Background information Date of final decision: 3 May 2022 National case: 2020051610 Controller: HEI ehf. (HEI – Medical Travel) Legal Reference: lawfulness of processing (Article 6), right of access (Article 15) Decision: infringement of the GDPR, fine 1.5 million ISK (approx. 10.700 Euros). Key words: lawfulness of processing, access request, e-mail list, erasure of personal…
Author: pogowasright.org
Twitter to pay $150 million penalty for allegedly breaking its privacy promises – again
By Lesley Fair It’s FTC 101. Companies can’t tell consumers they will use their personal information for one purpose and then use it for another. But according to the FTC, that’s the kind of digital bait-and-switch Twitter pulled on unsuspecting consumers. Twitter asked users for personal information for the express purpose of securing their accounts, but…
DuckDuckGo browser allows Microsoft trackers due to search agreement
Lawrence Abrams reports: The privacy-focused DuckDuckGo browser purposely allows Microsoft trackers on third-party sites due to an agreement in their syndicated search content contract between the two companies. DuckDuckGo is a search engine that prides itself on its privacy by not tracking your searches or your behavior while performing searches. Furthermore, instead of building user…
Court of Justice of the EU Greenlights GDPR Collective Claims Without a Mandate
Dan Cooper, Kristof Van Quathem, and Anna Oberschelp de Meneses of Covington and Burling write: On April 28, 2022, the Court of Justice of the EU (“CJEU”) decided that consumer protection associations may bring collective claims without a mandate from the affected consumers, including for violations of the GDPR, relying on national consumer law provisions. The words…