Background information Date of final decision: 8 March 2022 Controller: Harpa Concert Hall and Conference Centre ohf. Legal Reference: principles relating to processing of personal data (Article 5), lawfulness of processing (Article 6) Decision: infringement of the GDPR, order to comply, fine 1 million ISK (approx. 7.200 Euros). Key words: principles, lawfulness of processing, transparency, data…
Category: Breaches
The Icelandic SA: HEI medical travel agency fined for an unlawful use of an e-mail address and not handling an access request
Background information Date of final decision: 3 May 2022 National case: 2020051610 Controller: HEI ehf. (HEI – Medical Travel) Legal Reference: lawfulness of processing (Article 6), right of access (Article 15) Decision: infringement of the GDPR, fine 1.5 million ISK (approx. 10.700 Euros). Key words: lawfulness of processing, access request, e-mail list, erasure of personal…
Twitter to pay $150 million penalty for allegedly breaking its privacy promises – again
By Lesley Fair It’s FTC 101. Companies can’t tell consumers they will use their personal information for one purpose and then use it for another. But according to the FTC, that’s the kind of digital bait-and-switch Twitter pulled on unsuspecting consumers. Twitter asked users for personal information for the express purpose of securing their accounts, but…
Israeli Ministry Illegally Shared Biometric Images of Millions With Unknown Agency
Josh Breiner and Bar Peleg report: The Population and Immigration Authority illegally shared in the past seven years the facial images of millions of Israelis with an unnamed government agency. The actions of the Interior Ministry division were disclosed in an official report published last week by Roy Friedman, the head of the Israel National…