GDPRhub newsletter 14 July 2022

πŸ‘€ Company fears reputational damage and loss of market share and asks French DPA to exempt their decision from the public (CNIL responded: eh... No.)

4 months ago   •   2 min read

By Rie Aleksandra Walle
πŸŽ™οΈ
Listen to the audio recording here or in your favorite podcast player!

Denmark

The Danish DPA held that the Danish Football Association and Danish League could deny an access request seeking CCTV evidence in a suit against the police, but it reprimanded the two for conflicting statements on their joint controllership. Read more or edit on GDPRhub...

Written with the support of lou_schda

Finland

The Finnish DPA fined a magazine publisher €85,000 for deficiencies in facilitating the exercise of data subject rights. The controller, among other things, required data subjects to print, fill, sign and send a paper form to have their data deleted. Read more or edit on GDPRhub...

Written with the support of Vadym Kublik

France

The French DPA fined Totalenergies France €1,000,000 after investigating 18 complaints and finding multiple violations; the controller failed to respond to requests for access and deletion, provide disclosures when data was collected, and offer the option to object to processing for marketing purposes. Read more or edit on GDPRhub...

Written with the support of Samuel Uzoigwe

Italy

The Italian DPA issued a €100,000 fine against a bank for neglecting to check whether a third party (the customer's father) was authorized to access a customer's bank account details before communicating her data to him. While he was previously authorized to know them, over time he may have lost this right. Read more or edit on GDPRhub...

The Italian DPA also issued a warning against TikTok for processing cookies without users' consent under its recently announced privacy policy update. Read more or edit on GDPRhub...

Written with the support of Carloc

Netherlands

The District Court of Overrijssel held that the Minister for Legal Protection was not obliged to honor an erasure request since the data was still relevant for the Child Care and Protection Board (RvdK) to perform its tasks. Read more or edit on GDPRhub...

Norway

After auditing the Norwegian Directorate of Correctional Service for 1.5 years, the DPA has notified them of an order to sort out and document their controller responsibilities and update internal controls for managing privacy and personal data protection. Read more or edit on GDPRhub...

Written with the support of Rie Aleksandra Walle

Spain

The Spanish DPA fined the owner of a commercial website €1,800 for processing personal data and using cookies without a legal basis and for not providing sufficient information to the data subject per Article 13 GDPR. Read more or edit on GDPRhub...

The Spanish DPA also fined an amateur football association €3,000 because its website lacked a privacy policy despite the fact that it collected various personal data. Read more or edit on GDPRhub...

Written with the support of Carmen Jurado Taboada

Finally, the Spanish DPA fined a controller €60,000 for violating Article 5(1)(d) GDPR by delivering a customer's contract to the wrong address. The customer had a restraining order against the current resident, who now had the customer's correct address. Read more or edit on GDPRhub...

The Basque DPA held that Articles 6(1)(c) and 6(1)(e) GDPR supplied a legal basis for a local police force to include personal data in files sent to the Chief of the Police, the Mayor’s Office, and the Councilman of Citizen Security. It is still assessing whether this practice complies the principle of data minimisation. Read more or edit on GDPRhub...

Spread the word

Keep reading