On 26 August 2024 the Dutch Data Protection Authority (DPA) announced that it had imposed a €290 million fine on Uber Technologies Inc. and its Dutch subsidiary, Uber B.V., for violating Article 44 of the General Data Protection Regulation (GDPR). The penalty was a result of Uber’s failure to ensure appropriate data transfer mechanisms for […]
Dutch DPA Fines Uber €290 Million Over Data Transfers Read More »
The European Commission released its second report on the application of the General Data Protection Regulation (GDPR). Since the first report in 2020, the GDPR has significantly impacted individuals and businesses, with the EU introducing numerous initiatives to enhance digital transformation. The report highlights key achievements, including increased enforcement activities and cooperation among data protection authorities. However, it also identifies areas needing improvement, such as supporting SMEs, providing clearer guidance, and achieving consistent GDPR enforcement across the EU. Significant enforcement actions have led to fines totaling around EUR 4.2 billion.
Second GDPR Report Highlights Progress and Challenges Read More »
The European Commission, in collaboration with the Consumer Protection Cooperation Network, has taken coordinated action against Meta regarding its ‘pay or consent’ model. This model requires users to either pay for access to Facebook and Instagram or consent to personalized ads by Meta using their personal data. The CPC initiated this move after determining that the model may breach EU consumer laws. Key concerns include misleading information, undue pressure on consumers, and potential violations of the Unfair Commercial Practices Directive and the Unfair Contract Terms Directive. Meta must respond by 1 September 2024, or face potential sanctions.
European Commission Coordinates Action Against Meta on ‘Pay or Consent’ Model Read More »
The Irish Data Protection Commission is investigating X’s practice of sharing user data with Elon Musk’s AI startup, xAI, without explicit consent. X implemented a feature that opts users into data sharing by default, without prior notice. Users can change this setting only on the desktop version, with a mobile app option in development. The DPC had been questioning X for months and expressed surprise at the sudden rollout, which may lead to a GDPR investigation and possible fines. This situation mirrors Meta’s recent GDPR-related halt on similar AI data usage in Europe.
Irish DPC to investigate X’s Grok AI training on user data without consent Read More »
On July 9, 2024, None Of Your Business (noyb.eu) filed a complaint with the Italian Data Protection Authority (Garante) against Xander Inc. for alleged GDPR violations. NOYB claims Xander violated several GDPR articles by mishandling user data and failing to comply with access and erasure requests. Xander, which operates a Real Time Bidding platform, is accused of collecting sensitive personal information and failing to adequately identify and respond to data subjects. The complaint requests Garante to enforce data protection rights, correct inaccurate profiles, and impose fines on Xander.
noyb Files Complaint Against Xander for GDPR Violations in RTB Read More »