CPE Webcast: Right to be forgotten versus need for backups
Do the EUs GDPR and California’s CCPA privacy regulations include the right of a data subject to have their personal information completely erased from all enterprise backups as well?
Vodafone Italy fined $14.5M under GDPR for telemarketing tactics
The Italian arm of multinational telecommunications company Vodafone is facing a fine of more than €12.25 million (U.S. $14.5 million) under the General Data Protection Regulation for aggressive telemarketing practices.
WhatsApp Ireland reserves $91.8M for potential GDPR fine
The Irish arm of WhatsApp has set aside $91.8 million for possible administrative fines arising from long-standing investigations by Ireland’s data regulator into the way the messaging platform shares data with Facebook.
German court cuts 1 & 1 Telecom GDPR fine by 90 percent
Continuing a recent trend of massive fine reductions under the General Data Protection Regulation, 1 & 1 Telecom in Germany had its €9.55 million penalty issued last year reduced to €900,000 (U.S. $1.06 million) by a German court.
Ticketmaster UK fined $1.6M under GDPR for 2018 data breach
The U.K. Information Commissioner’s Office fined Ticketmaster £1.25 million (U.S. $1.6 million) for its failures relating to a 2018 data breach by a third party.
Guidance for safe data transfers post-Privacy Shield
The European Data Protection Board has issued guidance to help companies transfer data to the United States and other third countries safely after Europe’s top court in July ruled key methods used up until then were either invalid or unsafe.
BA, Marriott fine reductions latest wrench in GDPR enforcement harmony
Lack of clarity on fines has dogged the GDPR since it took effect in May 2018, and the recent dramatic penalty reductions handed down by the U.K. in the cases of British Airways and Marriott certainly won’t help.
In second drastic reduction, ICO fines Marriott $23.8M
The Marriott GDPR fine handed down by the U.K. Information Commissioner’s Office is less than 20 percent of the original number the regulator proposed, the second time this month such a drastic reduction has taken place.
Experian to appeal ICO enforcement notice over data protection failures
The U.K. Information Commissioner’s Office issued an enforcement notice against Experian, ordering the credit reference agency to make “fundamental changes” to how it handles personal data related to its direct marketing services.
Anatomy of a 90% fine reduction: How BA saved $200M on GDPR penalty
The U.K. Information Commissioner’s Office agreed to slash its intended GDPR fine for British Airways from £183.39 million (U.S. $230 million) to just £20 million (U.S. $26 million). What was behind the massive reduction?
Corrective action could trump fines as GDPR evolves
Experts discuss whether EU data protection authorities would be better served using corrective actions other than eye-watering fines to encourage companies to commit to best (and legal) GDPR practices.
H&M Germany fined $41.3M in one of largest GDPR penalties
In one of the largest GDPR fines imposed, a regional data protection authority in Germany fined H&M Germany €35.2 million (U.S. $41.3 million) for excessive monitoring of several hundred employees by one of the retailer’s subsidiaries.
Companies face greater risk as GDPR class actions emerge
In the past month three of the world’s largest tech firms have been hit with legal actions that could lead to billion-dollar damages suits for alleged violations of the GDPR. Neil Hodge explores the trend and what to expect moving forward.
U.K. lawsuit seeks $3.2B from YouTube for violating children’s privacy
A first-of-its-kind lawsuit in the U.K. alleges YouTube unlawfully collects personal information from children without parental consent and harvests their data for advertising purposes, in violation of British and European data privacy laws.
Ireland’s order to Facebook to halt data transfers could have ‘profound’ impact
The Irish DPC’s order to Facebook to halt the transfer of European citizens’ personal data to the United States could pose operational and legal challenges that set a precedent for not only other tech giants, but companies generally.
European Commission: No Privacy Shield replacement in sight
The European Commission this week warned there will be “no quick fix” to replace the now-invalidated Privacy Shield, which governed data transfers between the European Union and United Sates.
EU data authorities take different approaches to Privacy Shield ruling
It appears Europe’s data authorities are prepared to interpret a key court judgement as they see fit in the absence of definitive guidance from the bloc’s primary privacy regulator.
Clash over draft Twitter GDPR decision exposes differences among EU authorities
As Ireland’s first GDPR decision against Big Tech hangs in limbo, experts are scratching their heads as to why a seemingly straightforward case is headed to the EU’s data governing body to rule on.
Jury’s out on Wells Fargo compliance moves; Twitter #fail for Irish DPC
While it’s not yet clear whether Wells Fargo’s compliance moves (including the loss of its CCO) will pay off, we’re much more certain about the Irish Data Protection Commission’s stance on a potential Twitter fine.
EU privacy advocate targets Facebook, Google in latest salvo
Privacy campaign group NOYB has filed complaints against 101 websites with European operators that it says are still sending data to the U.S. via Google and/or Facebook integrations—potentially in breach of the EU’s strict data privacy rules.
Oracle, Salesforce targeted in class-action GDPR lawsuits
A European privacy group is pursuing multiple class-action lawsuits against Oracle and Salesforce for alleged violations of the EU’s General Data Protection Regulation, estimating damages sought could exceed €10 billion (U.S. $11.9 billion).
Five tips for EU-U.S. data transfers post-Privacy Shield
As the fallout from the demise of the Privacy Shield continues to play out, here are a handful of steps companies can take to protect themselves from potential GDPR violations when transferring data between the European Union and the United States.
British Airways banking on drastic reduction of record GDPR fine
British Airways has hinted that it will qualify for a nearly 90 percent reduction of its original GDPR fine (U.S. $230 million) and end up paying just $26 million.
