#63: From Clearview Controversies to Meta Mishaps: Sweden’s GDPR Wins, and Global Fines

In this episode, Jyri, Milla, and Pilvi walk you through the latest hottest tea in privacy and data protection. First, we turn our attention to the herald of doom itself: Clearview and the actions taken by the Dutch Data Protection Authority (fine of 30,5 million euros and then some). Will the Dutch DPA follow through with going after the management and inflict personal liability the managers or directors of Cleaview?

We also explore whether such a grim herald can have any positive aspects. The Dutch DPA suggests that the government could create its own version of Clearview, raising an important question. Should we, as a human society, pursue every technological capability simply because we can?

Next, we visit the herald of digital future and all things beautiful, that is of course Sweden. The Swedish data protection authority, IMY, has given out two fines for unfortunate use of Meta pixels by a pharmacy and a bank that led to leaking sensitive personal data to Meta. The cases have some meme aspects (legal said no) but also raise up important questions: what is the root cause? Could Meta’s way of enrolling in updates be the one to blame? What steps to take to ensure your organization’s compliance?

Then, we take a look at the latest blog by Anu Talus, the Finnish Data Protection Ombudsman and the the Chair of the European Data Protection Board. She admires Sweden (don’t we all?), who seems to thrive under the GDPR rules whereas Finland’s Data Protection Authority remains under-resourced, raising concerns about its ability to support future demands. She distinctly calls out for the ability to fine the public sector also in Finland (one of the few countries where this isnt possible), and discusses the AI Act.

Lastly, we dive into a fast-paced Lightning RoundTM of key data protection developments. From the Belgian DPA’s crackdown on dark patterns in cookie consent to fines against Uniqlo by the Spanish DPA (AEPD), and a penalty for Vejen Municipality in Denmark over stolen school laptops, important actions are shaping the landscape. We also explore Liechtenstein’s insights on remote work and

This and much more (such as some tips on who to follow on LinkedIn) awaits behind the play-button!

Did you enjoy our show? Support us by buying us a coffee here: https://bmc.link/privacypod4u

We would love to get feedback – so please tag us, follow us, DM us, or send us traditional email:

Twitter: https://twitter.com/PodPrivacy, #privacypod

Instagram: @privacypod

LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/

Email: [email protected]

Links:

Clearview fine: https://www.autoriteitpersoonsgegevens.nl/en/current/dutch-dpa-imposes-a-fine-on-clearview-because-of-illegal-data-collection-for-facial-recognition

Swedish Meta Pixel cases: https://www.imy.se/nyheter/sanktionsavgift-mot-avanza-for-overforing-av-personuppgifter-till-meta/

https://www.imy.se/nyheter/sanktionsavgifter-mot-apoteket-och-apohem-for-overforing-av-personuppgifter-till-meta/

Anu Talus’ blog: https://tietosuoja.fi/-/tekoaly-hoi-missa-suomen-digistrategia-

Belgian DPA’s cookie case: https://www.gegevensbeschermingsautoriteit.be/publications/beslissing-ten-gronde-nr.-113-2024-van-6-september-2024.pdf

Uniqlo fine: https://www.edpb.europa.eu/news/national-news/2024/spanish-supervisory-authority-fined-uniqlo-europe-ltd-violations-article_en

Vejen Municipality fine: https://www.datatilsynet.dk/afgoerelser/afgoerelser/2024/aug/endnu-en-kommune-indstillet-til-boede-for-manglende-kryptering

The DPA of Lichtenstein’s activity report for 2023: https://www.datenschutzstelle.li/application/fi...