SypherPrivacyTalks - December 2024 - Week 49
by Sypher | Published in News - December 02, 2024
Welcome to #SypherPrivacyTalks — Your news and article roundup. Bringing you the top privacy & compliance stories of the week.
Food delivery app Foodinho eats another privacy fine
💶 Italy's data protection authority, the GPDP, has fined Foodinho S.r.l., a Milan-based food delivery service owned by DeliveryHero (which also owns Glovo), €5 million for illegally tracking the geolocation of more than 35,000 drivers, including outside working hours.
The company was also found to have shared drivers' GPS data with third parties without consent and to have used biometric data without adequate safeguards. This case highlights ongoing concerns about workers' privacy… read more
The full announcement from the Authority (in Italian).
Operational resilience: a look at your contracts and the impact of DORA
🛡️By 17 January 2025, financial institutions and ICT service providers must update their risk management processes, contracts and operational systems to meet the new requirements of the Digital Operational Resilience Act (DORA). This represents a significant change for the EU financial services sector, shifting the focus from protection to resilience, a broader concept that includes protection but also aims to ensure that critical operations can continue during disruptions.
DORA introduces stricter contract rules, increases oversight of key ICT providers and presents challenges such as updating existing contracts. Discover practical insights in DLA Piper's article on Lexology … read more
Watch the DLA webinar for more details.
Rompetrol Downstream fined by the Romanian Data Protection Authority
💶 Rompetrol Downstream has been fined €4,000 by the Romanian Data Protection Authority (ANSPDCP) following a data breach that resulted in phishing emails being sent to individuals. The investigation found that the company's email account used for customer correspondence had been shared, allowing unauthorised access. Personal information such as names, email addresses and signatures were improperly accessed.
Security measures were inadequate, in breach of GDPR requirements. In addition to the fine, the company must implement corrective measures, including audits and enhanced security protocols, to prevent future breaches… read more (article in Romanian).
Italian data protection agency warns publisher against sharing data with OpenAI
cryptopolitan.com • 3 min read
🤖 Italy's data protection authority has raised concerns about a partnership between OpenAI and Italian publisher GEDI, warning that the sharing of data archives for training ChatGPT models could violate GDPR.
GEDI, which owns major newspapers including La Repubblica and La Stampa, partnered with OpenAI to provide Italian-language content for model training. The regulator's warning underscores the potential challenges for OpenAI to comply with data protection laws in the EU… read more
Very large online platforms and search engines to publish first risk assessment and audit reports under the Digital Services Act
digital-strategy.ec.europa.eu • 5 min read
🚨 Under the Digital Services Act (DSA), major online platforms and search engines must now publish annual risk assessments and audit reports detailing risks, such as illegal content, disinformation, or the protection of minors and their mitigation strategies.
This is a step towards greater transparency and accountability in the tech industry. Workshops to discuss these reports with stakeholders are planned for early 2025… read more
Find more information about:
- Very large online platforms (VLOPs) and very large search engines (VLOSEs)
- Digital Services Act (DSA)
--
Get connected with us on LinkedIn or by subscribing to our weekly newsletter. We do our best to select the most interesting and relevant content in our field and deliver it to you in a bite-sized format, so you can stay up to date on topics such as Privacy Management & Compliance.
Photo by Nursultan Abakirov on Unsplash
