- The Dutch data protection authority, Autoriteit Persoonsgegevens, fined tax authorities 3.7 million euros for violating the EU General Data Protection Regulation. The fine, the highest the DPA has ever imposed, was based on six violations including no legal basis for personal data processing and maintaining information for too long.
- France's data protection authority, the Commission nationale de l'informatique et des libertés, amended the Data Protection Act to better handle complaints and order sanctions.
- The CNIL also issued formal notice to three companies for transmitting potential customers’ personal data between partners without consent in violation of the GDPR. The CNIL gave the companies three months to comply or face penalties of up to 4% of their turnover.
- The European Data Protection Supervisor issued a rebuke to the European Border and Coast Guard Agency for violating the Data Protection Regulation (EU) 2018/1725 when it failed to complete a data protection assessment before moving to the cloud and failed to show it limited cloud server's "collection of personal data to what is necessary.”
- The European Data Protection Board expressed concerns about proposed legislative developments that would affect the Belgian Data Protection Authority. Specifically, the EDPB is concerned that a draft law would “strengthen parliamentary oversight” over the DPA.
- The U.K. Information Commissioner’s Office announced it closed a criminal investigation after finding “insufficient evidence” to prosecute two individuals suspected of unlawfully obtaining and leaking CCTV images from the Department for Health and Social Care.
If you want to comment on this post, you need to login.