Italian DPA fines Enel Energia $30.1M under GDPR over telemarketing practices
Italian energy supplier Enel Energia has been fined €26.5 million (U.S. $30.1 million) under the General Data Protection Regulation for aggressive telemarketing.
Report: GDPR fines surpass $1B in 2021; breach notifications also rise
Nearly €1.1 billion (U.S. $1.2 billion) worth of fines have been issued against organizations in the past year for violations of the General Data Protection Regulation, according to the latest annual report by law firm DLA Piper.
Difficult path ahead for new ICO head John Edwards
The United Kingdom’s newly appointed information commissioner, John Edwards, might find it hard to steer a successful path between ensuring citizens’ data rights are preserved while also trying to make U.K. laws more palatable for data-driven business.
France’s CNIL fines Google, Facebook $237M combined over cookies consent
French data privacy watchdog CNIL again sidestepped the GDPR in fining Google and Facebook a combined €210 million (U.S. $237 million) for making it too difficult for users to refuse cookies when accessing their websites.
Dissatisfaction with GDPR pushing EU countries toward local laws
So far, Europe’s wide-reaching data privacy rules have seemingly failed to curb Big Tech firms’ use and abuse of citizens’ personal data. As a result, some EU data regulators are pursuing their own investigations—often through other legislation.
Grindr fined $7.2M for GDPR consent violations
The Norwegian Data Protection Authority announced a fine of NOK 65 million (U.S. $7.2 million) against gay dating app Grindr for sharing personal data with third parties without users’ consent.
Ten things I’d like to see happen in 2022 (2021 in review)
ESG and cryptocurrency figure to be key topics in 2022, but we’re also keeping an eye on President Biden’s anti-corruption efforts, details on Amazon’s record GDPR fine, the status of Facebook’s first CCO, and more.
Dutch DPA fines government tax authority $3.1M under GDPR
The Dutch Data Protection Authority announced a fine of €2.75 million (U.S. $3.1 million) against the government’s Tax and Customs Administration for data processing violations of the EU’s General Data Protection Regulation.
Clearview AI facing $22.6M fine over U.K. privacy violations
The U.K. Information Commissioner’s Office has warned Clearview AI it could face a £17 million (U.S. $22.6 million) fine over its use of people’s data to power its facial recognition software.
CWE panel: GDPR ‘the start of a culture of data protection’
Belgian Data Protection Authority head David Stevens and Member of European Parliament Axel Voss discussed ways the General Data Protection Regulation could be improved for the future during a keynote at CW’s virtual Europe event.
U.K. Supreme Court decision on Google deals blow to class actions
Legal experts weigh in on the U.K. Supreme Court’s rejection of a claim that sought billions of pounds in damages from Google over alleged illegal tracking of millions of iPhones and what it means for future collective actions.
IAB Europe expecting to be found in violation of GDPR
The European arm of the Interactive Advertising Bureau released a statement acknowledging it expects to be found in violation of the EU’s General Data Protection Regulation regarding its Transparency and Consent Framework.
IAPP report: Privacy spend rising, with further growth expected
Corporate spending on managing privacy risks has risen significantly since last year, with 6 of 10 privacy professionals believing budgets will continue to increase over the coming year, according to the latest IAPP survey.
Global Privacy Assembly takeaways: ‘Time to get real’ on cross-border cooperation
Privacy regulators believe there must be a push toward greater international cooperation and enforcement if failure to ensure data protection is to be taken as seriously as other corporate offenses.
Sky Italia latest fined under GDPR over telemarketing practices
Sky Italia was ordered to pay nearly €3.3 million (U.S. $3.8 million) by Italy’s data protection authority Garante for allegedly misusing customer data to make unwanted promotional phone calls.
GDPR enforcement roundup: Austrian Post facing new record fine
The Austrian Post is once again appealing what would be a record GDPR fine in the country after successfully defending itself in the first instance. Other recent decisions under the law provide further enforcement trends.
