fbpx

Download free GDPR compliance checklist!

Category Archives for "Other"

Data Protection Commission engaging with Revolut as a “matter of urgency”

The Irish Data Protection Commission (DPC) has said that it will be engaging with financial technology company Revolut as “a matter of urgency” over their new privacy policy and cookies policy changes Revolut announced this week.

Revolut’s new privacy policy means that users will have their data shared with social media and analytics companies for marketing purposes and also with credit bureaus, unless they actively opt-out.

Source: Data Protection Commission engaging with Revolut as a “matter of urgency” over privacy changes | JOE is the voice of Irish people at home and abroad

EU institution staff ‘unaware’ of Microsoft data misuse

Members of staff working across the EU institutions are “not aware” of the extent to which the US tech firm Microsoft collects and stores their data as part of the use of their products and services, the EU’s data protection watchdog has told.

The issue centres around the concern that the contractual terms under agreements for the provision of Microsoft products and services to the EU institutions could be in breach of EU data protection law.

Source: EU institution staff ‘unaware’ of Microsoft data misuse, EU data chief says – EURACTIV.com

Leaked documents show Facebook leveraged user data to fight rivals and help friends

A cache of leaked Facebook documents of approximately 7,000 pages shows how the company’s CEO, Mark Zuckerberg, oversaw plans to consolidate the social network’s power and control competitors by treating its users’ data as a bargaining chip.

Taken together, they show how Zuckerberg, along with his board and management team, found ways to tap Facebook users’ data — including information about friends, relationships and photos — as leverage over the companies it partnered with. In some cases, Facebook would reward partners by giving them preferential access to certain types of user data while denying the same access to rival companies.

Source: Leaked documents show Facebook leveraged user data to fight rivals and help friends

Apple is now presenting its privacy policy as if it were another product

Apple eleased a new privacy page that makes its privacy policy easier to read and understand. The new privacy page looks more like a product page than your standard screen of black and white text.

The new page brings in Apple’s design aesthetic, so it’s not just full of text. Most importantly, the update does make Apple’s privacy policies easier to read or skim. The policies themselves have not changed.

Source: Apple is now presenting its privacy policy as if it were another product | Engadget

Data for money: App facilitating data portability now under the EDPB’s scrutiny

A number of Italian retailers submitted to the Italian Data Protection Authority, the Garante, very similar complaints concerning massive data subject requests received from Italian startup Weople.

Weople exercised, on behalf of the individuals that subscribed to its services via a mobile app, the right to data portability in connection to the personal data collected by the retailers’ loyalty programs. The transfer of such data was to go directly to Weople.

Full article: Data for money: App facilitating data portability now under the EDPB’s scrutiny

Irish data protection commissioner set to issue decisions on Twitter and Whatsapp probes by end of year

The Irish data protection commissioner expects to issue decisions on investigations into Twitter and Whatsapp by the end of the year, a spokeswoman has said.

However, the effect of any sanction or fine, if issued, would not occur for “months” after that due to statutory examination processes.

Helen Dixon’s office concluded its investigation several weeks ago and is formulating draft decisions, possibly with the inclusion of a sanction, fine or regulatory order for Whatsapp and Twitter to change their own processes.

Source: Irish data protection commissioner set to issue decisions on Twitter and Whatsapp probes by end of year – Independent.ie

The Polish supervisory authority imposed first administrative fine on a public entity

The President of the Personal Data Protection Office (“The President of the Office”) imposed first administrative fine of PLN 40,000 on a public entity for failure to comply with the GDPR.

The reason for imposing the fine was that the mayor of the city did not conclude a personal data processing agreement with the entities to which he transferred data.

Apart from the financial penalty, the President of the Office also ordered the controller to take action to remedy the relevant infringements within 60 days

Source: The Polish supervisory authority imposed first administrative fine on a public entity

Criminal proceedings against Österreichische Post

The Austrian data protection authority imposed an administrative fine of 18 million euros on Österreichische Post AG (Austian Postal Service) after conducting administrative fine proceedings.

Austrian DPA concluded taht Österreichische Post had violated the GDPR by processing personal data on the alleged political affinity of affected data subjects. In addition, another GDPR violation was the further processing of data on package frequency and the frequency of relocations for the purpose of direct marketing.

However, the penalty is not final, as it can be challenged before the Federal Administrative Court within four weeks after the delivery of the penalty notice.

Source: Criminal proceedings of the Austrian data protection authority against Österreichische Post AG (Austrian Postal Service) | European Data Protection Board

EU-US Privacy Shield passes third Commission ‘health check’

The European Commission published its report on the third annual review of the EU-US Privacy Shield. This despite the EU parliament calling last year for the mechanism to be suspended.

Report outlines that the US continues to ensure an adequate level of protection for personal data transferred from the EU to the 5,000 participating US companies under the Privacy Shield, the improvements made since the second annual review, and the appointments of key oversight and redress bodies, such as the Privacy Shield Ombudsperson.

Moreover, the Report highlights that an increasing number of EU individuals are making use of their rights under the Privacy Shield and that the relevant redress mechanisms are functioning well.

Source: EU-US Privacy Shield passes third Commission ‘health check’ — but litigation looms | TechCrunch

Where does the GDPR fine money go?

On 8 July 2019, the UK’s ICO issued British Airways with a £183 million penalty for violations and just one day later levied a £99 million fine against hotel chain Marriott. Google was hit with a €50 million fine by French authorities, and at least 70 enforcement actions have been taken in total across the EU little more than a year after the new regulations came into force.

But the destination of this money, which has the potential to exceed billions in the next few years, has been the subject of uncertainty. The relatively untested one-stop-shop principle, too, may lead to tensions brewing as data protection authorities wrestle over claims for jurisdiction with regards to mammoth investigations

Full article: GDPR: Where does the fine money go? | IT PRO

>