FTC Fines Google $170 Million USD for having violated the privacy of children on YouTube

The American Federal Trade Commission and the New York Attorney General reached a settlement with Google (YouTube) for having violated the American Federal Children's Online Privacy Protection Act (COPPA). YouTube was accused of illegally harvesting the data of children, tracking their browsing behaviour in order to offer them targeted advertising,, all without the consent ...

The importance of Data Protection in research

The Swedish Data Protection Authority recently launched an investigation into Umeå University's handling of sensitive personal data, specifically data obtained from the Danish Police Authority for research purposes. The Swedish Police Authority to the Data Inspectorate has alleged that the university sent the sensitive data in its possession via unencrypted email. Data protection in ...

Social plug-ins and joint controllership

The European Court of Justice in Case C-210/16, also known as the Fashion ID case, concerns the joint controllership relationship between Facebook and website operators that embed the Facebook “Like” button on their site.  Fashion ID GmbH & Co. KG, an online fashion retailer had the Like button on its website.  In order to better understand the ...

Your data for cash: Garante privacy refers the Weople app question to the EDPB

By No tags Permalink 1

On 1 August 2019 the Italian Data Protection Authority requested input from the European Data Protection Board with respect to the commercialisation/monetisation of personal data and its relationship with the right to data portability, with the objective of establishing a common position at the European Union level. The Italian DPA's Press Release can be ...

Don’t use consent for the processing of employee data! Greek DPA issues first fine under GDPR

The Hellenic DPA in Decision no 26/2019 decided that for personal data to be processed in compliance with the GDPR, all the principles outlined in Article 5(1) GDPR should be met. The Decision came to light after the DPA received complaints concerning the processing of PriceWaterhouseCoopers employee data where employees were required to provide their ...

Spain and Greece referred to CJEU for not transposing EU data protection rules into national law

The European Commission has referred Greece and Spain to the Court of Justice of the EU for failing to transpose the Data Protection Law Enforcement Directive, Directive (EU) 2016/680into their national law, which should have occurred by 6 May 2018.  The purpose of the Directive is to ensure a high level of data protection and facilitate the exchanges of personal data ...

EU Commission and Parliament take stock on Data Protection in the EU

Today, 25 July 2019, the European Commission and the European Parliament published a Communication outlining the state of data protection in the EU. The document touches on consistent implementation of the GDPR, how the new governance system is working, and the impact that it has had, also in a global level, in terms of citizens ...

ePrivacy Regulation updates

On 12 July 2019 the consolidated text of the forthcoming ePrivacy Regulation was made available. The document was published in light of the 17 July WP TELE (which will focus on articles 12-16 and related recitals) and covers the entire text of the proposed regulation. Of particular relevance, the definition of direct marketing communications ...