The European Data Protection Supervisor (“EDPS”) and the Austrian Data Protection Authority have both recently issued a decision ruling that the transfers of personal data to Google LLC (US) entailed by the use of Google Analytics tool on the European Parliament and by a company located in Austria (the “website operator”) websites, were not GDPR compliant.
On 30 and 31 December 2021, the CNIL sanctionned :
FACEBOOK IRELAND LIMITED with a € 60 million fine ; and
GOOGLE with a fine totalling €150 million (€ 90 million for GOOGLE LLC and € 60 million for GOOGLE IRELAND LIMITED)
By a decision of November 25, 2021, the Court of Justice of the European Union (CJEU) ruled that the practice of displaying an advertisement under the appearance of an e-mail in the users’ e-mail box is subject to the prior information and consent of the users (as required under directive 2002/58/EC), without which it also constitutes an unfair commercial practice insofar as this practice corresponds to the notion of “repeated and unwanted solicitations” within the meaning of the Directive 2005/29/EC (“Unfair Commercial Practices Directive”) .
On September 2, 2021, the Irish Data Protection Authority (DPA) has imposed a fine of €225 million on WhatsApp.
On 16 July 2021, the Luxembourg data protection authority imposed a fine of 746 million euros on Amazon Europe Core.