Vincent Manancourt reports: France’s data protection authority has fined agribusiness Monsanto €400,000 for privacy violations. In a statement Wednesday, the Commission nationale de l’informatique et des libertés (CNIL) said the Bayer-owned company had infringed European privacy rules by not informing people that it had recorded their information in a lobbying file. Read more on Politico.
Category: Breaches
Spanish DPA sets a new standard in GDPR enforcement with record fines
Pilar Rodríguez Lopez, Astrid Hardy, Diego Zapatero Méndez, and Diana Lopez of DAC Beachcroft write: It has been over three years since the introduction of the General Data Protection Regulation (“GDPR”) on 25 May 2018. Since coming into force, it has been reported that over EUR 292m of fines have been issued for wide-ranging infringements…
VPN servers seized by Ukrainian authorities weren’t encrypted
Dan Goodin reports: Privacy-tools-seller Windscribe said it failed to encrypt company VPN servers that were recently confiscated by authorities in Ukraine, a lapse that made it possible for the authorities to impersonate Windscribe servers and capture and decrypt traffic passing through them. The Ontario, Canada-based company said earlier this month that two servers hosted in Ukraine…
UN finds storing biometric data on Mauritius ID cards violates privacy
Frank Hersey reports: The United Nations Human Rights Committee has found that the legislation which Mauritius passed in 2013 for its biometric smart ID cards does not provide sufficient guarantees for securely protecting the biometrics of cardholders and therefore violates citizens’ privacy rights, according to the Committee’s release. The Committee stated that Mauritius did not provide enough information…