The Italian Data Protection Authority (DPA), the Garante, has sanctioned the use of dark patterns to collect personal data for the first time under the terms of the GDPR. What are dark patterns? Deceptive patterns (also known as “dark patterns”) are tricks used in websites and apps that make you do things that you didn’t […]
“IAB Europe-TCF= Fine by Belgian DPA”
The Belgian DPA found that the Transparency and Consent Framework (TCF) developed by IAB Europe, fails to comply with a number of provisions of the GDPR. Background The Belgian DPA received complaints in 2019 about its reliance on the OpenRTB Protocol which focuses on real-time bidding and the automated use of user profiles within online […]
Austrian DPA on Google Analytics- A Quick Analysis
Quick Snapshot of the case DPA’s Observations Data transmitted through Google Analytics is Personal Data: In the DPA’s opinion, it is theoretically possible to link the transferred data back to a natural person through the combination of the vast amount of data transmitted. Therefore, a link to a person can be established (see Art. 4(1) […]
EDPB Guidelines on Transfer of Data to 3rd Countries- A Synopsis
This article is a high-level overview of the 48 pages of the EDPB’s guidelines on the transfer of data to third countries. It is all about accountability. Accountability in Data Transfers The first thing the guideline talks about is accountability. Accountability in Practice Step I Step II Step III Step IV- Supplementary Measures Effective Supplementary […]
IKEA fined $1.2 million for spying on its employees
Overview The Decision What did IKEA do? IKEA’s Response Privacy Team Analysis