Privacy Updates
GDPR: One year on
24 May 2019The GDPR has been in force for almost a year and it has been reported that the Information Commissioner’s Office anticipates that a large fine in the United Kingdom is just a few weeks away. The European Data Protection Board (EDPB) has reported that the various European supervisory authorities have received 144,000 queries and complaints, […]
Read moreData Protection – A year’s worth of challenges and threats
19 March 2019Leigh Callaway and Gerald Brent examine the major issues which have been cropping up continually over the past year.
Read moreMutual EU-Japan adequacy decision now in force
23 January 2019The EU and Japan have today announced a new personal data adequacy agreement between the two parties. This agreement will allow personal data to flow freely between the two parties on the basis that there are strong protective guarantees in place. Before the agreement was put in place, Japan agreed to put additional safeguards in […]
Read moreGoogle fined €50M in France for GDPR breach
21 January 2019Reports are circulating that the French data protection authority, the CNIL, has issued a fine of €50M on Google for failure to comply with the GDPR. The issue relates to the consents obtained from Google account holders in relation to the personalisation of advertising that was served to the user. The CNIL referenced the fact […]
Read moreAmazon mistakenly sends smart-device recordings to strangers
9 January 2019A recent story from Germany highlights the precautions companies must take when complying with data subject requests under the GDPR. When complying with a right of access, Amazon accidentally disclosed the personal data of another Amazon user. Although no enforcement action has been taken by a GDPR authority in this case (yet), Amazon have opened […]
Read moreBrexiting the GDPR: New draft UK data protection regulations introduced
8 January 2019The government has recently published draft legislation to deal with the UK’s post-Brexit GDPR regime, namely “The Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019”. The new legislation proposes to introduce an amended version of the GDPR (creatively titled “the UK GDPR”), the Privacy and Electronic Communications Regulations 2003 (PECR), and […]
Read moreFirst German GDPR penalty
21 December 2018The European Data Protection Board is today reporting that the supervisory authority for Baden-Würrtemburg has imposed the first GDPR fine in Germany. A social network company was fined €20,000 for a data breach in July 2018 involving a hack which exposed the email addresses and unencrypted passwords of 330,000 users. The fine was reduced in […]
Read moreUPDATE: Facebook €10M fine in Italy
14 December 2018On 29 November 2018 the Italian Competition Authority (ICA) handed Facebook a fine of EUR 10m for misleading consumers and breaching Italian consumer and data protection laws. Interestingly the scope of the investigation was initially aimed at unfair commercial practices adopted by Facebook, but in handing down the fine the ICA noted numerous breaches of […]
Read moreE-receipt ads may break data laws
12 December 2018It has been reported that several major retailers in the UK may be in breach of the GDPR when they sent promotional materials within their e-receipts. The GDPR is clear that data subjects must consent to direct marketing and must not receive any direct marketing if they object. The consumer group, Which?, carried out an […]
Read moreFacebook €10M fine in Italy
12 December 2018Not a GDPR fine, but, according to press reports, Facebook has been fined €10M by the Italian consumer protection authority arising out of its use of subscriber’s data. The reports say that FB breached the Italian Consumer Code by misleading users about the commercial use of their data and not making it clear to users […]
Read more