GDPR


GDPR EU flag

Experts: How to move forward with the GDPR

2022-06-27T12:49:00+01:00By

Data privacy experts speaking at an industry event believe the mechanisms in place under the General Data Protection Regulation to ensure compliance, enforcement, and redress need revisiting—and quickly.

GDPR

European Commission assessing GDPR improvements, not overhaul

2022-06-24T13:52:00+01:00By

Three key members of the European Commission believe the General Data Protection Regulation should be enhanced by targeting aspects of data privacy through other laws rather than revamping the GDPR itself.

GDPRgavel

GDPR blame game: Who’s at fault for spotty enforcement record?

2022-06-23T19:20:00+01:00By

Regulators and privacy experts speaking at the European Data Protection Supervisor’s conference homed in on the flaws of the General Data Protection Regulation and what improvements need to be made to ensure more consistent enforcement of the law.

Google building

Google fine in Spain prompts revisit of GDPR effect on tech

2022-06-15T12:25:00+01:00By

Google’s latest fine for violations of the General Data Protection Regulation reignites the discussion around why Big Tech firms have not been more frequently penalized under the EU’s stringent privacy law.

Vodafone

GDPR enforcement roundup: Spain stays on Vodafone, record fine in Poland

2022-05-25T18:28:00+01:00By

Vodafone running up its fine total in Spain and a record-setting action against a marketing firm in Poland highlight a roundup of notable enforcements announced under the General Data Protection Regulation during the first five months of 2022.

GDPR gears

Four years of GDPR: New tech testing data privacy law’s longevity?

2022-05-25T15:52:00+01:00By

It has been four years since the European Union’s flagship data privacy legislation came into force, but concerns are already being raised about whether the General Data Protection Regulation is being outpaced by technological developments and their use of data.

Clearview AI

ICO fines Clearview AI $9.4M over alleged data privacy lapses

2022-05-23T17:39:00+01:00By

The U.K. Information Commissioner’s Office fined Clearview AI more than £7.5 million (U.S. $9.4 million) for collecting people’s images from internet and social media sites without their knowledge or consent.

Google

Spanish DPA fines Google $10.6M for GDPR violations

2022-05-19T20:07:00+01:00By

Spain’s data protection authority has issued a record fine of €10 million (U.S. $10.6 million) against Google for two “serious infractions” of the EU’s General Data Protection Regulation regarding its sharing information with U.S. legal database Lumen.

Bank of Ireland

Bank of Ireland fined $504K for credit rating data breaches

2022-04-07T18:09:00+01:00By

Bank of Ireland was fined €463,000 (U.S. $504,000) after an investigation by the Irish Data Protection Commission found customer data was accidentally altered in a way that could have damaged credit ratings and prevented getting loans.

Danske

Danske Bank fined $1.5M for data processing failures under GDPR

2022-04-06T13:40:00+01:00By

The Danish Data Protection Agency has reported Danske Bank to the police and fined it 10 million Danish kroner (U.S. $1.47 million) over its failure to erase customers’ personal data in its systems in violation of the General Data Protection Regulation.

Transatlantic data

Experts optimistic, though wary, toward Privacy Shield successor

2022-03-28T19:18:00+01:00By

Legal and data privacy experts have expressed cautious optimism regarding the announcement that the United States and European Union have reached an agreement in principle to resume transatlantic data flows.

EU US privacy

Third time’s the charm? Agreement in principle reached on U.S.-EU data flows

2022-03-25T17:14:00+00:00By

The United States and European Union have reached an agreement in principle on how to handle transatlantic data flows, a thorny issue that has resulted in two prior frameworks being scrapped by the EU’s top court.

UK data

New ICO head strives for reassurance in first speech

2022-03-24T19:49:00+00:00By

John Edwards, head of the U.K. Information Commissioner’s Office, said he wants to bring greater certainty for companies regarding their data compliance needs, especially if the government’s drive to reduce regulatory burdens results in the EU withdrawing its data adequacy decision.

