SypherPrivacyTalks - October 2024 - Week 44
by Sypher | Published in News - October 28, 2024
Welcome to #SypherPrivacyTalks — Your news and article roundup. Bringing you the top privacy & compliance stories of the week.
Norwegian government to set 15-year age limit for using social media
🚸 The Norwegian government is proposing to raise the minimum age for using social media to 15 in order to better protect children from harmful content and the influence of "big tech giants". Currently, Norway's Personal Data Act sets the age at 13, but Prime Minister Jonas Gahr Støre wants to change this, emphasising the need for stronger regulations against powerful tech companies. This proposal has the support of a majority in parliament, although implementation challenges remain, such as age verification.
One proposed method is the use of bank verification cards, but alternatives are being explored as not all citizens have access to this form of ID. The government is also looking to EU standards, with the EU Digital Wallet seen as a potential solution. The EU is also prioritising online child protection through the Digital Services Act and is considering directives to reduce addiction and cyberbullying among minors… read more
Irish Data Protection Commission fines LinkedIn Ireland €310 million
dataprotection.ie • 6 min read
💶 The Irish Data Protection Commission (DPC) has issued a final decision in its investigation into LinkedIn Ireland's use of user data for behavioural analysis and targeted advertising. The investigation was triggered by a complaint from the French Data Protection Authority and was led by the DPC as LinkedIn's principal supervisory authority.
The DPC found that LinkedIn's processing of user data violated the GDPR's requirements regarding consent, legitimate interests and contractual necessity. The company failed to secure lawful consent, and did not adequately prioritise users' rights over its own interests. As a result, LinkedIn was cautioned, ordered to correct its data practices and fined €310 million. The DPC will publish the full decision at a later date… read more
Sanction for food supermarket chain Profi in Romania
dataprotection.ro • 2 min read
💶 The Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) has fined Profi Rom Food SRL €10,000 and issued a warning for breaching the GDPR.
The investigation, which concluded in September 2024, was triggered by a complaint and found that Profi Rom Food had sent copies of employees' ID cards to another company without legal justification, exposing their personal data. An employee of Profi Rom Food also recorded and distributed unauthorised video footage on WhatsApp, in breach of the security measures required by the GDPR… read more
CJEU Judgement: Dutch Tennis Federation (KNLTB) case
🧑⚖️The European Court of Justice (CJEU) has ruled that a company's commercial interests can be considered a legitimate basis for processing personal data under the GDPR, provided certain conditions are met. This ruling contradicts the previous position of the Dutch Data Protection Authority (DPA), which held that commercial interests alone weren't sufficient to justify the use of data.
This case originated from the Dutch Tennis Federation (KNLTB) sharing its members' data with sponsors without explicit consent, which the Dutch DPA deemed unlawful and fined the KNLTB… read more
Note that the EDPB Guidelines on legitimate interest are still subject to public consultation until 20 November 2024.
Another GDPR sanction in Romania: iabilet.ro, €2,000 fine for user account
💶 Romanian company IA BILET SRL, which operates the iabilet.ro ticketing platform, has been fined €2,000 by the National Supervisory Authority for Personal Data Processing (ANSPDCP) for allegedly deleting a user's account without justification.
The investigation, which was concluded in September 2024, followed a complaint from a user who claimed that his account had been deleted after he received unsolicited marketing messages via SMS. IA BILET SRL was unable to demonstrate that its data processing practices complied with the GDPR principles, which led to the fine… read more
--
Get connected with us on LinkedIn or by subscribing to our weekly newsletter. We do our best to select the most interesting and relevant content in our field and deliver it to you in a bite-sized format, so you can stay up to date on topics such as Privacy Management & Compliance.
