Polish DPA imposes first GDPR fine for breach of duty to inform data subjects

On March 26, 2019, Urzędu Ochrony Danych Osobowych (UODO), the Polish Data Protection Agency (DPA) imposed a fine of around $250,000 on a company for failure to fulfill its information obligation as a controller. The UODO explained that the controller did not meet the information obligation (Art. 14 (1) – (3), GDPR) in relation to over 6 million people. The company fulfilled the information obligation by providing the required information to the individuals whose e-mail addresses it had Read more [...]

Spanish DPA issues survey on Device Fingerprinting

On February 2, 2019, the Spanish Data Protection Agency (AEPD) published a Survey on Device Fingerprinting. (“Survey“) “Device fingerprinting is the systematic gathering of information on a specific remote device with the aim of identifying, singling out and, thus being able to monitor its user’s activity for the purpose of profiling.” The data set extracted from the user’s terminal device allows that device to be unequivocally uniquely identified. The APD estimates that there Read more [...]

German Antitrust ordered Facebook to stop “combining” data of German users without voluntary consent

On February 7, 2019, the Bundeskartellamt, the German antitrust authority, prohibited Facebook from combining data concerning German Facebook users gathered also from third party websites when the user didn’t give voluntary consent to this practice. The decision concerns all private users of Facebook based in Germany. According to the Bundeskartellamt’s decision, until now, individuals have only been able to use Facebook services if they agreed to the terms of service, including Read more [...]

Update on GDPR after 8 months of its application

  On January 25, 2015, the European Commission released a statement with an update about the effects of the adoption of Regulation 2016/679/EU (GDPR) Since its entry into force on May 25, 2018, “citizens have become more conscious of the importance of data protection and of their rights. And they are now exercising these rights, as national Data Protection Authorities see in their daily work. They have by now received more than 95,000 complaints from citizens.” So far, 23 member Read more [...]

Thailand approved a Personal Data Protection Act

  On February 28, 2019, Thailand’s National Legislative Assembly passed the Personal Data Protection Act (PDPA). According to this source, the PDPA will be signed and endorsed by the monarch, and will then be published in the Government Gazette before to enter into force later this year. This article explains that the legislative text includes the following provisions: data subjects have rights similar to the ones provided for by the GDPR, including the right to obtain a Read more [...]