The Norwegian data processing authority issues a USD7.2 million fine to Grinder LLC

Following an investigation carried out by the Norwegian Consumer Council, the Norwegian Data Processing Authority on 13 December 2021 issued a fine of NOK 65 million (approximately USD 7.2 million) to Grindr, a U.S. based social networking app for gay, bi, trans and queer people. The legal basis for the fine was that Grindr had disclosed personal data to advertising partners without a valid consent or other legal basis under the GDPR Article 6, and further that special categories of personal data had been disclosed without a valid exemption from the prohibition set out in Article 9.

Oostenrijkse toezichthouder: gebruik Google Analytics in strijd met AVG

Het gebruik van Google Analytics is in strijd met de AVG, zo heeft de Oostenrijkse privacytoezichthouder DSB geoordeeld. De uitspraak kan gevolgen voor zeer veel websites in de Europese Unie hebben. Volgens de DSB wordt erbij het gebruik van Google Analytics persoonlijke data naar Google in de Verenigde Staten verstuurd, waaronder user identifiers, ip-adressen en browserparameters. Dat is het oordeel over een klacht die noyb, de privacyorganisatie van de bekende activist Max Schrems, had ingediend.


French regulator tells Clearview AI to delete its facial recognition data

France’s foremost privacy regulator has ordered Clearview AI to delete all its data relating to French citizens, as first reported by TechCrunch. In its announcement, the French agency CNIL argued that Clearview had violated the GDPR in collecting the data and violated various other data access rights in its processing and storage. As a result, CNIL is calling on Clearview to purge the data from its systems or face escalating fines as laid out by European privacy law.


Facebook could be sued by consumer groups, EU court adviser says

Facebook could be sued by consumer groups for privacy violations, an adviser to Europe’s top court said on Thursday, in a German online gaming case that could pave the way for similar action across the EU.


SCCS and COCS and BCR – untangling the web and spotting the difference

Under GDPR, data export to third countries is only permitted if the conditions under Chapter 5 are met. The adequacy decision by the commission according to art. 45 GDPR is the Chapters silver bullet.

code and person

When AI met privacy

How to fulfil the data protection obligations when using artificial intelligence? One of the main issues of concern is the use of personal information by the algorithms. The European AI industry encourages self-regulation.


Additional six months period for implementation of the new law on personal data protection

Facing the fact that the complaince with the new Law on Personal Data Protection was not in line with the planned dynamics, the Ministry of justice announced that in the next six months the Agency for Personal Data Protection while supervising, will not issue fines for noncompliance.


Blockchain and the GDPR: clash of the titans

At the legal intersection between the emerging distributed ledger technolgies and data privacy a lot has been said and written in anticipation of the future application and the co-existence of the two giants. Regulators and technology experts hope and strive for harmony between the two.

Request for preliminary rulings on data controllers liability in case of in case of a data breach

The Bulgarian Supreme Administrative Court has referred several questions to the CJEU regarding preliminary rulings on the liability of the controllers in case of a data breach. The request is related to one specific administrative proceeding but affects all pending claims before the court against the Bulgarian National Revenue Agency


“AVG staat controleren van afbeeldingen zoals Apple van plan is niet toe”

De AVG staat het controleren van afbeeldingen zoals Apple in de Verenigde Staten van plan is niet toe. Dat zegt Peter Kager van adviesbureau ICTRecht tegenover BNR. Ook is het volgens Kager helemaal geen taak van Apple om afbeeldingen te scannen op kindermisbruik, aangezien dat een taak is van politie en andere opsporingsinstanties.


Oostenrijks hof vraagt EU-hof of Facebook met gebruikersdata GDPR ‘ondermijnt’

Het Oostenrijkse Hooggerechtshof heeft het Hof van Justitie van de Europese Unie gevraagd of Facebook juridisch gezien wel gebruikersdata mag verwerken. Dat las ik bij Tweakers. De vraag draait om het verschil tussen toestemming en een contract als grondslag om persoonsgegevens te mogen verwerken.

Amazon hit with record EU data privacy fine

Amazon.com Inc has been hit with a record $886.6 million (746 million euros) European Union fine for processing personal data in violation of the bloc’s GDPR rules, as privacy regulators take a more aggressive position on enforcement.


EU approves data flow to UK but adds sunset clause

Flows of personal data from the EU to the UK will continue, after the European Commission adopted two “data adequacy” decisions. The decisions include a sunset clause, meaning they run out after four years. They will be renewed only if the UK ensures an adequate level of data protection, the commission said.