Privacy Shield

Momentum building toward Privacy Shield replacement?

2022-03-23T16:34:00+00:00By

Recent comments by EU and U.S. lawmakers and insights from privacy experts suggest a new mechanism to replace the defunct Privacy Shield and ensure safe transatlantic data transfers might soon be introduced.

GDPR EU flag

How EU regulators are warning of Russian data protection threats

2022-03-21T13:45:00+00:00By

Regulators in Norway, Germany, Lithuania, Estonia, Denmark, and Sweden address how companies can prepare for increased data protection and cybersecurity risks in the wake of Russia’s invasion of Ukraine.

Facebook Ireland

Meta fined $18.6M under GDPR for 2018 data breaches

2022-03-15T20:16:00+00:00By

The Irish Data Protection Commission fined Meta’s Irish subsidiary 17 million euros (U.S. $18.6 million) for a series of personal data breaches that took place nearly four years ago.

FacialRecognition

Clearview AI fined $22M in Italy over unlawful data collection

2022-03-10T19:00:00+00:00By

Facial image aggregator Clearview AI was fined €20 million (U.S. $22 million) for unlawfully processing the biometric and geolocation data of Italian citizens in violation of privacy laws including the General Data Protection Regulation.

Amazon trucks

Amazon transport arm GDPR fine imparts lesson on criminal record checks

2022-03-09T15:02:00+00:00By

Amazon Road Transport was fined €2 million (U.S. $2.2 million) for trying to carry out criminal record checks on freelance truck drivers it wanted to hire without Spanish law to back up the practice.

Online advertising

IAB Europe fighting back against ‘grossly unfair’ GDPR fine

2022-03-07T14:18:00+00:00By

Townsend Feehan, chief executive of the European arm of the Interactive Advertising Bureau, discusses the ramifications of her organization’s €250,000 (then-U.S. $286,000) fine under the General Data Protection Regulation in Belgium.

Telenor

Telenor caught in GDPR conundrum over Myanmar subsidiary sale

2022-03-03T15:58:00+00:00By

A complaint filed with the Norwegian Data Protection Authority alleges Telenor’s progressing sale of its Myanmar-based subsidiary violates the EU’s General Data Protection Regulation by potentially exposing its customers in the region to military surveillance.

Locked files

Lawsuit by BitMEX co-founder could test GDPR’s reach over SARs

2022-02-28T15:59:00+00:00By

Ben Delo, co-founder of cryptocurrency exchange BitMEX, filed a complaint against Wise Payments after the company allegedly refused his requests under the General Data Protection Regulation to provide him with personal information it submitted via suspicious activity reports.

Global

Strategies for complying with multiple data privacy regimes

2022-02-18T17:32:00+00:00By

Complying with multiple data privacy regimes is not simple, but it is increasingly becoming expected. A panel at CW’s virtual Cyber Risk & Data Privacy Summit offered their advice regarding the current global privacy landscape.

Business defense

Why high-growth companies should prioritize data privacy

2022-02-17T16:16:00+00:00By

A group of experts at CW’s virtual Cyber Risk & Data Privacy Summit explained how complying with data privacy regulations from Day 1 can provide high-growth companies with certain competitive advantages.

Cyber Risk employee monitoring

​Transparency key to navigating modern employee monitoring risk landscape

2022-02-15T17:26:00+00:00By

The opening session of Compliance Week’s virtual Cyber Risk & Data Privacy Summit addressed the challenges of using technology to monitor employees while considering regulatory and ethical risks.

Accor

How Accor manages global data privacy compliance

2022-02-09T13:37:00+00:00By

Marie-Christine Vittet, vice president of compliance at hospitality chain Accor, shares with Compliance Week the company’s journey toward a global data privacy compliance program.

