SypherPrivacyTalks - March 2024 - Week 12

by Sypher - March 18, 2024

Welcome to #SypherPrivacyTalks — Your news and article roundup. Bringing you the top privacy & compliance stories of the week.

Swedish Court Fines Klarna 670K EUR for Flaws in Privacy Notice • 3 min read
⚖️ Klarna, a Swedish payments company, will have to pay a fine of 7.5 million kronor (€670,000) for breaching the GDPR by failing to provide its users with sufficient information in privacy notes about how it stores their personal data (the court found that the information was unclear or difficult to access).

The privacy notices in question were used between March and June 2020 and have since been updated. 

Sweden's Administrative Court of Appeal increased the fine to the 7.5 million kronor originally sought by the Swedish Data Protection Agency (SDPA). A lower court ruled last year that Klarna should pay 6 million kronor… read more

Romania draft law - video surveillance cameras to be mandatory in nurseries and kindergartens • 2 min read

👁️ A legislative proposal to install video and audio surveillance cameras in all kindergartens and nurseries in Romania, including classrooms, and for parents to be able to access the images at any time allegedly aims to combat abuse and violence, but contravenes the GDPR.

Video surveillance cameras are currently installed in schools and highschools in certain areas, but mostly in examination halls. However, according to the law, the cameras can also be used during the rest of the year to monitor the day-to-day activities in the classroom, especially where there are frequent incidents. This can be done with the consent of the majority of parents, which again contravenes the GDPR and causes controversy.

To be implemented, the new proposed bill must be passed by Parliament, promulgated by presidential decree and published in the official Publishing House… read more (in Romanian)

Greece’s GDPR scandal over mass emailing rocks ruling party • 3 min read

📥 An EU MEP has been accused of sending out mass emails to Greek voters living abroad without their consent, sparking a political uproar and leading to resigning and expelled members of the ruling conservative New Democracy party.

The matter sparked a heated discussion in Greece and on social media, as the June EU elections will be the first to use postal voting and the implementation of the GDPR is at the centre of the debate.

Greece’s Data Protection Authority has launched an investigation.… read more

Hackers steal personal data of 43 million French job seekers • 3 min read

💥 A cyber attack on two employment agencies - France Travail and Cap Emploi - has stolen the personal data of 43 million people, that’s more than half of the French population.

"Personal information concerning job seekers currently registered with France Travail, people previously registered over the last 20 years as well as people not registered on the list of applicants employment but having a candidate space on is likely to be disclosed and exploited illegally," France Travail said in a declaration.

The attack hasn't been claimed and no data yet leaked. A preliminary investigation suggests that the attackers may have gained access in early February by impersonating a Cap Emploi official... read more

Italy privacy watchdog fines Unicredit €2.8 million for data breach • 1 min read

🏦 Italy's data protection authority, Garante, announced a €2.8m fine against UniCredit for alleged breaches of the GDPR in relation to insufficient security measures taken by the bank during a cyber attack in 2018.

The sanction takes into account the large number of people involved in the data breach and its seriousness, as well as the timely adoption of corrective measures, the authority said.
The bank stated that it would appeal the decision in court… read more


Get connected with us on LinkedIn or by subscribing to our weekly newsletter. We do our best to select the most interesting and relevant content in our field and deliver it to you in a bite-sized format, so you can stay up to date on topics such as Privacy Management & Compliance.