Data processed for promotional purposes without an appropriate legal basis The Privacy Guarantor has imposed a fine of over 890 thousand euros on E.ON Energia spa for the unlawful processing of personal data for telemarketing purposes. The proceeding originates from complaints from two people who complained about receiving numerous unwanted calls and the lack of response to requests to exercise the rights established by the Regulation. During the investigation, the Guarantor found, in one case, that the consents given during the activation…
Read moreFRENCH SUPERVISORY AUTHORITY: Permissions in mobile applications: CNIL recommendations to respect users’ privacy
On September 24, 2024, the CNIL published the final version of its recommendations to help professionals design privacy-friendly mobile applications. In this article, it reviews the key role of permissions in mobile applications. The use of mobile applications very often involves processing personal data: this data is either provided by users or collected directly by the application when it accesses the resources present within their smartphone or tablet. In the latter case, the application requests the user’s consent through a…
Read moreICELANDIC SUPERVISORY AUTHORITY: Opinion on Santa Claus’ registration of children’s personal information
In recent years, the Icelandic Data Protection Authority has received a number of complaints from concerned parents, on behalf of their minor children, regarding the unlawful processing of the children’s personal data by Santa Claus. In light of the number of complaints received, the Icelandic Data Protection Authority has decided to issue the following opinion. Numerous complaints have been received by the Data Protection Authority in recent years regarding the unlawful processing of children’s personal data by the Santas Stekkjastaur,…
Read moreFRENCH SUPERVISORY AUTHORITY: Misleading cookie banners: CNIL issues formal notice to website publishers
In response to several complaints from Internet users, the CNIL has ordered website publishers to modify their cookie banners, which are considered misleading. The CNIL has received complaints concerning misleading consent collection banners encouraging Internet users to accept cookies. As a reminder, except for exceptions, cookies can only be placed after the Internet users’ consent. In addition, refusing cookies must be as simple as accepting them. The law does not impose a particular way of presenting choices on the banner for…
Read more