Danish DPA refers municipality to police for GDPR violation

Denmark’s data protection authority Datatilsynet is reporting the municipality of Lejre to the police for failing to provide an appropriate level of computer security. After the council reported a breach of personal data, Datatilsynet says it became aware the municipality’s children and young people department included information of a particularly sensitive and protective nature of […]

German health insurer fined for data breach

The commissioner for data protection and freedom of information in Baden-Wuerttemberg, southwestern Germany, has levied a €1.24m ($1.40m) fine on a local health insurer. The case arose from the way AOK Baden-Wuerttemberg handled data from participants in sweepstakes organised between 2015 and 2019. The information collected was used for advertising purposes, provided participants had given […]

Consumer groups question Sao Paulo Metro’s facial recognition system

Sao Paul’s urban rail company has failed to provide key information as it implements a $58.6m ($11.2m, €10.0m) surveillance system for the Brazilian city’s underground railway system, the country’s Institute of Consumer Protection (Idec) claims. Companhia do Metropolitano de Sao Paulo (Metro) has not produced an impact report for the facial recognition technology, nor does […]

South Korea hopeful on GDPR transfer exception

The South Korea-EU summit on 30 June is expected to discuss South Korea’s exemption from paying GDPR transfer fines. The exception would allow its businesses located within the EU to transfer data to South Korea without penalties. After failing to get the agreement in 2016 and 2018, South Korea has taken a number of steps […]

LifeLabs ordered to improve online security after data breach

The information and privacy commissioners of Ontario and British Columbia in Canada have told LifeLabs to implement a series of measures to overcome shortcomings in its computer systems. The orders follow a joint investigation finding the country’s largest provider of general health diagnostic and speciality laboratory testing services failed to protect the personal health information […]