Enforcement

Morgan Stanley fined $60m for 2016 and 2019 data breaches

The US Office of the Comptroller of the Currency has fined Morgan Stanley $60 million for two data breaches – including one dating back to 2016 – that the bank failed to disclose until July 2020.

12 October 2020

German companies uncertain if Office 365 use is lawful

Following a probe by German data regulators, companies in the country face uncertainty about whether they can continue to lawfully use the ubiquitous Microsoft Office 365 software.

08 October 2020

ECJ blocks bulk data harvesting but allows targeted collection

The EU’s top court has confirmed that member states cannot order telecoms providers to indiscriminately harvest data for national security purposes, but ruled the practice can continue in exceptional circumstances.

06 October 2020

ICO offers clarity on fines

The UK’s data watchdog has revealed how it plans to calculate its GDPR penalties.

05 October 2020

Anthem to pay nearly $50m to settle 2015 data breach investigation

Health insurer Anthem has reached settlement agreements with 43 states and Washington, DC, agreeing to pay nearly $50 million in total and improve its cybersecurity.

02 October 2020

Schrems II parties fight over who won

Ireland’s cash-strapped data watchdog is seeking reimbursement of costs it incurred in bringing its Schrems II court proceedings – with complainant Max Schrems claiming he should be entitled to recover his own costs from the regulator.

01 October 2020

ICO set to U-turn on GDPR fine discounts

The UK data watchdog plans to cut companies’ penalties when they pay quickly and do not appeal – despite refusing to apply that discount in its only GDPR fine to date.

01 October 2020

H&M hit with second-largest GDPR fine to date

Hamburg’s data protection authority has slapped clothes retailer H&M with a €35 million fine over its workplace surveillance practices, despite praising the company’s “unprecedented acknowledgment of corporate responsibility”.

01 October 2020

Israel blocks Privacy Shield transfers

EU-adequate Israel has followed the European Court of Justice’s lead in stopping companies from using the Privacy Shield mechanism from transferring data to the US.

30 September 2020

Marriott ICO decision delayed yet again

The latest delay to the UK’s data watchdog’s Marriott GDPR data breach decision comes seven months after the regulator originally planned to conclude its investigation.

30 September 2020

Get unlimited access to all Global Data Review content