data protection
Filter by...
-
Microsoft Office 365 banned from German schools over privacy concerns
In a bombshell decision, the Data Protection Authority (DPA) of the German Land of Hesse has ruled that schools are banned from using Microsoft’s cloud office product “Office 365”. According to the decision, the platform’s standard settings expose personal information about school pupils and teachers “to possible access by US officials” and are thus incompatible […]
Read more
-
Real Time Bidding: The auction for your attention
The digitalisation of marketing has introduced novel industry practices and business models. Some of these new systems have developed into crucial threats to people’s freedoms. A particularly alarming one is Real Time Bidding (RTB). When you visit a website, you often encounter content published by the website’s owner/author, and external ads. Since a certain type […]
Read more
-
Danish DPA approves Automated Facial Recognition
On 13 June 2019, the Danish football club Brøndby IF announced that starting in July 2019, automated facial recognition (AFR) technology will be deployed at Brøndby Stadium. It will be used to identify persons that have been banned from attending Brøndby IF football matches for violations of the club’s own rules of conduct. The AFR […]
Read more
-
Greece: Complaint filed against breach of EU data protection law
On 30 May 2019, EDRi observer Homo Digitalis filed a complaint to the European Commission against a breach of EU data protection law by Greece. The European Commission registered the complaint under the reference number CHAP(2019)01564 on 6 June 2019, and its services will assess the complaint and provide a reply within 12 months.
Read more
-
Poland: Banks obliged to explain their credit decisions
Owing to the initiative of the Polish EDRi member Panoptykon, bank clients in Poland will have the right to receive an explanation of the assessment of their creditworthiness. The initiative proposed and fought for amendments in the Polish banking law, and resulted in an even higher standard than the one envisioned in the General Data […]
Read more
-
ePrivacy: Private data retention through the back door
Blanket data retention has been prohibited in several court decisions by the European Court of Justice (ECJ) and the German Federal Constitutional Court (BVerfG). In spite of this, some of the EU Member States want to reintroduce it for the use by law enforcement authorities – through a back door in the ePrivacy Regulation.
Read more
-
Facebook’s commitments on ToS: Much ado about nothing?
On 9 April 2019, the Directorate-General for Justice and Consumers of the European Commission (DG JUST), together with the Consumer Protection Cooperation (CPC) Network, cheered at the new Facebook commitments to amend its Terms of Services (ToS). The amendments should address the concerns already raised by national competition authorities about the current ToS. They should […]
Read more
-
EU elections – protecting our data to protect us from manipulation
The campaigns for the European Parliament elections that will take place on 23-27 May 2019 are well under-way. Since the last elections in 2014, much has changed in the way political campaigns are conducted. Central to these changes is the role played by our data.
Read more
-
Will Serbia adjust its data protection framework to GDPR?
After a process that took more than five years, the National Assembly of Serbia finally adopted a new Law on Personal Data Protection in November 2018. The law closely follows EU’s General Data Protection Regulation (GDPR), almost to the point of literal translation into Serbian of some parts of the text. That was expected, due […]
Read more
-
Protecting personal data world wide: Convention 108+
Almost one year after the General Data Protection Regulation (GDPR) entered into force in the European Union (EU), the question often arises about what could other countries around the world do to protect their citizens’ personal data. Although there are countries that have data protection laws in place, many still do not, or have laws […]
Read more
-
Facebook Custom Audience illegal without explicit user consent
Online shops and marketers routinely share customer data with Facebook to reach them with targeted advertising. Turns out that in many cases this is illegal. A ground-breaking decision by a German Data Protection Authority (DPA) recently ruled that matching customers’ email addresses with their Facebook accounts requires their explicit consent.
Read more
-
ApTI submits complaint on Romanian GDPR implementation
In November 2018, the RISE Project case showed that the Romanian Data Protection Authority (ANSPDCP or Romanian DPA) was unprepared to respond to cases that involve both the right to freedom of expression and the right to privacy. RISE Project’s investigative journalism story #TeleormanLeaks was an important signal that the General Data Protection Regulation (GDPR) […]
Read more