ARTICLE
17 February 2025

Two-minute Recap Of Data Protection Law Matters Around The Globe

GT
Gen Temizer

Contributor

Gen Temizer logo
Gen Temizer is a leading independent Turkish law firm located in Istanbul's financial centre. The Firm has an excellent track record of handling cross-border matters for clients and covers the full bandwidth of most complex transactions and litigation with its cross-departmental, multi-disciplinary and diverse team of over 30 lawyers. The Firm is deeply rooted in the local market with over 80 years of combined experience of the name partners while providing the highest global standards of legal services.
Explore Firm Details
Spanish football club Osasuna was fined EUR 200,000 by the country's data protection authority for implementing an on-demand facial recognition system at its stadium.
Worldwide Privacy
Ebru Temizer,Seray Apak,Ahmet Kerem Demir
+1 Authors
 Your Author LinkedIn Connections

Spanish Football Club Faces Fine

Spanish football club Osasuna was fined EUR 200,000 by the country's data protection authority for implementing an on-demand facial recognition system at its stadium. The authority stated its use violated the principle of data minimization as there are less intrusive alternatives. Furthermore, the data subject claimed that extensive use of biometric data was disproportionate; that the data controller failed to implement adequate safeguards; and that sole reliance on consent was insufficient to justify processing such data.

Meta Appeals to Overturn Irish Fine

Meta has asked the Irish High Court to overturn a "wholly disproportionate" EUR 91 million fine imposed by the Irish Data Protection Commission ("DPC"). The DPC found that Meta had not sufficiently protected users' personal data, particularly by storing user passwords in easily readable plaintext rather than utilizing encryption.

Meta argues it has made significant efforts to comply with GDPR and the penalty would set an unsustainable precedent. The case highlights ongoing scrutiny of tech giants under EU data protection laws and could well have wider implications for penalty enforcement. The outcome of the appeal remains pending.

Whatsapp Victorious in Largest Market

An Indian tribunal has temporarily lifted a ban on WhatsApp's data sharing practices. The dispute arose when WhatsApp required users to accept expanded data sharing with Meta without offering an opt-out option - a practice regarded as problematic in India but acceptable in Europe.

India's Competition Commission had deemed this "take-it-or-leave-it" approach an abuse of Meta's market position. The tribunal, which expressed concern a five-year ban could harm WhatsApp's business model, has still ordered Meta to pay a USD 12.35 million fine. The case will be heard again in March while Meta makes it case for future regulations under India's upcoming new digital privacy law. With over 700 million monthly users India is Meta's largest market.

Austrian Company Fined for GDPR Violation

An Austrian healthcare company violated GDPR by appointing its managing director as the Data Protection Officer ("DPO") during the COVID-19 pandemic. The managing director's dual role created a conflict of interest as the DPO must be independent to effectively perform their duties. The national data protection authority fined the company EUR 5,000, noting that the DPO's lack of independence compromised data protection. The case highlights the importance of ensuring clear separation of duties to meet GDPR compliance.

Denmark Approves Football Facial Recognition

Leading Danish football club FC Copenhagen has been granted permission to use facial recognition technology during home and away games by Denmark's data protection authority. Approval follows an April 2024 application in which the club sought permission to process biometric data to identify individuals and enforce club bans and general stadium restrictions. The technology will be utilized for access control at stadium entrances and monitoring during matches and events. However, approval does not extend to national team matches, also played at Parken Stadium home of FC Copenhagen, and the authority emphasized the need for a detailed impact assessment before implementation.

Fulsome Finn Fine

Finland's data protection authority has fined Sambla Group EUR 950,000 for allowing loan applications to be accessible via URLs discoverable by third parties in breach of GDPR. Despite the company's claims that only the intended recipient had access, the investigation uncovered thousands of instances of unauthorized access including by search engine bots. The authority ordered it to stop processing personal data and inform customers of the breach.

Illumia Illuminated in Italy

Italy's data protection authority has imposed a EUR 678,897 fine on energy provider Illumia due to its telemarketing activities. Two complaints were filed for contacting individuals without legal consent despite one person having registered in the "Opposition Register" to avoid such contact. The company also outsourced telemarketing without appropriate data protection safeguards. The authority found violations of several GDPR articles related to data processing, security and accountability all of which aggravated the offence.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Ebru Temizer
Ebru Temizer
Photo of Seray Apak
Seray Apak
Photo of Efe Utku Çal
Efe Utku Çal
Photo of Ahmet Kerem Demir
Ahmet Kerem Demir
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More