Enforcement
Record GDPR fine by the Hungarian Data Protection Authority for the unlawful use of artificial intelligence
The Hungarian Data Protection Authority (Nemzeti Adatvédelmi és Információszabadság Hatóság, NAIH) has recently published its annual report in which it presented a case where the Authority imposed the highest fine to date of ca. EUR 670,000 (HUF 250 million). The case involved the personal data processing of a bank (acting…
Read More »Collect personal data unlawfully and FTC orders to destroy the algorithm
The FTC orders WW International and Kurbo to destroy the algorithms built with unlawfully collected data. WW International and Kurbo placed into the market a weight loss app addressed to children (as young as 8 years old) and collected personal data without the consent of the holder of parental responsibility.…
Read More »Web vendor CafePress fined $500,000 for giving cybersecurity a low value
CafePress is a web service that lets artists, shops, businesses, fan clubs – anyone who signs up, in fact – turn designs, corporate slogans, logos and the like into fun merchandise they can give away or sell on to others. The days when you had to put in an order for several…
Read More »“Privacy Shield 2.0”? – First Reaction by Max Schrems
Today Commission President Ursula von der Leyen and President Biden have announced an “agreement in principle” on a new EU-US data sharing system. Some facts upfront: There is only a political announcement, not a text that can be analyzed. As far as noyb is informed, such a text does not exist yet…
Read More »Facebook fined $18.6M over string of 2018 breaches of EU’s GDPR
Facebook’s parent company, Meta, has been fined €17 million (~$18.6 million) by the Irish Data Protection Commission (DPC) over a string of historical data breaches. The security lapses in question, which appear to have affected up to 30 million Facebook users, date back several years — and had been disclosed…
Read More »Privacy Class Action Against Facebook Not Certified on Appeal
In Simpson v. Facebook, Inc., the Ontario Divisional Court upheld the dismissal of the plaintiff’s certification motion against Facebook in a proposed class action alleging that the personal data of Canadian Facebook users was improperly shared with the Cambridge Analytica Group (“Cambridge Analytica”). The Divisional Court concluded that the action was…
Read More »Privacy, Please
The B.C. Supreme Court recently certified a class action proceeding against Hyp3R Inc. (“Hyp3R”),[1] a U.S.-based marketing firm that collected Canadian Instagram users’ personal information in breach of the platform’s policies. The Court also ordered Hyp3R to pay more than $24 million in damages. Background Instagram permits users to share…
Read More »Belgian DPA fines IAB Europe 250K euros over consent framework GDPR violations
The Belgian Data Protection Authority fined IAB Europe 250,000 euros Wednesday, ruling its Transparency and Consent Framework, used by much of the advertising industry in the European Union, does not comply with several EU General Data Protection Regulation provisions. Through data processing under the TCF, which “facilitates the management of…
Read More »The Biggest GDPR Fines of 2021
1. Amazon – €746 million Amazon was handed a mammoth €746 million EU GDPR fine by Luxembourg’s National Commission for Data Protection in July 2021 and it dwarfs all previous breaches. The online retail behemoth has its EU base in Luxembourg and it has come under scrutiny in recent years…
Read More »France’s data privacy watchdog fines Google €150-million for cookie breaches
France’s data privacy watchdog CNIL said on Thursday it had fined Alphabet’s Google a record €150-million ($169-million) for making it difficult for internet users to refuse online trackers known as cookies. Meta Platforms’ Facebook was also fined €60-million for the same reason, the CNIL said. Internet users’ prior consent for the use…
Read More »
Schrems II Judgment Day
The Court of Justice of the European Union (“CJEU“) issued its judgment today in …
