noyb
Filter by...
-
GDPR Rights in Sweden: Court confirms that authority must investigate complaints
The Stockholm administrative court held that a complainant under Article 77 GDPR has the right to request a decision from the Swedish Data Protection Authority (IMY) after six months.
Read more
-
Gmail creates “Spam Emails”, despite CJEU judgment
On 24 August, EDRi member noyb.eu filed a complaint against Google with the French Data Protection Authority (CNIL). The tech giant has repeatedly ignored the European Court of Justice (CJEU) ruling on direct marketing emails and used its email platform Gmail to send unsolicited advertising emails without valid consent of the users.
Read more
-
Statement on 4 Years of GDPR
When the GDPR became applicable on 25 May 2018, it was perceived as a watershed moment. Comments were somewhere between the EU getting serious about privacy and the internet breaking down at midnight. The past four years have shown that a law alone does not change business models that are based on the abuse of personal data and a culture within the privacy profession that is often focusing on covering up non-compliance. After a first moment of shock, large part of the data industry has learned to live with GDPR without actually changing practices. This is mainly done by simply ignoring users’ rights and getting away with it.
Read more
-
CNIL orders three controllers to comply with GDPR after decision that using Google Analytics is illegal
Only weeks after the groundbreaking decision by the Austrian Data Protection Authority that the continuous use of Google Analytics violates the GDPR, the French Data Protection Authority (CNIL) ordered three French websites to comply with the GDPR. All these decisions are based on noyb's 101 model complaints which were filed after the Court of Justice ruling invalidating Privacy Shield. noyb expects similar decisions by the other authorities.
Read more
-
Giropay knows what you bought last summer
A customer contacted noyb after seeing a detailed list of products she had ordered in an online pharmacy and a sex shop listed in her giropay account. Such data is specially protected under the GDPR and may not be processed without consent. noyb filed a complaint against giropay with the Hessian State Commissioner for Data Protection and Freedom of Information.
Read more
-
Austrian DSB: EU-US data transfers to Google Analytics illegal
In a groundbreaking decision, the Austrian Data Protection Authority ("Datenschutzbehörde" or "DSB") has decided on a model case by noyb that the continuous use of Google Analytics violates the GDPR.
Read more
-
noyb publishes the draft decision by the DPC in the case against Facebook
The Irish Data Protection Commission (DPC) has sent a draft decision to EDRi's member noyb - European Center for Digital Rights and informed noyb that the draft decision would be shared with the other European Data Protection Authorities for consultation. The case concerns Facebook's reliance on contracts for serving advertising to its users - the legal trick Facebook applied in May 2018 to bypass the GDPR.
Read more
-
noyb aims to end “cookie banner terror” and issues more than 500 GDPR complaint
EDRi's member noyb.eu sent over 500 draft complaints to companies who use unlawful cookie banners - making it the largest wave of complaints since the GDPR came into force. "Some companies are clearly trying everything to make privacy a hassle for users, when they have a duty to make it as simple as possible."
Read more
-
The Dating App “Grindr” to be fined almost € 10 Mio
On 26 January, the Norwegian Data Protection Authority upheld the complaints, confirming that Grindr did not recive valid consent from users in an advance notification. The Authority imposes a fine of 100 Mio NOK (€ 9.63 Mio or $ 11.69 Mio) on Grindr. An enormous fine, as Grindr only reported a profit of $ 31 Mio in 2019 - a third of which is now gone. EDRi member noyb assisted with writing the legal analysis and formal complaints.
Read more
-
Member in the spotlight: noyb
noyb (none of your business) is a non-profit privacy organisation with a pan-European scope of activities. It aims to stop privacy violations in the private sector by focusing on the enforcement of EEA data protection legislation (the GDPR).
Read more
-
A victory for us all: European Court of Justice makes landmark ruling to invalidate the Privacy Shield
Today, 16 July 2020, the Court of Justice of the European Union (CJEU) invalidated the EU-US Privacy Shield. The ruling proves a major victory for EU residents on how their personal data is processed and used by platforms like Facebook.
Read more
-
Say “no” to cookies – yet see your privacy crumble?
Cookie banners of large French websites turn a clear “no” into “fake consent”. EDRi member noyb has filed three General Data Protection Regulation (GDPR) complaints with the French Data Protection Regulator (CNIL).
Read more