AI age-verification cameras in tobacco shops breach privacy laws

Welcome to #SypherPrivacyTalks — Your news and article roundup. Bringing you the top privacy & compliance stories of the week.

“Augmented” cameras to estimate age in tobacco shops: the CNIL clarifies its position

cnil.fr • 3 min read

👁️ The CNIL has stated that the use of AI-based age verification cameras in tobacco retail stores does not comply with data privacy legislation. This is because it lacks a necessary legal basis for processing and constitutes an excessive infringement of individuals' fundamental rights. 
The CNIL has suggested that stores could instead request identification documents… read more (article in French).

How TikTok, AliExpress & WeChat ignore your GDPR rights

noyb.eu • 3 min read

📝 NOYB has filed complaints against AliExpress, TikTok, and WeChat. The companies have failed to comply with access requests under Article 15 of the GDPR.  This prevents European users from exercising their fundamental right to privacy and finding out how their personal data is processed, as well as whether the companies comply with other GDPR provisions, such as those regarding data transfers… read more

German court clarifies cookie banner compliance requirements

ppc.land • 4 min read

💡A court in Hanover, Germany, has clarified the rules on obtaining consent to use cookies and other tracking technologies under the GDPR. The ruling provides further guidance on how businesses should operate online, including how to obtain freely given consent for cookies and similar technologies. 
The court also issued a specific ruling on the use of Google Tag Manager that affects thousands of website operators...  read more

More commentary on implications here.

Romania: Former presidential candidate fined €10,000

dataprotection.ro • 3 min read

💶 Călin Georgescu, a former Romanian presidential candidate, was fined over 50,000 RON by the National Authority for the Supervision of Personal Data Processing. The fine was issued for installing cookies on his website without user consent, and for failing to inform users about the collection of personal data via the contact form… read more (announcement in Romanian).

Interview discussing privacy & cybersecurity in Greece

lexology.com • 8 min read

🎙️This interview with Kyriakides Georgopoulos law firm explores the implementation of the NIS2 Directive, emphasising the closer overlap between cybersecurity and GDPR obligations. Specifics: Greece’s implementation.
Key takeaways include stricter breach notification rules, the introduction of mandatory security roles that are distinct from DPOs, and shorter deadlines for reporting significant incidents. These changes underscore the growing convergence of privacy and cybersecurity compliance… read more

--

Get connected with us on LinkedIn or by subscribing to our weekly newsletter. We do our best to select the most interesting and relevant content in our field and deliver it to you in a bite-sized format, so you can stay up to date on topics such as Privacy Management & Compliance.

Photo by Alan J. Hendry on Unsplash