Selfie scraping Clearview AI €20 Million fine in Greece

The Hellenic data protection authority has fined the controversial facial recognition firm Clearview AI with €20 million and banned it from collecting and processing the personal data of people living in Greece. Also already collected data should be deleted. The business model of Clearview AI is scraping selfies off the internet to build an algorithmic … Read more

Study analyses GDPR fines in the light of data flows

While GDPR related fines to big companies like Amazon or Google have seen widespread media attention, data protection authorities have issued several hundred more penalties since 2018. This study analyzes 856 fines and their summaries provided by the CMS Law GDPR Enforcement Tracker. The exploratation fines in the light of data flows with a detailed … Read more

European consumer groups take action against Google surveillance

Google is using deceptive design, unclear language and misleading choices when consumers sign up to a Google account to encourage more extensive and invasive data processing. Instead of giving them privacy by design and by default as required by the General Data Protection Regulation (GDPR)Contrary to its claims, the tech giant is thwarting consumers who … Read more

Italy bans Google Analytics due to data transfer to USA

A website using Google Analytics (GA) without the safeguards set out in the EU GDPR violates data protection law because it transfers users’ data to the USA, which is a country without an adequate level of data protection. The set of data collected in this connection included the user device IP address along with information … Read more

CNIL: Use of Google Analytics illegal?

Google Analytics’ use is not legal without a new deal that would replace the disgraced EU-US data processing agreement, French data watchdog CNIL recently clarified on its website, which also dashed hopes that the tool could be reconfigured to allow data transfers to the US. EURACTIV France reports. The use of Google’s web analytics tool does … Read more

Google sued over its use of confidential medical records belonging to 1.6 million individuals in the UK

Google’s artificial intelligence DeepMind received the data in 2015 from the Royal Free NHS Trust for the purpose of testing a smartphone app called Streams. The smartphone app was tested to detect acute kidney injuries. The claim alleges that Google and DeepMind “obtained and used a substantial number of confidential medical records without patients’ knowledge … Read more

Proposed guidelines on GDPR fines by European DPAs

Organizations often ask how much chance they have on data protection fines and how much financial reserve they should make for that. Unit 27 June EDPB guidelines on calculating GDPR fines are released for public consultation. Interesting is to have a look at the example for mitigating and aggravating factors that could influence the height … Read more

What are the fining policies of EU Data Protection Authoritities?

Below an overview of the only comprehensive fining methodologies that were published so far by EU DPAs (specifically, by the Dutch, Danish, and Latvian DPAs), as well as the relevant draft Statutory guidance issued by the UK DPA (ICO) in 2020. Therefore, this analysis will also show how the approach of the ICO in this … Read more