Standard Post with Image

The Italian Privacy Authority (Garante per la protezione dei dati personali) issues the 5th highest fine in its history

The Italian Privacy Authority (Garante per la protezione dei dati personali) has issued fines for more than 11 mln Euros to 5 Chinese money-transfer companies that treated the personal data of about 1.000 customers in violation of the Italian data protection law.  The investigation in the case was conducted by the Italian financial police (Guardia di Finanza) and coordinated by the Public Prosecutor’s Office of Rome.  The violations revealed by the Italian financial police were against money laundering laws and data protection laws.  The criminal enterprise was illegally transferring considerable amounts of money to China, dividing the amounts in chunks lower than the money laundering threshold between about 1.000 customers unaware that the transfers were operated in their names.  This determined the violation of personal data that led to the fines of the Garante per la protezione dei dati personali.

The decision of the Italian Privacy Authority can be downloaded here
Standard Post with Image

The British Information Commissioner’s Office issues a £ 270.000 fine for nuisance calls

The British Information Commissioner’s Office (ICO) has fined a company that made 22 million nuisance calls, in the form of automated marketing calls, to individuals who did not specifically agree to receive such calls.  The fine is one of the highest ever made by the ICO.  Read the press release from the U.K.

ICO website
Standard Post with Image

The Court of Justice of the European Union rules on the right to be forgotten applied to company registers

After the famous Judgement in the Google Spain case, the Court of Justice of the European Union (CJEU) rules on the right to be forgotten (RTBF) applied to company registers in the Manni case.  Being the case focused on EU Company Law, the CJEU has taken the position that RTBF does not generally entail that individuals can request the non-disclosure or erasure of their personal data from company registries after a certain period of time.  Exception to this general reading of the RTBF in this particular field, are exceptional circumstances and the “expiry of a sufficiently long period after the dissolution of the company in question”.

The provisional text of the judgment is available here
Standard Post with Image

The US Federal Trade Commission testifies before the House Small Business Committee about data security and small businesses

The Acting Chairman of the US Federal Trade Commission (FTC), Ms. Maureen K. Ohlhausen, has testified on 8 March 2017 before the House Small Business Committee affirming that the Agency is devoted to protect consumers and improve the capacity of small businesses to secure consumers’ data.  “Failing to take reasonable precautions to secure data from identity thieves and other malicious actors hurts consumers and legitimate businesses alike”, Ohlhausen said.

Read the FTC press-release here
Standard Post with Image

WikiLeaks again: publication of trove of C.I.A. massive spying of data from various devices, including Samsung TVs

WASHINGTON — In what appears to be the largest leak of C.I.A documents in history, WikiLeaks released on Tuesday thousands of pages describing sophisticated software tools and techniques used by the agency to break into smartphones, computers and even Internet-connected televisions....

Read More