fbpx

Free tools and resources for Data Protection Officers!

Category Archives for "Other"

PwC fined 150,000 euros for infringements of the GDPR

The Hellenic Data Protection Authority, in response to a complaint, conducted an ex officio investigation of the lawfulness of the processing of personal data of the employees of the company ‘PriceWaterhouseCoopers Business Solutions SA’ (PwC).

According to the complaint, employees were required to give consent to the processing of their personal data. Hellenic DPA’s fined PwC €150,000 for selection and application of inappropriate legal basis and violation of the principle of accountability.

Source: Company fined 150,000 euros for infringements of the GDPR

Copyrights and Privacy: What is the Irrevocable License and is it Really a Privacy Concern?

Due to the strength of copyright protections, and harsh penalties against those who violate them, language of Terms and Conditions must be broad to comply with existing laws.

Unfortunately, this has the effect of making the language easy to misunderstand, especially for consumers who do not understand the variety of legal requirements that may apply.

Full article: COPYRIGHTS AND PRIVACY: What is the Irrevocable License and is it Really a Privacy Concern?

EU privacy ruling against Facebook to come by end 2019

European privacy investigators expect to complete a lengthy probe into whether Facebook violated the bloc’s tough data protection rules by the end of the year, according to the Irish official who is leading the inquiries.

Decision expected to focus on how WhatsApp shared users’ data with the social networking giant.

Source: EU privacy ruling against Facebook to come by end 2019 – POLITICO

Italian DPA Issues Judgment Concerning ‘Right to be Forgotten’

On July 22, 2019, the Italian supervisory authority for data protection (Garante) issued a judgment involving the so-called “right to be forgotten”.

The Garante held that, in accordance with Article 21 of the GDPR, the data subject has the right to object to the processing of personal data on the grounds of his or her particular situation.

On that basis, Google is required to stop the processing of the personal data unless it can demonstrate compelling legitimate grounds.

Furthermore, the Garante made clear that the principles of data protection apply to any information concerning an identified or identifiable natural person. Thus “right to be forgotten” applies to any searches, not exclusively to searches by individual’s name.

Source: Italian Supervisory Authority Issues Judgment Concerning ‘Right to be Forgotten’

FTC fines Facebook historic $5B for privacy violations

After months of leaks to the press and rumors of an imminent enforcement action, the U.S. Federal Trade Commission has fined Facebook a record-breaking $5 billion and required the company to implement an “unprecedented” and modified corporate governance structure for violating its 2012 FTC consent decree.

The fine is the highest in the history of global privacy enforcement by a factor of 20, but perhaps more notably, the order requires a detailed data governance framework to ensure Facebook’s executive leadership is accountable and transparent about its data practices.

Source: FTC fines Facebook historic $5B for privacy violations

First company to fail GDPR compliance shares tips

Location data company Teemo was the first to get busted for failing to comply under GDPR guidelines, but it was also the first to become compliant. Now, Teemo CEO shares tips for U.S. companies that are wondering where to start.

Full article: First company to fail GDPR compliance shares tips on prepping for US privacy regs | AdAge

FTC approves settlement with Google over YouTube kids privacy violations

The Federal Trade Commission has finalized a settlement with Google in its investigation into YouTube for violating federal kids’ privacy laws, according to two people familiar with the matter who were not authorized to discuss it on record.

The settlement finds that Google inadequately protected kids who used its video-streaming service and improperly collected their data in breach of the Children’s Online Privacy Protection Act (COPPA), which prohibits the tracking and targeting of users younger than 13.

Source: FTC approves settlement with Google over YouTube kids privacy violations – The Washington Post

ICO publishes annual report

UK’s data protection authority – Information Commissioner’s Office – has released its annual report.

Highlights from 12 months to 31 March 2019 include:

  • Data protection complaints received by the ICO increased from 21,019 in 2017/18 to 41,661 in 2018/19
  • Helping organisations, small or large, embed the GDPR and DPA 2018
  • Preparation of statutory codes focusing on age appropriate design, data sharing, direct marketing, and data protection and journalism.
  • Using new powers of inspection – issuing 11 assessment notices in conjunction with our investigations into data analytics for political purposes, political parties, data brokers, credit reference agencies and others
  • 2018/19 was a record-breaking year of monetary penalties under the DPA 1998.

Source: ICO publishes annual report covering an ‘unprecedented’ year | ICO

EDPB issues annual report

The European Data Protection Board released its 2018 annual report. The report covers the rules of procedure adopted in the first EDPB plenary session and the creation of the EDPB Secretariat. 

Focus of the report is cooperation among supervisory authorities and transparency. It also touches EDPB’s guidance on certification, territorial scope and accreditation, its opinions regarding ePrivacy regulation and European Commission’s adequacy decisions.

Read full report.

EDPB and the EDPS consider the European Commission to be a processor of patient data in the eHealth Digital Service Infrastructure

On July 12, 2019, the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) issued a joint opinion on the processing of patient data and the role of the European Commission within the eHealth Digital Service Infrastructure (eHDSI).

The eHDSI system was established in the context of the eHealth Network and allows for the exchange of electronic health data of patients between Member States. Opinion confirms that Member States act as “joint controllers” and the European Commission acts as a processor in processing of patient data within the eHDSI .

Full article: The European Data Protection Board and the European Data Protection Supervisor consider the European Commission to be a processor of patient data in the eHealth Digital Service Infrastructure

>