Loading

Tag: Privacy

Tag: Privacy
Page 4

CJEU ruling on special categories of personal data

A recent CJEU ruling on special categories of personal data may have far reaching implications for online platforms.    On 1 Aug., the Court of Justice of the European Union issued a preliminary ruling on a few legal interpretations referred to them by a Regional Administrative Court in Lithuania. This ruling relates to the processing

Fine imposed on Volkswagen by German Data Protection Commissioner for multiple GDPR violations

A recent fine imposed on Volkswagen by a German Data Protection Commissioner, for multiple GDPR violations amounted to €1.1 million.   The State Commissioner for Data Protection in the German state of Lower Saxony (LfD Lower Saxony) has imposed a fine of €1.1 million on Volkswagen Aktiengesellschaft in accordance with GDPR Article 83. The fine

Facebook cookie injunction has been dropped

CNIL has recently lifted an injunction placed on Facebook last December, regarding the company’s use of cookies.     Last December, CNIL ordered Facebook Ireland Limited to allow the use of facebook.com by users in France, in a manner that allows these users to refuse having cookies deposited on their device, just as easily as they

Inadequate security measures lead to a fine from the Danish DPA

The Danish Data Protection Authority has fined a law firm after a data breach, due to their inadequate security measures.    A law firm in Denmark has been fined over €67,000 for failing to implement basic security measures when establishing remote access to the company’s IT systems. These systems facilitated access to personal data of

Fine of €20 million from the Greek DPA

Clearview AI has recently been hit with a fine of €20 million for violating the principles of lawfulness and transparency.    A civil non-profit organisation, “Homo Digitalis” lodged a complaint against Clearview AI Inc., a facial recognition company which developed its database by scraping individuals’ images from across the web. This was lodged on behalf

Data subjects’ consent is required for personalised ads – Italian SA warns TikTok

The Italian supervisory authority issues a formal warning after TikTok makes changes to its privacy policy and fails to get data subjects’ consent.    TikTok has recently made changes to its privacy policy stating that users aged above 18 would receive ‘personalised’ ads. From July 13th, users over 18 would receive ads based on profiling

CNIL imposes €1 million fine for several infractions related to data subject’s rights and transparency obligations

€1 million fine imposed by CNIL on an energy company for several GDPR violations related to data subject’s rights and transparency obligations.    After receiving several complaints regarding the difficulties encountered by users in having their requests for access to their data and opposition to receiving calls for the purposes of direct marketing fulfilled by

Legal basis is required for audio surveillance, according to the Polish SA

The Polish SA says a legal basis is required for audio surveillance and has fined the Warsaw Centre for Intoxicated Persons for a lack thereof.   The Polish Supervisory Authority was recently informed that between 2016 and 2021, the Warsaw Centre for Intoxicated Persons recorded sound through its surveillance system, without a legal basis to

AI regulatory sandbox: pilot program launched

The Government of Spain and the European Commission recently launched a pilot program for the AI regulatory sandbox.    Last month, the government of Spain and the European Commission presented a pilot of the first regulatory sandbox on Artificial Intelligence. This sandbox aims to bring together the  competent authorities and the companies that develop AI

GDPR-CARPA certification mechanism adopted by CNPD

Luxembourg adopted the GDPR-CARPA verification mechanism  becoming the first country to introduce a certification mechanism under the GDPR.   The National Data Protection Commission of Luxembourg (CNPD) adopted its GDPR-CARPA (Certified Assurance-Report based Processing Activities) certification mechanism last month. This will be known as the first certification mechanism under the GDPR to be adopted on