On November 5, 2019, the Berlin Commissioner for Data Protection and Freedom of Information announced that it imposed a fine of €14.5 million on a major real estate company, which is the highest fine issued in Germany since the EU General Data Protection Regulation became applicable.
Continue Reading
Penalty
Facebook Reaches Settlement with ICO over £500,000 Data Protection Fine
Posted on
Facebook reached a settlement with the UK Information Commissioner’s Office, agreeing to pay a fine of 500,000 GBP in relation to the processing and sharing of its users’ personal data with Cambridge Analytica.…
Continue Reading
German Data Protection Authorities Examine Proposal for GDPR Fining Model
Posted on
Posted in European Union, International
On September 17, 2019, the German Conference of Data Protection Authorities examined a proposal for calculating administrative fines under the GDPR.…
Continue Reading
Belgian DPA Announces Fine for Disproportionate Use of Customers’ eID Card
Posted on
On September 17, 2019, the Belgian Data Protection Authority (the “Belgian DPA”) imposed a fine of EUR 10,000 on a shop for the disproportionate use of customers’ electronic identity cards (the “eIDs ”) – a national identification card.
…
Continue Reading
CJEU Rules “Right to be Forgotten” on Google Limited to the EU in Landmark Case
Posted on
On September 24, 2019, the Court of Justice of the European Union released its judgments in cases C-507/17, Google v. CNIL and C-136/17, G.C. and Others v. CNIL regarding (1) the territorial scope of the right to be forgotten, and (2) the conditions in which individuals may exercise the right to be forgotten in relation to links to web pages containing sensitive data.…
Continue Reading
Cayman Islands Data Protection Law Goes into Force This Month
Posted on
Posted in International
The Cayman Islands Data Protection Law, 2017, which was published in June 2017, will go into force on September 30, 2019. The DPL includes requirements for the protection of personal data and is centered upon eight data protection principles.…
Continue Reading
UPDATE: FTC Announces Record-Breaking Facebook Settlement Order
Posted on
Facebook will pay a $5 billion penalty to the FTC to resolve a privacy probe into whether Facebook violated a prior FTC consent decree requiring the company to better protect user privacy.…
Continue Reading
Dutch DPA Announces Fine on Hospital for Lack of Appropriate Security Measures
Posted on
On July 16, 2019, the Dutch Data Protection Authority announced that it had imposed a fine of €460,000 on a Dutch hospital for insufficient security measures under Article 32 of the GDPR.…
Continue Reading
ICO Publishes First Annual Report Since GDPR’s Implementation
Posted on
The UK Information Commissioner’s Office released its first Annual Report published since the GDPR took effect. This blog entry provides a summary of the Annual Report. …
Continue Reading
Washington AG Settles with Premera on Behalf of Multistate Coalition
Posted on
On July 11, 2019, Washington Attorney General Bob Ferguson announced that his office had entered into a consent decree and $10 million settlement with Premera Blue Cross (“Premera”) that stems from a 2014-2015 breach that affected more than 11 million individuals. The settlement, which includes a payment of roughly $5.4 million to Washington state and $4.6 million to a coalition of 29 other state Attorneys General (the “Multistate AGs”), is one of the largest ever for a breach involving protected health information (“PHI”) and comes just one month after another notable HIPAA settlement involving a similar coalition of state AGs.
…
Continue Reading