Joke Bodewits of Hogan Lovells writes: On 1 May 2024, the Dutch Data Protection Authority (DPA) issued guidelines on data scraping used by private organisations in relation to GDPR principles including ‘lawfulness’. The guidelines could affect the way GenAI business should govern their data scraping processes. However it is questionable whether these guidelines will persevere…
Telemarketing: the Privacy Guarantor sanctions Enel Energia. The company had not protected its databases from access by abusive brokers
Seen at GPDP: Telemarketing: the Privacy Guarantor sanctions Enel Energia The company had not protected its databases from access by abusive touts The Privacy Guarantor has imposed a fine of over 79 million euros on Enel Energia for serious shortcomings in the processing of personal data of numerous users in the electricity and gas sector, carried out…
Finnish SA: Administrative fine of € 856,000 for failing to define storage period of customer data
As seen on EDPB: Origin of the case The Finnish Supervisory Authority (SA) investigated the activities of the online retailer Verkkokauppa.com due to a complaint filed by a customer. The controller had required the person to register themselves as a customer before making purchases online. Shopping in the online shop was not possible without creating…
Massachusetts Data Privacy Act Approved by Legislative Committee
EPIC writes: The Chairs of the Joint Committee on Advanced Information Technology, the Internet, and Cybersecurity of the Massachusetts General Court, Representative Tricia Farley-Bouvier and Senator Michael Moore, announced today that the Massachusetts Data Privacy Act (“MDPA”) had been reported favorably out of Committee. If passed, the MDPA would be the strongest state privacy law in…