Clubhouse app operator fined $2M for GDPR violations
Alpha Exploration, operator of the social media app Clubhouse, received a penalty from the Italian data protection authority for the unlawful processing of EU citizens’ data in violation of the General Data Protection Regulation.
Meta fined $274M under GDPR for data scraping breach
Meta Platforms Ireland was fined €265 million (U.S. $274 million) for failing to put in place adequate measures to protect users’ data after a leak compromised the personal details of more than half a billion individuals.
Privacy advocate sues Meta over targeted ad GDPR violation claims
A privacy and human rights advocate sued Meta Platforms in the United Kingdom, claiming the social media giant is refusing her request to stop being targeted with advertising based on her use of Facebook.
Discord fined $830K for GDPR lapses
Discord, a popular communication service primarily utilized by the video game community, was assessed a fine of €800,000 (U.S. $829,000) by the French data protection authority for multiple violations of the General Data Protection Regulation related to safeguarding user data.
ICO warns of ‘complacency’ in fining Interserve $5M under GDPR
The U.K. Information Commissioner warned companies not to ignore “crucial measures” to prevent cyber incidents following his office’s decision to fine construction firm Interserve £4.4 million (U.S. $5 million) for failing to secure employee personal information.
French DPA latest to fine Clearview AI over GDPR violations
France’s CNIL became the fourth European data protection authority this year to fine Clearview AI over its controversial facial image aggregation practices, matching a pair of its counterparts with a €20 million (U.S. $19.6 million) penalty.
e-Book: How the EU might move forward with GDPR
Data privacy experts believe the mechanisms in place under the General Data Protection Regulation (GDPR) to ensure compliance, enforcement, and redress need revisiting—and quickly.
ICO guidance stresses importance of reasoning in employee monitoring
The U.K. Information Commissioner’s Office issued draft guidance to help ensure employers’ monitoring of staff performance does not turn into surveillance or harassment.
U.S. includes surveillance concessions in new transatlantic data flow framework
President Joe Biden’s executive order on a data privacy framework aims to provide a workable, legally resilient solution for companies to continue moving and storing the personal data of EU-based citizens to American-based servers without running afoul of the GDPR.
Easylife fined $1.5M under GDPR for profiling customers
The Information Commissioner’s Office fined catalog retailer Easylife £1.35 million (U.S. $1.5 million) for marketing health-related products to individuals without their consent in violation of the U.K. General Data Protection Regulation.
TikTok facing $29M fine over U.K. children’s privacy violations
The Information Commissioner’s Office warned social media platform TikTok it could be fined £27 million (U.S. $29 million) for failing to protect children’s data in line with the U.K.’s version of the General Data Protection Regulation.
Ireland interpretations of GDPR criticized again in Instagram case
In fining Instagram a record €405 million (U.S. $405 million) for General Data Protection Regulation violations regarding the safeguarding of teenage users’ data, the Irish Data Protection Commission took some heat of its own.
Experts: Europe’s AI Act to push companies to confront technology’s use
The Artificial Intelligence Act, along with upcoming EU rules addressing digital markets and services, should have companies considering their use of AI and other emerging technologies to determine how the laws might impact their business.
Instagram facing record $401M fine over children’s privacy violations
Instagram is set to be fined €405 million (U.S. $401 million) by Ireland’s data protection regulator for failing to adequately secure teenage users’ data in line with the General Data Protection Regulation.
Accor fined $600K under GDPR after EDPB intervention
French hotel chain Accor had its initial fine for cross-border data privacy violations increased sixfold after one data regulator involved in the decision-making process complained an original penalty of €100,000 (U.S. $99,900) was too low.
One year later, Amazon GDPR fine details remain clouded
It’s been one year since online retailer Amazon announced it was on the receiving end of a record €746 million (U.S. $758 million) fine under the General Data Protection Regulation, but details about the decision—as well as the actual complaint—remain sketchy.
Volkswagen fined $1.1M under GDPR for unauthorized data collection
Volkswagen has agreed to pay €1.1 million (U.S. $1.1 million) to resolve allegations of violating the General Data Protection Regulation when a camera on one of its test vehicles recorded nearby drivers without their knowledge.
