Enforcement

South Korea’s information watchdog on Wednesday fined Facebook Inc. 6.7 billion won (US$6 million) for passing information of at least 3.3 million South Koreans to other companies in its first crackdown on the U.S. tech giant. The Personal Information Protection Commission (PIPC) said Facebook violated the country’s personal information law by providing personal information of at…

In an unprecedented move, the Privacy Campaigners at the Open Rights Group (ORG) have today announced that they are taking the UK’s privacy regulator, the Information Commissioner’s Office (ICO) to court over the regulator’s failure to stop unlawful practices by the Digital Advertising Technology (AdTech) industry. A complaint was made…

The ICO has fined Marriott International Inc £18.4million for failing to keep millions of customers’ personal data secure. Marriott estimates that 339 million guest records worldwide were affected following a cyber-attack in 2014 on Starwood Hotels and Resorts Worldwide Inc. The attack, from an unknown source, remained undetected until September 2018,…

On October 27, 2020, the UK Information Commissioner’s Office (“ICO”) published its enforcement notice against credit reference agency Experian Limited (“Experian”) under Section 149 of the Data Protection Act 2018 (“DPA”) (the “notice”). The notice requires Experian to make fundamental changes to its offline direct marketing practices, and was issued after the ICO undertook…

Germany’s Hamburg Data Protection Authority (“HmbBfDI”) have imposed a €35.2 million ($41.4 million) fine on H&M, the world’s second-largest clothing retailer, for General Data Protection Regulation (“GDPR”) violations; the largest privacy fine ever issued by a German regulator. This fine is significant for a number of reasons, not least of which is that European regulators…

A recent analysis from Exonar, a data indexing company based in the UK, shows that 19% of all General Data Protection Regulation (“GDPR”) fines have been levied due to unlawful us of personally identifiable information and failure to timely or adequately comply with data subject access requests (“DSARs”). What Is A Data…

A flagship framework for gathering Internet users’ consent for targeting with behavioral ads — which is designed by ad industry body, the IAB Europe — fails to meet the required legal standards of data protection, according to findings by its EU data supervisor. The Belgian DPA’s investigation follows complaints against…

A dossier of evidence detailing how the online ad targeting industry profiles Internet users’ intimate characteristics without their knowledge or consent has been published today by the Irish Council for Civil Liberties (ICCL), piling more pressure on the country’s data watchdog to take enforcement action over what complainants contend is the “biggest data breach…

The Wall Street Journal reported Sept. 9 that Ireland’s Data Protection Commissioner issued a preliminary order that Facebook must stop transferring user data to the U.S. The order, which was reported based on anonymous sources “according to people familiar with the matter,” follows the Court of Justice of the European Union’s ruling…

A yearlong analysis of Facebook – Ad Library has revealed “significant systemic flaws” in the way the platform monitors and enforces its political ad rules, according to researchers at New York University. The issues were uncovered as part of the NYU team’s audit of the Ad Library between May 2018 and June…