‘Soft-hearted’ Irish DPC proposes $42M GDPR fine against Facebook
The Irish Data Protection Commission has set out plans to fine Facebook between €28 million and €36 million (U.S. $32 million and $42 million) for violations of the General Data Protection Regulation.
WhatsApp GDPR fine fallout: EDPB actions shift enforcement landscape
Experts weigh in on the Irish Data Protection Commission’s €225 million (U.S. $267 million) GDPR fine against WhatsApp, which saw the European Data Protection Board rule to increase the fine total and compliance obligations.
Ireland shakes up GDPR enforcement with $267M fine against WhatsApp
Ireland’s Data Protection Commission announced a record-breaking €225 million (U.S. $267 million) fine against WhatsApp that is equally significant for the compliance lessons it imparts and inconsistency of the GDPR it exposes.
U.K. signals divergence from GDPR with new data transfer approach
The United Kingdom announced plans to strike independent data adequacy decisions with key countries—including the United States—as part of its post-Brexit economic strategy.
ICO’s first GDPR fine reduced on appeal
The U.K. Information Commissioner’s Office’s fine against pharmacy Doorstep Dispensaree for violations of the General Data Protection Regulation has been slashed approximately two-thirds on appeal to £92,000 (U.S. $126,000).
Hamburg DPA warns Zoom incompatible with GDPR
The Hamburg data protection authority has warned local government departments to stop using Zoom because it believes the videoconferencing app is not compliant with the General Data Protection Regulation.
GDPR fines worth appealing? Factors to consider
Experts weigh in on the results of a report from the European Data Protection Board showing which countries have seen the most GDPR fines annulled or modified following court appeal.
CPE Webcast: Data privacy isn’t a compliance checkbox but a competitive advantage
In the post-GDPR era, data privacy has taken center stage yet again due to digital transformation across the globe. Governments everywhere are enforcing more robust data protection guidelines to address new digital interactions between enterprises and consumers.
Resource demand to enforce GDPR weighing heavy on EU authorities
A new report from the European Data Protection Board has found an overwhelming majority of data protection authorities believe they are under-resourced to deal with the demands of the General Data Protection Regulation.
Employee monitoring proving hot target for GDPR enforcement
Recent fines in Italy against two food delivery companies for violating the privacy of their drivers should act as a warning that employee surveillance can prove to be a major breach of the General Data Protection Regulation.
Italian DPA fines Deliveroo $3M for worker privacy violations
Italy’s data protection authority Garante fined U.K.-based food delivery company Deliveroo €2.5 million (U.S. $3 million) under the GDPR for violating the privacy rights of its Italian drivers.
Amazon discloses record-shattering $887M GDPR fine
Amazon disclosed it has received notice of a €746 million (U.S. $887 million) GDPR fine in Luxembourg for unlawful processing of personal data. The company intends to appeal the penalty, which would be more than 15 times the current record under the law.
TikTok fined $883K under GDPR for children’s privacy violations
The Dutch Data Protection Authority imposed a €750,000 (U.S. $883,000) fine on TikTok for violating the privacy of young children following a wide-scale investigation launched last year.
Italian DPA cites biased tech in $3.1M GDPR fine
Italy’s data protection authority fined food delivery company Foodinho €2.6 million (U.S. $3.1 million) because the app at the core of its business model allegedly discriminated against employees.
British Airways settles 2018 data breach class action
British Airways has settled one of the U.K.’s largest group actions after thousands of people sought compensation following a 2018 data breach that resulted in the airline being fined under the GDPR.
New tech, legal precedent forcing GDPR to evolve
Companies’ priorities regarding compliance with the GDPR are likely to become more focused because of a mixture of recent legal decisions and efforts by the European Commission to keep privacy rules in sync with changes in technology.
New rules for SCCs: What you need to know
The latest set of standard contractual clauses for companies transferring data between the European Union and third countries, such as the United States, is meant to align more closely with the GDPR and root out government snooping.
