May 30
Danish DPA Data Protection Digital Markets Act EU-US cooperation EDPB hits Meta, the EU General Court explains the nature

DP News – Week 22. Spanish company fined €12,000 for GDPR violations, European Data Protection Board responses to financial data access and payment services legislation, Council of the EU to approve GDPR cross-border enforcement improvements.

DP News – Week 22. Spanish company fined €12,000 for GDPR violations, European Data Protection Board responses to financial data access and payment services legislation, Council of the EU to approve GDPR cross-border enforcement improvements.

Konstantin Tiazhelnikov Konstantin Tiazhelnikov
  • May 30, 2024 -

The Spanish Data Protection Authority (AEPD) fined a company 12,000 euros for GDPR violations. The fine followed a complaint about the company requiring copies of ID cards from parents and minors for event entry. The company argued that ID checks were necessary to comply with laws restricting minor access to certain venues. However, the AEPD found this practice exceeded the necessary requirements and violated data minimization principles. Additionally, the company failed to provide adequate information about data processing and retention, further violating GDPR regulations.

Read more here

***

On May 23, 2024, the European Data Protection Board (EDPB) adopted a statement addressing the European Commission’s legislative proposals on financial data access and payment services, published on June 28, 2023. These proposals, which include a framework for Financial Data Access (FIDA), a Payment Service Regulation (PSR), and a Payment Service Directive (PSD3), aiming to bolster consumer protection, enhance competition in electronic payments, and empower consumers with greater control over their financial data. 

The EDPB welcomed the European Parliament’s reports that incorporate many of its recommendations but noted some areas needing improvement. Key issues highlighted include the necessity for stringent data protection measures in transaction monitoring mechanisms to prevent fraud, clear guidelines for the processing and sharing of personal data, and stronger safeguards to ensure compliance with data protection principles. 

Read more here

***

According to the IAPP, Politico reports that the Council of the European Union is nearing approval of a revised version of the European Commission’s proposal aimed at standardizing and enhancing cross-border enforcement of the GDPR. Recent amendments proposed by member states include measures to give smaller data protection authorities a greater say in cross-border issues and to possibly establish deadlines for data protection authority investigations. The council’s most recent draft of the text has not yet been made public and will be discussed in upcoming trilogue negotiations.

Read more here

See more related posts »

Related blog posts

DP News – Week 25. Bavarian authorities published guidance on joint controllership, CNIL published recommendations for the use of open data on the internet, IAPP published an article on human oversight needs within the EU AI Act.
  • June 20, 2024 -

DP News – Week 21: Car rental employee fined for unlawfully accessing customer data, Belgium Data Protection Authority rules software platform administrator as data processor, not controller and football league organizer fined for GDPR violations after failing to erase player data!
  • May 23, 2024 -

DP News – Week 20. The Swedish Data Protection Authority can supervise search services with publishing certificates, the Information Commissioner’s Office report emphasizes the need for organizations to enhance their cybersecurity measures, the EU Commission launches DSA investigation into Meta, the UK’s House of Lords sets a date for the UK GDPR reform report stage.
  • May 17, 2024 -