Vodafone Spain almost 4 million Euros GDPR fine for loss of confidentiality related to mobile phone sim card duplicate and a lack of accountability

“Various claims are filed as a result of the issuance of duplicate SIM cards to third parties other than subscribers. As a result of the above, the holders of the telephone line are not only left without service, but the third parties access their bank accounts.” “Spanish DPA carries out research actions to analyze the … Read more

Guidelines on Dark Patterns

The Guidelines offer practical recommendations to designers and users of social media platforms on how to assess and avoid so called “dark patterns” in social media interfaces that infringe on GDPR requirements. In the context of these Guidelines, “dark patterns” are considered as interfaces and user experiences implemented on social media platforms that lead users … Read more

Internal, external or shared DPO?

The CNIL – French DPA-published its guide for DPOs. This Guide https://lnkd.in/eMXdDeRh analyzes, among other issues why and how to appoint a DPO, what means should be provided to fulfill its mission and the pros and cons of the internal, external and shared DPO roles are compared: 1) If you choose to appoint a member of the … Read more

French DPA 120K Fine for no data retention periods

The French DPA fined a French company for not having a retention period, keeping personal data since 2007. In fact they were using an out of date hashtag, not actually deleting data after data subject request. The CNIL fined the company 120.000 € for not taking all necessary measures to be compliant.

40% of EU companies stop to move non-personal data beyond its borders

An economic study commissioned by Computer and Communications Industry (CCIA Europe) finds that the envisaged international transfer requirements could lead to as many as 40% of the polled EU companies to stop moving non-personal, commercially sensitive data to jurisdictions beyond its borders, implying a GDP loss of 79 billion euros per year. This finding contrasts, however, … Read more

Not fulfilling a data subject access request 30K Euros fine

Hellenic DPA fines Company for failure to comply with a data subject’s access request for a video recording, resulting in a € 30’000 GDPR Fine. Based on the complaint of a data subject, the Greek Data Protection Authority imposed the fine because the company had not properly complied with the complainant’s request for information. The … Read more

Transparency and Consent Framework (TCF) of IAB Europe, non-compliant with GDPR

Belgian DPA decision emphasizes on a lack of an appropriate legal basis for processing and transfer to ad tech partners, insufficient information to users, general non-compliance with regard to data protection by design and accountability. Concretely this means:– Ban on use of legitimate interest– Obligation to assess parties that connect to the ad network for … Read more