EU gaat Verenigd Koninkrijk adequaat verklaren voor export persoonsgegevens

De EU-lidstaten hebben zich achter besluiten geschaard om het belemmeren van gegevensstromen na het vertrek van Groot-Brittannië uit de EU te voorkomen. Dat las ik bij Tweakers, en ik moest het ook twee keer lezen. De keuze roept wel vele vragen op, vooral omdat het VK bekend staat om haar massadataspionage die ze deelt met onder meer de Verenigde Staten.


Will co-regulation finally work?

Like the old Data Protection Directive, the GDPR allows the private sector to draft codes of conduct to help demonstrate compliance with the GDPR. They’ve never been too succesful, with only one such code being approved at the EU level in 25 years of European data protection law. Last week, two new ones joined the playing field, both focused on cloud computing.


The way to the right for employee sobriety checks – Polish perspective

There have been discussions about whether sobriety data are sensitive data or not. As for my opinion, I share the views expressed by the vast majority of experts that, in the current legislative status resulting from GDPR, the information on alcohol consumption does not fall within the scope of the “sensitive data” definition.


Ruim zeshonderd boetes opgelegd in eerste drie jaar van AVG

Het is vandaag precies drie jaar geleden dat de Algemene verordening gegevensbescherming (AVG) van kracht werd en in die periode hebben de Europese privacytoezichthouders ruim zeshonderd boetes opgelegd voor een totaalbedrag van meer dan 283 miljoen euro. De hoogste AVG-boete sinds 25 mei 2018 was voor Google.


Enforcement of the GDPR in Luxembourg: an issue at stake?

Max Schrems and his organisation NOYB (None Of Your Business) have recently begun a new battle, taking place in Luxembourg. Legal proceedings have been issued against two decisions of the Luxemburg Data Protection Authority (the “CNPD”). These decisions dismissed two complaints lodged against two different US-based data controllers, Apollo and RocketReach.


The challenges related to the transfer of personal data from the perspective of the new law on personal data protection

With digitalization and rapid development of Information and Communication Technologies, personal data emerged as a valuable asset for Companies, at the same time increasing the risk for data security and imposing the need for strict legal regulations for processing as well as transfer of personal data. The purpose of this Article is to provide an overview of the legal mechanisms by which personal data can be transferred from the Republic of North Macedonia.

microsoft office

Microsoft gaat aparte Europese cloud opzetten

Microsoft gaat investeren in een cloud voor Europese bedrijven en overheden. Daarbij worden alle gegevens opgeslagen op servers binnen de Europese grenzen. Alle gegevens van Europese klanten worden binnen de grenzen van het continent opgeslagen en gegevens die momenteel nog elders zijn, worden naar Europa verhuisd.


Personal data breach resulting from data subject’s mistakes have to be notified

The Polish Data Protection Authority has imposed on WARTA. S.A, a Polish insurance and reinsurance company, a new administrative sanction in the amount of c.a. EUR 20.000,00 for failure to notify a personal data breach that resulted from data subject’s mistake.

Scientific research using health data: is the GDPR in contradiction with fair principles?

Medical research is becoming increasingly reliant on the analysis of large amounts of biologically derived data. Greater scientific and societal value are achievable if these research data are processed in accordance with the FAIR – Findable, Accessible, Interoperable and Reusable – principles.


EDPB’S guideliness on the concepts of controller and processor in the GDPR

The European Data Protection Board issued the Guidelines 07/2020 on the concepts of controller and processor in the GDPR, version 1.0, adopted on 02 September 2020. We made a selection of a number of paragraphs which offer relevant insight for groups of companies.


GDPR fines: ramping up and DPAS setting standards

European Supervisory Authorities imposed more than €158m in fines under the GDPR during 2020; close to a 40% increase on the previous 20-month period. This brings the total amount of fines to more than €272m in the period from May 2018 to end 2020.

Deze site maakt gebruik van functionele cookies. Als u ook toegang wilt tot ingesloten inhoud waarbij mogelijk trackers gehanteerd worden van deze aanbieders, klikt u op accepteren. Lees onze privacyverklaring

Deze site is standaard ingesteld op 'cookies toestaan", om je de beste mogelijke blader ervaring te geven. Als je deze site blijft gebruiken zonder je cookie instellingen te wijzigen, of als je klikt op "Accepteren" hieronder, dan geef je toestemming voor het gebruik van Cookies.