Luxembourg’s data protection authority CNPD has imposed a fine of €746m ($888m) on Amazon for processing personal data in breach of the EU’s General Data Protection Regulation (GDPR). The CNPD also ordered the online retailer to revise it practices.
This report will consider some of the high-profile and noteworthy decisions taken by DPAs and courts over the GDPR’s first three years of enforcement, and consider how some key provisions of the regulation have developed. The report will also look ahead to how the EU’s data protection landscape might evolve in the coming years.
Could “commercially available” location data originating from Grindr really have been used to identify an individual? I asked Finn Myrstad, who helped file a data protection complaint regarding how Grindr shares user data.
Datatilsynet, Denmark’s DPA, has ordered the Southern Denmark regional authority to pay DKK500,000 ($79,200, €67,200) for failing to have appropriate safeguards to protect sensitive health information. The DPA is also referring the council to the police.
The Austrian Supreme Court has referred a case against Facebook to the Court of Justice of the European Union (CJEU). The case has been dubbed “Schrems III,” as it’s the third CJEU reference involving Facebook and campaigner Max Schrems.