Spanish Data Protection Authority (AEPD) Fine Private Person $10,000
With a 10,000 EUR fine issued to a private citizen for sharing intimate images of a co-worker on WhatsApp, the Spanish Agency for Data Protection (AEPD) has moved GDPR fines from just to companies to individuals. It remains to be seen if this precedent holds as there are arguments that support the claim of regulatory overreach. Companies must have a compliance programme that trains employees of their obligation to respect and protect privacy.
Irish Data Protection Commission (DPC) Report Human Error as Biggest Data Breach Cause
The DPC identified human error as the leading cause behind data breaches in the first year of the GDPR. ‘Unauthorised disclosure’ occurs most commonly when an organisation or employee sends sensitive or personal data to the wrong recipient via email or SMS.
One mistake is all it takes: implement an effective privacy compliance programme with tools and training to address the risk of human error.
Dating App Tinder Subject to GDPR Investigation
Ireland’s DPC announced a formal investigation into Tinder, focusing on the ways the organisation processes data, its transparency surrounding processing and compliance with obligations with regards to data subject right’s requests.
Complaints about the data app came in from Ireland and across the EU, identified a systemic issue with the app.
DPC Announced Formal Investigation into Google’s Use of Location Data
In addition to their investigation into Tinder, the DPC also announced a formal investigation into Google’s handling of users’ location data and the transparency around that.
The investigation comes after over a year’s worth of complaints from both consumer groups and individuals over the way Google processes personal data.