only in Europe but around the world, since it doesn’t make sense to observe two sets of privacy standards.

And industry watchers say more moves are coming. The regulators are just taking the time to make sure these sanctions stick.

Source: As the GDPR turns 2, Big Tech should watch out for big sanctions – CNET

Schrems calls on EU authorities to get Irish watchdog to speed up

Privacy activist Max Schrems has called on the European authorities to push the Irish regulator to speed up its handling of cases he has brought against Facebook on the second anniversary of the introduction of rules designed to help protect the data of consumers.

Max Schrems is not happy with the progress made since the introduction of the General Data Protection Regulation (GDPR) regime across Europe in 2018.

“After two years, we feel that the time has come to shine light on the shortcomings of the GDPR’s current enforcement in Ireland and bring the debate into the public,” the letter said.

Source: Schrems calls on EU authorities to get DPC to speed up

Turkish DPA Fines Amazon Turkey 160,000€

The Board of Turkish Data Protection Authority has imposed a total of 1.200.000 TL (160K €) fine against Amazon Turkey for sending commercial electronic messages to users without their consent, bundling signing up to the services as a prerequisite for providing consent, transferring personal data without obtaining explicit consent of the users and for failing to provide information in accordance with Law and regarding data processing with cookies.

It’s not only a decision to fine a tech giant for the authority but also an opportunity to show his teeth to data controllers about the Authority’s perspective about electronic messaging and cookie use (first of its kind) in Turkey.

Source: Turkish DPA’s landmark Amazon Turkey Ruling

>