Following the massive number of draft complaints (over 500) to companies implementing allegedly unlawful cookie banners issued in May 2021 by the non-profit organization NOYB, the EDPB decided to set up a task force composed of delegations of the EU Supervisory Authorities (SAs) to coordinate the response to complaints filed with several European SAs by […]
Francesca Romana Di Costanzo
About Francesca Romana Di Costanzo
Posts by Francesca Romana Di Costanzo:
The priorities set by the Belgian Data Protection Authority for the 2023 Agenda
At the end of last year, in the context of setting the 2023 budget, the Belgian Data Protection Authority (Autorité de protection des données/ Gegevensbeschermingsautoriteit or APD) has highlighted the main topics that will be the focus of this year’s agenda, depending on the capacity of the authority, as the APD mentioned in its press […]
Over €500.000 fine for a German e-Commerce company having appointed a DPO with a conflict of interest
The fine has been issued by the Berlin Supervisory Authority (Berliner Beauftragte für Datenschutz und Informationsfreiheit – BlnBDI) on the 20th of September to an e-Commerce company following to the identification of a conflict of interest among the roles of the appointed Data Protection Officer (DPO), as mentioned in the authority’s press release. The DPO […]
Spanish Supreme Court: Data subjects can submit their complaint directly to a supervisory authority
According to a decision of the Spanish Supreme Court (Tribunal Supremo) of July 2022, filing a request to exercise the data subject rights with the data controller is not a prerequisite for filing a complaint to the relevant Supervisory Authority for an alleged breach of the GDPR. The decision was issued after a complaint of […]
Encryption measures validated by the Belgian Council of State as an additional measure to the transfer of personal data outside of the EEA
The Flemish Authorities initially considered the specific encryption tools as a valid supplementary measure in addition to the European Standard contractual clauses (SCCs). The measure was applied by a European branch of a US company using AWS cloud. The decision was confirmed by the Belgian Council of State upon a formal complaint of a third […]
Delay in reporting a data breach caused a fine of over €400,000 to Booking.com.
The Dutch Data Protection Authority has recently issued a fine of €475,000 to the online touristic operator Booking.com for having notified a data breach to the DPA with a sensible delay. The data breach The staff of about 40 Hotels located in the United Arab Emirates were cheated by a telephone scam and convinced to […]
Massive Datenpanne personenbezogener Daten bei Scraping-Firma SocialArk
Über 300 Millionen Social-Media-Datensätze, die von verschiedenen Plattformen wie Facebook, Instagram und LinkedIn stammen, wurden kürzlich durch eine massive Datenpanne aus der Cloud von SocialArks offengelegt. Hiervon waren mehr als 400 GB öffentliche und private Account-Daten von etwa 214 Millionen Social-Media-Nutzern weltweit betroffen. Nach dem Vorfall wurden die Daten über das Internet verbreitet, darunter auch […]
Massive leak of personal data at scraping company SocialArk
Over 300 million social account records, originating from several platforms including Facebook, Instagram and LinkedIn, were recently exposed through a massive data leak from the cloud of SocialArks. More than 400GB of public and private account data of about 214 million social media users across the world have been affected by this massive data leak. […]
Italian Antitrust ( AGCM) fines Facebook for 10 Million Euros.
At the end of last year, the Italian Authority for the competition in the marked has closed the investigations running since April 2018 against Facebook Ireland and its parent company Facebook Inc. for alleged violations of the consumers code by issuing a fine to the company of 10 Million Euros. According to the Italian Authority, […]
The UK DPA imposes a fine to an online leading mother and baby club
At the beginning of August 2018, the UK Information Commissioner (ICO) issued a fine of £ 140.000 To “Lifecycle Marketing (Mother and Baby) ” Ltd or “LCMB”, also known as “Emma´s Diary” for the illegal collection and sale of personal data of more that 1 million people to a marketing company hired by a political […]
Italy integrates GDPR in national privacy legislation
The Italian Council of Ministers has on 8th August 2018 approved a decree which integrates GDPR into Italian Privacy law. The Decree will have to be published to the Italian Official Gazette to come into force. The GDPR will overwrite part of the Italian Privacy Code (decreto legislativo n. 196/2003), it reformulates the duties and […]
New fine to Facebook from the Spanish Data protection Authority
The Spanish Data Protection Authority (AEPD) has condemned Facebook Inc. to the payment of a sanction of 1,200,000 Euros for the existence of two serious and one very serious infringements of Data Protection Law. According to the Agency, Facebook treats personal data for advertising purposes without express consent of the data subjects and does not […]
The Data Protection Officer in Europe
The EU Regulation 2016/679 on the protection of personal data (GDPR) repealing Directive 95/46/EC focusses, among the others, on a particular topic that will be governed by new specific and more consistent rules: the Data Protection Officer (DPO). This figure is already well known to European companies and institutions, but the GDPR finally clarifies and […]
Fines to Facebook and WhatsApp for breach of privacy and antitrust law
€ 150 Million fine to Facebook by French Data Protection Authority Last week, the French Data Protection Authority (DPA) has condemned Facebook Inc. and Facebook Ireland to the payment of a € 150 million fine. The sanction is part of a joint investigation carried out by the data protection authorities of France, German Land of […]