GDPR


London cityscape

U.K. moves forward with GDPR reform bill

2023-03-09T15:32:00+00:00By

The U.K. government formally introduced a bill to reform the country’s data privacy laws in a manner projected to save British businesses “billions.”

Virgin Media

U.K. push for GDPR reprimand transparency draws mixed reviews

2023-03-08T13:00:00+00:00By

The U.K. Information Commissioner’s Office began publishing the details of cases where organizations breached the General Data Protection Regulation but were not fined. Legal experts share their take on the initiative.

EU US privacy

Privacy Shield replacement on track, though hurdles remain

2023-03-03T14:00:00+00:00By

The agreement on a new framework for transatlantic data flows between the United States and European Union could be finalized this year. Whether it can stand legal scrutiny is the real question.

Energy company

Italian DPA fines Edison Energia $5.2M over GDPR lapses

2023-03-02T17:51:00+00:00By

The Italian data protection authority penalized electric utility company Edison Energia for multiple alleged violations of the General Data Protection Regulation regarding marketing communications and data processing transparency.

Experian sign

Ruling in Experian GDPR case thrusts ‘legitimate interest’ into spotlight

2023-02-28T13:00:00+00:00By

Experian won a legal battle against the U.K. Information Commissioner’s Office after the data regulator ordered the credit reference agency to make “fundamental changes” over the way it handled personal data for direct marketing purposes or stop altogether.

Replika

GDPR push for privacy by design still ‘a long way off’

2023-02-16T21:00:00+00:00By

Italy’s data protection authority banned U.S.-based AI chatbot creator Replika from processing the personal data of Italian users because of risks the service posed to minors and vulnerable people—the latest example of a tech company’s product running afoul of the GDPR.

Business data

Experts: New AI laws pose risk of overlap with data protection mandates

2023-02-02T17:31:00+00:00By

Companies are at serious risk of facing multiple fines for the same offense under different sets of legislation if the artificial intelligence technologies they employ misuse personal data or cause harm to consumers, according to legal experts.

WhatsApp phone

WhatsApp fined $5.9M for lawful processing GDPR violations

2023-01-19T18:21:00+00:00By

The Irish Data Protection Commission announced a fine of €5.5 million (U.S. $5.9 million) against WhatsApp under the General Data Protection Regulation for forcing users to consent to updated terms and conditions or lose access to the service.

Facebook Ireland

Meta fined $414M for targeted advertising GDPR breaches

2023-01-04T18:46:00+00:00By

The Irish Data Protection Commission fined Meta Ireland a total of €390 million (U.S. $414 million) for breaching the General Data Protection Regulation by forcing users to agree their personal data can be used for targeted advertising to access Facebook and Instagram.

Brasseur_opinion

Ten things I’d like to see happen in 2023 (2022 in review)

2023-01-03T14:00:00+00:00By

Expect big developments for the compliance profession in 2022 to continue to take center stage in the year ahead, including CCO certifications, climate-related disclosures, and more.

Twitter

Irish DPC probing Twitter over breach affecting 5.4M users

2022-12-28T18:26:00+00:00By

The Irish Data Protection Commission is investigating whether Twitter violated the European Union’s General Data Protection Regulation regarding a data breach alleged to have affected 5.4 million users.

Lisbon

Portugal statistics office fined record $4.6M for GDPR violations

2022-12-14T16:50:00+00:00By

The government office for national statistics in Portugal was assessed a fine of €4.3 million (U.S. $4.6 million) by the country’s data protection authority for multiple violations of the General Data Protection Regulation that occurred during its 2021 census work.

Clubhouse

Clubhouse app operator fined $2M for GDPR violations

2022-12-06T19:54:00+00:00By

Alpha Exploration, operator of the social media app Clubhouse, received a penalty from the Italian data protection authority for the unlawful processing of EU citizens’ data in violation of the General Data Protection Regulation.

Meta building

Meta fined $274M under GDPR for data scraping breach

2022-11-28T20:32:00+00:00By

Meta Platforms Ireland was fined €265 million (U.S. $274 million) for failing to put in place adequate measures to protect users’ data after a leak compromised the personal details of more than half a billion individuals.

Facebook Ireland

Privacy advocate sues Meta over targeted ad GDPR violation claims

2022-11-22T18:09:00+00:00By

A privacy and human rights advocate sued Meta Platforms in the United Kingdom, claiming the social media giant is refusing her request to stop being targeted with advertising based on her use of Facebook.