OTE

Cosmote, parent company OTE fined $10.6M under GDPR

2022-02-08T18:13:00+00:00By

The Hellenic Data Protection Authority fined mobile phone operator Cosmote and its parent company OTE a total of €9.25 million (U.S. $10.6 million) for a data breach caused by a September 2020 cyberattack and for illegally processing customer data.

Meta Platforms

Meta threatens to pull Facebook, Instagram in Europe over GDPR data transfer dispute

2022-02-07T19:39:00+00:00By

Meta Platforms is threatening to pull down Facebook and Instagram in the European Union over concerns it cannot meet data-sharing rules set in the region’s General Data Protection Regulation.

Belgium

IAB Europe fined $286K under GDPR for data processing violations

2022-02-07T15:34:00+00:00By

The European arm of the Interactive Advertising Bureau was fined €250,000 (U.S. $286,000) by the Belgian Data Protection Authority for data privacy violations regarding its Transparency and Consent Framework.

Supermarket

REWE International $9M GDPR fine a lesson in managing subsidiary risk

2022-01-25T19:24:00+00:00By

A recent decision by the Austrian Data Protection Authority against food retailer REWE International underlines the fact parent companies are ultimately responsible for how their subsidiaries manage people’s data, even if the offshoot entity operates separately.

Enel Energia

Italian DPA fines Enel Energia $30.1M under GDPR over telemarketing practices

2022-01-21T19:58:00+00:00By

Italian energy supplier Enel Energia has been fined €26.5 million (U.S. $30.1 million) under the General Data Protection Regulation for aggressive telemarketing.

/web/img/field/image/privacy.jpg

Report: GDPR fines surpass $1B in 2021; breach notifications also rise

2022-01-18T22:06:00+00:00By

Nearly €1.1 billion (U.S. $1.2 billion) worth of fines have been issued against organizations in the past year for violations of the General Data Protection Regulation, according to the latest annual report by law firm DLA Piper.

UK privacy

Difficult path ahead for new ICO head John Edwards

2022-01-12T19:16:00+00:00By

The United Kingdom’s newly appointed information commissioner, John Edwards, might find it hard to steer a successful path between ensuring citizens’ data rights are preserved while also trying to make U.K. laws more palatable for data-driven business.

Google Ireland

France’s CNIL fines Google, Facebook $237M combined over cookies consent

2022-01-06T20:06:00+00:00By

French data privacy watchdog CNIL again sidestepped the GDPR in fining Google and Facebook a combined €210 million (U.S. $237 million) for making it too difficult for users to refuse cookies when accessing their websites.

EU data flag

Dissatisfaction with GDPR pushing EU countries toward local laws

2021-12-21T15:18:00+00:00By

So far, Europe’s wide-reaching data privacy rules have seemingly failed to curb Big Tech firms’ use and abuse of citizens’ personal data. As a result, some EU data regulators are pursuing their own investigations—often through other legislation.

Grindr

Grindr fined $7.2M for GDPR consent violations

2021-12-15T17:40:00+00:00By

The Norwegian Data Protection Authority announced a fine of NOK 65 million (U.S. $7.2 million) against gay dating app Grindr for sharing personal data with third parties without users’ consent.

Brasseur_opinion

Ten things I’d like to see happen in 2022 (2021 in review)

2021-12-10T14:00:00+00:00By

ESG and cryptocurrency figure to be key topics in 2022, but we’re also keeping an eye on President Biden’s anti-corruption efforts, details on Amazon’s record GDPR fine, the status of Facebook’s first CCO, and more.

Dutch government building

Dutch DPA fines government tax authority $3.1M under GDPR

2021-12-09T17:57:00+00:00By

The Dutch Data Protection Authority announced a fine of €2.75 million (U.S. $3.1 million) against the government’s Tax and Customs Administration for data processing violations of the EU’s General Data Protection Regulation.

