The Dutch Data Protection Authority (DPA) has imposed a €475,000 fine on Booking.com because the company reported a data breach to the DPA 22 days later instead of whithin the required 72 hours.
When the breach occurred, criminals accessed the personal data of over 4,000 customers including the payment card information of almost 300 people.
The Spanish Data Protection Authority (AEPD) imposed a total fine of 6.000.000 EUR on CAIXABANK, S.A., for : unlawful processing of its clients’ personal data (4.000.000 EUR); and not providing sufficient information regarding the processing of personal data (2.000.000 EUR).
Following the publication of its response to a data subject in a German newspapers the “Standard“, the Bavarian Data Protection Authority (DPA) took this opportunity to respond to recurring criticism and draw the attention of people on its actual enforcement
By order of 12 March 2021, the Conseil d’Etat (the French supreme administrative court) dismissed the request of various associations, including the Syndicat de la Médecine Générale (SMG) and the Ligue des Droits de l’Homme (Human Rights League), asking the interim relief judge of the Conseil d’Etat to order the suspension of the partnership between the Ministry of Health and the company Doctolib as part of the plan to accelerate vaccination against COVID-19, insofar as its online appointment booking system involved the hosting of health data with an American company (AWS).