EDPB Support Pool of Experts (SPE) projects
members
–
6 min read
Latest: Legitimate interest OSS case digest.
Denmark Google Workspace for Education Chromebook case (Helsingørgate)
members
–
12 min read
[12 Feb: 🇩🇰 DPA webinar coming up!] [29 Jan: 🇩🇰 DPA applies dreaded EDPB Opinion and signal enforcement change. Must-read for 🇩🇰 folks but crucial to everyone using 🇺🇸 processors] Datatilsynet's landmark decision of 2022 to ban certain use of Google products and US transfers.
Norway DPA orders Helseplattformen to rectify shortcomings
members
–
3 min read
Weird DPA conclusion on controller's responsibility 🤔, will wait for the final decision | 🇳🇴 Datatilsynet notifies Helseplattformen of their intent to order fixes to serious organisational and (less serious) technical deficiencies.
UK ICO fines Capita £14 million for breach after weak security and slow reaction
members
–
8 min read
After first flagging a fine with a potential starting point of £97m, the 🇬🇧 DPA heavily reduced it after several mitigating factors we can all learn from. A decision packed with practical lessons for DPOs, data protection and security teams alike!
Norway DPA fines the Labour and Welfare Administration (NAV) NOK 20 million
members
–
6 min read
[updated] After the Privacy Appeals Board overturned substantial parts of the DPA's decision against the Labour and Welfare Administration (NAV), including the record NOK 20 million fine, the DPA has decided to reassess the case.
🇮🇪 DPC fines Meta €91m for failing to safeguard passwords and notify breaches
members
–
1 min read
UPDATE 1 Jan: Summary + full decision published! The DPC fines Meta for failing to safeguard users' passwords (storing them in plaintext!) and for notifying the breach too late.
Norway DPA fines university for insufficient access control in MS Teams
members
–
4 min read
The 🇳🇴 University of Agder was fined €12,500 (NOK 150k) for failing to secure personal data on Teams/SharePoint and insufficient internal controls. Short decision, several takeaways for everyone!
France DPA fines Amazon €32m for invasive employee monitoring
members
–
3 min read
[22 March update: Amazon has appealed] The 🇫🇷 CNIL fined Amazon for excessively intrusive monitoring, using several illegal indicators and unsecure video surveillance software, without sufficiently informing employees and visitors.
Sweden MedHelp 1177 case
members
–
8 min read
This case is not only a goldmine for DPOs in the Swedish healthcare sector (although particularly so), but DPOs in general, for assessing roles, legal bases and processor liability.
Denmark DPA orders municipalities to ensure Google-sharing compliance
members
–
1 min read
🔥 Danish DPA with new decision in their Helsingørgate/Chromebook case!
CJEU C-340/21 Natsionalna agentsia za prihodite (cybercrime) 14 Dec 2023
members
–
7 min read
Unauthorised disclosure or access doesn't equate to inadequate measures, but must be proven to prevent damages claims. National courts must assess your case concretely and cannot systematically rely on expert reports. Mere fear = non-material damages (but must be proven by the data subject).
Denmark DPA shares useful security measures catalogue
members
–
1 min read
Only in Danish but useful with in-browser translate!