Subscribe for premier reporting on free speech, privacy, Big Tech, media gatekeepers, and individual liberty online.

Newsletter Archive: March 29, 2019

Poland issues its first ever GDPR fine

Tom Parker

If you’re tired of censorship and surveillance, subscribe to Reclaim The Net.

Poland’s Personal Data Protection Office (UODO) has issued its first GDPR (General Data Protection Regulation) fine and fined an unnamed firm over PLN 943,000 ($245,950) for processing the personally identifiable information of over six million Polish citizens.

According to UODO, the company collected and processed this personal data from the country’s Central Electronic Register and Information on Economic Activity which is a publicly available source.

The company informed 90,000 people that their personal data was being processed via email and 12,000 of these people objected to this processing. The company also placed a notice about this data processing on its website. However, it failed to directly inform over six million other people of this data processing because of “high operational costs.”

GDPR requires companies to handle data in a way that respects people’s privacy. Some of the main requirements for companies under GDPR are to:

Tell people how their personal data will be used
Gain consent for this usage before processing the personal data
Be able to demonstrate that this consent was given by each person
Allow people to opt out of personal data processing and have their personal data deleted at any time

In its statement about the fine, UODO said that since the unnamed company had both postal addresses and telephone numbers for the people whose data it was processing, placing a notice on its website was insufficient. UODO added that the company should have used this contact data to directly notify people about:

The data it was using
How it obtained this data
The purpose and the period of the planned data processing
Their rights under GDPR

UODO also said that the infringement of GDPR was intentional because the company was aware of the obligations to provide relevant information about personal data processing and directly inform users about any personal data being processed. However, despite this awareness, the company didn’t attempt to end the infringement or suggest any intentions to do so.

This is the latest in a series of fines and complaints that have been issued since the introduction of GDPR in 2018. In total:

59,000 data breaches have been reported to GDPR regulators
91 fines have been issued with Google receiving the largest fine at €50 million ($57 million) for violating the GDPR in France

If you’re tired of censorship and surveillance, subscribe to Reclaim The Net.

A Private, Open-Source, Self-Hosted App for Streaming Videos, Audio Files, Photos, and More to any Device

Enjoy your personal media without third parties monitoring and analyzing everything you do.

Google’s Cookie Reversal: What It Means for Privacy

Others have already eliminated third-party cookies, spotlighting Google’s struggle to balance privacy with its advertising empire.

CBDC Catastrophe: Tech Failures Expose a Fragile, Dystopian Future

An unprecedented tech failure reveals the fragility of centralized systems, sparking fears about the future of cashless societies.

The Secret Life of Phone Repairs: Privacy Risks Exposed

Your data at risk.

Social Media Facial Recognition Expands, Secret Law Enforcement Searches Double

Clearview AI’s mass facial recognition database continues to expand, sparking intense debate over privacy and surveillance.

Ditch Spotify and Apple Music With This Private, Self-Hosted App for Streaming Music and Other Audio Content From Any Device

Own your music and avoid ongoing subscriptions.