Garante Privacy Fines Enel Energia Over €500k for Telemarketing Violations
Italy's Garante Privacy has fined Enel Energia over €500,000 for alleged violations related to telemarketing practices. The newsletter also mentions other enforcement actions concerning online advertisements, debt collection communications, and risks to minors on websites and apps.
ICO fines TMAC Ltd £100,000 for PECR breaches
The UK's Information Commissioner's Office (ICO) has fined TMAC Ltd £100,000 for breaches of the Privacy and Electronic Communications Regulations (PECR). The company made over 260,000 unsolicited marketing calls to individuals registered on the Telephone Preference Service and failed to provide required caller information.
Brazil Court Limits Identifiable Data Sharing Without Consent
Brazil's Superior Court of Justice has ruled that identifiable registration data, such as names and estimated income, cannot be shared with third parties by credit bureaus without explicit consent. This decision clarifies the interpretation of Brazil's General Data Protection Law (LGPD) in the credit market, distinguishing between internal credit risk analysis and external data sharing.
DataGrail AI Agent Automates Privacy Compliance
DataGrail has released its Vera AI agent, embedded within its existing platform, to help privacy teams automate compliance tasks and risk assessments. The tool aims to address the challenges of integrating AI into privacy operations and meet jurisdictional data privacy requirements, particularly in light of increasing AI investments.
Digital Services Act: Commission Preliminary Findings Against Pornhub, Stripchat, XNXX, and XVideos
The European Commission has preliminarily found Pornhub, Stripchat, XNXX, and XVideos in breach of the Digital Services Act (DSA) for failing to protect minors from exposure to pornographic content. The platforms now have the opportunity to respond to the Commission's findings.
European Commission Investigates Snapchat Under Digital Services Act
The European Commission has opened formal proceedings to investigate if Snapchat is complying with the Digital Services Act (DSA) regarding child protection. The investigation will examine potential breaches related to exposing minors to grooming, illegal goods, and age-restricted products.
INCIBE Fined 2,000 Euros for GDPR Breach
The Spanish Data Protection Agency (AEPD) has upheld a 2,000 Euro fine against INCIBE for a GDPR breach. The breach occurred on INCIBE's Moodle training platform, exposing student names, emails, cities, and countries due to a default privacy configuration error. INCIBE appealed the initial resolution.
EUSKALTEL fined €100,000 for GDPR non-compliance
The Spanish Data Protection Agency (AEPD) has fined EUSKALTEL €100,000 for non-compliance with GDPR, specifically related to a violation of Article 58.2 and Article 83.6. The company was ordered to comply with imposed measures within three months. This resolution is on appeal from a prior decision.
EDPB Guidelines on Processing Personal Data Based on Legitimate Interests
The European Data Protection Board (EDPB) has issued Guidelines 1/2024 for public consultation, focusing on the lawful processing of personal data under Article 6(1)(f) of the GDPR, specifically the 'legitimate interests' basis. The guidelines also address the relationship between this legal basis and data subject rights. The consultation period closes on November 20, 2024.
ICO and Ofcom Joint Statement on Age Assurance
The UK's ICO and Ofcom have issued a joint statement clarifying the interaction between online safety and data protection laws concerning age assurance for online services. The statement aims to assist organisations in complying with both sets of obligations when protecting children online.