Enforcement

A recent analysis from Exonar, a data indexing company based in the UK, shows that 19% of all General Data Protection Regulation (“GDPR”) fines have been levied due to unlawful us of personally identifiable information and failure to timely or adequately comply with data subject access requests (“DSARs”). What Is A Data…

A flagship framework for gathering Internet users’ consent for targeting with behavioral ads — which is designed by ad industry body, the IAB Europe — fails to meet the required legal standards of data protection, according to findings by its EU data supervisor. The Belgian DPA’s investigation follows complaints against…

A dossier of evidence detailing how the online ad targeting industry profiles Internet users’ intimate characteristics without their knowledge or consent has been published today by the Irish Council for Civil Liberties (ICCL), piling more pressure on the country’s data watchdog to take enforcement action over what complainants contend is the “biggest data breach…

The Wall Street Journal reported Sept. 9 that Ireland’s Data Protection Commissioner issued a preliminary order that Facebook must stop transferring user data to the U.S. The order, which was reported based on anonymous sources “according to people familiar with the matter,” follows the Court of Justice of the European Union’s ruling…

A yearlong analysis of Facebook – Ad Library has revealed “significant systemic flaws” in the way the platform monitors and enforces its political ad rules, according to researchers at New York University. The issues were uncovered as part of the NYU team’s audit of the Ad Library between May 2018 and June…

The UK’s data regulator hasn’t done enough to stop the government from disregarding fundamental privacy rights during the pandemic, a cross-party group of 20 opposition MPs has said. The claims come in a letter (PDF) sent to Elizabeth Denham, the head of the Information Commissioner’s Office (ICO), with the MPs…

I.         The Striking Difference Between Schrems I and Schrems II It would be misleading to view last week’s Schrems II[1] decision as only having an effect similar to that of the Schrems I[2] decision in 2015. While Schrems I invalidated the EU-US Safe Harbor treaty for cross-Atlantic data transfer, organisations still…

On 16 July, the European Court of Justice (CJEU) struck down the controversial Privacy Shield arrangement for transferring data from the EU to the US. Cue widespread alarm as businesses reliant on such transfers scrambled to work out what other solutions were available. Fortunately the CJEU also clarified that Standard…

Twitter said on Monday that it could be fined between $150 million and $250 million for using customer phone numbers and email addresses for targeted advertising.   In an SEC filing, Twitter said the Federal Trade Commission sent it a complaint on July 28 regarding its use of data “provided for…

The EDPB (European Data Protection Board) produced a Frequently Asked Question document on July 23, 2020, after the CJEU ruling regarding Schrems II. Questions include: 3) Is there any grace period during which I can keep on transferring data to the U.S. without assessing my legal basis for the transfer?…