Discord

​Discord fined $830K for GDPR lapses

2022-11-18T17:05:00+00:00By

Discord, a popular communication service primarily utilized by the video game community, was assessed a fine of €800,000 (U.S. $829,000) by the French data protection authority for multiple violations of the General Data Protection Regulation related to safeguarding user data.

Cybersecurity

ICO warns of ‘complacency’ in fining Interserve $5M under GDPR

2022-10-24T14:29:00+01:00By

The U.K. Information Commissioner warned companies not to ignore “crucial measures” to prevent cyber incidents following his office’s decision to fine construction firm Interserve £4.4 million (U.S. $5 million) for failing to secure employee personal information.

France privacy

French DPA latest to fine Clearview AI over GDPR violations

2022-10-20T19:13:00+01:00By

France’s CNIL became the fourth European data protection authority this year to fine Clearview AI over its controversial facial image aggregation practices, matching a pair of its counterparts with a €20 million (U.S. $19.6 million) penalty.

exterro gdpr ebook thumbnail

e-Book: How the EU might move forward with GDPR

2022-10-20T03:05:00+01:00Provided by

Data privacy experts believe the mechanisms in place under the General Data Protection Regulation (GDPR) to ensure compliance, enforcement, and redress need revisiting—and quickly.

Employee monitoring

ICO guidance stresses importance of reasoning in employee monitoring

2022-10-19T12:45:00+01:00By

The U.K. Information Commissioner’s Office issued draft guidance to help ensure employers’ monitoring of staff performance does not turn into surveillance or harassment.

White House

U.S. includes surveillance concessions in new transatlantic data flow framework

2022-10-07T21:25:00+01:00By

President Joe Biden’s executive order on a data privacy framework aims to provide a workable, legally resilient solution for companies to continue moving and storing the personal data of EU-based citizens to American-based servers without running afoul of the GDPR.

UK privacy

Easylife fined $1.5M under GDPR for profiling customers

2022-10-07T13:42:00+01:00By

The Information Commissioner’s Office fined catalog retailer Easylife £1.35 million (U.S. $1.5 million) for marketing health-related products to individuals without their consent in violation of the U.K. General Data Protection Regulation.

TikTok building

TikTok facing $29M fine over U.K. children’s privacy violations

2022-09-26T15:55:00+01:00By

The Information Commissioner’s Office warned social media platform TikTok it could be fined £27 million (U.S. $29 million) for failing to protect children’s data in line with the U.K.’s version of the General Data Protection Regulation.

Instagram icon

Ireland interpretations of GDPR criticized again in Instagram case

2022-09-21T14:36:00+01:00By

In fining Instagram a record €405 million (U.S. $405 million) for General Data Protection Regulation violations regarding the safeguarding of teenage users’ data, the Irish Data Protection Commission took some heat of its own.

EU Artificial Intelligence

Experts: Europe’s AI Act to push companies to confront technology’s use

2022-09-15T16:00:00+01:00By

The Artificial Intelligence Act, along with upcoming EU rules addressing digital markets and services, should have companies considering their use of AI and other emerging technologies to determine how the laws might impact their business.

Instagram

Instagram facing record $401M fine over children’s privacy violations

2022-09-06T19:30:00+01:00By

Instagram is set to be fined €405 million (U.S. $401 million) by Ireland’s data protection regulator for failing to adequately secure teenage users’ data in line with the General Data Protection Regulation.

Accor

Accor fined $600K under GDPR after EDPB intervention

2022-08-26T17:28:00+01:00By

French hotel chain Accor had its initial fine for cross-border data privacy violations increased sixfold after one data regulator involved in the decision-making process complained an original penalty of €100,000 (U.S. $99,900) was too low.

Amazon

One year later, Amazon GDPR fine details remain clouded

2022-07-29T14:25:00+01:00By

It’s been one year since online retailer Amazon announced it was on the receiving end of a record €746 million (U.S. $758 million) fine under the General Data Protection Regulation, but details about the decision—as well as the actual complaint—remain sketchy.

Volkswagen

Volkswagen fined $1.1M under GDPR for unauthorized data collection

2022-07-27T15:14:00+01:00By

Volkswagen has agreed to pay €1.1 million (U.S. $1.1 million) to resolve allegations of violating the General Data Protection Regulation when a camera on one of its test vehicles recorded nearby drivers without their knowledge.

GDPR gears

EDPB adopts criteria for GDPR cross-border cooperation cases

2022-07-26T16:23:00+01:00By

The European Data Protection Board adopted a set of criteria to assess whether a cross-border matter might qualify as a case of “strategic importance” for closer cooperation—and how to proceed if it does.

