[UK/India] – Health Company Fined by UK’s ICO

  • Subcontractor based in India to process sensitive personal data without adequate data processing / data transfer grounds
  • Lack of contractual definition of adequate technical and organisational measures in India
  • Sensitive personal data (with high severity) sent via unencrypted email
  • Sensitive personal data on  FTP server without restricted access controls
  • Patient found his/her data via Internet search

https://www.hldataprotection.com/2017/03/articles/international-eu-privacy/health-company-fined-by-uks-information-commissioner-office/

Germany/Bavaria: DPA scanning for web sites for privacy-compliant Google Analytics use

In 2012, the Bavarian DPA scanned German web sites for the privacy compliant use of Google Analytics.

The DPA checked

  • if a written processing agreement had been put in place with Google,
  • if the privacy notice on the web site was transparent on the use of Google Analytics and the users’ option to avoid being tracked
  • if the Google Analytics’ “anonymization feature” was enabled in the web site’s source code

13.404 Webseiten had been tested 2.371 companies were contacted for shortcomings.

More information (in German) on  https://www.lda.bayern.de/de/google_analytics.html

Norwegian DPA blocks three smart device vendors from processing customer data

The Norwegian DPA has given Gator AS orders to discontinue all processing of personal information about its customers since they have not provided enough information in the smart bells they provide. In addition, PepCall AS and GPS for children – Smartprodukt AS have been notified of similar decisions.

Use right-click in Chrome to translate:

https://www.datatilsynet.no/aktuelt/2017/palegger-stans-i-behandlingen-av-personopplysninger-i-smartklokker/