Spanish football club Atlético Osasuna introduced a facial recognition system for stadium access, sparking a GDPR complaint. The case highlights the challenges of biometric data processing, questioning its legality under the GDPR. The issue goes beyond simple convenience, raising concerns about proportionality, necessity, and fundamental privacy rights. Similar concerns arise when businesses upgrade traditional CCTV […]
fine
LinkedIn hit with Fine of 310 Million Euros
LinkedIn Ireland has been fined 310 million euros by the Irish Data Protection Commission (DPC) for breaching several key provisions of the GDPR. The DPC issued this fine following a two-year investigation, which began in 2021. In particular, the investigation focused on LinkedIn’s processing of personal data for the purposes of behavioural analytics and targeted […]
GDPR Breach due to Health Data Leak results in 80,000 euro fine for Private Clinic
A private clinic specializing in assisted reproductive technology (ART), experienced a significant data breach due to a cyberattack. The breach compromised the personal data of approximately 400 individuals, including patients and employees. The affected data included identity, contact information, financial details, and sensitive health and genetic information. Even though the breach was detected on 21 […]
WhatsApp switches its legal basis to „Legitimate Interest“ due to severe sanctions
It is by far not the first time that Meta and its platforms had to face scrutiny in terms of their privacy policy. This time around, the Irish Data Protection Commission (DPC) sanctioned WhatsApp with a fine of 5.5 million Euros due to the lack of a legitimate legal basis for processing personal data in […]
Insurance company receives significant fine from Swedish SA
Another significant fine for the lack of adequate security measures on personal data was recently issued by a European Supervisory Authority (SA) to a controller responsible for private customers´ data. In the present case, the Swedish Supervisory Authority (IMY) imposed a fine of SEK 35 million (approx. EUR 2.9 million) to the insurance company Trygg-Hansa, […]
Clearview AI fined again, this time in France
The French Data Protection Authority, Commission Nationale de L’Informatique et des Libertés (CNIL), has issued a fine of €20 million against Clearview AI (hereafter Clearview), a company that now claims to have more than 30 billion images used for facial recognition. Clearview collects photos from all sorts of directly accessible websites, social media platforms and […]
Over €500.000 fine for a German e-Commerce company having appointed a DPO with a conflict of interest
The fine has been issued by the Berlin Supervisory Authority (Berliner Beauftragte für Datenschutz und Informationsfreiheit – BlnBDI) on the 20th of September to an e-Commerce company following to the identification of a conflict of interest among the roles of the appointed Data Protection Officer (DPO), as mentioned in the authority’s press release. The DPO […]
Amazon Road Transport Spain Fined 2 Million EUR by Spanish Regulator for Requesting Certificates of Good Conduct from Drivers
The Spanish data protection supervisory authority, Agencia Española de Protección de Datos (AEPD), has issued a fined of 2 million EUR against Amazon Road Transport Spain, S. L., a logistics company that manages deliveries for US-based online-merchant Amazon (see here). Backgound, or: How to Become a Delivery Driver Amazon Road Transport works with formally self-employed […]
Italian Data Protection Authority Fines Bologna Airport in Connection with Whistleblowing Application
In an injunction of July 10, 2021, published the following month, the Italian data protection authority (Garante per la protezione dei dati personali) has fined the Airport of Bologna € 40,000 for not having implemented adequate technical and organizational measures for a whistleblowing application. Further, the authority held that for that application, a data protection […]
Common trend in the health-industry?
Fine of 440.000 EUR imposed by Autoriteitspersoonsgegevens on Dutch Hospital. Back in the lovely Spring of 2019, the Autoriteitspersoongegevens (‘AP’) started investigations against the Onze Lieve Vrouwen Gasthuis (‘OLVG’). The OLVG is an educational hospital that has two locations in Amsterdam and holds more than 550.000 patients on an annual basis. After the AP got […]
Hellenic DPA Fines PWC for Unlawful Processing of Employee Data
The Hellenic Data Protection Authority has fined PriceWaterhouseCoopers Business Solutions SA 150,000.00 € for unlawful processing of employee data, after the Authority had conducted an ex officio investigation in response to a complaint. The Authority also ordered a series of corrective measures and gave PWC three months’ time for their implementation. Reportedly, the company had […]