Clubhouse – the next privacy disaster?

If you're online you've probably heard of Clubhouse – the new invite only club that is fast gaining popularity and proving a hit with entrepreneurs. I personally am loving it and am hosting lots of rooms on there for Online Experts (with a little bit of GDPR thrown in…) But as Alexander Hanff points out in his article, is Clubhouse breaking EU regulations and laws?

Under the ePrivacy Directive (2002/58/EC) the confidentiality of communications is required, and Clubhouse state in their own privacy policy that they record the audio of a room while the room is live. You can read the full article here.

Tik Tok ordered to stop processing children's data

If your children are anything like mine, they most certainly will have heard of Tik Tok. Like many other platforms, they must be 13 to have an account. The death of a 10 year old girl in Italy has prompted fierce backlash from the Italian DPA with orders to stop the collection and usage of data for users where age is not certain.

The tragic death comes as the young girl took part in a challenge on Tik Tok – the so-called ‘black out challenge – resulting in death by asphyxiation.

Tory party illegally collected data on ethnicity of 10m voters

The ICO highlighted a breach of data protection laws when the Tory government illegally collected the ethnicity data of 10 million voters prior to the 2019 election.

This isn't the first time the government has come under fire for controversial use of date.

Despite the ICO identifying several breaches, not one political party has ever been served an enforcement notice for its use of data. Read more here.

ICO look ahead and Elizabeth Denham stays on

The ICO plans for this year include guidance on political campaigning, facial recognition, codes of conduct and certification schemes.

The 5 year term for Elizabeth Denham as the ICO Information Commissioner ends in July, but she has been asked to extend her position through to October while a replacement is found. Maybe I should apply…!

Read more about the ICO plans for 2021 here.

Gay dating app Grindr fined approx 10m

Grindr has been fined about 10m – for illegally disclosing private details of its users to advertising companies.

The Norwegian DPA said the app had transmitted users’ exact locations, user-tracking codes and the app’s name to no less than five advertising companies, and without obtaining their explicit consent, essentially flagging these individuals as L.G.B.T.Q.

Read the full story here.

City of Rome fined 40k

Another #GDPR fine for the public sector: 500,000 imposed by the Italian DPA on the City of Rome for the unlawful processing of the #personaldata of users and employees via an appointment booking system (violation of Articles 5, 13, 14, 28 and 32).

According to The Italian Data Protection Authority, the system made it possible to collect and store on the Roma Capitale servers, for a long period of time, large amounts of data of users relating to bookings for various services, including data related to healthcare appointments. The system also generated daily reports containing detailed information on the activity of the staff managing the appointments (date, type of service, name of the operator, call time and waiting time). All the operations were carried out without either the users or the employees having received full information on the processing activities via the app.

The DPA also found that the City of Rome did not implement adequate technical and organisational measures. Additionally, it failed to regulate the relationship with the #dataprocessor providing maintenance and assistance relating to the server and the app. In its turn, the processor was fined 40,000 for violation of Art. 5 (1) a) and e) as well as Art. 6, 9 and 28 GDPR.