Iceland’s data protection authority, Persónuvernd, fined the city of Reykjavík 5 million kronor over data processing under the Seesaw student system. The DPA said it considered that violations “concerned the personal data of children who enjoy special protection under the Data Protection Act and that it was considered likely that their sensitive personal data was entered as teacher feedback and information on students’ private affairs.” The DPA also noted insufficient authorization for the data processing and a “high risk” of data being transferred to the U.S.
11 July 2022
Iceland's DPA fines city for processing of children’s data
Related stories
Emerging trends, insights from public enforcement of US state privacy laws
Notes from the IAPP Canada: Building momentum to address youth privacy issues
How proposed AI enforcement moratorium cuts into US state-level powers
Notes from the Asia-Pacific region: Chinese regulators strengthen AI, data protection governance
Notes from the IAPP Europe: Data protection and AI in focus
