Clearview AI’s GDPR fines rise to $110M total after latest penalty by Dutch DPA
Clearview AI was fined 30.5 million euro (U.S. $33.8 million) by the Dutch Data Protection Authority and ordered to stop collecting images of Dutch citizens in the latest enforcement action against the U.S. company.
Dutch DPA fines Uber $324M over transferring driver data to U.S.
The Dutch Data Protection Authority fined Uber 290 million euros (U.S. $323.7 million) for illegally transferring data on European drivers to American servers and failing to appropriately safeguard the transfers.
Spanish DPA dings retailer Uniqlo $294K over GDPR violations
Spain’s data protection authority fined retailer Uniqlo Europe 270,000 euros (U.S. $294,000) over admitted violations of the European Union’s General Data Protection Regulation.
What’s the problem for GDPR repeat offenders?
The General Data Protection Regulation has been in force for nearly six years. Some industries—and some companies—have been more prone to fall foul of the rules than others.
Czech DPA fines Avast $15M over GDPR violations
The Czech Republic’s data protection authority issued a fine of 351 million Czech koruna (U.S. $15 million) against antivirus software vendor Avast for alleged violations of the General Data Protection Regulation.
EDPB decision sparks ‘consent or pay’ debate for Big Tech firms
Big Tech firms might need to rethink their plans to charge users for not selling their personal data for behavioral advertising following a decision by Europe’s primary data regulator.
Focused on consumer privacy? Don’t forget employees’ rights
The implications of a privacy rights case involving a U.K.-based Uber Eats driver underscore a popular belief that companies prioritize protecting the personal information of their customers over the data rights of their employees.
New leadership no easy fix for Irish DPC’s GDPR woes
The Irish Data Protection Commission has a new leadership structure, but it is uncertain whether the changes can get the key privacy regulator caught up on enforcement of the General Data Protection Regulation.
ICO primed for enforcement increase behind new fining guidance?
The Information Commissioner’s Office updated its data protection fining guidance to provide companies with greater transparency and clarity about how and why it would issue penalties for a breach of the U.K. General Data Protection Regulation or Data Protection Act 2018.
Privacy by design a silver bullet for stemming AI risks?
The proliferation of artificial intelligence technologies—and their reliance on publicly available data—has reinforced the need for tech developers and the companies using their solutions to ensure privacy by design and by default is at the crux of any offering.
Italian DPA fines UniCredit $3M over data breach GDPR lapses
The Italian data protection authority announced a fine of €2.8 million (U.S. $3 million) against UniCredit for alleged violations of the General Data Protection Regulation regarding insufficient security measures the bank had in place during a cyberattack.
Public consultation on GDPR opens door for changes
Feedback from a European Commission consultation on the six years of enforcement of the General Data Protection Regulation could result in tweaks to the rules and potential changes to the way data protection authorities enforce them.
Toeing the ‘fine line’ of cloud security compliance
When organizations move their data or operations to the cloud, the compliance team has their work cut out and then some, experts discussed at CW’s Cyber Risk & Data Privacy Summit.
The blurred lines of employee monitoring under GDPR
The French data regulator’s fine against an Amazon warehouse manager for violating employees’ rights to privacy in the workplace once again raises questions about what constitutes an overzealous approach to employee monitoring and why companies fail to recognize the signs.
Examining precedent set by French DPA’s Amazon employee monitoring fine
The decision by France’s data regulator to fine an Amazon warehouse manager for breaches of the General Data Protection Regulation over the way it monitored employee productivity raises questions about the reach data protection authorities have over corporate conduct.
Uber facing $11M fine over driver privacy rights violations
Ride-hailing company Uber Technologies was assessed a penalty of €10 million (U.S. $11 million) by the Dutch Data Protection Authority for alleged privacy rights violations regarding the handling of European drivers’ personal data.
Meta’s ‘pay or consent’ model to force GDPR to adapt?
Experts weigh in on Meta’s plans to charge EU users monthly if they do not want to be tracked for online advertising and what the ramifications of the model would mean for the future of the General Data Protection Regulation.
ICO seeking input on generative AI to inform guidance
The U.K. Information Commissioner’s Office is seeking input from developers, users, and those interested in generative artificial intelligence to help inform policy and guidance regarding the technology.
Amazon unit fined $35M under GDPR for employee productivity tracking
Amazon’s warehouse management arm in France was assessed a penalty of €32 million (U.S. $35 million) for violating the General Data Protection Regulation by excessively tracking the productivity of employees.
GDPR-minded Microsoft offers cloud customers EU-based personal data storage
Microsoft announced an expansion to its European Union data storage efforts that would allow cloud customers to keep all personal data stored within the EU boundary.
Shades of GDPR? Experts assess AI Act as global standard
As the European Union’s AI Act sets its sights on 2026 to take full effect, experts are concerned other key jurisdictions might introduce divergent legislation that treats artificial intelligence use differently, thus making it difficult for companies to ensure compliance.
Assessing impact of court ruling on GDPR strict liability
The idea companies can be held “strictly liable” for violations of the European Union’s privacy rules was shot down, following a judgment from Europe’s top court relating to a case involving German property company Deutsche Wohnen.
Experts: More privacy rules, enforcement expected in 2024
Businesses can prepare for a bumpy ride as the 2024 global landscape of data privacy and other related laws and regulations begins to take shape.
Deutsche Wohnen earns CJEU win in high-profile GDPR appeal
German property company Deutsche Wohnen’s court win regarding a penalty levied against it for alleged violations of the General Data Protection Regulation carries notable ramifications for enforcement of the EU privacy law.
Experts: ICO apology to ex-CEO does not absolve NatWest of GDPR liability
Just because Alison Rose received a public apology from the U.K. Information Commissioner’s Office regarding the suggestion she might have violated the General Data Protection Regulation doesn’t mean NatWest could avoid sanction.
Axpo Italia fined $10.5M in GDPR case over data processing
Axpo Italia, a producer and trader of renewable energy products, was penalized under the General Data Protection Regulation by the Italian data protection authority for processing inaccurate and outdated personal data of customers.
FCA flags potential regulatory breaches at NatWest regarding Farage scandal
An independent review into how NatWest handled the closure of politician Nigel Farage’s Coutts account uncovered potential regulatory breaches by the bank that are on the radar of the U.K. Financial Conduct Authority.
EOS Matrix battles back against Croatian DPA in $5.8M GDPR case
Debt collector EOS Matrix said it will challenge a General Data Protection Regulation penalty levied against it by the Croatian data protection authority after finding the data in question in the case does not match the data in its database.
Expert: How data hoarding increases businesses’ cyber risks
Holding on to data for longer than necessary creates vulnerabilities for businesses by giving cyberattackers more avenues to access an organization’s computer systems.
Bank privacy processes questioned after U.K. ‘debanking’ scandal
The furor over NatWest Group’s decision to monitor and close the account of right-wing Brexit campaigner Nigel Farage—and then disclose the details to a journalist—has raised questions regarding whether other banks employ the same means to get rid of undesirable customers.
TikTok fined $368M in children’s privacy GDPR ruling
The Irish Data Protection Commission announced a penalty of €345 million (U.S. $368 million) against popular social media company TikTok over alleged violations of the General Data Protection Regulation during a five-month period in 2020.