Find daily new #GDPR decisions from across Europe for free on GDPRhub.eu!
Read and edit this decision from Austria at https://gdprhub.eu/index.php?title=DSB_(Austria)_-_DSB-D124.1328/24&mtm_campaign=hubasmma 
Thousands of experts also signed up to our free newsletter already: https://newsletter.noyb.eu/pf/433/5gqtL #databescherming
#gdpr
37 posts24 participants1 post today
TikTok was fined €530 million for illegally transferring personal data outside of Europe
TikTok has also been ordered to bring data processing into GDPR compliance within six months. Officials were also concerned about access of data from staff in China. TikTok disagrees with the decision as they said they have implemented controls to ensure that non-restricted data is de-identified before it can be accessed by staff in China
Find daily new #GDPR decisions from across Europe for free on GDPRhub.eu! Read and edit this decision from Romania at https://gdprhub.eu/index.php?title=ANSPDCP_(Romania)_-_SC_Travel_Planner_SRL&mtm_campaign=hubasmma Thousands of experts also signed up to our free newsletter already: https://newsletter.noyb.eu/pf/433/5gqtL #protecciondedatos
ALT: New decision from Romania: The DPA fined a travel operator RON 29,886 (€6,000) for publishing the personal data of some of its customers on its Facebook page.
#softwareheritage #gdpr request:
I came across your project and my accounts have been archived by Software Heritage.
According to $17 GDPR (https://gdpr-info.eu/art-17-gdpr) I ask for the deletion of all links referring to my GitHub accounts (and the other data sources listed below). I also ask to block my accounts and data sources (repositories) from being archived ($21 GDPR | right to object https://www.privacy-regulation.eu/en/article-21-right-to-object-GDPR.html).
General Data Protection Regulation (GDPR)Art. 17 GDPR – Right to erasure (‘right to be forgotten’) - General Data Protection Regulation (GDPR)The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies: the personal data are no longer necessary in relation to … Continue reading Art. 17 GDPR – Right to erasure (‘right to be forgotten’)
Find daily new #GDPR decisions from across Europe for free on GDPRhub.eu! Read and edit this decision from Belgium at https://gdprhub.eu/index.php?title=APD/GBA_(Belgium)_-_71/2025&mtm_campaign=hubasmma Thousands of experts also signed up to our free newsletter already: https://newsletter.noyb.eu/pf/433/5gqtL #DSGVO
https://www.theverge.com/news/660047/tiktok-fine-600-million-ireland-gdpr-data-china
and
TikTok has been ordered to pay €530 million (around $600 million) for sending European users’ data to servers in China, a breach of the European Union’s General Data Protection Regulation (GDPR).
The Verge · TikTok fined $600 million for sending user data to China
#TikTok fined €530M after EU user data ends up on servers in #China - https://www.theregister.com/2025/05/02/tiktok_gdpr_fine/ "Ireland privacy watchdog says transfers violated #GDPR, as Chinese app confirms €1B datacenter in Finland"
The Register · TikTok fined €530M after EU user data ends up on servers in China
BREAKING: #EU (via Ireland) hits #TikTok with €530M fine for illegally sending users’ personal data to #China.
"TikTok fails to adequately assess the implications of Chinese surveillance laws on Europeans’ data."
#DefendDemocracy #BigTech #EUlaw #GDPR
https://www.politico.eu/article/tiktok-hit-with-e530m-privacy-fine-ireland-china-data/
POLITICO · TikTok hit with €530M fine after illegally sending users’ data to China
#TikTok fined €530 million for illegally sending EU personal data to China: The fine is the third-largest ever imposed under the #GDPR. https://www.euractiv.com/section/tech/news/tiktok-fined-e530-million-for-illegally-sending-eu-personal-data-to-china/?utm_source=mastodon&utm_medium=dlvr.it
Find daily new #GDPR decisions from across Europe for free on GDPRhub.eu! Read and edit this decision from Spain at https://gdprhub.eu/index.php?title=AEPD_(Spain)_-_EXP202309454&mtm_campaign=hubasmma Thousands of experts also signed up to our free newsletter already: https://newsletter.noyb.eu/pf/433/5gqtL #databescherming
Continued thread
So, that service is trying to make us pay for accessing historical data now. Historical: older than a week.
Ok, I’ll just sent a #GDPR takeout request every month than. Problem solved.
Continued thread
#Meta CFO Susan Li ‘warned that a decision by the European Commission that its “consent or pay” model falls foul of EU digital markets act could cause “significant impact to our European business and revenue”. Under the consent or pay model, users must agree to the processing of their personal data or pay a monthly subscription fee.’ #DMA #GDPR #AI #Facebook #Instagram
Replied to Ian Brown 
@1br0wn A separate entity doesn't help for #GDPR, if Microsoft-controlled entities have access to the personal data. "Control" means e.g. >30 % of the shares.
