GDPR


Safe bank

Premium

Bank privacy processes questioned after U.K. ‘debanking’ scandal

2023-09-21T19:05:00+01:00By

The furor over NatWest Group’s decision to monitor and close the account of right-wing Brexit campaigner Nigel Farage—and then disclose the details to a journalist—has raised questions regarding whether other banks employ the same means to get rid of undesirable customers.

TikTok building

News Brief

TikTok fined $368M in children’s privacy GDPR ruling

2023-09-15T17:50:00+01:00By

The Irish Data Protection Commission announced a penalty of €345 million (U.S. $368 million) against popular social media company TikTok over alleged violations of the General Data Protection Regulation during a five-month period in 2020.

Hodge_opinion

Opinion

Fallout from ‘debanking’ scandal suggests more U.K. bank reforms coming

2023-09-12T15:00:00+01:00By

The former CEO of NatWest’s decision to leak client details to the press regarding Nigel Farage is likely to cost the financial industry millions in new compliance checks as U.K. regulators prepare reviews into how banks treat people with extreme political views.

Ransomware

Premium

Paying ransom to avoid GDPR fine an unwise gambit

2023-09-07T13:21:00+01:00By

Companies that think paying reduced ransomware demands would be a better move than informing regulators of a data breach and facing enforcement are playing with fire, according to experts.

Trygg-Hansa

News Brief

Swedish DPA fines Trygg-Hansa $3.2M for GDPR breaches

2023-08-31T16:55:00+01:00By

Sweden’s data protection authority issued a penalty of 35 million Swedish krona (U.S. $3.2 million) against insurance company Trygg-Hansa for alleged security flaws that made customer insurance information accessible on the internet.

Business argument

Premium

Pressure on DPAs to ensure success of GDPR cross-border proposal

2023-08-01T13:34:00+01:00By

Plans to speed up General Data Protection Regulation cases against the likes of Big Tech firms by improving cooperation among the European Union’s data regulators have been largely welcomed by experts.

EU US privacy

Premium

Expert views mixed on viability of new EU-U.S. data transfer framework

2023-07-18T14:46:00+01:00By

The European Commission might have given a green light to the latest mechanism to allow safe data transfers between the European Union and the United States, but experts have mixed views regarding how long it will last and whether it is even legal.

Meta Platforms

News Brief

Norwegian DPA threatens Meta with fines over behavioral advertising

2023-07-17T14:43:00+01:00By

The Norwegian Data Protection Authority is set to impose a temporary ban on Meta carrying out behavioral advertising on Facebook and Instagram using the personal information of users in the country.

Global data

News Brief

EU adopts Privacy Shield replacement for U.S. data transfers

2023-07-10T17:41:00+01:00By

The European Commission announced it adopted a new agreement with the United States to allow for transatlantic data flows without fear of violating the European Union’s General Data Protection Regulation.

GDPR

News Brief

EU proposal eyes clearer GDPR cross-border case guidelines

2023-07-07T13:33:00+01:00By

The European Commission seeks to combat longstanding issues under the General Data Protection Regulation regarding cross-border cases with new proposed rules.

Criteo

News Brief

French DPA fines adtech firm Criteo $44M under GDPR

2023-06-22T16:29:00+01:00By

Adtech firm Criteo was assessed a penalty of €40 million (U.S. $44 million) for multiple alleged violations of the General Data Protection Regulation, including failing to verify it gained consent to process the data of European Union citizens.

Grindr

News Brief

Lawsuit: Ex-Grindr privacy chief alleges firing over red flags raised

2023-06-20T16:18:00+01:00By

The former chief privacy officer at Grindr is suing the company behind the LGBTQ dating app for wrongful termination regarding alleged privacy violations he raised that new management ignored.