Clearview AI

Clearview AI facing $22.6M fine over U.K. privacy violations

2021-11-30T20:29:00+00:00By

The U.K. Information Commissioner’s Office has warned Clearview AI it could face a £17 million (U.S. $22.6 million) fine over its use of people’s data to power its facial recognition software.

CWE_GDPR

CWE panel: GDPR ‘the start of a culture of data protection’

2021-11-15T21:50:00+00:00By

Belgian Data Protection Authority head David Stevens and Member of European Parliament Axel Voss discussed ways the General Data Protection Regulation could be improved for the future during a keynote at CW’s virtual Europe event.

Google building

U.K. Supreme Court decision on Google deals blow to class actions

2021-11-11T17:52:00+00:00By

Legal experts weigh in on the U.K. Supreme Court’s rejection of a claim that sought billions of pounds in damages from Google over alleged illegal tracking of millions of iPhones and what it means for future collective actions.

Belgium privacy

IAB Europe expecting to be found in violation of GDPR

2021-11-09T19:54:00+00:00By

The European arm of the Interactive Advertising Bureau released a statement acknowledging it expects to be found in violation of the EU’s General Data Protection Regulation regarding its Transparency and Consent Framework.

Data money

IAPP report: Privacy spend rising, with further growth expected

2021-10-27T20:47:00+01:00By

Corporate spending on managing privacy risks has risen significantly since last year, with 6 of 10 privacy professionals believing budgets will continue to increase over the coming year, according to the latest IAPP survey.

Data privacy

Global Privacy Assembly takeaways: ‘Time to get real’ on cross-border cooperation

2021-10-21T18:02:00+01:00By

Privacy regulators believe there must be a push toward greater international cooperation and enforcement if failure to ensure data protection is to be taken as seriously as other corporate offenses.

Sky

Sky Italia latest fined under GDPR over telemarketing practices

2021-10-20T16:24:00+01:00By

Sky Italia was ordered to pay nearly €3.3 million (U.S. $3.8 million) by Italy’s data protection authority Garante for allegedly misusing customer data to make unwanted promotional phone calls.

Austrian Post

GDPR enforcement roundup: Austrian Post facing new record fine

2021-10-18T16:56:00+01:00By

The Austrian Post is once again appealing what would be a record GDPR fine in the country after successfully defending itself in the first instance. Other recent decisions under the law provide further enforcement trends.

Facebook Ireland

‘Soft-hearted’ Irish DPC proposes $42M GDPR fine against Facebook

2021-10-15T15:24:00+01:00By

The Irish Data Protection Commission has set out plans to fine Facebook between €28 million and €36 million (U.S. $32 million and $42 million) for violations of the General Data Protection Regulation.

WhatsApp phone

WhatsApp GDPR fine fallout: EDPB actions shift enforcement landscape

2021-09-20T15:27:00+01:00By

Experts weigh in on the Irish Data Protection Commission’s €225 million (U.S. $267 million) GDPR fine against WhatsApp, which saw the European Data Protection Board rule to increase the fine total and compliance obligations.

WhatsApp

Ireland shakes up GDPR enforcement with $267M fine against WhatsApp

2021-09-02T19:42:00+01:00By

Ireland’s Data Protection Commission announced a record-breaking €225 million (U.S. $267 million) fine against WhatsApp that is equally significant for the compliance lessons it imparts and inconsistency of the GDPR it exposes.

UK privacy

U.K. signals divergence from GDPR with new data transfer approach

2021-09-01T15:44:00+01:00By

The United Kingdom announced plans to strike independent data adequacy decisions with key countries—including the United States—as part of its post-Brexit economic strategy.

ICO

​ICO’s first GDPR fine reduced on appeal

2021-08-24T16:28:00+01:00By

The U.K. Information Commissioner’s Office’s fine against pharmacy Doorstep Dispensaree for violations of the General Data Protection Regulation has been slashed approximately two-thirds on appeal to £92,000 (U.S. $126,000).