GDPR fine

Norwegian University Fined for Weak Access Controls in Microsoft Teams

Norwegian University Fined for Weak Access Controls in Microsoft Teams

Enforcement, GDPR |

On 4 September 2024, the Norwegian Data Protection Authority imposed a fine of NOK 150,000 on the University of Agder (UiA) following a six-year-long breach of personal data security. UiA had been storing sensitive personal data in open Microsoft Teams folders without proper access controls, making this information available to unauthorized employees and students. Scope […]

Norwegian University Fined for Weak Access Controls in Microsoft Teams Read More »

Dutch DPA Fines Clearview AI for Illegal Facial Recognition

Dutch DPA Fines Clearview AI for Illegal Facial Recognition

Enforcement, GDPR |

  On 16 May 2024, the Dutch Data Protection Authority (AP) imposed a fine of €30.5 million on Clearview AI, a U.S. company that offers facial recognition services. Clearview built a vast database of over 30 billion images, scraped from publicly accessible online sources, and converted these into biometric data. This practice violates the GDPR

Dutch DPA Fines Clearview AI for Illegal Facial Recognition Read More »

On 18 June 2024, the Norwegian Data Protection Board ruled that the Norwegian Data Protection Authority (DPA) cannot impose daily fines on Meta for not complying with a ban on behavioral marketing on Facebook and Instagram. This decision challenges the DPA's authority under Norwegian law, which allows daily fines. The Board determined that such fines could only apply to Norwegian companies, not international ones. The ban on behavioral advertising remains, but the ruling raises concerns about enforcement disparities between domestic and international businesses.

The Norwegian Data Protection Authority cannot impose daily fines in cross-border cases

Enforcement, EU law, Facebook, GDPR, Meta, Norway |

The European Data Protection Board published its final Guidelines on Article 37 of the Law Enforcement Directive (LED). These guidelines establish standards for appropriate safeguards in data transfers by competent authorities, focusing on legally binding instruments with third countries. Key points include selecting transfer mechanisms, evaluating transfer risks to data subjects, and maintaining enhanced accountability. The guidelines emphasize legal certainty and the necessity of ensuring equivalent data protection levels when personal data is transferred outside the EU.

The Norwegian Data Protection Authority cannot impose daily fines in cross-border cases Read More »

Avanza Bank fined 1.34M EUR in Sweden for misconfiguration of Meta pixel

Enforcement, EU law, GDPR, IMY, Meta, Sweden |

Meta has paused the launch of its AI tools in Europe after a request from Ireland’s Data Protection Commission (DPC). This decision comes after the digital rights group Noyb filed complaints in 11 European countries, criticizing Meta’s vague AI plans and the opt-out requirement for users. Meta planned to use public posts from Facebook and Instagram to train AI models. The DPC’s decision, welcomed by other European authorities, followed intensive discussions with Meta. Meta expressed disappointment, noting it had incorporated regulatory feedback since March.

Avanza Bank fined 1.34M EUR in Sweden for misconfiguration of Meta pixel Read More »

Scroll to Top