AI Law

Premium

As AI Act moves forward, concerns of undermined GDPR persist

2023-06-16T13:00:00+01:00By

The European Union wants to bolster tech innovation within the single market as artificial intelligence is predicted to catapult economic growth, but some have expressed fears AI use might conflict with levels of automatic protection expected under the General Data Protection Regulation.

Spotify_web

News Brief

Swedish DPA fines Spotify $5.4M for ‘low level’ GDPR lapses

2023-06-13T19:25:00+01:00By

Sweden’s data protection authority levied a fine of 58 million Swedish krona (U.S. $5.4 million) against music streaming service Spotify following an audit on how the company handles customers’ rights to access their personal data.

LinkedIn

News Brief

Microsoft reserves $425M for LinkedIn GDPR penalty

2023-06-02T15:43:00+01:00By

Microsoft will reserve $425 million to pay a potential fine from the Irish Data Protection Commission regarding alleged violations of the General Data Protection Regulation by its social media subsidiary, LinkedIn.

GDPR gears

Premium

Five years of GDPR: Experts forecast changes to come for landmark privacy law

2023-06-01T14:41:00+01:00By

The fifth anniversary of the European Union’s General Data Protection Regulation coming into force has highlighted the many successes of the legislation but also exposed areas where the law is still untested and unclear.

Meta building

Premium

Record Meta fine brings wider GDPR ramifications for EU-U.S. data transfers

2023-05-26T16:21:00+01:00By

Meta’s latest punishment for breaching the European Union’s General Data Protection Regulation will have far-reaching ramifications for companies both in Europe and beyond.

GDPR_gavel

Premium

Five years in, GDPR still a lightning rod for criticism

2023-05-25T18:04:00+01:00By

The General Data Protection Regulation risks losing credibility if enforcement is not harmonized and privacy by design is not at the heart of tech innovation, said EU officials during a summit marking the fifth anniversary of the legislation.

Facebook Ireland

News Brief

Meta fined record $1.3B in GDPR data transfer ruling

2023-05-22T16:43:00+01:00By

The Irish Data Protection Commission announced a record penalty of €1.2 billion (U.S. $1.3 billion) against Meta regarding its transfers of user data from the European Union to the United States in violation of the General Data Protection Regulation.

Austrian Post

Premium

Experts: Austrian Post GDPR ruling offers clarity on damages compensation

2023-05-12T13:51:00+01:00By

A decision by Europe’s Supreme Court regarding Austria’s main postal service might make it easier for the bloc’s citizens to bring legal claims for privacy breaches—with potentially unlimited scope for damages.

Clearview AI

News Brief

French DPA fines Clearview AI $5.7M for noncompliance with previous order

2023-05-11T20:37:00+01:00By

France’s data protection authority last month fined facial recognition company Clearview AI €5.2 million (then-U.S. $5.7 million) for failing to comply with an October order to cease and desist from further violations of the General Data Protection Regulation.

Croatia

News Brief

Croatian DPA levies largest GDPR fine

2023-05-09T13:28:00+01:00By

The Croatian data protection authority handed down its largest penalty under the General Data Protection Regulation to date: a fine of nearly €2.3 million (U.S. $2.5 million) against debt collector B2 Kapital.

Meta building

Premium

Big Tech, ad industry bracing for Meta data transfer decision

2023-05-04T20:21:00+01:00By

Meta and other Big Tech firms will soon learn if they might be prevented from transferring the personal data of European citizens to the United States in the way they do now.

ChatGPT

News Brief

​ChatGPT back in Italy after user privacy updates

2023-04-28T19:08:00+01:00By

ChatGPT restored access for Italian users after changes to its privacy controls were welcomed by the country’s data protection authority.

ChatGPT logo

Premium

Is ChatGPT the privacy problem? Or is GDPR?

2023-04-26T15:23:00+01:00By

Scrutiny into ChatGPT has reignited concerns the General Data Protection Regulation is either stifling innovations in technology or that the legislation is not flexible enough to keep pace with technological advances. Experts weigh in.

