GDPR


Youtube

U.K. lawsuit seeks $3.2B from YouTube for violating children’s privacy

2020-09-14T19:29:00+01:00By

A first-of-its-kind lawsuit in the U.K. alleges YouTube unlawfully collects personal information from children without parental consent and harvests their data for advertising purposes, in violation of British and European data privacy laws.

Facebook

Ireland’s order to Facebook to halt data transfers could have ‘profound’ impact

2020-09-10T16:06:00+01:00By

The Irish DPC’s order to Facebook to halt the transfer of European citizens’ personal data to the United States could pose operational and legal challenges that set a precedent for not only other tech giants, but companies generally.

EU US privacy

European Commission: No Privacy Shield replacement in sight

2020-09-04T15:57:00+01:00By

The European Commission this week warned there will be “no quick fix” to replace the now-invalidated Privacy Shield, which governed data transfers between the European Union and United Sates.

Privacy Shield

EU data authorities take different approaches to Privacy Shield ruling

2020-08-28T18:12:00+01:00By

It appears Europe’s data authorities are prepared to interpret a key court judgement as they see fit in the absence of definitive guidance from the bloc’s primary privacy regulator.

Twitter

Clash over draft Twitter GDPR decision exposes differences among EU authorities

2020-08-26T14:23:00+01:00By

As Ireland’s first GDPR decision against Big Tech hangs in limbo, experts are scratching their heads as to why a seemingly straightforward case is headed to the EU’s data governing body to rule on.

Nailedit1200x800

Jury’s out on Wells Fargo compliance moves; Twitter #fail for Irish DPC

2020-08-20T18:33:00+01:00By Compliance Week

While it’s not yet clear whether Wells Fargo’s compliance moves (including the loss of its CCO) will pay off, we’re much more certain about the Irish Data Protection Commission’s stance on a potential Twitter fine.

EU US privacy

EU privacy advocate targets Facebook, Google in latest salvo

2020-08-19T20:02:00+01:00By

Privacy campaign group NOYB has filed complaints against 101 websites with European operators that it says are still sending data to the U.S. via Google and/or Facebook integrations—potentially in breach of the EU’s strict data privacy rules.

Salesforce

Oracle, Salesforce targeted in class-action GDPR lawsuits

2020-08-17T20:51:00+01:00By

A European privacy group is pursuing multiple class-action lawsuits against Oracle and Salesforce for alleged violations of the EU’s General Data Protection Regulation, estimating damages sought could exceed €10 billion (U.S. $11.9 billion).

Europedata

Five tips for EU-U.S. data transfers post-Privacy Shield

2020-08-04T15:21:00+01:00By

As the fallout from the demise of the Privacy Shield continues to play out, here are a handful of steps companies can take to protect themselves from potential GDPR violations when transferring data between the European Union and the United States.

British Airways

British Airways banking on drastic reduction of record GDPR fine

2020-08-03T21:04:00+01:00By

British Airways has hinted that it will qualify for a nearly 90 percent reduction of its original GDPR fine (U.S. $230 million) and end up paying just $26 million.

EU US privacy

Companies paying price for EU-U.S. Privacy Shield removal

2020-07-27T21:43:00+01:00By

The legal and financial burden for companies to comply with the recent ruling to invalidate the EU-U.S. Privacy Shield might actually be worse than first thought, if an FAQ from the European Data Protection Board is any indication.

Europe Justice

Europe’s top court strikes down U.S.-EU data transfer rule

2020-07-16T15:21:00+01:00By

In a surprise decision that will have a major impact on trans-Atlantic data transfers, Europe’s top court ruled Thursday that a mechanism used by thousands of companies to send data to the United States is unlawful.

GDPRgavel

Italian telecom fined $18.6M for violating GDPR data collection rules

2020-07-14T19:49:00+01:00By

Italian telecommunications operator Wind Tre S.p.A has been fined approximately €16.7 million (U.S. $18.6 million) for violating data collection provisions of the EU’s General Data Protection Regulation.

Googlecrop

Google fined $670K for violating GDPR’s ‘right to be forgotten’

2020-07-14T18:24:00+01:00By

Belgium’s Data Protection Authority fined Google Belgium €600,000 (U.S. $670,000) for refusing to delete search results linked to a Belgian public official, a provision of the GDPR know as the “right to be forgotten.”

Columnist_Hodge

Ireland’s GDPR report shows it’s yet to hold Big Tech accountable

2020-06-29T18:31:00+01:00By

The Irish Data Protection Commission review of its GDPR investigations has come under fire for ignoring Big Tech and lacking information pertinent to inquiries into firms like Apple, Facebook, Google, and more.

