SypherPrivacyTalks - December 2024 - Week 51
by Sypher | Published in News - December 16, 2024
Welcome to #SypherPrivacyTalks — Your news and article roundup. Bringing you the top privacy & compliance stories of the week.
The CNIL strikes hard against Orange with a EUR 50 million fine
💶 France’s CNIL has fined Orange SA EUR 50 million for breaches of direct marketing and cookie management rules. The offences included disguising advertisements as emails without consent and continuing to use cookies after users had withdrawn their consent. The fine reflects the seriousness of the breaches, which affected 7.89 million users, and Orange's market dominance.
The CNIL ordered compliance within three months, with a daily penalty of €100,000 for delays. Key lessons learned highlight the need for clear user consent, transparency in advertising practices, and strict compliance with the GDPR and French data protection laws… read more
The announcement of the authority: here.
Websites could face fines if they fail to comply with cookie rules
🍪 Failure to comply with the rules on cookie use under the GDPR could result in fines for website operators. Companies must obtain explicit consent from users and provide clear information about the use of cookies.
Romania's data protection authority (ANSPDCP) fined a medical company 10,000 RON for failing to comply with these requirements. The investigation found that the company stored and accessed cookies on users' devices without informed consent or proper disclosure.
To avoid penalties, companies need to ensure transparent communication about data processing and secure user consent in compliance with GDPR.… read more (article in Romanian).
💡Check out Sypher’s cookie consent solution. Free plan available.
Advertising for chat control: EU data protection watchdog rebukes Commission
🏦 The EU Commission has been reprimanded by the European Data Protection Supervisor (EDPS) for breaching the GDPR in a political advertising campaign on X (formerly Twitter). The campaign, which took place in September 2023, aimed to promote the controversial 'chat control' policy by targeting certain political groups, excluding those critical of the EU.
This involved processing sensitive political data without users' consent, in breach of GDPR rules. Civil rights group NOYB complained, and the EDPS concluded that the Commission lacked a valid legal basis for using the data, rejecting public interest arguments… read more
Defunct pharmacy loses fresh £90k data breach appeal
pharmacymagazine.co.uk • 2 min read
🏥 A now-closed pharmacy, Doorstep Dispensaree Limited, has lost its latest appeal against a GBP 92,000 data breach fine, originally issued in 2019 as the UK's first GDPR penalty. The fine, which was originally set at GBP 275,000 and reduced in 2021, was maintained after multiple appeals.
The pharmacy was penalised for improperly storing sensitive health data, including more than 53,000 personal health records, which were found to be unsecured, damp and mouldy. The Court of Appeal rejected claims that the ICO's burden of proof had been incorrectly assessed and upheld the regulator's findings and approach.
This ruling strengthens the ICO's authority in enforcing the GDPR.… read more
Analysis on EDPB’s publications on the ePrivacy Directive, processors and legitimate interests
📝 The EDPB has issued guidelines and opinions emphasizing compliance with GDPR and the ePrivacy Directive. The article covers a brief analysis on the key points, which include: (1) new tracking tools like pixel tracking must adhere to ePrivacy rules; (2) controllers must verify processors and sub-processors meet GDPR standards; and (3) using "legitimate interests" as a legal basis requires careful balancing of business needs against individuals’ rights.
These insights guide organizations in handling personal data responsibly, especially when adopting emerging technologies or outsourcing data processing.… read more
--
Get connected with us on LinkedIn or by subscribing to our weekly newsletter. We do our best to select the most interesting and relevant content in our field and deliver it to you in a bite-sized format, so you can stay up to date on topics such as Privacy Management & Compliance.
Photo by iStock.com/Jean-Luc Ichard
