DPC fines Meta €91m for failing to safeguard passwords and notify breaches
members
–
1 min read
And for once, no other DPA objected to the DPC's draft decision. Read their handy one-pager here. 👇
Norway DPA fines university for insufficient access control in MS Teams
members
–
4 min read
The 🇳🇴 University of Agder was fined €12,500 (NOK 150k) for failing to secure personal data on Teams/SharePoint and insufficient internal controls. Short decision, several takeaways for everyone!
Denmark Google Workspace for Education Chromebook case (Helsingørgate)
members
–
9 min read
[15 July: Municipalities complies with Jan order + 🚨 DPA asks for EDPB opinion on the scope of a controller's documentation obligations regarding a processor's use of sub-processors] The Danish DPA's landmark decision of 2022 to ban certain use of Google products and US transfers, is still ongoing.
EDPB Support Pool of Experts (SPE) projects
members
–
3 min read
An overview of SPE project so far. Which ones (if any) should you spend time on? (Maybe the OSS case digests.)
Record GDPR fine from Norway (NAV)
members
–
5 min read
Norway's DPA upheld their record NOK 20m fine to the Labour and Welfare Administration (NAV) for several, grave violations.
France DPA fines Amazon €32m for invasive employee monitoring
members
–
3 min read
[22 March update: Amazon has appealed] The 🇫🇷 CNIL fined Amazon for excessively intrusive monitoring, using several illegal indicators and unsecure video surveillance software, without sufficiently informing employees and visitors.
Sweden MedHelp 1177 case
members
–
8 min read
This case is not only a goldmine for DPOs in the Swedish healthcare sector (although particularly so), but DPOs in general, for assessing roles, legal bases and processor liability.
Denmark DPA orders municipalities to ensure Google-sharing compliance
members
–
1 min read
🔥 Danish DPA with new decision in their Helsingørgate/Chromebook case!
CJEU C-340/21 Natsionalna agentsia za prihodite (cybercrime)
members
–
7 min read
Unauthorised disclosure or access doesn't equate to inadequate measures, but must be proven to prevent damages claims. National courts must assess your case concretely and cannot systematically rely on expert reports. Mere fear 😱 = non-material damages (but must be proven by the data subject).
Denmark DPA shares useful security measures catalogue
members
–
1 min read
Only in Danish but useful with in-browser translate!
