From Statewatch: EU member states have finalised a set of “non-binding” criteria for assessing when someone may be labelled a potential terrorist or violent extremism threat. The intention is to feed European databases such as the Schengen Information System (SIS) and the Europol Information System (EIS), as well as Europol analysis projects such as “Hydra”…
Category: Non-U.S.
Dutch DPA issues guidelines on data scraping
Joke Bodewits of Hogan Lovells writes: On 1 May 2024, the Dutch Data Protection Authority (DPA) issued guidelines on data scraping used by private organisations in relation to GDPR principles including ‘lawfulness’. The guidelines could affect the way GenAI business should govern their data scraping processes. However it is questionable whether these guidelines will persevere…
Telemarketing: the Privacy Guarantor sanctions Enel Energia. The company had not protected its databases from access by abusive brokers
Seen at GPDP: Telemarketing: the Privacy Guarantor sanctions Enel Energia The company had not protected its databases from access by abusive touts The Privacy Guarantor has imposed a fine of over 79 million euros on Enel Energia for serious shortcomings in the processing of personal data of numerous users in the electricity and gas sector, carried out…
Finnish SA: Administrative fine of € 856,000 for failing to define storage period of customer data
As seen on EDPB: Origin of the case The Finnish Supervisory Authority (SA) investigated the activities of the online retailer Verkkokauppa.com due to a complaint filed by a customer. The controller had required the person to register themselves as a customer before making purchases online. Shopping in the online shop was not possible without creating…