GDPR decisions – November 2021
Sensitive data submitted in unencrypted emails draws severe criticism On 3 February 2021, the Danish Municipality of Silkeborg reported a personal data breach, as the municipality on that day had submitted an email to Danmarks Statistik Consulting containing a list of personal ID numbers, school name and school code on 12,915 pupils. The report stated …
GDPR decisions – October 2021
EUR 412,000 fine for failing security measures The Norwegian DPA has imposed a fine of EUR 412,000 on Norwegian municipality of Østre Toten. In January 2021, the municipality experienced a cyberattack entailing that the data of the municipality became encrypted and back-ups were deleted.
GDPR decisions – September 2021
WhatsApp fined EUR 225 million for inadequate information In 2018, the Irish Data Protection Commission initiated extensive investigations on whether WhatsApp complied with the transparency principle. The DPC examined whether WhatsApp observed its obligations under the GDPR regarding compliance of the obligation to inform and the transparency in the obligation to inform towards users and …
GDPR decisions – August 2021
The Danish Immigration Service reported to the Police and is facing a DKK 150,000 fine (about EUR 20,200) The Danish DPA initiated the case when they through various media found out that a possible logging error present in an IT system related to two deportation centres could have affected the rights of the residents. In …
GDPR decisions – July 2021
Recordings of phone conversations without prior consent made by the Danish Business Authority drew criticism from the Danish Data Protection Agency.
GDPR decisions – May 2021
Court of law approves the opportunity for compensation in the event of a non-pecuniary loss following a data breach At the end of 2018, four PCs were stolen from the town hall of Gladsaxe. A spreadsheet was stored on the local drive of one of the PCs containing personal data on 20,620 citizens for inter-municipal …
GDPR decisions – April 2021
Application of old TLS version drew criticism from the Danish DPA When looking into a case initiated by the DPA itself, the DPA established that the self-service solution available with the Police for applying for a firearms certificate (www.digimeld.politi.dk/vaaben/HTML/index.aspx?type=p70401) – during which your personal ID number must be entered – warns you about the page …
GDPR decisions – March 2021
Decision delivered in France may greatly impact the option of legally using European subsidiaries with parent companies in the USA for hosting of data.
GDPR decisions – February 2021
Phone conversations recorded by on-call GPs A Danish citizen had filed a complaint about her phone conversation with an on-call GP in the Region of Southern Denmark being recorded and the fact that the on-call GP subsequently denied to erase the recordings. The Danish Data Protection Agency found that it was alright for the on-call …
The Danish Supreme Court finds in favour of Danish municipality
The Western Division of the Danish High Court had previously acquitted a Danish municipality in a case where the municipality’s mechanical ditch cleaners had caused damage to a telecommunications cable situated in a roadside ditch.