Security News

Fundamentally, the General Data Protection Regulation's right-to-privacy focus - giving people provenance over their data - allows individuals to dictate how companies, including data brokers, use their personally identifiable information. GDPR - a set of data privacy regulations throughout the European Union - has extra-territorial scope, meaning platforms and websites outside of the EU that traffic in the PII of those inside the EU must also comply with its directives.

Biometrics and surveillance camera commissioner Professor Fraser Sampson has warned that oversight of facial recognition is a risk just as the policing minister plans to "Embed" it into the force. Sampson's job, if you were wondering, is to encourage "Compliance with the Surveillance Camera Code of Practice" - the only legal instrument that addresses police use of live facial recognition directly.

The Irish Data Protection Commission has fined WhatsApp Ireland €5.5 million after confirming that the messaging service violated the General Data Protection Regulation. On May 25, 2018, the DPC initiated an inquiry into a potential violation of the regulation by WhatsApp following a complaint from a German data subject.

As of Wednesday, Jan. 4, Meta has once again been hit with a major GDPR violation, earning itself more than $400 million in fines for its latest data privacy misstep. In this report, we'll share what we know about Meta's latest violation, and we'll dive a little deeper into Meta's troubled past with GDPR. Fast facts about Meta's 2023 GDPR targeted ads violation.

Facebook-Meta-was just fined $276 million for a data leak that included full names, birth dates, phone numbers, and location. Meta's total fine by the Data Protection Commission is over $700 million.

As of June 30, 2022, 91% of companies across all verticals, states, and business size that must comply with CCPA are still unprepared to meet CCPA requirements, according to CYTRIO. Further, 94% of companies that must comply with GDPR are ill prepared to meet the GDPR compliance requirements. "The majority of companies that must meet CCPA, CPRA, and GDPR compliance have a long way to go, and with enforcements looming, many are exposed to compliance enforcement fines and private-right of-action," said Vijay Basani, CEO, CYTRIO. "Through our ongoing research, we aim to educate the market on the importance of data privacy rights compliance, the need to enable consumers to easily exercise their data privacy rights, and how companies can build trust with their customers leveraging automated Data Subject Access Request submission and response solutions."

The reversal, reported by TechCrunch, comes a day after the Italian data protection authority - the Garante per la Protezione dei Dati Personali - warned the company against the change, citing violations of data protection laws. "The personal data stored in users' devices may not be used to profile those users and send personalized ads without their explicit consent," the Garante said.

There's been a lot of turbulence in the data privacy regulation space in the past couple of years. Post Brexit, there was a risk for the UK to be digitally isolated from the EU. For the moment, the General Data Protection Regulation has been kept in UK law as the UK GDPR, and the EU recognizes the UK under the GDPR and the LED as providing adequate data protection, which means that data can - for the most part - continue to flow.

As of March 31, 2022, the findings uncovered that 90% of companies are not fully compliant with CCPA and CPRA Data Subject Access Request requirements. Further, 95% of companies are using error prone and time consuming manual processes for GDPR DSAR requirements.

The Irish Data Protection Commission on Tuesday slapped Facebook and WhatsApp owner Meta Platforms a fine of €17 million for a series of security lapses that occurred in violation of the European Union's GDPR laws in the region. "The DPC found that Meta Platforms failed to have in place appropriate technical and organizational measures which would enable it to readily demonstrate the security measures that it implemented in practice to protect EU users' data, in the context of the twelve personal data breaches," the watchdog said in a press release.