Iceland’s data protection authority, Persónuvernd, fined the city of Reykjavík 5 million kronor over data processing under the Seesaw student system. The DPA said it considered that violations “concerned the personal data of children who enjoy special protection under the Data Protection Act and that it was considered likely that their sensitive personal data was entered as teacher feedback and information on students’ private affairs.” The DPA also noted insufficient authorization for the data processing and a “high risk” of data being transferred to the U.S.
11 July 2022
Iceland's DPA fines city for processing of children’s data
Related stories
10 tips to prepare for the EU Cyber Resilience Act
A view from Brussels: State of the (European) Union
US senator aims to advance US AI leadership with sandbox, federal regulatory exemptions
Notes from the Asia-Pacific region: India's AI ecosystem, digital competition and more
Ninth Circuit takes cautious approach to privacy and data security standing
