On October 1, 2020, the UK Information Commissioner’s Office launched a public consultation on its draft Statutory Guidance, which provides an overview of the ICO’s powers and how it intends to regulate and enforce data protection legislation in the UK, including its approach to calculating fines.
Continue Reading ICO Launches Consultation on Its Draft Statutory Guidance
Enforcement
Hamburg DPA Imposes €35.3 Million Fine on H&M
Posted on
On October 1, 2020, the Hamburg Data Protection Authority fined H&M € 35.3 million for unlawful employee monitoring practices in the company’s service center concerning several hundred employees.…
Continue Reading Hamburg DPA Imposes €35.3 Million Fine on H&M
OCR Settles Five More Investigations Under HIPAA Right of Access Initiative
Posted on
On September 15, 2020, the U.S. Department of Health and Human Services’ Office for Civil Rights announced five more settlements under its HIPAA Right of Access Initiative.…
Continue Reading OCR Settles Five More Investigations Under HIPAA Right of Access Initiative
UK Court of Appeal Finds Automated Facial Recognition Technology Unlawful in Bridges v South Wales Police
Posted on
Posted in Enforcement, International
On August 11, 2020, the Court of Appeal of England and Wales overturned the High Court’s dismissal of a challenge to South Wales Police’s use of Automated Facial Recognition technology, finding that its use was unlawful and violated human rights.…
Continue Reading UK Court of Appeal Finds Automated Facial Recognition Technology Unlawful in Bridges v South Wales Police
CNIL Adopts Its First Sanction as Lead Supervisory Authority, Fining French Online Shoe Retailer
Posted on
On August 5, 2020, the French Data Protection Authority announced that it has levied a fine of €250,000 on a French online shoe retailer for various infringements of the GDPR. This is the first penalty under the GDPR enforced by the CNIL as the lead supervisory authority in cooperation with other EU supervisory authorities.…
Continue Reading CNIL Adopts Its First Sanction as Lead Supervisory Authority, Fining French Online Shoe Retailer
EU Council Imposes First-Ever Sanctions against Cyber Attacks
Posted on
On July 30, 2020, the Council of the European Union imposed for the first time restrictive measures against six individuals and three entities responsible for or involved in various cyber attacks. …
Continue Reading EU Council Imposes First-Ever Sanctions against Cyber Attacks
FTC Privacy Shield Settlement Requires Company to Obtain Annual Outside Compliance Review
Posted on
Posted in Enforcement, U.S. Federal Law
On June 30, 2020, the Federal Trade Commission announced it had entered into a consent agreement with NTT Global Data Centers Americas, Inc., a successor in interest to RagingWire Data Centers, Inc., to settle allegations in a November 2019 Administrative Complaint. …
Continue Reading FTC Privacy Shield Settlement Requires Company to Obtain Annual Outside Compliance Review
Dutch DPA Fines Dutch Credit Registration Bureau 830,000 Euros for Non-Compliance with Data Subject Rights
Posted on
Posted in Enforcement, International
On July 6, 2020, the Dutch Data Protection Authority imposed a 830,000 euro fine on the Dutch Credit Registration Bureau for non-compliance with Articles 12 (2) and 12 (5) of the EU General Data Protection Regulation between May 2018 and March 2019. …
Continue Reading Dutch DPA Fines Dutch Credit Registration Bureau 830,000 Euros for Non-Compliance with Data Subject Rights
Belgian DPA Issues its Largest Fine to Date for Non-Compliance with the Right to Be Forgotten
Posted on
On July 14, 2020, the Litigation Chamber of the Belgian Data Protection Authority (the “Belgian DPA”) imposed a €600,000 fine on Google Belgium SA (“Google”) for non-compliance with the right to be forgotten.
…
Continue Reading Belgian DPA Issues its Largest Fine to Date for Non-Compliance with the Right to Be Forgotten
Italian Garante Fines Telecoms Provider 17 Million Euros for Direct Marketing Infringements
Posted on
On July 13, 2020, the Italian Data Protection Authority (Garante per la protezione dei dati personali, “Garante”) announced that it levied a €16,729,600 fine on telecoms provider Wind Tre S.p.A. (“Wind Tre”) for several unlawful data processing activities, mostly related to direct marketing.
…
Continue Reading Italian Garante Fines Telecoms Provider 17 Million Euros for Direct Marketing Infringements