ULD DPA Issues Ban on Data Processing Under GDPR
GDPR has been used to issue a ban on data processing by Unabhängiges Landeszentrum für Datenschutz (ULD) in Germany’s Schleswig-Holstein, according to a report in IAPP’s Privacy Advisor. Although the IAPP article details why the first GDPR fines could still be months away, the fact that the DPA of the German state used this remedy should be of note for companies and other organizations.
The case involved webcams on the internet that failed to comply with data protection laws, both before and after the General Data Protection Regulation went into effect on May 25th. The webcams were broadcasting streams of beach and harbor scenes which included identifiable people. The webcam operators claimed a legitimate interest in tourism promotion but the Schlewsig-Holstein DPA disputed the need to show identifiable people as part of that purpose. Instead, it rejected such a purpose because it believed that showing different angles and image clipping to avoid showing identifiable people was possible.
There were complaints about the data processing of the webcams before GDPR went into effect, but the DPA did not have the authority to limit or ban the processing at that time. GDPR gave it to them on May 25th. The operators stopped the webcam streaming in response to the regulator’s demands, rather than modify the streams to comply with the data protection law.
The ability of a DPA to ban illegal processing is an important section of the law and actions by regulators using it need to be closely followed by businesses. Whereas it may take months or years for the data protection authorities to fine a company, restrictions on improper data processing can happen much faster. Organizations need to understand the weaknesses in their plan for GDPR compliance and have a contingency process if a DPA suggests that valuable processing is not in compliance with the law.
In the IAPP article, the UK ICO, France CNIL and Swedish DPA all denied that they had issued any fines under GDPR yet. The spokesperson for the U.K.’s Information Commissioner’s Office also said that it was too early to speculate about any processing bans in the United Kingdom.
The DPAs may still be getting up to speed with the new privacy regulation, but most businesses can’t afford to be shutdown for inappropriate processing of data. Businesses need to establish backup contingencies for how to handle valuable data processing lawfully if a DPA determines that they are not in compliance.
Improve Data Privacy for GDPR or CCPA with Clarip
The Clarip team and enterprise privacy management software are ready to meet your compliance automation challenges. Click here to contact us (return messages within 24 hours) or call 1-888-252-5653 to schedule a demo or speak to a member of the Clarip team.
If compliance with the California Consumer Privacy Act is your focus until 2020, ask us about our CCPA software. Handle automation of data subject access requests with our DSAR Portal, or provide the right to opt out of the sale of personal information with the consent management software.
Need to improve your GDPR compliance solution? Clarip offers modular GDPR software that can fill in gaps in your privacy program. Choose from the data mapping software for an automated solution to understanding your data collection and sharing, conduct privacy risk assessments with DPIA software, or choose the cookie consent manager for ePrivacy.
Click here to contact us (return messages within 24 hours) or call 1-888-252-5653 to schedule a demo and speak to a member of the Clarip team.
Other Blog Posts on GDPR Enforcment:
More DPAs Issuing GDPR Fines and Warnings
EDPB Releases Guidelines on Territorial Scope of GDPR
EDPB Releases Comments on DPIA Requirements under Article 35.4
Dutch Question Microsoft Over Office Data Telemetry Collection Violations under GDPR
Austria Issues First GDPR Fine
Privacy Complaints Up in France after GDPR
ICO Threatens Max GDPR Fine to AggregateIQ
Data Privacy Complaints Double in UK under GDPR
German DPA Circulates GDPR Compliance Survey