EDPB publishes breach notification, handling guidelines
New guidelines for examples of data breach notifications were published by the European Data Protection Board (EDPB). These focus on definitive recommendations and best practices on managing data breaches and risk assessment. Incidents in the guidelines include ransomware attacks, human error, lost or stolen devices, and more. The guidelines were based on the deliberations from last December’s EDP plenary.
New ICO commissioner John Edwards starts his term
The U.K.’s latest Information Commissioner, John Edwards, started his five-year term for the role last January 4. Having spent eight years as New Zealand Privacy Commissioner, he gave comments on his new position saying, “privacy is a right, not a privilege” and that “we all deserve to have our data treated with respect.” He also wants to start for companies to “respect our privacy with ease whilst still reaping the benefits of data-driven innovation.” Edwards expresses the need to make sure people can manage their data and “access remedies if things go wrong.”
Mobile telephone operator and finance company faces penalty for GDPR violations
French DPA Commission nationale de l’informatique et des libertés (CNIL) issues EUR 300,000 fine to mobile phone operator for violations of EU General Data Protection Regulation. The company allegedly failed to respond to their customer’s request to access their personal data during enforced time limits and failed to secure personal data through sharing the passwords of their users via email after subscribing to offers. Slimplay, a finance company, faces a EUR 180,000 fine from CNIL for the lack of security on its user’s personal data and the incorrect notification of a data breach that affected 12 million people in February 2020.
Google and Facebook face EUR 210 million ePrivacy penalty
Google and Facebook face a combined EUR 210 million penalty from CNIL, France’s data protection authority, for cookie violations covered by the ePrivacy Law. According to CNIL the companies prohibited French users to deny tracking through cookies freely. Up to EUR 60-90 million worth of penalties was given to Google’s U.S. and Irish operation, and 60 million to Facebook Ireland. Another possibility of EUR 100,000 daily fines if the users were not given an option to opt-out of tracking within three months.