DPA of Baden-Württemberg (Germany) fined a health insurance company 1’240’000 EUR for insufficient implementation of TOMs resulted in personal data of app. 500 individuals being accidentally processed for advertising purposes without due consent.
The fine is quite high, especially given that there have been some mitigating factors in this case:
- not too many data subjects concerned
- cooperation with DPA
- TOMs were not absent at all, the level of implementation thereof was just insufficient
Besides, no data breaches or other factors posing a (high) risk to data subjects were identified.
The investigation resulted in one of the highest fines issued under Article 32 (if not highest). This can be explained, in particular, by the adoption of the German model for calculating fines under the GDPR.
Anyway, this is another one reminder for controllers and processors about the importance of putting TOMs in place appropriate to the risk as ‘somewhat good’ TOMs will unlikely be enough.
More to read – see below.
Just in case this hasn’t come to your notice yet, but linkedin has the right to use your photos for advertising if you don’t opt-out 🙁
Read more here. There is already discussions in progress on which privacy laws it is potentially breaking.
To opt-out you need to do the following:
1) go to your name on the top right hand corner and select settings from the drop down
2) select account on the settings page (bottom left)
3) under privacy controls, select manage social advertising
4) untick it > save
A little belated, but thanks to Eoin Fleming for the tip, more than 10 days ago!
The (quiet) introduction of a National Police Reference System in Australia has raised concerns on the impact on privacy. The database (run by CRIMTRAC has millions of records – including DNA and fingerprints) and is able to be accessed by all Australian law enforcement officers. There are up to 80,000 accesses to the data per day.
For more detail, please see http://www.smh.com.au/national/privacy-fears-growing-as-police-tighten-national-grip-20100117-mecr.html.
Looks as though Google is taking a significant initiative in enabling transparency in what they are collecting on you and how it is used. Check out this for the full article.
“It has created a window into part of its database, so users can see that Google has deduced that they are interested in “Anime & Manga” comics, or “Alternative-Punk-Metal” music or travel to Afghanistan. (Yes, those are on its list of 600 interest categories.)
It also built technology to allow your browser to remember that you don’t want Google (or its DoubleClick unit) to remember anything about you. It is more robust than the opt-out system used by many companies that rely on cookies in browsers. These are technical feats that other ad companies said would be too hard.”