GDPR EU flag

Premium

‘Divergence is coming’: Experts cast doubt on EU adopting U.K. GDPR reforms

2023-04-24T14:05:00+01:00By

Despite suggestions the European Union could look to the United Kingdom when considering future changes to the General Data Protection Regulation, legal experts question the impact planned U.K. reforms to the privacy law will have on multinational businesses.

ChatGPT logo

News Brief

EDPB task force latest scrutinizing ChatGPT, AI accountability

2023-04-13T19:52:00+01:00By

The European Data Protection Board is the latest regulatory body assessing the applicability of ChatGPT amid skyrocketing data privacy concerns regarding the popular artificial intelligence platform.

TikTok

News Brief

TikTok fined $15.9M for violations of U.K. GDPR

2023-04-04T20:12:00+01:00By

Social media platform TikTok was fined £12.7 million (U.S. $15.9 million) by the U.K. Information Commissioner’s Office for using the personal data of children without parental consent and other violations of data protection mandates.

chatgpt_web

News Brief

ChatGPT exits Italy after GDPR violation warning

2023-04-03T18:13:00+01:00By

The Italian data protection authority shut down ChatGPT in the country, alleging the AI chatbot violates European Union privacy laws and has no controls to stop it interacting inappropriately with young children.

London cityscape

News Brief

U.K. moves forward with GDPR reform bill

2023-03-09T15:32:00+00:00By

The U.K. government formally introduced a bill to reform the country’s data privacy laws in a manner projected to save British businesses “billions.”

Virgin Media

Premium

U.K. push for GDPR reprimand transparency draws mixed reviews

2023-03-08T13:00:00+00:00By

The U.K. Information Commissioner’s Office began publishing the details of cases where organizations breached the General Data Protection Regulation but were not fined. Legal experts share their take on the initiative.

EU US privacy

Premium

Privacy Shield replacement on track, though hurdles remain

2023-03-03T14:00:00+00:00By

The agreement on a new framework for transatlantic data flows between the United States and European Union could be finalized this year. Whether it can stand legal scrutiny is the real question.

Energy company

News Brief

Italian DPA fines Edison Energia $5.2M over GDPR lapses

2023-03-02T17:51:00+00:00By

The Italian data protection authority penalized electric utility company Edison Energia for multiple alleged violations of the General Data Protection Regulation regarding marketing communications and data processing transparency.

Experian sign

Premium

Ruling in Experian GDPR case thrusts ‘legitimate interest’ into spotlight

2023-02-28T13:00:00+00:00By

Experian won a legal battle against the U.K. Information Commissioner’s Office after the data regulator ordered the credit reference agency to make “fundamental changes” over the way it handled personal data for direct marketing purposes or stop altogether.

Replika

Premium

GDPR push for privacy by design still ‘a long way off’

2023-02-16T21:00:00+00:00By

Italy’s data protection authority banned U.S.-based AI chatbot creator Replika from processing the personal data of Italian users because of risks the service posed to minors and vulnerable people—the latest example of a tech company’s product running afoul of the GDPR.

Business data

Premium

Experts: New AI laws pose risk of overlap with data protection mandates

2023-02-02T17:31:00+00:00By

Companies are at serious risk of facing multiple fines for the same offense under different sets of legislation if the artificial intelligence technologies they employ misuse personal data or cause harm to consumers, according to legal experts.

WhatsApp phone

News Brief

WhatsApp fined $5.9M for lawful processing GDPR violations

2023-01-19T18:21:00+00:00By

The Irish Data Protection Commission announced a fine of €5.5 million (U.S. $5.9 million) against WhatsApp under the General Data Protection Regulation for forcing users to consent to updated terms and conditions or lose access to the service.

Facebook Ireland

News Brief

Meta fined $414M for targeted advertising GDPR breaches

2023-01-04T18:46:00+00:00By

The Irish Data Protection Commission fined Meta Ireland a total of €390 million (U.S. $414 million) for breaching the General Data Protection Regulation by forcing users to agree their personal data can be used for targeted advertising to access Facebook and Instagram.

