Enforcement

Finnish cookie consent litigation develops

In a submission to a Helsinki court, Finland’s telecommunications regulator has entrenched its position that browser settings can provide consent for cookies and argued that website operators using cookies are not necessarily data controllers under the GDPR.

27 July 2020

Facebook bumps up Illinois facial recognition payout

Facebook has agreed to pay an extra $100 million as part of a settlement to end a long-running facial recognition lawsuit, bringing the total to nearly two-thirds of a billion dollars.

24 July 2020

New York regulator files first cybersecurity charges

The New York State Department of Financial Services has charged a Nebraska-based title insurance company for failing to shut down a five-year IT vulnerability, which the regulator says led to millions of internal records being exposed to anyone with a web browser.

24 July 2020

FBI: Chinese hackers tried to steal covid-19 research

A US federal grand jury has indicted two Chinese hackers for allegedly stealing trade secrets and personal data from hundreds of victims for the benefit of China’s government.

22 July 2020

ICO adtech enforcement may be stalled to 2021

The UK Information Commissioner’s Office may not restart its work on data protection issues in the adtech ecosystem until next year, it has said.

21 July 2020

Telecoms law needs stricter data rules, says German regulator

Germany’s federal data regulator has welcomed a decision from the country’s top court ruling aspects of its telecommunications law unconstitutional for allowing excessive state access to user data.

21 July 2020

Colombian data broker fined for including political sanctions in credit histories

Colombia’s data protection authority has fined one of the country’s main credit bureaus around $200,000 for including information on political sanctions in the credit histories of 288,753 citizens.

20 July 2020

Schrems II: the data protection community reacts

Yesterday’s Schrems II ruling lived up to expectations – just like the first iteration of the dispute, it has thrown a spanner in works for companies hoping to transfer data abroad, particularly to the US. GDR has analysed the data protection community’s reactions and thoughts on the implications of the decision.

17 July 2020

Belgium asserts Google right to be forgotten jurisdiction

A Belgian decision to fine Google €600,000 in a right to be forgotten case comes shortly after the company admitted that all European regulators have jurisdiction over data processed by its US parent.

16 July 2020

Schrems II: Privacy Shield invalidated, SCCs remain

The European Court of Justice has invalidated the EU-US Privacy Shield in the landmark Schrems II case – but has allowed standard contractual clauses to remain in place.

16 July 2020

Get unlimited access to all Global Data Review content