In the first fine issued by a German data protection authority under the GDPR, on 21 November 2018 the authority of the German state of Baden-Württemberg (“LfDI”) imposed a fine of Euro 20,000 on a social media provider for a violation of its data security obligations under Art. 32 of the GDPR. The company’s very good cooperation with the LfDI was key to avoiding a higher level of fines.
At the Privacy Laws and Business’ International Conference, Eduardo Ustaran evaluated the sorts of activities likely to prompt regulators into exercising their increased fining powers under the GDPR. In this post, we provide links to both a video of his presentation at the conference as well as a detailed report about his presentation.
It has finally happened. Like that train you are waiting for that keeps getting delayed but eventually arrives. The all-powerful trio comprising the European Parliament, the Council of the EU and the European Commission arrived at their destination after a journey of four years, and on December 15th, 2015, agreed the final text of the EU General Data Protection Regulation. Once formally adopted in the coming weeks, the GDPR will create a completely new legal framework for the collection, use and sharing of personal information that will apply well beyond Europe.
Recently, new rules on cookies came into force in the Netherlands. In addition, the Dutch Second Chamber approved a draft bill to introduce a mandatory data breach notification requirement and to strengthen the Dutch Data Protection Authority’s investigative and fining powers. The new rules apply to all companies acting as a “data controller” within the meaning of the Dutch Data Protection Act. The Dutch First Chamber has announced that it plans to review this draft bill as soon as possible.
Today’s Guest Blog is from Peter Fleischer, who writes: “Since 2012 has now begun, here’s a prediction about the future: there’s going to be a lot more privacy enforcement actions. By a lot of different government authorities, not just DPAs. And the sanctions/damages are going to go through the roof. Indeed, it’s not easy to keep track of which government officials are in charge of data protection enforcement actions. There are a lot of them.” Read more in this entry.
Spain has a new penalty regime for violations of privacy, with many minimum and maximum fines lowered. This is viewed as a business-friendly development at a time when the Spanish Data Protection Agency (“SPDA” or “Agency”) has earned a reputation as one of the more enforcement-oriented DPAs in the EU, and when one of its high-visibility enforcement efforts is under scrutiny.