Security News
As of June 30, 2022, 91% of companies across all verticals, states, and business size that must comply with CCPA are still unprepared to meet CCPA requirements, according to CYTRIO. Further, 94% of companies that must comply with GDPR are ill prepared to meet the GDPR compliance requirements. "The majority of companies that must meet CCPA, CPRA, and GDPR compliance have a long way to go, and with enforcements looming, many are exposed to compliance enforcement fines and private-right of-action," said Vijay Basani, CEO, CYTRIO. "Through our ongoing research, we aim to educate the market on the importance of data privacy rights compliance, the need to enable consumers to easily exercise their data privacy rights, and how companies can build trust with their customers leveraging automated Data Subject Access Request submission and response solutions."
The reversal, reported by TechCrunch, comes a day after the Italian data protection authority - the Garante per la Protezione dei Dati Personali - warned the company against the change, citing violations of data protection laws. "The personal data stored in users' devices may not be used to profile those users and send personalized ads without their explicit consent," the Garante said.
There's been a lot of turbulence in the data privacy regulation space in the past couple of years. Post Brexit, there was a risk for the UK to be digitally isolated from the EU. For the moment, the General Data Protection Regulation has been kept in UK law as the UK GDPR, and the EU recognizes the UK under the GDPR and the LED as providing adequate data protection, which means that data can - for the most part - continue to flow.
As of March 31, 2022, the findings uncovered that 90% of companies are not fully compliant with CCPA and CPRA Data Subject Access Request requirements. Further, 95% of companies are using error prone and time consuming manual processes for GDPR DSAR requirements.
The Irish Data Protection Commission on Tuesday slapped Facebook and WhatsApp owner Meta Platforms a fine of €17 million for a series of security lapses that occurred in violation of the European Union's GDPR laws in the region. "The DPC found that Meta Platforms failed to have in place appropriate technical and organizational measures which would enable it to readily demonstrate the security measures that it implemented in practice to protect EU users' data, in the context of the twelve personal data breaches," the watchdog said in a press release.
French data protection regulators on Thursday found the use of Google Analytics a breach of the European Union's General Data Protection Regulation laws in the country, almost a month after a similar decision was reached in Austria. Of the data protection decree, which govern the transfers of personal data to third countries or international entities.
A regional court in the German city of Munich has ordered a website operator to pay €100 in damages for transferring a user's personal data - i.e., IP address - to Google via the search giant's Fonts library without the individual's consent. The unauthorized disclosure of the plaintiff's IP address by the unnamed website to Google constitutes a contravention of the user's privacy rights, the court said, adding the website operator could theoretically combine the gathered information with other third-party data to identify the "Persons behind the IP address."
Austrian watchdog rules German company's use of Google Analytics breached GDPR by sending data to US
The Austrian data protection authority has ruled that use of Google Analytics by a German company is in breach of European law in light of the Schrems II EU-US data sharing ruling. Datenschutzbehörde, or DSB, has found that a German publisher, not named in the case, was in breach of Article 44 of the General Data Protection Regulation in the use and operation of Google Analytics - commonly used throughout web publishing and ecommerce - because of its movement of personal data to the United States.
The incoming head of the UK's data watchdog has "Gone on the record" to say he will be fair and impartial in his dealings with tech companies despite once describing Facebook as "Morally bankrupt pathological liars." Speaking on Thursday at a hearing of the Digital, Culture, Media and Sport Committee via video link from New Zealand, he was asked about his criticism of big tech companies.
85 percent of the small- to medium-sized enterprises in the UK are familiar with GDPR, but more than half are still not cleaning their data and therefore not adhering to the GDPR's legal requirements, a REaD Group survey reveals. The survey of 1,110 SMEs also revealed that only 40 percent hold their customer and prospect data in a CRM or other database: a surprisingly low figure given that businesses need to maintain contact with their customers for sales and marketing purposes, and never more so than over the past 15 months.