In a recent decision by the French data protection authority (CNIL), KASPR, a company known for its data scraping practices, has been fined €240,000 for violating the General Data Protection Regulation (GDPR). The fine comes after KASPR’s controversial method of collecting personal contact details from LinkedIn users, even those who had specifically chosen to limit their visibility.
Meta Platforms Ireland Limited (MPIL) is ending the year with a hefty €251 million fine from the Irish Data Protection Commission (DPC). The penalty stems from a 2018 data breach that laid bare the personal information of 29 million Facebook users worldwide—3 million of them in the EU/EEA.
ParkMobile recently reached a $32.8 million settlement over a data breach that affected 21 million users. This breach, which happened back in 2021, is a reminder of how much more needs to be done to protect our personal data, even with widely used platforms. For anyone working in IT security or risk management, this case raises some serious red flags about how we’re securing sensitive information.
France’s telecommunications giant, Orange, is facing a €50 million fine for embedding advertisements within users’ email inboxes—a move deemed a serious violation of privacy rights by the French Data Protection Authority (CNIL). The ruling, issued on November 14, 2024, underscores the growing intolerance for digital marketing practices that bypass user consent.
The European Union is stepping up its cybersecurity game. At the initiative of the Hungarian presidency, the Council of the European Union has approved a set of conclusions aimed at bolstering the role of ENISA, the EU’s cybersecurity agency. These recommendations come as the bloc faces an increasingly complex cyber threat landscape and amid ongoing discussions to revise the Cybersecurity Act (CSA).
In an era where personal information flows through countless digital channels, the Consumer Financial Protection Bureau (CFPB) has proposed a sweeping rule to rein in the burgeoning data broker industry. This initiative seeks to impose stricter accountability under the Fair Credit Reporting Act (FCRA), ensuring that consumer data is shared only for legitimate purposes and safeguarding sensitive information like Social Security numbers and income data from misuse.
The European Data Protection Board (EDPB) has released new guidelines on data transfers to third-country authorities and approved the implementation of a European Data Protection Seal, marking significant steps in clarifying and strengthening data protection under the General Data Protection Regulation (GDPR).