Companies paying price for EU-U.S. Privacy Shield removal
The legal and financial burden for companies to comply with the recent ruling to invalidate the EU-U.S. Privacy Shield might actually be worse than first thought, if an FAQ from the European Data Protection Board is any indication.
Europe’s top court strikes down U.S.-EU data transfer rule
In a surprise decision that will have a major impact on trans-Atlantic data transfers, Europe’s top court ruled Thursday that a mechanism used by thousands of companies to send data to the United States is unlawful.
Italian telecom fined $18.6M for violating GDPR data collection rules
Italian telecommunications operator Wind Tre S.p.A has been fined approximately €16.7 million (U.S. $18.6 million) for violating data collection provisions of the EU’s General Data Protection Regulation.
Google fined $670K for violating GDPR’s ‘right to be forgotten’
Belgium’s Data Protection Authority fined Google Belgium €600,000 (U.S. $670,000) for refusing to delete search results linked to a Belgian public official, a provision of the GDPR know as the “right to be forgotten.”
Ireland’s GDPR report shows it’s yet to hold Big Tech accountable
The Irish Data Protection Commission review of its GDPR investigations has come under fire for ignoring Big Tech and lacking information pertinent to inquiries into firms like Apple, Facebook, Google, and more.
EC report: More harmonization needed in GDPR efforts
The European Commission believes the General Data Protection Regulation is an “overall success” but points to harmonization among member states as an area for improvement.
French court upholds Google’s $57M GDPR fine
The top administrative court in France shot down Google’s appeal of a €50 million (U.S. $57 million) fine the tech giant received last year for violations of the EU’s General Data Protection Regulation.
EDPB task force to probe TikTok privacy practices
The European Data Protection Board will establish a task force to acquire a more comprehensive overview of TikTok’s privacy practices and coordinate any potential actions against the company.
EDPB challenges Hungary’s GDPR suspension under Article 23
The European Data Protection Board will issue guidelines on the implementation of Article 23 of the GDPR after Hungary’s government used the article to suspend data subject rights until the end of its coronavirus state of emergency.
Two years in, GDPR defined by mixed signals, unbalanced enforcement
It’s been two years since the EU’s GDPR went into effect, and we still don’t know how lingering questions about compliance—as well as non-compliance—will be answered going forward.
Six things CCOs need to know about ICO’s AI guidance
The U.K. Information Commissioner’s Office released guidance to help organizations explain how AI is used in decision making and how the technology uses personal data to form judgments.
Longtime holdout Ireland issues first GDPR fine
Child and family agency Tusla has become the first company to receive a fine from the Irish Data Protection Commission for violations of the General Data Protection Regulation.
Dutch DPA probing TikTok over children’s privacy
The Dutch Data Protection Authority has launched an investigation into popular social networking service TikTok over whether children’s privacy is being adequately protected.
Can a CCO be a DPO? Belgian data authority not so sure
A recent ruling out of Belgium throws water onto the idea that the head of audit, risk, or compliance at a company can also serve as data protection officer as required by the GDPR.
Tech firm: GDPR ‘in danger of failing’ due to lack of resources
A new report says Europe’s data protection regulators don’t have the skills, knowledge, or budget to effectively enforce such privacy rules as the GDPR.
EDPB aims to clarify app development needs in coronavirus battle
The European Data Protection Board has released guidelines that aim to help app developers and regulators process individuals’ health data without compromising their privacy under such regulations as the GDPR and ePrivacy Directive.
Coronavirus could further stall BA, Marriott GDPR fines
Record-setting proposed penalties announced by the U.K. Information Commissioner’s Office last year against British Airways and Marriott for violations of the GDPR may continue to linger amid the ongoing coronavirus pandemic.
8 compliance challenges facing European companies in coronavirus crisis
Due diligence, data, solvency, and supply chain management risks are just some of the issues Europe’s employers are struggling with as normal business has come to a standstill during the coronavirus pandemic.
Confusion around GDPR during coronavirus prompts EDPB response
The European Data Protection Board has released a statement attempting to clarify how personal data can be processed by companies during the ongoing coronavirus pandemic.
Advice for European compliance officers dealing with coronavirus
Although the coronavirus situation is constantly changing, lawyers say there are several areas of corporate life that are going to test compliance officers and which management will need greater assurance on.
EDPB chair: Processing personal data in the context of coronavirus
The chair of the European Data Protection Board addresses things companies need to consider as they process different types of personal data in the context of the coronavirus.
Swedish watchdog fines Google $7.6M for GDPR non-compliance
Google has received its second fine to date for violating Europe’s General Data Protection Regulation; Sweden’s Data Protection Authority fined the internet giant 75 million Swedish Kroner (U.S. $7.6 million).
Virgin Media could face GDPR pressure after data breach
Virgin Media is likely to be in the GDPR crosshairs after disclosing a recent breach that affected approximately 900,000 customers to the U.K.’s data regulator.
Ireland GDPR caseload nearly doubled in 2019
The Irish Data Protection Commission received 7,215 complaints during the first full year the General Data Protection Regulation was in force, representing a 75 percent increase on 2018’s figures of just over 4,000.
Ireland raid over privacy concerns jilts Facebook Dating
Facebook wants to play Cupid in Europe, but the Irish Data Protection Commission got its arrow in the tech giant first.
Experts weigh in on Brexit consequences for GDPR, AML, more
The wheels to the United Kingdom’s exit from the European Union are finally in motion, but the hard work still remains as to what kind of future trading relationship the country has with the single market.
Ireland probing Google, Tinder for GDPR violations
Ireland’s data regulator has announced new investigations into Google and MTCH Technology Services—the company behind dating app Tinder—over complaints users’ personal data is being misused in violation of the GDPR.