Data Privacy News Bytes Nov 28th

Berlin’s Data Protection Authority Issue €14.5Million Fine

Property company Deutsche Wohnen SE have been issued a fine of €14.5million by Berlin’s Data Protection Authority for violations of Articles 5 and 25. The company stored tenant’s data in an archive system from which data could not be erased.

Deutsche Wohnen SE were originally ordered to rectify the situation, but an inspection in March 2019 revealed that they had failed to do so. The Data Protection Authority subsequently issued the fine based on the threshold of 2% of annual turnover for a violation of Article 25. In reality, they could have opted for the 4% of annual turnover for a violation of Article 5.

The fine took into account the fact that Deutsche Wohnen SE had cooperated well with authorities and had attempted to take mitigating steps (despite an overall failing to rectify the issue). The organisation will be appealing the penalty.

Democrats Propose Sweeping New Data Privacy Bill

Last Tuesday, democrats proposed new privacy laws to hold large tech companies to account over their data privacy standards, following a series of high-profile breaches and privacy concerns.

The Consumer Online Privacy Rights Act (COPRA) shares features with the General Data Protection Regulation (GDPR), forcing tech companies to disclose the personal information they collect, enable users to delete or correct information, gives users the opportunity to block the sale of their personal data and introduces more protection for children and teenagers.

If passed, the act will empower US authorities to levy large fines on organisations that fail to comply and make it easier for individuals to bring legal action. The bill is expected to receive bipartisan support but will be heavily opposed by the tech industries lobbying arm.

Microsoft Update Privacy Policies During GDPR Probe

Microsoft’s Chief Privacy Officer, Julie Brill, announced the change to their Online Services Terms (OST) and Privacy Policies on a global basis earlier this month, citing user feedback as the reason for doing so.

However, eagle-eyed users have noted that the company is in the middle of a GDPR investigation headed by the European Data Protection Board (EDPB) who raised concerns about their EU contracts in a preliminary opinion released in October.

ICO Ad Tech Battle Continues

The Information Commissioners Officer (ICO) continue to issue warnings to ad tech providers to get in line with the GDPR.

Following an ‘ad tech fact finding forum’ held in London in Tuesday, the ICO discussed the findings of their July report on the ad tech industry, saying that the industry’s current real-time bidding protocols do not comply with the GDPR.

The industry has been given six months to clean up their act or face heavy fines. Key areas of concern include the treatment of ‘special category’ data, over reliance on contracts, lack of clarity over the roles of data controllers and processors, inadequate user consent management, lack of transparency and a poor standard of legitimate interests assessments.