Netherlands: Mass Damage & Consumer Foundation files €6 billion claim against TikTok

The Mass Damage & Consumer Foundation announced, on 7 September 2021, that it had started a collective action against TikTok Inc. for its violations of the fundamental rights of consumers in the Netherlands on a large scale. In particular, the Foundation noted that through the collective action, it seeks to stand up for all users of TikTok, not just minors, and that it was seeking the Amsterdam Court to order TikTok to pay more than €6 billion.

Why Amazon’s £636m GDPR fine really matters

We were promised huge fines and GDPR has finally delivered. Last week, Amazon’s financial records revealed that officials in Luxembourg are fining the retailer €746 million (£636m) for breaching the European regulation.

The fine is unprecedented: it’s the biggest GDPR fine issued to date and is more than double the amount of every other GDPR fine combined. The financial penalty, which Amazon is appealing, comes at a time when GDPR is feeling the strain of lax enforcement and measly fines. Experts say companies are allowed to get away with abusing people’s privacy as GDPR investigations are too slow and ineffective. Some people even want GDPR to be ripped up entirely.

But Luxembourg’s action against Amazon stands out for two reasons: first, it shows the potential power of GDPR; second, it exposes cracks in how inconsistently such regulations are applied across the EU. And for both of these reasons it is arguably the most important GDPR decision issued.

China built the world’s largest facial recognition system. Now, it’s getting camera-shy.

Guo Bing, a law professor in the Chinese city of Hangzhou, liked the zoo enough to purchase an annual pass. But he didn’t like it nearly enough to let the zoo take a high-resolution scan of his face.

In what judges called the first case of its kind in China, Guo sued the zoo — and won. He argued there was no legal basis for the Hangzhou Safari Park to collect visitors’ biometric data, and that it had not taken precautions to protect the information. In April, a Chinese appeals court ruled in favor of Guo, ordering the zoo to refund him and delete his face scan and fingerprints.

Now, China is putting its freewheeling facial recognition industry on notice. Citing Guo’s case, China’s top court announced this week that consumers’ privacy must be protected from unwarranted face tracking.

Spain: the SDPA confirms that the clinical trials monitors should not sign a commissioning contract about the processing of data with the healthcare centers

[Lexology]

The Legal Office of the Spanish Data Protection Agency (the “SDPA”) has issued on 17 June 2021 a legal report addressing various issues related to the processing of data in the context of health research in the form of clinical trials.

Specifically, this report analyzes the legal position of the sponsor, the monitor and the healthcare centers in relation to the processing of trial patient data, and in particular of the clinical history.

Amazon Gets Record $888 Million EU Fine Over Data Violations

Amazon.com Inc. faces the biggest ever European Union privacy fine after its lead privacy watchdog hit it with a 746 million-euro ($888 million) penalty for violating the bloc’s tough data protection rules.

CNPD, the Luxembourg data protection authority slapped Amazon with the record fine in a July 16 decision that accused the online retailer of processing personal data in violation of the EU’s General Data Protection Regulation, or GDPR. Amazon disclosed the findings in a regulatory filing on Friday, saying the decision is “without merit.”

Holanda multa TikTok com quase US$ 900.000 por violar leis de proteção de dados pessoais

As autoridades holandesas aplicaram, nesta quinta-feira (22), uma multa de 884.000 dólares ao TikTok, afirmando que a rede social violou as leis de proteção de dados pessoais.

A Autoridade de Proteção de Dados da Holanda (CBP) observou que as informações de download do aplicativo da rede social estavam escritas em inglês, o que tornava difícil entender para as crianças holandesas.

What the latest Pegasus spyware leaks tell us | MIT Technology Review

Over the weekend, a consortium of international news outlets published their findings from an investigation into the use of Pegasus, the marquee spyware product of the secretive billion-dollar Israeli surveillance company NSO Group.

The reports from the Guardian, the Washington Post, and 15 other media organizations are based on a leak of tens of thousands of phone numbers that appear to have been targeted by Pegasus.

The nightmare of our snooping phones

A Catholic official’s resignation shows the real-world consequences of practices by America’s data-harvesting industries.

“Data privacy” is one of those terms that feels stripped of all emotion. It’s like a flat soda. At least until America’s failures to build even basic data privacy protections carry flesh-and-blood repercussions.

This week, a top official in the Roman Catholic Church’s American hierarchy resigned after a news site said that it had data from his cellphone that appeared to show the administrator using the L.G.B.T.Q. dating app Grindr and regularly going to gay bars. Journalists had access to data on the movements and digital trails of his mobile phone for parts of three years and were able to retrace where he went.

Carrefour é multado em 3.8 milhões de euros por descumprimento da GDPR

O Carrefour, multinacional francesa de supermercados com operações em mais de 30 países, foi multada em €3 milhões (quase RS$ 20 milhões) por múltiplas violações do Regulamento Geral sobre a Proteção de Dados (GDPR). Informações são da Infosecurity Magazine.

De acordo com o portal, a multa foi aplicada pela Comissão Nacional de Computação e Liberdade (CNIL), uma das principais organizações reguladoras do GDPR na Europa. Além da rede mundial de supermercados, o Banco Carrefour, conhecido por Carrefour Soluções Financeiras no Brasil, também foi multado pelo órgão, em € 800 mil (mais de RS$ 5 milhões).