(Data Protection News & Services)
The European Data Protection Supervisor (“EDPS”) and the Austrian Data Protection Authority have both recently issued a decision ruling that the transfers of personal data to Google LLC (US) entailed by the use of Google Analytics tool on the European Parliament and by a company located in Austria (the “website operator”) websites, were not GDPR compliant.
On 30 and 31 December 2021, the CNIL sanctionned :
FACEBOOK IRELAND LIMITED with a € 60 million fine ; and
GOOGLE with a fine totalling €150 million (€ 90 million for GOOGLE LLC and € 60 million for GOOGLE IRELAND LIMITED)
because they did not allow users of the social network facebook.com and the websites google.fr and youtube.com residing in France to refuse cookies as easily as to accept them.
By a decision of November 25, 2021, the Court of Justice of the European Union (CJEU) ruled that the practice of displaying an advertisement under the appearance of an e-mail in the users’ e-mail box is subject to the prior information and consent of the users (as required under directive 2002/58/EC), without which it also constitutes an unfair commercial practice insofar as this practice corresponds to the notion of “repeated and unwanted solicitations” within the meaning of the Directive 2005/29/EC (“Unfair Commercial Practices Directive”) .
On September 2, 2021, the Irish Data Protection Authority (DPA) has imposed a fine of €225 million on WhatsApp.
On 16 July 2021, the Luxembourg data protection authority imposed a fine of 746 million euros on Amazon Europe Core.