πΆ Uber has been fined €290 million in the Netherlands for transferring drivers' personal data - such as taxi licences, location data and even medical records - to the United States.
Uber made these transfers without " appropriately safeguarding the data", according to the Dutch DPA.
Uber claims it complied with the GDPR during three years of "immense uncertainty" between the US and the EU over how the rules would be applied. The problem, according to Uber, dates back to 2020, when the EU Court of Justice ruled that the current EU-US data transfer framework was no longer compliant with the GDPR… read more
Read also the Dutch DPA announcement here.
brusselstimes.com • 2 min read
π₯ Safeonweb, an initiative run by the Belgian Cybersecurity Centre, has identified the details of 3.2 million Belgian WhatsApp users being illegally sold on a dark web forum, potentially exposing users to a range of cybersecurity risks.
Safeonweb urges WhatsApp users to be vigilant about calls or messages from unknown numbers and not to share sensitive data online. The organisation also recommends enabling two-factor authentication in the WhatsApp application and checking current security settings ... read more
Read also the Belgian DPA’s note on this and call for vigilance (article in French).
π The National Centre for the Protection of Personal Data (CNPDCP) of the Republic of Moldova announced the official publication of Law No. 195/2024 on the protection of personal data on 23 August 2024. This law aims to protect the fundamental rights and freedoms of individuals with regard to the processing of personal data, in particular the right to privacy. It fully incorporates the provisions of the EU General Data Protection Regulation.
The new law will enter into force two years after its publication and will replace the existing Law No. 133/2011 on the protection of personal data... read more (article in Romanian).
π’ The UK government is holding a consultation to gather views on proposed changes to the data protection fees payable to the Information Commissioner's Office (ICO), which is primarily funded by fees paid by data controllers. Currently, these fees are split into three tiers based on an organisation's size and turnover, ranging from £40 to £2900. The fees have not been updated since 2018.
The consultation, which is open until 26 September 2024, follows a review of the fee regime and aims to ensure that the ICO has sufficient resources to carry out its duties effectively, including new responsibilities under forthcoming legislation… read more
Submit your responses online here.
privacymatters.dlapiper.com • 3 min read
βοΈThe European Court of Justice (ECJ) recently ruled that if a company fails to provide clear and complete information about how it uses personal data (as required by Articles 12 and 13 of the GDPR), it can be taken to court by consumer advocacy groups.
The specific case involved Meta (Facebook's parent company), which allowed third-party games on its platform to collect and share user data. The Federation of German Consumer Organisations (vzbv) argued that Meta hadn't properly informed users or obtained valid consent. The German courts referred the matter to the ECJ, which confirmed that such failures can be challenged through class actions.
This decision means that companies must ensure that their privacy notices are clear, simple and easy to understand, or risk legal action from consumer groups… read more
--
Get connected with us on LinkedIn or by subscribing to our weekly newsletter. We do our best to select the most interesting and relevant content in our field and deliver it to you in a bite-sized format, so you can stay up to date on topics such as Privacy Management & Compliance.
Photo by Viktor Avdeev on Unsplash