GDPRhub newsletter 21 July 2022

Another huge fine for Clearview AI πŸ’Έ You also get fined for not responding to the DPA...

19 days ago   •   2 min read

By Rie Aleksandra Walle
πŸŽ™οΈ
Listen to the audio recording here or in your favorite podcast player!

Denmark

The Danish DPA suggested issuing a fine of approximately €67,000 (DKK 500,000) against a law firm for its insufficient security safeguards that rendered their IT systems vulnerable to a hacker attack. Read more or edit on GDPRhub...

Written with the support of derhagen

🧨
Also read the Danish DPA's decision to ban the use of Google Workspace for Education and suspend US transfers.

Finland

The Finnish DPA held that an insurance company violated the fairness, data minimisation and data protection by default principles, among others, by requesting the entire medical record of the data subject from their healthcare provider to determine the insurance company's liability. Read more or edit on GDPRhub...

Written with the support of Vadym Kublik

Germany

The Regional Court of Cologne (LG KΓΆln) held that a search engine is not allowed to show search results if the linked website contains untrue factual claims or expressions of opinion with an untrue factual core about criminal conduct of a data subject. Read more or edit on GDPRhub...

Written with the support of Fabian Dechent

Greece

The Greek DPA fined Clearview AI €20,000,000 for unlawful processing of biometric data and ordered it to stop the collection of such data, as well as to delete all existing data. Read more or edit on GDPRhub...

πŸ’Έ
Also see my summary on LinkedIn for information on other Clearview fines.

Italy

The Italian DPA held that Google LLC was not obliged to de-list search results linking to particular news articles, as the publication of the relevant information was in the public interest since it concerned ongoing judicial proceedings. Read more or edit on GDPRhub...

Romania

The Romanian DPA fined the processor S.C. Delivery Solutions S.A. (Sameday) €3,000 for not implementing necessary technical and organisational measures, which led to the disclosure and/or unauthorised access to personal data of 26,566 natural persons after its database was posted on the website 'Raidforums.' Read more or edit on GDPRhub...

Written with the support of Diana Rosu

The Romanian DPA also fined a controller approximately €4,000 for not implementing appropriate technical and organisational measures, and for not replying to the DPA's inquiries during its investigation. Read more or edit on GDPRhub...

Written with the support of Diana Rosu

Spain

The Spanish DPA fined an insurer €132,000 for violating Articles 5(1)(f), 32, and 33 GDPR by repeatedly sending medical data to an unauthorised third party and failing to report a data breach each time despite being alerted about it. Read more or edit on GDPRhub...

Written with the support of Carmen Jurado Taboada

Keep reading