Week in Review
The French Data Protection Agency (CNIL) has ordered three French websites to comply with GDPR, just one week after the Austrian Data Protection Authority declared that the usage of Google Analytics violated the GDPR. In other words, CNIL agrees that Google Analytics is illegal under GDPR.
All of these judgments are based on noyb’s 101 model complaints, which were filed after the Court of Justice ruled that the Privacy Shield was unlawful. According to noyb, the other authorities are expected to make similar conclusions in future.
Top Stories and Updates
ICO fines company for sending text messages without recipient consent
This week, the UK’s Information Commissioner’s Office penalised H&L Consulting Ltd £80,000 for sending hundreds of thousands of text messages without the recipients’ consent between January 2020 and July 2020. The ICO has also issued an enforcement notice to H&L Business Consulting Ltd, directing it to stop sending unlawful direct marketing messages. Read more here.
TikTok faces child privacy lawsuit in the UK
The UK High Court of Justice has ruled that a class-action lawsuit against TikTok for children’s privacy violations can proceed. The former Children’s Commissioner for England, Anne Longfield has supported the claimant, alleging TikTok has infringed EU and UK data protection regulations. The social media app is accused of processing children’s data without proper security, transparency, parental consent, or legitimate interest. Read more here.
Swedish DPA fined a bank €727,000 for processing customers data illegally
The Swedish Data Protection Authority fined Klarna Bank €727,000 for failing to provide accurate information on customer data processing on the company’s website. The Swedish DPA fined the company because the information it provided on its website on processing customer data did not meet the data protection rules of GDPR. Read more here.
Google is updating its Workspace Setting for activity tracking
Google is updating its Workspace Settings, allowing all users of Google Workspace account to track their activities, even if the organisation’s admin previously blocked it. Furthermore, admins no longer have control over this setting for their users; instead, each user must turn off tracking individually. Read more here.
Sri Lanka enacts its Personal Data Protection Act
On March 18, Sri Lanka passed the Personal Data Protection Act, making it the first South Asian country to enact a privacy law. The regulation is modeled after the EU’s General Data Protection Regulations (GDPR) and places significant obligations on controllers. The law will take effect in early 2023. Read more here.
Want to track cookies on your website?
Seers’ website scanner can help you detect your website against cookies and other tracking technologies. Scan your website and get a detailed cookie declaration report with automatically categorised cookies!
