Enforcement
The Data Protection Commission is broken. Here is how to fix it
The EU General Data Protection Regulation (GDPR) came into effect in May 2018. It made Ireland’s Data Protection Commission (DPC) the lead EU supervisory authority for all companies that have their European headquarters here. This quirk of the law made Ireland a central jurisdiction in the global digital economy. It…
Read More »Clearview AI fined third time for GDPR violations
The European Union’s assault on controversial facial image aggregator Clearview AI continued Wednesday, with the Hellenic Data Protection Authority (HDPA) in Greece the latest to penalize the company for violations of the General Data Protection Regulation (GDPR). The HDPA fined the company 20 million euros (U.S. $19.9 million)—a record in…
Read More »Bell Canada fined $7.5M
Telecom Decision CRTC 2022-160 PDF version Reference: 2021-132 Ottawa, 15 June 2022 Public record: 1011-NOC2021-0132 Imposition of an administrative monetary penalty on Bell Canada in relation to the processing and granting of access permit applications for support structures in accordance with its National Services Tariff The Commission imposes an administrative monetary penalty…
Read More »Twitter to pay $150 million penalty for allegedly breaking its privacy promises – again
It’s FTC 101. Companies can’t tell consumers they will use their personal information for one purpose and then use it for another. But according to the FTC, that’s the kind of digital bait-and-switch Twitter pulled on unsuspecting consumers. Twitter asked users for personal information for the express purpose of securing their…
Read More »30 Biggest GDPR Fines So Far (2020, 2021, 2022)
The EU General Data Protection Regulation (GDPR) is among the world’s toughest data protection laws. Under the GDPR, the EU’s data protection authorities can impose fines of up to up to €20 million (roughly $20,372,000), or 4% of worldwide turnover for the preceding financial year – whichever is higher. Since the…
Read More »Record GDPR fine by the Hungarian Data Protection Authority for the unlawful use of artificial intelligence
The Hungarian Data Protection Authority (Nemzeti Adatvédelmi és Információszabadság Hatóság, NAIH) has recently published its annual report in which it presented a case where the Authority imposed the highest fine to date of ca. EUR 670,000 (HUF 250 million). The case involved the personal data processing of a bank (acting…
Read More »Collect personal data unlawfully and FTC orders to destroy the algorithm
The FTC orders WW International and Kurbo to destroy the algorithms built with unlawfully collected data. WW International and Kurbo placed into the market a weight loss app addressed to children (as young as 8 years old) and collected personal data without the consent of the holder of parental responsibility.…
Read More »Web vendor CafePress fined $500,000 for giving cybersecurity a low value
CafePress is a web service that lets artists, shops, businesses, fan clubs – anyone who signs up, in fact – turn designs, corporate slogans, logos and the like into fun merchandise they can give away or sell on to others. The days when you had to put in an order for several…
Read More »“Privacy Shield 2.0”? – First Reaction by Max Schrems
Today Commission President Ursula von der Leyen and President Biden have announced an “agreement in principle” on a new EU-US data sharing system. Some facts upfront: There is only a political announcement, not a text that can be analyzed. As far as noyb is informed, such a text does not exist yet…
Read More »Facebook fined $18.6M over string of 2018 breaches of EU’s GDPR
Facebook’s parent company, Meta, has been fined €17 million (~$18.6 million) by the Irish Data Protection Commission (DPC) over a string of historical data breaches. The security lapses in question, which appear to have affected up to 30 million Facebook users, date back several years — and had been disclosed…
Read More »