Iceland’s data protection authority, Persónuvernd, fined the city of Reykjavík 5 million kronor over data processing under the Seesaw student system. The DPA said it considered that violations “concerned the personal data of children who enjoy special protection under the Data Protection Act and that it was considered likely that their sensitive personal data was entered as teacher feedback and information on students’ private affairs.” The DPA also noted insufficient authorization for the data processing and a “high risk” of data being transferred to the U.S.
11 July 2022
Iceland's DPA fines city for processing of children’s data
Related stories
Notes from the IAPP Canada: CPS25 zeroes in on the issues that matter most
A view from DC: An updated NIST Privacy Framework
Handsets, headsets and hyperscreens: Emerging ideas for immersive experiences and the importance of governance by design
Notes from the Asia-Pacific region: India strides ahead on the digital front
New developments in global adequacy capabilities
