Andreea Lisievici, Author at The PrivacyCraft Blog

Oracle’s $115 Million Settlement in Consumer Privacy Lawsuit

Enforcement | August 5, 2024

Oracle has agreed to a $115 million settlement in a consumer privacy lawsuit dating back to 2018. The lawsuit alleged that Oracle generated $42.5 billion annually by secretly creating and selling detailed dossiers on millions of people, including non-users. These dossiers, created through direct tracking and data purchases, included personal and sensitive information. The settlement, applying to data collected from August 19, 2018, mandates Oracle to cease specific data collection practices. Approximately 220 million people are impacted, with the law firm involved seeking $28 million in fees.

Oracle’s $115 Million Settlement in Consumer Privacy Lawsuit Read More »

The AI & Privacy Explorer | Weeks 28-29

The AI & Privacy Explorer | July 30, 2024

Welcome to the AI digital and privacy recap of privacy news for weeks 28 and 29 of 2024 (8-21 July)! This edition at a glance: 👈 Swipe left for a quick overview, then find 🔍 more details on each topic below. Subscribe 🇪🇺 EU AI Act was published in the Official Journal The European Union

The AI & Privacy Explorer | Weeks 28-29 Read More »

noyb Files Complaint Against Xander for GDPR Violations in RTB

Complaints, EU law, GDPR, noyb | July 29, 2024

On July 9, 2024, None Of Your Business (noyb.eu) filed a complaint with the Italian Data Protection Authority (Garante) against Xander Inc. for alleged GDPR violations. NOYB claims Xander violated several GDPR articles by mishandling user data and failing to comply with access and erasure requests. Xander, which operates a Real Time Bidding platform, is accused of collecting sensitive personal information and failing to adequately identify and respond to data subjects. The complaint requests Garante to enforce data protection rights, correct inaccurate profiles, and impose fines on Xander.

noyb Files Complaint Against Xander for GDPR Violations in RTB Read More »

Danish DPA Reports Municipalities’ Steps Toward Compliance in the Google Chromebook Case

Datatilsynet, Denmark, Enforcement, EU law, GDPR, Google | July 29, 2024

The Danish Data Protection Authority (Datatilsynet) reports that municipalities are taking steps to comply with the orders issued in January 2024. KL (Local Government Denmark), representing 52 municipalities, announced that from August 1, 2024, municipalities will stop sharing personal data with Google for purposes deemed unlawful by the Authority. Datatilsynet noted contract adjustments ensuring data processing strictly follows municipal instructions, except as required by EU law. Allan Frank, IT security specialist at Datatilsynet, highlighted remaining issues. The Authority awaits an opinion from the European Data Protection Board on documentation of subprocessors to make a final assessment.

Danish DPA Reports Municipalities’ Steps Toward Compliance in the Google Chromebook Case Read More »

New DPO Regulation in Brazil

ANPD, Brazil, DPO | July 29, 2024

On 17 July 2024, the Brazilian data protection authority (ANPD) issued Resolution CD/ANPD No. 18, detailing the roles and responsibilities of Data Protection Officers (DPOs). This regulation outlines the formal appointment process, required qualifications, and the specific duties of DPOs. It mandates public disclosure of the DPO’s identity and contact information. Additionally, it specifies the duties of data controllers and processors in supporting DPOs and ensuring compliance with data protection laws.

New DPO Regulation in Brazil Read More »