GDPR

EC report: More harmonization needed in GDPR efforts

2020-06-24T18:26:00+01:00By

The European Commission believes the General Data Protection Regulation is an “overall success” but points to harmonization among member states as an area for improvement.

Google

French court upholds Google’s $57M GDPR fine

2020-06-22T16:29:00+01:00By

The top administrative court in France shot down Google’s appeal of a €50 million (U.S. $57 million) fine the tech giant received last year for violations of the EU’s General Data Protection Regulation.

TikTok

EDPB task force to probe TikTok privacy practices

2020-06-10T17:11:00+01:00By

The European Data Protection Board will establish a task force to acquire a more comprehensive overview of TikTok’s privacy practices and coordinate any potential actions against the company.

GDPR

EDPB challenges Hungary’s GDPR suspension under Article 23

2020-06-04T17:41:00+01:00By

The European Data Protection Board will issue guidelines on the implementation of Article 23 of the GDPR after Hungary’s government used the article to suspend data subject rights until the end of its coronavirus state of emergency.

GDPR

Two years in, GDPR defined by mixed signals, unbalanced enforcement

2020-05-27T15:49:00+01:00By

It’s been two years since the EU’s GDPR went into effect, and we still don’t know how lingering questions about compliance—as well as non-compliance—will be answered going forward.

Artificial intelligence

Six things CCOs need to know about ICO’s AI guidance

2020-05-21T18:29:00+01:00By

The U.K. Information Commissioner’s Office released guidance to help organizations explain how AI is used in decision making and how the technology uses personal data to form judgments.

IrelandDataPrivacy

Longtime holdout Ireland issues first GDPR fine

2020-05-19T13:40:00+01:00By

Child and family agency Tusla has become the first company to receive a fine from the Irish Data Protection Commission for violations of the General Data Protection Regulation.

TikTok

Dutch DPA probing TikTok over children’s privacy

2020-05-11T18:29:00+01:00By

The Dutch Data Protection Authority has launched an investigation into popular social networking service TikTok over whether children’s privacy is being adequately protected.

Privacy officer

Can a CCO be a DPO? Belgian data authority not so sure

2020-05-07T16:24:00+01:00By

A recent ruling out of Belgium throws water onto the idea that the head of audit, risk, or compliance at a company can also serve as data protection officer as required by the GDPR.

GDPR

Tech firm: GDPR ‘in danger of failing’ due to lack of resources

2020-05-01T16:18:00+01:00By

A new report says Europe’s data protection regulators don’t have the skills, knowledge, or budget to effectively enforce such privacy rules as the GDPR.

TrackingCorona

EDPB aims to clarify app development needs in coronavirus battle

2020-04-22T18:35:00+01:00By

The European Data Protection Board has released guidelines that aim to help app developers and regulators process individuals’ health data without compromising their privacy under such regulations as the GDPR and ePrivacy Directive.

GDPRgavel

Coronavirus could further stall BA, Marriott GDPR fines

2020-04-20T19:01:00+01:00By

Record-setting proposed penalties announced by the U.K. Information Commissioner’s Office last year against British Airways and Marriott for violations of the GDPR may continue to linger amid the ongoing coronavirus pandemic.

EuropeLockdownCOVOID-19

8 compliance challenges facing European companies in coronavirus crisis

2020-03-26T18:13:00+00:00By

Due diligence, data, solvency, and supply chain management risks are just some of the issues Europe’s employers are struggling with as normal business has come to a standstill during the coronavirus pandemic.

/web/img/field/image/privacy.jpg

Confusion around GDPR during coronavirus prompts EDPB response

2020-03-20T18:32:00+00:00By

The European Data Protection Board has released a statement attempting to clarify how personal data can be processed by companies during the ongoing coronavirus pandemic.

UKCoronavirus

Advice for European compliance officers dealing with coronavirus

2020-03-16T17:49:00+00:00By

Although the coronavirus situation is constantly changing, lawyers say there are several areas of corporate life that are going to test compliance officers and which management will need greater assurance on.

Data

EDPB chair: Processing personal data in the context of coronavirus

2020-03-16T14:58:00+00:00By

The chair of the European Data Protection Board addresses things companies need to consider as they process different types of personal data in the context of the coronavirus.

Google building

Swedish watchdog fines Google $7.6M for GDPR non-compliance

2020-03-12T19:02:00+00:00By

Google has received its second fine to date for violating Europe’s General Data Protection Regulation; Sweden’s Data Protection Authority fined the internet giant 75 million Swedish Kroner (U.S. $7.6 million).

Virgin Media

​Virgin Media could face GDPR pressure after data breach

2020-03-06T17:54:00+00:00By

Virgin Media is likely to be in the GDPR crosshairs after disclosing a recent breach that affected approximately 900,000 customers to the U.K.’s data regulator.

