Sep 13, 2024
In this episode, Jyri, Milla, and Pilvi walk you through the latest hottest tea in privacy and data protection. First, we turn our attention to the herald of doom itself: Clearview and the actions taken by the Dutch Data Protection Authority (fine of 30,5 million euros and then some). Will the Dutch DPA follow through with going after the management and inflict personal liability the managers or directors of Cleaview?
We also explore whether such a grim herald can have any positive aspects. The Dutch DPA suggests that the government could create its own version of Clearview, raising an important question. Should we, as a human society, pursue every technological capability simply because we can?
Next, we visit the herald of digital future and all things beautiful, that is of course Sweden. The Swedish data protection authority, IMY, has given out two fines for unfortunate use of Meta pixels by a pharmacy and a bank that led to leaking sensitive personal data to Meta. The cases have some meme aspects (legal said no) but also raise up important questions: what is the root cause? Could Meta’s way of enrolling in updates be the one to blame? What steps to take to ensure your organization’s compliance?
Then, we take a look at the latest blog by Anu Talus, the Finnish Data Protection Ombudsman and the the Chair of the European Data Protection Board. She admires Sweden (don’t we all?), who seems to thrive under the GDPR rules whereas Finland’s Data Protection Authority remains under-resourced, raising concerns about its ability to support future demands. She distinctly calls out for the ability to fine the public sector also in Finland (one of the few countries where this isnt possible), and discusses the AI Act.
Lastly, we dive into a fast-paced Lightning Round™ of key data protection developments. From the Belgian DPA’s crackdown on dark patterns in cookie consent to fines against Uniqlo by the Spanish DPA (AEPD), and a penalty for Vejen Municipality in Denmark over stolen school laptops, important actions are shaping the landscape. We also explore Liechtenstein’s insights on remote work and
This and much more (such as some tips on who to follow on LinkedIn) awaits behind the play-button!
Did you enjoy our show? Support us by buying us a coffee here: https://bmc.link/privacypod4u
We would love to get feedback – so please tag us, follow us, DM us, or send us traditional email:
Twitter: https://twitter.com/PodPrivacy, #privacypod
Instagram: @privacypod
LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/
Email: tietosuojapod@protonmail.com
Links:
Swedish Meta Pixel cases:
https://www.imy.se/nyheter/sanktionsavgift-mot-avanza-for-overforing-av-personuppgifter-till-meta/
Anu Talus’ blog:
https://tietosuoja.fi/-/tekoaly-hoi-missa-suomen-digistrategia-
Belgian DPA’s cookie case:
https://www.gegevensbeschermingsautoriteit.be/publications/beslissing-ten-gronde-nr.-113-2024-van-6-september-2024.pdf
Vejen Municipality fine:
https://www.datatilsynet.dk/afgoerelser/afgoerelser/2024/aug/endnu-en-kommune-indstillet-til-boede-for-manglende-kryptering
The DPA of Lichtenstein’s activity report for
2023:
https://www.datenschutzstelle.li/application/files/3417/2526/0394/WEB_Datenschutzstelle_Taetigkeitsbericht_2023.pdf