fbpx

Download free GDPR compliance checklist!

Category Archives for "Other"

Deutsche Telekom shares location data to fight Coronavirus

Deutsche Telekom wants to support the Robert Koch Institute in containing the coronavirus pandemic with cell phone data.

Therefore Deutsche Telekom provides RKI with customer data that can be used to track the movement of mobile phone users. For this purpose, the company is said to have already made part of its customer data accessible to the authority in an anonymous form.

Source: (7) How does the corona virus spread ?: RKI receives cell phone data from Deutsche Telekom – Wissen – Tagesspiegel

Brave files GDPR complaint against Google 

Brave has filed a GDPR complaint v Google for infringing the GDPR “purpose limitation” principle. Enforcement would be tantamount to a functional separation of Google’s business.

The purpose limitation principle requires that organizations must scrupulously ring fence data for specific purposes. These purposes must be made clear, and be very specific. However, Google’s purposes are so vaguely defined as to have no meaning or limit. The result is an internal data free-for-all that infringes the GDPR’s purpose limitation principle.

Source: Formal GDPR complaint against Google’s internal data free-for-all

CNIL Unveils 2020 Inspection Strategy and Announces Cookie Investigations

On March 12, 2020, the French Data Protection Authority (the “CNIL”) released its annual inspection strategy for 2020.

The CNIL carries out approximately 300 inspections every year. These inspections are initiated (1) following complaints lodged with the CNIL; (2) in light of current topics in the news; (3) after the CNIL has adopted corrective measures ( e.g. , formal notices, sanctions) in order to verify whether the organization in question adopted the measures or remedied the situation; and (4) as part of the CNIL’s annual inspection strategy.

Source: CNIL Unveils 2020 Inspection Strategy and Announces Cookie Investigations

Croatian DPA issues credit institution 20m GDPR fine

The Croatian data protection authority (AZOP) has imposed a fine of EUR 20m for violating the EU General Data Protection Regulation.

Since October 2018, AZOP had been receiving multiple complaints from citizens regarding one of Croatia’s credit institutions based in Zagreb, whereby citizens were asking the institution for a request for information but were being refused.

Source: #Privacy: Croatian DPA issues credit institution 20m GDPR fine

Swedish Data Protection Authority imposes €7 million administrative fine on Google

The Swedish Data Protection Authority imposes a fine of 75 million Swedish kronor (approximately 7 million euro) on Google for failure to comply with the GDPR. Google as a search engine operator has not fulfilled its obligations in respect of the right to request delisting.

Swedish Data Protection Authority criticised Google for not having removed two of the search results, as instructed in 2017. Specifically, Google was criticised for having made too narrow an assessment of which URLs ought to actually be removed from search results, and, on another occasion, had not removed a search result in a timely manner.

Furthermore, when Google removes a search result listing and notifies the website owner of which webpage link was removed and who was behind the delisting request, it was in fact doing so without a legal basis. Therefore, Swedish Data Protection Authority ordered Google to cease such practice.

Source: The Swedish Data Protection Authority imposes administrative fine on Google – Datainspektionen

EU DPAs Issue Green and Red Lights for Processing Health Data During the COVID-19 Epidemic

As Europe is grappling with an exponential increase in COVID-19 cases, some European Data Protection Authorities issued public interest guidance on the limits of collecting, sharing and using personal data relating to health in these exceptional circumstances.

Particular areas of concern are related to the breadth of measures that employers can legally take to monitor the health of their employees, as well as the collection of health data by government agencies. Overall, regulators highlight that data protection law is by no means a barrier to public health, but advise organizations against “systematic and generalized” monitoring and collection of data related to health of their employees outside official requests and measures of public health authorities.

Source: EU DPAs Issue Green and Red Lights for Processing Health Data During the COVID-19 Epidemic

Fine for processing students’ fingerprints imposed on a school

The President of the Personal Data Protection Office imposed a fine of PLN 20 000 in connection with the breach consisting in the processing of biometric data of children when using the school canteen.

The school processed special categories of data (biometric data) of 680 children without a legal basis, whereas in fact it could use other forms of students identification.

Source: Fine for processing students’ fingerprints imposed on a school

EU-UK Brexit talks: Differences clear after first week – BBC News

The two sides are far apart on key issues as the UK team heads home

If the sensitive personal data of EU citizens, such as DNA or criminal records, is going to be shared with the UK for crime-fighting purposes, then the EU wants the European Court of Justice (CJEU) to be the ultimate arbiter of the rules.

The EU also wants the European Convention on Human Rights (ECHR) to apply.

The UK does not want the CJEUto be mentioned anywhere in any deal. It also says that committing to the ECHR in an international agreement ties the government’s hands at a time when it’s carrying out its own review into the operation of human rights law in the UK.

Source: EU-UK Brexit talks: Differences clear after first week – BBC News

Dutch DPA fines Tennis Association EUR 525,000

The Dutch DPA imposed a fine of EUR 525,000 on tennis association KNLTB for selling the personal data of its Members.

In 2018, KNLTB unlawfully provided personal data of a few thousand of its members to two sponsors. Data included name, gender and address, so that they could approach a selection of KNLTB members with tennis-related and other offers. One sponsor received personal data from 50,000, the other from more than 300,000 members. The sponsors approached some of those KNLTB members by post or telephone.

Source: Dutch DPA fines Tennis Association

Scottish company hit with maximum fine for making nearly 200 million nuisance calls

The Information Commissioner’s Office (ICO) has fined CRDNN Limited with the maximum £500,000 fine for making more than 193 million automated nuisance calls.

Operating out of a Clydebank business park, CRDNN Limited was raided by the ICO in March 2018, with computer equipment and documents seized for further analysis of their nuisance call operation.

Source: Scottish company hit with maximum fine for making nearly 200 million nuisance calls | ICO

>