«As a common-sense matter, majority ownership may be enough to establish legal control. With the Bank Holding Company Act as a guideline, one could imagine a court finding that anywhere from 25 – 100 percent ownership of an entity would be sufficient to establish control for purposes of the #CLOUDAct.»
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3469808
papers.ssrn.comDefining the Scope of 'Possession, Custody, or Control' for Privacy Issues and the Cloud ActIn 2018, the U.S. Congress passed the Clarifying Lawful Overseas Use of Data Act (Cloud Act) to address the ubiquitous need for law enforcement to access person
Continued thread
I’m informed directly by someone at #Apple this is the wrong link in the latest public beta of #macOS #Sequoia (15.5). It should be https://www.apple.com/uk/legal/privacy/data/en/ask-siri-dictation/
Afraid that is still HUGELY problematic, especially for a “privacy-first” company.
What do you think, @Privacymatters?
#Siri #privacy #GDPR
Apple LegalLegal - Siri, Dictation & Privacy- AppleData & Privacy
IANAL but this #Apple #Siri #privacy policy seems blatantly illegal under the #GDPR to me:
1. Inadequate legal basis
2. Insufficient minimisation
3. False claims of anonymisation (content will still frequently be linkable to individuals)
4. No DPbDaD
5. No user option to switch on service without the recording
6. No notification of user when recording/storage is taking place
Any more?!
https://www.apple.com/uk/legal/privacy/data/en/improve-siri-dictation/
Apple LegalLegal - Improve Siri and Dictation & Privacy- AppleData & Privacy
Find daily new #GDPR decisions from across Europe for free on GDPRhub.eu! Read and edit this decision from Spain at https://gdprhub.eu/index.php?title=AEPD_(Spain)_-_EXP202308051&mtm_campaign=hubasmma Thousands of experts also signed up to our free newsletter already: https://newsletter.noyb.eu/pf/433/5gqtL #RGPD
Replied in thread
@macrumors Hey #Canada:
Since we're growing trade ties with the #EU, what parts of the #DigitalMarketsAct, #DigitalServicesAct, #DigitalFairnessAct, and #GDPR should we translate into Canadian law?
Canadians should be able to access #AppStore competitors too.
Looking forward to this event tomorrow with the Charities Institute to discuss the unique #cybersecurity and #DataProtection challenges that the charity sector faces.
https://charitiesinstitute.ie/event/let-s-talk-data-protection-what-every-charity-needs-to-know
charitiesinstitute.ieLet's Talk Data Protection: What Every Charity Needs to KnowData protection is not just a compliance issue - it’s about trust. Charities handle sensitive donor, beneficiary, and supporter data every day, and ensuring compliance with GDPR is essential to maintaining credibility and avoiding financial and reputational risks.
Join us for Let’s Talk Data Protection, a free event designed to help charities navigate their responsibilities under GDPR. The session will begin with a keynote from the Data Protection Commission (DPC), covering:
The cost of noncompliance with GDPR
Core GDPR principles and their application to charities
Safeguarding charity data
Ensuring marketing compliance (email, SMS, direct mail, and consent)
GDPR obligations when working with outsourced service providers
When a Data Protection Impact Assessment (DPIA) is required
Managing a data breach within a charity
Best practices for photography and consent at events and in communications
Panel Discussion: Managing Risk, Reputation & Cyber Threats
Following the keynote, we’ll host a panel discussion with legal, IT, and regulatory experts, as well as charity leaders, to explore:
The reputational damage caused by a data breach - and how to handle it
Securing buy-in from staff to improve data compliance
Legal insights into data protection, contracts, and third-party processors
Cyber threats: what charities should watch out for
Our Panel:
Brian Honan - CEO, BH Consulting & Chair, Cyber Ireland
Emma Walsh - Client Director, Alice PR
Eimhear O'Brien - Data & Legal Manager, Irish Cancer Society
Adam Egan - Assistant Commissioner, Data Protection Commission
Conor Califf - Senior Associate, Mason Hayes Curran
Who Should Attend?
This is open to all Cii members and partners: CEOs, Data Protection Officers, Marketing & Communications Teams, IT & Compliance Managers, and anyone responsible for data protection within a charity. But data protection is everyone’s business - so all Cii members are welcome!
Don’t miss this opportunity to stay informed and protect your organisation.
Photography Notice
Please note that a photographer will be on site during this event. Photographs will primarily focus on speakers and panelists, with some general shots of delegates.
These images may be used by Charities Institute Ireland for promotional purposes, including on our website, social media channels, and in future publications.