The privacy saga with Norwegian Social Service continues
We promised you an update to Janne Cecilie Thorenfeldt’s case taking the Norwegian Labour and Welfare Administration (NAV) on the European Court of Human Rights (ECHR). Since EDRi member Elektronisk Forpost Norge (EFN) reported about the massive GDPR violations of the Service, here is what happened.
Filter resources
-
The privacy saga with Norwegian Social Service continues
We promised you an update to Janne Cecilie Thorenfeldt’s case taking the Norwegian Labour and Welfare Administration (NAV) on the European Court of Human Rights (ECHR). Since EDRi member Elektronisk Forpost Norge (EFN) reported about the massive GDPR violations of the Service, here is what happened.
Read more
-
GDPR enforcement: European Parliament must guarantee procedural rights to ensure people’s data protection
While it is a step forward in better enforcing the General Data Protection Regulation (GDPR), the European Parliament’s current GDPR Procedural Harmonisation Regulation text is still not enough to safeguard the fundamental rights of people. Today, February 15, the text was approved in the Committee for Civil Liberties, Justice and Home Affairs (LIBE), laying out the blueprints for enhanced procedures for cross-border GDPR complaints and ex-officio investigations.
Read more
-
Norwegian Social Service guilty of massive GDPR violations
Janne Cecilie Thorenfeldt, living in Norway, discovered that her employer which is also the Norwegian Social Service violated her data protection rights. So she took them to court. Read on to learn what happened.
Read more
-
Meta plans paid subscription for users who don’t want to be tracked
In a move to circumvent EU privacy law, Platform giant Meta reportedly plans to ask users to pay up to €228 a year to preserve their fundamental right to privacy on its platforms.
Read more
-
The UK data bridge: a sneak peek at the UK privacy race to the bottom to come
The UK extension to the EU – US Transatlantic Data Privacy Framework will come into force on 12 October. Its adoption provides a sneak peek at the future of UK international data transfers, and the erosion of essential guarantees against surveillance measures that the UK data protection reform would bring.
Read more
-
Meta pledges to ask EU users for consent before showing behavioural ads
In a surprise announcement last Tuesday, Meta made the long overdue promise to finally ask its users for their consent before showing them behavioral ads – at least if they live in the European Union, EEA or Switzerland.
Read more
-
Spotify gets fine of € 5 Million for GDPR violations
Following an EDRi member noyb complaint and litigation over inactivity, the Swedish Data Protection Authoirty (IMY) has issued a fine of 58 Mln Swedish Crown (about € 5 Million) against Spotify.
Read more
-
Guarding health data privacy in Europe: The limits and challenges of current regulations
The GDPR demonstrates the capacity of the European Union to prioritise data protection and privacy. The collection and use of health data by private corporations makes privacy protections critically important. Taken together, the provided policy recommendations here create comprehensive steps forward.
Read more
-
Sex, religion and race are advertising taboos, except for power-hungry politicians
As the GDPR turns five, certain EU lawmakers want to rip out some of its protections, so they can use our deeply personal information to tailor political ads and tip political elections and campaigns in their favour.
Read more
-
€1.2 billion GDPR fine for Meta over US mass surveillance
Today, a decade-long (2013 - 2023) case on Meta's involvement in US mass surveillance has led to a first direct decision. Meta must stop any further transfers of European personal data to the United States, given that Meta is subject to US surveillance laws (like FISA 702). The European Data Protection Board (EDPB) had largely overturned the Irish Data Protection Commission's (DPC) decision, insisting on a record fine and that previously transferred data must be brought back to the EU.
Read more
-
5 years of the GDPR: National authorities let down European legislator
On 25 May 2018, the General Data Protection Regulation (GDPR) came into force, promising to be the strongest set of data protection rules to enhance our privacy. While the contents of EU data protection rules stayed largely the same, the alleged big change was the GDPR's strict enforcement. 5 years later, national authorities and courts largely leave the European legislator in the lurch – despite a budget of more than €330 million in 2022.
Read more
-
GDPR Rights in Sweden: Court confirms that authority must investigate complaints
The Stockholm administrative court held that a complainant under Article 77 GDPR has the right to request a decision from the Swedish Data Protection Authority (IMY) after six months.
Read more