GDPR

Ireland GDPR caseload nearly doubled in 2019

2020-02-20T21:48:00+00:00By

The Irish Data Protection Commission received 7,215 complaints during the first full year the General Data Protection Regulation was in force, representing a 75 percent increase on 2018’s figures of just over 4,000.

Facebook Dating

Ireland raid over privacy concerns jilts Facebook Dating

2020-02-13T21:38:00+00:00By

Facebook wants to play Cupid in Europe, but the Irish Data Protection Commission got its arrow in the tech giant first.

Brexit star

Experts weigh in on Brexit consequences for GDPR, AML, more

2020-02-10T18:40:00+00:00By

The wheels to the United Kingdom’s exit from the European Union are finally in motion, but the hard work still remains as to what kind of future trading relationship the country has with the single market.

Googlecrop

Ireland probing Google, Tinder for GDPR violations

2020-02-05T20:47:00+00:00By

Ireland’s data regulator has announced new investigations into Google and MTCH Technology Services—the company behind dating app Tinder—over complaints users’ personal data is being misused in violation of the GDPR.

Germany privacy

Germany’s dual approach to data regulation under the GDPR

2020-02-03T18:22:00+00:00By

Germany is staying ahead of the game with an advanced crackdown on data privacy and competition law violations.

GDPR

Study expects GDPR fines to rise in 2020

2020-01-21T16:22:00+00:00By

DLA Piper’s latest data breach survey suggests the penalties handed out under the General Data Protection Regulation thus far are not as harsh as they could have been—though that could change in 2020.

conduent gdpr cover img

e-Book: Firms face mounting pressure from GDPR

2020-01-17T05:34:00+00:00Provided by

More firms have been stymied by the General Data Protection Regulation.

AdobeStock_132649171

App firms, adtech industry in firing line over possible GDPR violations

2020-01-16T15:52:00+00:00By

The Norwegian Consumer Council, a consumer rights champion, has uncovered a serious no-no in the world of GDPR: popular apps sharing user data, such as religious beliefs and sexual preferences, to advertising and marketing firms in order to drive their own revenue.

GDPR

ICO hands out first GDPR fine as BA, Marriott cases linger

2019-12-23T21:08:00+00:00By

The U.K. Information Commissioner’s Office has levied its first fine under the GDPR against a London-based pharmacy. Record-setting penalties announced by the ICO in July against British Airways and Marriott are still not finalized.

Data transfers

Top EU advisor: Clauses used for EU-U.S. data transfers ‘valid’

2019-12-23T15:18:00+00:00By

Big Tech can breathe a sigh of a relief that the mechanisms it uses to transfer data outside of the European Union to “third countries” provide sufficient privacy protection, according to a key advisor to the EU’s top court.

Germany privacy

1 & 1 Telecom fined $10.6M for GDPR violations; company fights back

2019-12-11T15:47:00+00:00By

A German federal privacy watchdog has fined 1 & 1 Telecom €9.55 million (U.S. $10.6 million) for violations of the EU’s General Data Protection Regulation, but the company says it won’t accept the penalty.

Privacy War

Privacy warfare: Competitors, consumers pose new risks

2019-11-19T21:38:00+00:00By

With a new wave of privacy laws empowering consumers to police their own data, companies are facing increased risk in areas they might not have considered.

GDPR panel

Regulators sympathetic to GDPR growing pains but expect maturity

2019-11-19T21:37:00+00:00By

Officials from a pair of EU data privacy sanctioning bodies stressed importance of data protection officers and good-faith efforts to comply with GDPR.

David Lefort

Ireland vs. Big Tech: The wait continues

2019-11-19T21:37:00+00:00By

It’s been 18 months since the General Data Protection Regulation went into effect, and still no violations have come out of Ireland. Is the Emerald Isle dragging its feet? CW Editor in Chief Dave Lefort attempts to answer that question.

SoftwareChoice

Best practices for choosing the right data privacy software

2019-11-18T21:41:00+00:00By

Don’t expect a plug-and-play technology solution to this complex new problem.

Microsoft

Microsoft updates cloud contract privacy amid EDPS probe

2019-11-18T21:11:00+00:00By

Microsoft has updated the privacy provisions of its commercial cloud contracts amid a European Data Protection Supervisor investigation that revealed “serious concerns” in its preliminary findings.

California

From sea to shining CCPA: Microsoft to extend privacy law across U.S.

2019-11-13T18:27:00+00:00By

In a blog post this week, Microsoft announced its intention to extend the core rights of the upcoming California Consumer Privacy Act to its customers across the United States.