Italian DPA fines bank for data breach

Garante, Italy’s data protection authority (DPA), has ordered a bank to pay €600,000 ($675,000) for “abusive access” to personal data of more than 700,000 customers. The breach was carried out by some employees of an external commercial partner of the bank and involved information such as contact details, profession, level of study and identification document […]

Danish DPA refers municipality to police for GDPR violation

Denmark’s data protection authority Datatilsynet is reporting the municipality of Lejre to the police for failing to provide an appropriate level of computer security. After the council reported a breach of personal data, Datatilsynet says it became aware the municipality’s children and young people department included information of a particularly sensitive and protective nature of […]

German health insurer fined for data breach

The commissioner for data protection and freedom of information in Baden-Wuerttemberg, southwestern Germany, has levied a €1.24m ($1.40m) fine on a local health insurer. The case arose from the way AOK Baden-Wuerttemberg handled data from participants in sweepstakes organised between 2015 and 2019. The information collected was used for advertising purposes, provided participants had given […]

Consumer groups question Sao Paulo Metro’s facial recognition system

Sao Paul’s urban rail company has failed to provide key information as it implements a $58.6m ($11.2m, €10.0m) surveillance system for the Brazilian city’s underground railway system, the country’s Institute of Consumer Protection (Idec) claims. Companhia do Metropolitano de Sao Paulo (Metro) has not produced an impact report for the facial recognition technology, nor does […]