Biometric scan

Clearview AI fined third time for GDPR violations

2022-07-14T18:05:00+01:00By

The Hellenic Data Protection Authority in Greece fined controversial facial image aggregator Clearview AI a record €20 million (U.S. $19.9 million) for unlawfully processing the biometric data of Greek citizens.

Wojciech Wiewiorowski

EDPS: U.K. GDPR reforms could create friction with EU

2022-07-13T11:17:00+01:00By

The United Kingdom’s keenness to agree to its own data adequacy decisions with countries like the United States could become a contentious issue with the European Union, according to European Data Protection Supervisor Wojciech Wiewiórowski.

Facebook Ireland

Facebook fate in EU thrusts transatlantic data flows back in spotlight

2022-07-08T16:51:00+01:00By

Reports of a potential shutdown of Meta services Facebook and Instagram in the European Union that could take place as soon as this summer underscore what’s at stake as the region works with the United States to finalize a new agreement on how to handle transatlantic data flows.

United Kingdom

U.K. data reform plan seeks to reduce ‘unnecessary burdens’ of GDPR

2022-07-07T12:55:00+01:00By

The U.K. government announced plans to reform the country’s data privacy laws to simplify procedures for businesses and reduce red tape, but the proposals might clash with certain elements of the EU’s General Data Protection Regulation.

GDPR EU flag

Experts: How to move forward with the GDPR

2022-06-27T12:49:00+01:00By

Data privacy experts speaking at an industry event believe the mechanisms in place under the General Data Protection Regulation to ensure compliance, enforcement, and redress need revisiting—and quickly.

GDPR

European Commission assessing GDPR improvements, not overhaul

2022-06-24T13:52:00+01:00By

Three key members of the European Commission believe the General Data Protection Regulation should be enhanced by targeting aspects of data privacy through other laws rather than revamping the GDPR itself.

GDPRgavel

GDPR blame game: Who’s at fault for spotty enforcement record?

2022-06-23T19:20:00+01:00By

Regulators and privacy experts speaking at the European Data Protection Supervisor’s conference homed in on the flaws of the General Data Protection Regulation and what improvements need to be made to ensure more consistent enforcement of the law.

Google building

Google fine in Spain prompts revisit of GDPR effect on tech

2022-06-15T12:25:00+01:00By

Google’s latest fine for violations of the General Data Protection Regulation reignites the discussion around why Big Tech firms have not been more frequently penalized under the EU’s stringent privacy law.

Vodafone

GDPR enforcement roundup: Spain stays on Vodafone, record fine in Poland

2022-05-25T18:28:00+01:00By

Vodafone running up its fine total in Spain and a record-setting action against a marketing firm in Poland highlight a roundup of notable enforcements announced under the General Data Protection Regulation during the first five months of 2022.

GDPR gears

Four years of GDPR: New tech testing data privacy law’s longevity?

2022-05-25T15:52:00+01:00By

It has been four years since the European Union’s flagship data privacy legislation came into force, but concerns are already being raised about whether the General Data Protection Regulation is being outpaced by technological developments and their use of data.

Clearview AI

ICO fines Clearview AI $9.4M over alleged data privacy lapses

2022-05-23T17:39:00+01:00By

The U.K. Information Commissioner’s Office fined Clearview AI more than £7.5 million (U.S. $9.4 million) for collecting people’s images from internet and social media sites without their knowledge or consent.

Google

Spanish DPA fines Google $10.6M for GDPR violations

2022-05-19T20:07:00+01:00By

Spain’s data protection authority has issued a record fine of €10 million (U.S. $10.6 million) against Google for two “serious infractions” of the EU’s General Data Protection Regulation regarding its sharing information with U.S. legal database Lumen.

Bank of Ireland

Bank of Ireland fined $504K for credit rating data breaches

2022-04-07T18:09:00+01:00By

Bank of Ireland was fined €463,000 (U.S. $504,000) after an investigation by the Irish Data Protection Commission found customer data was accidentally altered in a way that could have damaged credit ratings and prevented getting loans.

Danske

Danske Bank fined $1.5M for data processing failures under GDPR

2022-04-06T13:40:00+01:00By

The Danish Data Protection Agency has reported Danske Bank to the police and fined it 10 million Danish kroner (U.S. $1.47 million) over its failure to erase customers’ personal data in its systems in violation of the General Data Protection Regulation.