Clearview AI fined 30.5 million euros

The Dutch Data Protection Authority (Dutch DPA) has imposed a significant fine of 30.5 million euros on Clearview AI, a U.S.-based company known for its controversial facial recognition services. In addition to the fine, Clearview also faces potential additional penalties of up to 5 million euros for non-compliance. This decision underscores the Dutch authority’s firm stance against privacy violations and the unauthorized use of data, particularly in the rapidly developing field of biometric technology. Read More

856.000 euro GDPR fine

One of Finland’s largest online retailers, Verkkokauppa.com, was recently fined a not inconsiderable €856,000 by the national supervisory authority.

How it came about: a customer of the Finnish retailer complained to the authority that he was forced to create a user account in order to shop on the site.

Read More

40.000 euro fine for Emag for failure to comply with GDPR requirements

1. The National Supervisory Authority for Personal Data Processing (NSPSPDPA) has received complaints from three individuals in Hungary against Dante International SA, through the cooperation mechanisms of Regulation (EU) 2016/679.

2. The ANSPDCP has been designated as the lead supervisory authority in this case, as Dante International SA has its main office in Romania.

Read More

5 notable examples of fines for non-compliance with Art 32 of GDPR

Article 32 of the General Data Protection Regulation (GDPR) lays down the obligation for controllers to implement technical and organizational measures with regard to the processing of personal data in such a way as to ensure a level of security appropriate to the risks associated with the processing and the nature of the personal data involved. These measures must ensure the confidentiality, integrity and availability of the data, as they would say, the holy trinity in information security or CIA.

Read More

Emag receives fine for not respecting GDPR regulation

The National Supervisory Authority for Personal Data Processing has formally completed its investigation into Dante International SA and found that the company violated several provisions of Regulation (EU) 2016/679.

Thus, Emag.ro did not comply with a data subject’s request to delete his data,the company informed him by SMS about a new offer, when he had expressly requested the deletion of his account and all irrelevant data. As a result, the regulator issued a fine of €1,000 (equivalent).

details here

„Effective training” – a new concept after the recent decision of the Cluj courts in the Banca Transilvania vs ANSPDCP case

Much has been said about the fine of € 100,000 imposed by the National Authority for the Supervision of Personal Data (ANSPDCP) almost two years ago to sanction the dissemination of personal data belonging to a customer and employees of Banca Transilvania in the public space. It is not our intention to go back over the history of those facts, nor do we intend to analyze it, as we do not have the concrete details of the case at our disposal.

Read More