GDPR enforcement

Norwegian University Fined for Weak Access Controls in Microsoft Teams

Norwegian University Fined for Weak Access Controls in Microsoft Teams

Enforcement, GDPR |

On 4 September 2024, the Norwegian Data Protection Authority imposed a fine of NOK 150,000 on the University of Agder (UiA) following a six-year-long breach of personal data security. UiA had been storing sensitive personal data in open Microsoft Teams folders without proper access controls, making this information available to unauthorized employees and students. Scope […]

Norwegian University Fined for Weak Access Controls in Microsoft Teams Read More »

Dutch DPA Fines Clearview AI for Illegal Facial Recognition

Dutch DPA Fines Clearview AI for Illegal Facial Recognition

Enforcement, GDPR |

  On 16 May 2024, the Dutch Data Protection Authority (AP) imposed a fine of €30.5 million on Clearview AI, a U.S. company that offers facial recognition services. Clearview built a vast database of over 30 billion images, scraped from publicly accessible online sources, and converted these into biometric data. This practice violates the GDPR

Dutch DPA Fines Clearview AI for Illegal Facial Recognition Read More »

wedish DPA Fines Apoteket and Apohem for Meta Pixel Misuse

Swedish DPA Fines Apoteket and Apohem for Meta Pixel Misuse

Enforcement, IMY |

On 29 August 2024, the Swedish Privacy Protection Authority (IMY) issued two fines against major pharmacy companies, Apoteket AB and Apohem AB, for violations of Article 32 of the GDPR. Both cases involved the misuse of Meta’s analytics tool, Meta Pixel, which led to the unintentional transfer of sensitive customer data to Meta Platforms Ireland.

Swedish DPA Fines Apoteket and Apohem for Meta Pixel Misuse Read More »

Dutch DPA Fines Uber €290 Million Over Data Transfers

Enforcement, GDPR |

On 26 August 2024 the Dutch Data Protection Authority (DPA) announced that it had imposed a €290 million fine on Uber Technologies Inc. and its Dutch subsidiary, Uber B.V., for violating Article 44 of the General Data Protection Regulation (GDPR). The penalty was a result of Uber’s failure to ensure appropriate data transfer mechanisms for

Dutch DPA Fines Uber €290 Million Over Data Transfers Read More »

noyb Sues Hamburg DPA over “Pay or OK” in Der Spiegel

Consent or Pay, Der Spiegel, GDPR, Germany, noyb |

noyb has filed a lawsuit against the Hamburg Data Protection Authority (DPA) after it approved the controversial ‘Pay or OK’ system used by DER SPIEGEL, which forces users to choose between consenting to data tracking or paying for a subscription. The Hamburg DPA’s decision, which took nearly three years, has been criticized for lack of impartiality, as the complainant was not consulted and critical facts were ignored.

noyb Sues Hamburg DPA over “Pay or OK” in Der Spiegel Read More »

Scroll to Top