Enforcement

UK financial watchdog fines Tesco Bank £16.4 million

The UK’s Financial Conduct Authority has ordered Tesco Bank to pay £16.4 million (€18.4 million) following a “largely avoidable” 2016 hack.

02 October 2018

ECJ lowers threshold for interference with data rights in criminal investigations

The EU’s highest court has ruled that access to personal information retained by telecommunications providers may be justified in criminal investigations, even where the alleged offence is not serious.

02 October 2018

AggregateIQ challenges ICO jurisdiction

GDR can reveal that AggregateIQ, the target of the UK’s first known enforcement decision under its GDPR framework, claims that the Information Commissioner's Office lacks jurisdiction over the Canadian company and is unlawfully trying to retroactively apply its new powers.

01 October 2018

UK health insurer fined over security failures

The UK Information Commissioner’s Office has fined healthcare insurer Bupa £175,000 for failing to have effective security measures in place to protect customers’ personal information.

28 September 2018

Pressure mounts on Canada to extend privacy rules to political parties

A Canadian privacy commissioner has found that it has no jurisdiction to enforce privacy rules on a provincial political party, just days after federal and state privacy commissioners called on the government to introduce legislation to cover data handling by political parties.

26 September 2018

Brazil’s first data protection commissioners: the candidates

Brazil’s president Michel Temer vetoed the creation of a new data protection authority last month, but observers expect him or his successor to set up a new data regulator through separate legislation. GDR takes a look at the candidates being touted for key positions at the new body.

24 September 2018

Equifax ordered to pay maximum UK fine

The UK’s data protection watchdog has ordered credit reporting agency Equifax to pay the maximum fine available under the country’s pre-GDPR framework, slamming the company’s “systemic” security failures that included a UK-US data processing agreement which contained inadequate safeguards.

20 September 2018

Multiple data protection authorities may have stake in enforcement action, regulators say

The location of data processing and level of a country’s citizens’ concern play a larger role in determining lead supervisory authorities than the location of company headquarters, regulators have said.

19 September 2018

EU probes Amazon use of merchant data

The European Commission has begun a preliminary antitrust investigation into Amazon’s use of data from merchants that sell through its online retail platform.

19 September 2018

Watchdogs unlikely to ever overlook GDPR documentation requirements, says lawyer

Data protection regulators will seldom – if ever – overlook data documentation requirements, regardless of company size, according to Osborne Clarke partner Ulrich Baumgartner.

18 September 2018

Get unlimited access to all Global Data Review content