EDPB adopts criteria for GDPR cross-border cooperation cases
The European Data Protection Board adopted a set of criteria to assess whether a cross-border matter might qualify as a case of “strategic importance” for closer cooperation—and how to proceed if it does.
Clearview AI fined third time for GDPR violations
The Hellenic Data Protection Authority in Greece fined controversial facial image aggregator Clearview AI a record €20 million (U.S. $19.9 million) for unlawfully processing the biometric data of Greek citizens.
EDPS: U.K. GDPR reforms could create friction with EU
The United Kingdom’s keenness to agree to its own data adequacy decisions with countries like the United States could become a contentious issue with the European Union, according to European Data Protection Supervisor Wojciech Wiewiórowski.
Facebook fate in EU thrusts transatlantic data flows back in spotlight
Reports of a potential shutdown of Meta services Facebook and Instagram in the European Union that could take place as soon as this summer underscore what’s at stake as the region works with the United States to finalize a new agreement on how to handle transatlantic data flows.
U.K. data reform plan seeks to reduce ‘unnecessary burdens’ of GDPR
The U.K. government announced plans to reform the country’s data privacy laws to simplify procedures for businesses and reduce red tape, but the proposals might clash with certain elements of the EU’s General Data Protection Regulation.
Experts: How to move forward with the GDPR
Data privacy experts speaking at an industry event believe the mechanisms in place under the General Data Protection Regulation to ensure compliance, enforcement, and redress need revisiting—and quickly.
European Commission assessing GDPR improvements, not overhaul
Three key members of the European Commission believe the General Data Protection Regulation should be enhanced by targeting aspects of data privacy through other laws rather than revamping the GDPR itself.
GDPR blame game: Who’s at fault for spotty enforcement record?
Regulators and privacy experts speaking at the European Data Protection Supervisor’s conference homed in on the flaws of the General Data Protection Regulation and what improvements need to be made to ensure more consistent enforcement of the law.
Google fine in Spain prompts revisit of GDPR effect on tech
Google’s latest fine for violations of the General Data Protection Regulation reignites the discussion around why Big Tech firms have not been more frequently penalized under the EU’s stringent privacy law.
GDPR enforcement roundup: Spain stays on Vodafone, record fine in Poland
Vodafone running up its fine total in Spain and a record-setting action against a marketing firm in Poland highlight a roundup of notable enforcements announced under the General Data Protection Regulation during the first five months of 2022.
Four years of GDPR: New tech testing data privacy law’s longevity?
It has been four years since the European Union’s flagship data privacy legislation came into force, but concerns are already being raised about whether the General Data Protection Regulation is being outpaced by technological developments and their use of data.
ICO fines Clearview AI $9.4M over alleged data privacy lapses
The U.K. Information Commissioner’s Office fined Clearview AI more than £7.5 million (U.S. $9.4 million) for collecting people’s images from internet and social media sites without their knowledge or consent.
Spanish DPA fines Google $10.6M for GDPR violations
Spain’s data protection authority has issued a record fine of €10 million (U.S. $10.6 million) against Google for two “serious infractions” of the EU’s General Data Protection Regulation regarding its sharing information with U.S. legal database Lumen.
Bank of Ireland fined $504K for credit rating data breaches
Bank of Ireland was fined €463,000 (U.S. $504,000) after an investigation by the Irish Data Protection Commission found customer data was accidentally altered in a way that could have damaged credit ratings and prevented getting loans.
Danske Bank fined $1.5M for data processing failures under GDPR
The Danish Data Protection Agency has reported Danske Bank to the police and fined it 10 million Danish kroner (U.S. $1.47 million) over its failure to erase customers’ personal data in its systems in violation of the General Data Protection Regulation.
Experts optimistic, though wary, toward Privacy Shield successor
Legal and data privacy experts have expressed cautious optimism regarding the announcement that the United States and European Union have reached an agreement in principle to resume transatlantic data flows.
Third time’s the charm? Agreement in principle reached on U.S.-EU data flows
The United States and European Union have reached an agreement in principle on how to handle transatlantic data flows, a thorny issue that has resulted in two prior frameworks being scrapped by the EU’s top court.
