GDPR Rights in Sweden: Court confirms that authority must investigate complaints
The Stockholm administrative court held that a complainant under Article 77 GDPR has the right to request a decision from the Swedish Data Protection Authority (IMY) after six months.
Filter resources
-
GDPR Rights in Sweden: Court confirms that authority must investigate complaints
The Stockholm administrative court held that a complainant under Article 77 GDPR has the right to request a decision from the Swedish Data Protection Authority (IMY) after six months.
Read more
-
New Europol rules massively expand police powers and reduce rights protections
The new rules governing Europol, which came into force at the end of June, massively expand the tasks and powers of the EU’s policing agency whilst reducing external scrutiny of its data processing operations and rights protections for individuals.
Read more
-
Gmail creates “Spam Emails”, despite CJEU judgment
On 24 August, EDRi member noyb.eu filed a complaint against Google with the French Data Protection Authority (CNIL). The tech giant has repeatedly ignored the European Court of Justice (CJEU) ruling on direct marketing emails and used its email platform Gmail to send unsolicited advertising emails without valid consent of the users.
Read more
-
The state of privacy at Dutch municipalities
EDRi member Bits of Freedom has done research on the General Data Protection Regulation (GDPR)-compliance within the ten largest municipalities of the Netherlands. Unfortunately, most municipalities scored a failing grade, despite the fact that the GDPR has celebrated its fourth anniversary.
Read more
-
Statement on 4 Years of GDPR
When the GDPR became applicable on 25 May 2018, it was perceived as a watershed moment. Comments were somewhere between the EU getting serious about privacy and the internet breaking down at midnight. The past four years have shown that a law alone does not change business models that are based on the abuse of personal data and a culture within the privacy profession that is often focusing on covering up non-compliance. After a first moment of shock, large part of the data industry has learned to live with GDPR without actually changing practices. This is mainly done by simply ignoring users’ rights and getting away with it.
Read more
-
Post-Brexit data protection laws are coming, and we should all be concerned about it
The UK Government are expected to reveal their Post-Brexit data protection bill on 10 May. They are proposing a framework that frames personal data in terms of economic assets and aims to "cut red tape" to promote their commercial use. These ideas draw considerable support among corporate lobbyists and large technology companies, which would no doubt leverage the "UK example" to advocate for weaker data protection standards in Europe. In turn, understanding and opposing these changes should not be seen as a domestic issue, but as a major threat for digital rights advocates across the globe.
Read more
-
Threat to the protection of personal data in Belgium: European civil society is concerned
EDRi, alongisde multiple civil society organisations, is the signatory of an open letter addressed to the Belgian Parliament, demanding better enforcement of the European data protection rules and guarantees of political independence of the Belgian Data Protection Authority.
Read more
-
CNIL orders three controllers to comply with GDPR after decision that using Google Analytics is illegal
Only weeks after the groundbreaking decision by the Austrian Data Protection Authority that the continuous use of Google Analytics violates the GDPR, the French Data Protection Authority (CNIL) ordered three French websites to comply with the GDPR. All these decisions are based on noyb's 101 model complaints which were filed after the Court of Justice ruling invalidating Privacy Shield. noyb expects similar decisions by the other authorities.
Read more
-
Civil society call and recommendations for concrete solutions to GDPR enforcement shortcomings
EDRi members call on the European Data Protection Board (EDPB), the European Commission, and all national data protection authorities (DPAs) to urgently address the structural and procedural enforcement issues that prevent the GDPR from fully reaching its potential.
Read more
-
Giropay knows what you bought last summer
A customer contacted noyb after seeing a detailed list of products she had ordered in an online pharmacy and a sex shop listed in her giropay account. Such data is specially protected under the GDPR and may not be processed without consent. noyb filed a complaint against giropay with the Hessian State Commissioner for Data Protection and Freedom of Information.
Read more
-
Belgian authority finds IAB Europe’s consent pop-ups incompatible with the GDPR
Following a number of complaints filed in 2018 and 2019, including by EDRi-members Panoptykon and Bits of Freedom, and coordinated by the Irish Council for Civil Liberties, the Belgian Data Protection Authority has found that the consent system developed and managed by the adtech industry body IAB Europe, and used by many websites in the EU, is illegal under the GDPR.
Read more
-
Hide and Seek: Polish DPA agrees that people should be able to access their advertising profiles, but there’s no way to do so
Following EDRi member Panoptykon’s General Data Protection Regulation (GDPR) complaint against one of the biggest Polish news website, Interia.pl - the Polish Data Protection Authority has confirmed that online publishers should give users access to their advertising profiles generated for the purposes of delivering behavioural ads.
Read more