- The European Data Protection Supervisor sanctioned the European Parliament for violating regulations on data transfers and cookie consent. The EDPS found fault with a COVID-19 testing website launched by Parliament in September 2020 which attracted complaints over third party trackers and cookie consent banners that did not meet consent standards.
- Europol said an order by the European Data Protection Supervisor that it delete data of individuals not linked to a criminal activity jeopardizes investigations, Politico reports. EU Home Affairs Commissioner Ylva Johansson said the potential risk of the decision, which imposes a six-month data retention period and orders Europol to delete data on individuals with no established criminal link, “is huge,” while Europol said it impacts its “ability to analyse complex and large datasets at the request of EU law enforcement.”
- The Danish Data Protection Agency, Datatilsynet, fined Elektro & Automasjon Systemer AS NOK 200,000 for conducting a credit assessment without a processing basis as required under the Privacy Ordinance.
- The Datatilsynet also fined the Østre Toten municipality DKK 4 million following a January 2021 data breach that exposed approximately 30,000 documents containing sensitive data about residents and employees. The DPA also ordered the municipality to implement a system for information and personal data security.
If you want to comment on this post, you need to login.