At a proposed value of £183 million, British Airways is facing the highest record of GDPR fines, Britain's DPA is making it clear that companies should protect customers’ data or be ready to pay.
Faced with a deluge of complaints regarding violations in terms of general data protection, regulators are expected to levy the first GDPR fines and other sanctions by year end.
Both breach notifications and GDPR fines have increased in the past year, however, survey has shown a striking disparity in the number of data breaches reported among EU member nations.
Four of the largest U.S. wireless carriers, T-Mobile, AT&T, Verizon and Sprint, face a potential collective fine of $200 million for failing to secure location data sold to third parties.
As much as Facebook would like to sweep the Cambridge Analytica data scandal under the rug, signs continue to mount that the company is still playing fast and loose with user data. All this raises the question of whether the 2011 FTC settlement that resulted in an 8-count consent decree actually went far enough.
As consumer privacy issues continue to grow, privacy professionals should look at the overall landscape of the litigation risks to better plan for comprehensive data privacy policies.
UK's ICO is increasingly active in their efforts to reduce offences in anti-spam regulations and data breaches. In 2017, we witnessed an annual rise in fines of nearly 69 percent, from £2.9 to £4.9 million. A total of 104 companies has been fined a total of £8.7 million for failures since August 2015.
UK data protection watchdog argues that personal data has monetary value and wants powers to seize assets for criminal cases, including data, under the Proceeds of Crime Act 2002 (POCA).
IoT regulations without real penalties will let manufacturers and service providers continue their focus on ease of use at the expense of security and privacy best practices.
Google received €50 million in GDPR fines from French regulator CNIL for failing to adequately inform users about their data collection practices, and not giving users enough control over how their information is used. What are the lessons learnt?