Brasseur_opinion

Opinion

Ten things I’d like to see happen in 2023 (2022 in review)

2023-01-03T14:00:00+00:00By

Expect big developments for the compliance profession in 2022 to continue to take center stage in the year ahead, including CCO certifications, climate-related disclosures, and more.

Twitter

Article

Irish DPC probing Twitter over breach affecting 5.4M users

2022-12-28T18:26:00+00:00By

The Irish Data Protection Commission is investigating whether Twitter violated the European Union’s General Data Protection Regulation regarding a data breach alleged to have affected 5.4 million users.

Lisbon

Article

Portugal statistics office fined record $4.6M for GDPR violations

2022-12-14T16:50:00+00:00By

The government office for national statistics in Portugal was assessed a fine of €4.3 million (U.S. $4.6 million) by the country’s data protection authority for multiple violations of the General Data Protection Regulation that occurred during its 2021 census work.

Clubhouse

Article

Clubhouse app operator fined $2M for GDPR violations

2022-12-06T19:54:00+00:00By

Alpha Exploration, operator of the social media app Clubhouse, received a penalty from the Italian data protection authority for the unlawful processing of EU citizens’ data in violation of the General Data Protection Regulation.

Meta building

Article

Meta fined $274M under GDPR for data scraping breach

2022-11-28T20:32:00+00:00By

Meta Platforms Ireland was fined €265 million (U.S. $274 million) for failing to put in place adequate measures to protect users’ data after a leak compromised the personal details of more than half a billion individuals.

Facebook Ireland

Article

Privacy advocate sues Meta over targeted ad GDPR violation claims

2022-11-22T18:09:00+00:00By

A privacy and human rights advocate sued Meta Platforms in the United Kingdom, claiming the social media giant is refusing her request to stop being targeted with advertising based on her use of Facebook.

Discord

Article

​Discord fined $830K for GDPR lapses

2022-11-18T17:05:00+00:00By

Discord, a popular communication service primarily utilized by the video game community, was assessed a fine of €800,000 (U.S. $829,000) by the French data protection authority for multiple violations of the General Data Protection Regulation related to safeguarding user data.

Cybersecurity

Article

ICO warns of ‘complacency’ in fining Interserve $5M under GDPR

2022-10-24T14:29:00+01:00By

The U.K. Information Commissioner warned companies not to ignore “crucial measures” to prevent cyber incidents following his office’s decision to fine construction firm Interserve £4.4 million (U.S. $5 million) for failing to secure employee personal information.

France privacy

Article

French DPA latest to fine Clearview AI over GDPR violations

2022-10-20T19:13:00+01:00By

France’s CNIL became the fourth European data protection authority this year to fine Clearview AI over its controversial facial image aggregation practices, matching a pair of its counterparts with a €20 million (U.S. $19.6 million) penalty.

exterro gdpr ebook thumbnail

Resource

e-Book: How the EU might move forward with GDPR

2022-10-20T03:05:00+01:00Provided by

Data privacy experts believe the mechanisms in place under the General Data Protection Regulation (GDPR) to ensure compliance, enforcement, and redress need revisiting—and quickly.

Employee monitoring

Article

ICO guidance stresses importance of reasoning in employee monitoring

2022-10-19T12:45:00+01:00By

The U.K. Information Commissioner’s Office issued draft guidance to help ensure employers’ monitoring of staff performance does not turn into surveillance or harassment.

White House

Article

U.S. includes surveillance concessions in new transatlantic data flow framework

2022-10-07T21:25:00+01:00By

President Joe Biden’s executive order on a data privacy framework aims to provide a workable, legally resilient solution for companies to continue moving and storing the personal data of EU-based citizens to American-based servers without running afoul of the GDPR.