Iceland’s data protection authority, Persónuvernd, fined the city of Reykjavík 5 million kronor over data processing under the Seesaw student system. The DPA said it considered that violations “concerned the personal data of children who enjoy special protection under the Data Protection Act and that it was considered likely that their sensitive personal data was entered as teacher feedback and information on students’ private affairs.” The DPA also noted insufficient authorization for the data processing and a “high risk” of data being transferred to the U.S.
11 July 2022
Iceland's DPA fines city for processing of children’s data
Related stories
Notes from the Asia-Pacific region: Australia eSafety Commissioner launches social media age restrictions hub
EU Data operational impacts: The Data Act's interplay within the EU digital rulebook
Notes from the IAPP Europe: A focus on the Digital Networks Act
The 2025 Brazilian DPO: Navigating high risks with limited runways
PETs: Beyond privacy-enhancing
