Berlin DPA issues 200K fine for GDPR violations

(Sep 20, 2019) Berlin’s Data Protection Authority has issued a 195,407 euro fine to Delivery Hero for violations of the EU General Data Protection Regulation, Gründerszene reports. The DPA said in its letter announcing the fine it administered the penalty for various GDPR infractions. Delivery Hero allegedly sent unwanted advertising emails to eight customers. One customer allegedly received 15 emails after they opted out of receiving such messages. The DPA also found Delivery Hero did not fulfill a number of ... Read More

Finnish Presidency releases draft compromise proposal for ePrivacy Regulation

(Sep 20, 2019) The Finnish Presidency of the Council of the European Union has released a draft compromise proposal for a new ePrivacy Regulation. The draft proposal contains a new article on the “processing of electronic communications data for the purpose of detecting, deleting and reporting material constituting child pornography” and proposed modifications to Articles 1 to 4a and 18 to 29 within the ePrivacy Regulation. The Working Party on Telecommunications and Information Society plans to discuss the dr... Read More

Polish DPA issues PLN$2.8M fine for GDPR violation

(Sep 20, 2019) Poland's Personal Data Protection Office has fined retail website Morele.net PLN$2.8 million for lacking proper data security under the EU General Data Protection Regulation. Morele's insufficient data protection resulted in a data breach of approximately 2.2 million customers. "There was a lack of appropriate response procedures to deal with the emergence of unusual network traffic," the DPA said while announcing the fine. The breach was mainly comprised of names and surnames, phone numbers, an... Read More

Notes from the IAPP Europe, 20 Sept. 2019

(Sep 19, 2019) Servus from Munich! Bavarian Data Protection Commissioner Thomas Petri opened this year’s IAPP DPI: Deutschland privacy conference in Munich and spoke about the challenges of the public sector to meet the requirements under the EU General Data Protection Regulation. He also highlighted the need to further align its practical implementation and passionately spoke about the benefits of the GDPR for citizens in dealing with public authorities, as well as the need to provide more public information... Read More

Irish DPC releases report on Public Services Cards

(Sep 19, 2019) The Irish Data Protection Commission released its report on the Public Services Card project, The Irish Times reports. The DPC ordered the Department of Employment Affairs and Social Protection to stop processing personal information of 3.2 million citizens tied to the issuance of the cards. The DPC identified eight adverse findings about the PSC project, including its determination that the privacy statement published by the department lacked sufficient information. Minister for Employment Affa... Read More

Irish DPC podcast covers data transfers post-Brexit

(Sep 19, 2019) The Irish Data Protection Commission released an episode of its Know Your Data podcast on Brexit. The episode covers what will happen to data transfers from Ireland to the U.K. once Brexit goes into effect, including the impact on those transfers should the U.K. leave the European Union without a deal, the role standard contractual clauses play and the resources the DPC has on its website to help organizations handle the changes.Full Story... Read More

German ministers call for stronger data protection measures after health care breach

(Sep 19, 2019) After the medical data of 13,000 German patients was discovered on an unprotected server, ministers have called for legal requirements for stronger security protocols, DW reports. The data included patients’ names and, in some cases, photos. "We don't want this data to end up with an employer, an insurance company, a bank. It makes it more likely you'll be rejected for a job or a credit," Federal Commissioner for Data Protection Ulrich Kelber said. German Health Minister Jens Spahn said any Germ... Read More

Court rules German police department cannot share protester photos on social media

(Sep 19, 2019) The Münster Higher Administrative Court ruled the North Rhine-Westphalia police department cannot share photos of public protesters on social media or any other public platform, DW reports. The ruling comes after police posted images to Facebook and Twitter of protesters in May 2018. A pair of protesters filed a lawsuit and won their case in a Gelsenkirchen court. The higher court upheld the ruling after an appeal was made by the department. Judge Sebastian Beimesche said sharing such photos on ... Read More

Gatwick becomes first UK airport to permanently use facial recognition for ID checks

(Sep 19, 2019) Gatwick Airport became the first in the U.K. to use facial-recognition cameras on a permanent basis for identification checks, The Telegraph reports. A Gatwick spokeswoman told BBC News travelers need to scan their passport at their departure gate to ensure the photo matches what was captured by the technology; however, the airport found most passengers approved of the process. Privacy International Legal Officer Ioannis Kouvakas raised questions about the airport’s ability to properly obtain co... Read More

Spain's DPA releases guidance on data processing for wellness, education apps

(Sep 19, 2019) The Spanish Agency for Data Protection published guidance for education and wellness applications that process personal data. The guidance is not only intended for the organizations that are responsible for processing the data, but also for the developers of the apps. The DPA’s document identifies practices that may negatively impact user privacy and solutions and alternatives to avoid such behavior. The AEPD and Polytechnic University of Madrid analyzed the 10 most-popular wellness and educatio... Read More