by František Nonnemann & Vladan Rámiš

The right to be forgotten (right to erasure) is one of the well-known, and somewhat feared, legal institutes introduced by GDPR. On the other hand, the right to erasure is not absolute. It does not always apply and must be balanced against the interests and rights of other persons. However, this does not mean that the scope of the right to erasure is clear in practice and does not raise several issues and uncertainties. How should a data controller, especially an internet search engine, proceed if a data subject objects that the data displayed or otherwise processed is untrue? Misleading, offensive, factually incorrect? The search engine operator usually acts as the controller of the personal data it displays, but it is not the one who has placed the data on the Internet. It therefore has no other information how to assesses the accuracy of the data which has been published on the source page. Continue reading…

Two of the three foundations that have filed for damages against TikTok may have invalid claims. TikTok’s lawyers indicate that the foundations have not adhered to statutory deadlines. There is a risk that the two foundations may not be able to continue their case, which would mean that only the SOMI Foundation’s lawsuit will remain active. After the SOMI Foundation sued TikTok in June for an amount of €1.4 billion for large-scale violations of children’s privacy by the social video service, the Take Back Your Privacy Foundation (supported by the Consumentenbond) and the Massaschade & Consument Foundation also filed claims for damages. The two cases are largely similar to the case that SOMI initiated. The three cases are now being heard simultaneously by the court.
Continue reading…

As of today, the SOMI Foundation makes it possible for all European consumers to check via its SOMI app whether they have become a victim of the Facebook data leak from April this year. It can also reveal which of their personal data is circulating on the Dark Web. In total, personal data of more than 533 million Facebook accounts were leaked in April 2021, including 96.7 million European accounts. After verifying their own data, consumers can participate in the foundation’s legal investigation and possible collective claim against Facebook, which requires collection of evidence of GDPR violation from the data breach. The foundation is offering a total of €10,000 to anyone who can prove with their personal data that Facebook has violated the GDPR. Continue reading…

The SOMI Foundation submits the largest European collective data request recently to three tech giants: TikTok, Zoom and Palantir. According to the GDPR, companies are obliged to comply with the request for stored personal data. SOMI requests the personal data on behalf of its participants as part of the investigation into the possible violation of the GDPR by the international companies. The GDPR prescribes that companies that are active in Europe are obliged to provide access to stored personal data on request. In addition, it must be clearly stated how the personal data is stored and with whom it is shared. However, it is often not clear how such a request should be submitted to the company, if the option is offered at all. There is also no explicit way of supplying the stored personal data, which makes it difficult for consumers to understand which data is stored and used, and how it can be modified or deleted. Continue reading…

ProctorExam, European market leader in online proctoring, has been Security Verified by the ICT Institute, an independent IT audit firm. This achievement is a confirmation that ProctorExam goes beyond being just GDPR compliant. Guaranteeing data protection and security for both exam takers and organisations is a top priority. ProctorExam continuously investigates how to take the extra mile to meet that urgency. Security Verified is an open standard for information security similar to ISO 27001, with an emphasis on GDPR. Any company that handles valuable or personal data is obliged to take care of information security. Security Verified makes it easy for organisations to prove that they have taken such steps. It is a renowned and open standard for the information security of organisations, especially for innovative tech champions of today and tomorrow. The structure is similar to ISO 27001 and contains many of the control measures from ISO 27002. However, Security Verified integrated GDPR compliance even more, since these are the current legal requirements within the European Union. Continue reading…

The SOMI Foundation has sued TikTok on June 2, 2021 for violating privacy laws through a mass claim on behalf of parents whose children have used TikTok. The claim amount can reach more than € 1.4 billion. According to the foundation, TikTok is negligent when it comes to ensuring the safety and privacy of children on the platform. Internationally, this has already led to multiple deaths among minors. According to the foundation, it is therefore necessary to “intervene as soon as possible”. Continue reading…

EU Commissioner Didier Reynders recently spoke at the 2021 Transatlantic Conference. The participation of President Biden to the European Council showed how deep the alliance between the European Union and the United States is. We have a common willingness to work together to address the key challenges of our times: from the pandemic to the green transition. The recent visit of US Special Presidential Envoy for Climate, John Kerry, was a chance to discuss how to achieve our common objectives of a greener and cleaner future for all citizens. The U.S. trillion dollar recovery package focuses on green investment. It has similar priorities to the prior established European Green Deal. The digital transition requires the same commitment.
Continue reading…

Using the cross-system customer index from TOLERANT Software, companies can check in seconds whether they know a person making a request and in which systems data on this person might be stored. The customer index helps them to comply with their duty to provide information on data protection requests.  Continue reading…

by František Nonnemann

Twitter International Company (TIC), part of the Twitter Group, was fined 450.000 EUR by the Irish data protection authority for insufficient data breach management. The Irish Data Protection Commission found that TIC did not report significant data breach in the time limit of 72 hours as stated by the General Data Protection Regulation (GDPR). Furthermore, the company did not have the process for data breach management under full control and did not keep appropriate records of all data breaches that occurred. Continue reading…