Data Privacy & Cybersecurity

Belgian DPA Orders Diocese to Delete Baptized Person's Data

The Belgian Data Protection Authority (DPA) has ordered the diocese of Ghent to delete a baptized person's data from the baptismal register. The DPA ruled that the church's legitimate interest in retaining the data does not override the individual's right to erasure under GDPR when they expressly wish to leave the church.

CJEU Rules on IAB EUROPE Case, Belgian DPA Fine

The Court of Justice of the European Union (CJEU) ruled that a structured character string capturing user preferences is personal data and that IAB EUROPE can be considered a joint controller. This decision impacts the Belgian DPA's prior €250,000 fine against IAB EUROPE.

Market Court confirms €250,000 DPA fine in IAB Europe case

The Market Court has confirmed a €250,000 fine imposed by the Belgian Data Protection Authority on IAB Europe. While the original decision was annulled on procedural grounds, the court upheld the reasoning that IAB Europe acts as a joint data controller for user preferences within its Transparency and Consent Framework.

Market Court refers FATCA data transfer questions to CJEU

The Belgian Market Court has referred 13 preliminary questions to the Court of Justice of the European Union (CJEU) regarding the FATCA agreement and data transfers to the US. This action seeks clarification on the compatibility of the agreement with EU data protection laws, including GDPR and Directive 95/46/EC.

Garante Privacy Fines Nursery, Approves IT-Wallet, CEREBRO, AI in Schools

The Italian Garante Privacy has fined a nursery school €10,000 for privacy violations related to children's photos and video surveillance. The authority also approved the experimentation of IT-Wallet, the use of CEREBRO for asset investigations, and issued guidelines for AI in schools.

GDPR Fines and Guidance on AI, Healthcare, and Public Transparency

The Italian Data Protection Authority (Garante privacy) issued a newsletter detailing several enforcement actions and guidance. Fines were issued to a bank (€100,000) and a municipality for transparency violations, and a hospital (€80,000) for improper access to patient health records. Global data protection authorities also affirmed that data protection fully applies to AI.

Hospital Fined €70k for Data Breach; FAQs on Public Tender Data Published

The Italian Data Protection Authority (Garante privacy) has fined a company managing a hospital €70,000 for the unauthorized disposal of a patient's tissue sample and failure to notify a data breach. The newsletter also announced new FAQs on data processing and transparency in public tenders.

Garante Privacy Fines Verisure Italia and Aimag for GDPR Violations

The Italian Data Protection Authority (Garante Privacy) has fined Verisure Italia €400,000 for unlawful marketing practices and Aimag for inadequate security measures. Both companies are ordered to cease unlawful data processing and comply with GDPR.

GDPR Fines for Employee Monitoring and Email Privacy

The Italian DPA has issued a €120,000 fine to an agricultural seed company for unlawfully monitoring employee driving habits via company vehicles. The newsletter also covers GDPR implications for accessing a dismissed employee's email and new tools against telemarketing.

IMY Fines Trygg-Hansa SEK 35 Million for Data Exposure

The Swedish Authority for Privacy Protection (IMY) has issued an administrative fine of SEK 35 million against Trygg-Hansa. This action follows a data exposure incident where information for 650,000 customers was accessible to unauthorized persons via the internet for over two years.