CJEU ruling opens Facebook, others to greater GDPR liability
The EU’s top court ruled any of the bloc’s national data protection authorities can pursue a privacy complaint against Facebook or any other Big Tech firm and not just the supervisory authority where the company has its European headquarters.
Reported Amazon fine ($425M) ‘biggest test’ of GDPR enforcement yet
Amazon reportedly faces a fine of more than $425 million under the GDPR that would show EU regulators firmly have Big Tech companies—and their practices—in their crosshairs.
EU probes of Microsoft, Amazon reignite calls for new Privacy Shield
European investigations into whether Amazon and Microsoft’s cloud-based services infringe EU privacy rules have once again shone a spotlight on how—and when—the United States and the European Union intend to come up with a new Privacy Shield.
Report: GDPR fines more than doubled in Year 3
Data protection authorities issued 287 known GDPR fines between March 2020 and March 2021—a 120 percent increase in frequency, according to a new report from CMS.
GDPR’s future: Fine amounts, transparency among top points of contention
Experts believe the GDPR is largely “future-proof,” though fine decisions that vary considerably from one EU country to the next and lack of transparency remain areas of concern for the privacy law three years in.
Three years of GDPR: Many milestones, but calls for change increase
Despite its achievements, the General Data Protection Regulation’s flaws have become evident. Some are already questioning whether the regulation—and the way it is regulated—are fit for purpose and whether the law needs to be changed.
Survey: Data access further complicated by emerging privacy laws
A recent survey of 100 executives from Fortune 500 companies found more than half are struggling to balance easy access to company data with privacy and security compliance under laws like the GDPR and CCPA.
GDPR one-stop shop ‘unsustainable,’ says key regulators
Irish Data Protection Commissioner Helen Dixon and European Data Protection Supervisor Wojciech Wiewiórowski are among those who believe the one-stop shop provision of the GDPR needs to be reformed for the long term.
Fines key attention to data privacy from boards, says ICO head
The threat of fines has done more to focus boardroom attention on data privacy and effective cyber-security than any other measure, U.K. Information Commissioner Elizabeth Denham believes.
Facebook facing 10th GDPR probe over data leak
The Irish Data Protection Commission has launched an inquiry into Facebook over concerns the social media giant may not have properly disclosed the full extent of its recent data leak.
Facebook’s new leak: Assessing its liability under the GDPR
Old personal data of more than 533 million Facebook users was recently made publicly available on a hacker forum. Could the social media giant face a new investigation under the GDPR in response?
Irish DPC seeking answers on Facebook breach
The Irish Data Protection Commission has reached out to Facebook seeking to determine whether the social media giant’s weekend data breach should receive scrutiny under the General Data Protection Regulation.
Italian DPA fines Fastweb $5.3M under GDPR for aggressive telemarketing
The Italian Data Protection Authority announced a fine of €4.5 million (U.S. $5.3 million) against telecommunications company Fastweb for misusing customer data for telemarketing purposes.
Booking.com fined $557K under GDPR for reporting data breach late
Online reservation Website Booking.com has been fined €475,000 (U.S. $557,000) by the Dutch Data Protection Authority for reporting a data breach 22 days later than the 72 hours required under the GDPR.
Local laws proving to be roadblocks for GDPR harmonization
Recent cases in Germany, France, and Austria underscore the difficulty of getting EU members on the same page regarding GDPR enforcement—particularly when other local laws take priority.
Popular Clubhouse app being probed for GDPR violations
France’s data privacy watchdog adds to a growing list of regulators that have launched investigations into Alpha Exploration, the publisher of the Clubhouse application, regarding measures it has taken (or not taken) to comply with the GDPR.
Vodafone Spain fined record $9.72M for data protection failures
Vodafone Spain has been fined €8.15 million (U.S. $9.72 million) for aggressive telemarketing tactics and other data protection failures under the GDPR. The penalty is the highest the Spanish Data Protection Agency has handed out.