Enforcement

Subscribe to Enforcement

On August 11, 2020, the Court of Appeal of England and Wales overturned the High Court’s dismissal of a challenge to South Wales Police’s use of Automated Facial Recognition technology, finding that its use was unlawful and violated human rights.
Continue Reading UK Court of Appeal Finds Automated Facial Recognition Technology Unlawful in Bridges v South Wales Police

On August 5, 2020, the French Data Protection Authority announced that it has levied a fine of €250,000 on a French online shoe retailer for various infringements of the GDPR. This is the first penalty under the GDPR enforced by the CNIL as the lead supervisory authority in cooperation with other EU supervisory authorities.
Continue Reading CNIL Adopts Its First Sanction as Lead Supervisory Authority, Fining French Online Shoe Retailer

On June 30, 2020, the Federal Trade Commission announced it had entered into a consent agreement with NTT Global Data Centers Americas, Inc., a successor in interest to RagingWire Data Centers, Inc., to settle allegations in a November 2019 Administrative Complaint.
Continue Reading FTC Privacy Shield Settlement Requires Company to Obtain Annual Outside Compliance Review

On July 6, 2020, the Dutch Data Protection Authority imposed a 830,000 euro fine on the Dutch Credit Registration Bureau for non-compliance with Articles 12 (2) and 12 (5) of the EU General Data Protection Regulation between May 2018 and March 2019.
Continue Reading Dutch DPA Fines Dutch Credit Registration Bureau 830,000 Euros for Non-Compliance with Data Subject Rights

On July 14, 2020, the Litigation Chamber of the Belgian Data Protection Authority (the “Belgian DPA”) imposed a €600,000 fine on Google Belgium SA (“Google”) for non-compliance with the right to be forgotten.

Continue Reading Belgian DPA Issues its Largest Fine to Date for Non-Compliance with the Right to Be Forgotten

On July 13, 2020, the Italian Data Protection Authority (Garante per la protezione dei dati personali, “Garante”) announced that it levied a €16,729,600 fine on telecoms provider Wind Tre S.p.A. (“Wind Tre”) for several unlawful data processing activities, mostly related to direct marketing.

Continue Reading Italian Garante Fines Telecoms Provider 17 Million Euros for Direct Marketing Infringements

On June 16, 2020, the Litigation Chamber of the Belgian Data Protection Authority imposed a fine on a company for unlawful and incorrect processing of personal data and non-compliance with the EU General Data Protection Regulation’s data subject rights provisions.
Continue Reading Belgian DPA Fines Company for Unlawful Processing and Non-Compliance with Data Subject Rights

On June 24, 2020, the Washington State Attorney General announced that it had settled an enforcement action against the owners of a social media platform for alleged violations of the Children’s Online Privacy Protection Act and the Washington State Consumer Protection Act.
Continue Reading Social Media Platform Fined 100,000 USD by Washington State AG for COPPA Violations