New ICO head strives for reassurance in first speech
John Edwards, head of the U.K. Information Commissioner’s Office, said he wants to bring greater certainty for companies regarding their data compliance needs, especially if the government’s drive to reduce regulatory burdens results in the EU withdrawing its data adequacy decision.
Momentum building toward Privacy Shield replacement?
Recent comments by EU and U.S. lawmakers and insights from privacy experts suggest a new mechanism to replace the defunct Privacy Shield and ensure safe transatlantic data transfers might soon be introduced.
How EU regulators are warning of Russian data protection threats
Regulators in Norway, Germany, Lithuania, Estonia, Denmark, and Sweden address how companies can prepare for increased data protection and cybersecurity risks in the wake of Russia’s invasion of Ukraine.
Meta fined $18.6M under GDPR for 2018 data breaches
The Irish Data Protection Commission fined Meta’s Irish subsidiary 17 million euros (U.S. $18.6 million) for a series of personal data breaches that took place nearly four years ago.
Clearview AI fined $22M in Italy over unlawful data collection
Facial image aggregator Clearview AI was fined €20 million (U.S. $22 million) for unlawfully processing the biometric and geolocation data of Italian citizens in violation of privacy laws including the General Data Protection Regulation.
Amazon transport arm GDPR fine imparts lesson on criminal record checks
Amazon Road Transport was fined €2 million (U.S. $2.2 million) for trying to carry out criminal record checks on freelance truck drivers it wanted to hire without Spanish law to back up the practice.
IAB Europe fighting back against ‘grossly unfair’ GDPR fine
Townsend Feehan, chief executive of the European arm of the Interactive Advertising Bureau, discusses the ramifications of her organization’s €250,000 (then-U.S. $286,000) fine under the General Data Protection Regulation in Belgium.
Telenor caught in GDPR conundrum over Myanmar subsidiary sale
A complaint filed with the Norwegian Data Protection Authority alleges Telenor’s progressing sale of its Myanmar-based subsidiary violates the EU’s General Data Protection Regulation by potentially exposing its customers in the region to military surveillance.
Lawsuit by BitMEX co-founder could test GDPR’s reach over SARs
Ben Delo, co-founder of cryptocurrency exchange BitMEX, filed a complaint against Wise Payments after the company allegedly refused his requests under the General Data Protection Regulation to provide him with personal information it submitted via suspicious activity reports.
Strategies for complying with multiple data privacy regimes
Complying with multiple data privacy regimes is not simple, but it is increasingly becoming expected. A panel at CW’s virtual Cyber Risk & Data Privacy Summit offered their advice regarding the current global privacy landscape.
Why high-growth companies should prioritize data privacy
A group of experts at CW’s virtual Cyber Risk & Data Privacy Summit explained how complying with data privacy regulations from Day 1 can provide high-growth companies with certain competitive advantages.
Transparency key to navigating modern employee monitoring risk landscape
The opening session of Compliance Week’s virtual Cyber Risk & Data Privacy Summit addressed the challenges of using technology to monitor employees while considering regulatory and ethical risks.
How Accor manages global data privacy compliance
Marie-Christine Vittet, vice president of compliance at hospitality chain Accor, shares with Compliance Week the company’s journey toward a global data privacy compliance program.
Cosmote, parent company OTE fined $10.6M under GDPR
The Hellenic Data Protection Authority fined mobile phone operator Cosmote and its parent company OTE a total of €9.25 million (U.S. $10.6 million) for a data breach caused by a September 2020 cyberattack and for illegally processing customer data.
Meta threatens to pull Facebook, Instagram in Europe over GDPR data transfer dispute
Meta Platforms is threatening to pull down Facebook and Instagram in the European Union over concerns it cannot meet data-sharing rules set in the region’s General Data Protection Regulation.
IAB Europe fined $286K under GDPR for data processing violations
The European arm of the Interactive Advertising Bureau was fined €250,000 (U.S. $286,000) by the Belgian Data Protection Authority for data privacy violations regarding its Transparency and Consent Framework.