AEPD Resolves GDPR Breach: 492 Individuals' Data Published

The Spanish Data Protection Agency (AEPD) has initiated a sanctioning procedure against the Consejería de Hacienda y Administración Pública of the Junta de Extremadura for publishing the personal data (name, surname, and DNI) of 492 individuals on its website. The data was published without consent as part of a public employment selection process and has been accessible since September 2019.

Spanish DPA Resolution on Data Rights Claim

The Spanish Data Protection Agency (AEPD) has issued a resolution regarding a data rights claim (EXP202517310). The claimant exercised their right of access, and after initial non-compliance, the respondent has now demonstrated that the right was attended to and a response was provided.

Data Protection Commission 2024 Annual Report

The Data Protection Commission (DPC) has published its 2024 Annual Report, detailing €652 million in administrative fines issued, including significant penalties against Meta and LinkedIn. The report also highlights the conclusion of numerous inquiries and breach notifications.

DPC Fines CDETB €125,000 for GDPR Data Breach

The Irish Data Protection Commission (DPC) has fined the City of Dublin Education and Training Board (CDETB) €125,000 for a GDPR data breach. The inquiry found CDETB infringed multiple GDPR articles related to security measures, breach notification to the DPC, and notification to data subjects.

DPC Inquiry into TikTok Data Transfers to China

The Irish Data Protection Commission (DPC) has opened an inquiry into TikTok Technology Limited regarding the transfer of EEA users' personal data to servers in China. This follows TikTok's admission that limited data was stored in China, contrary to previous evidence provided to the DPC.

Data Protection Commission Opens Inquiry into Children's Health Ireland

The Data Protection Commission (DPC) has opened a formal inquiry into Children's Health Ireland (CHI) concerning the security of children's health records at Tallaght University Hospital. The inquiry follows protected disclosures and a breach notification, and will examine CHI's GDPR compliance regarding physical data security.

CJEU Rules Pre-Ticked Checkboxes Invalid for Cookie Consent

The European Court of Justice (CJEU) ruled that pre-ticked checkboxes are invalid for obtaining cookie consent. This decision, welcomed by data protection authorities, clarifies that active user behavior is required for valid consent regarding data processing.

Bundestag Strengthens Data Protection Authority

The German Bundestag's Budget Committee has allocated an additional 67 posts to the Federal Commissioner for Data Protection and Freedom of Information (BfDI) for the upcoming year. This funding aims to enhance supervision of security authorities, support new digitalization tasks in the health sector, and improve international cooperation.

BfDI Fines 1&1 Telecom EUR 9.55M and Rapidata EUR 10k under GDPR

Germany's Federal Commissioner for Data Protection and Freedom of Information (BfDI) has fined 1&1 Telecom GmbH EUR 9.55 million for insufficient technical and organizational measures to protect customer data and Rapidata GmbH EUR 10,000 for failing to appoint a data protection officer. These actions underscore the enforcement of GDPR provisions.

EDPB Agrees on GDPR Evaluation and Suggests Cooperation Improvements

The European Data Protection Board (EDPB) has agreed to contribute to the European Commission's evaluation of the GDPR. The EDPB suggests improvements in cooperation between data protection authorities and revisions to standard contractual clauses for data transfers.