German consumer organisation sues Tesla for privacy violations
The Verbraucherzentrale Bundesverband (VZBV) is suing Tesla for deception. According to the German consumer organisation, the American car manufacturer conceals the fact that the monitoring functionality of Tesla cars violates the GDPR, the VZBV writes in a press release. The case revolves around the “Sentry Mode” functionality, in which a number of cameras attached to the car constantly monitor the surroundings. The cameras also record passing pedestrians. These recordings are sometimes stored, and this constitutes the processing of personal data. As there is no legal basis for this processing, the use of Sentry Mode is therefore not permitted in public spaces, according to the VZVB.
Denmark bans Chromebooks and Google Workspace in schools
Denmark is effectively banning Google’s services in schools after officials in the municipality of Elsinore conducted a risk assessment on Google’s processing of personal data last year. In a recently published judgement, the Danish data protection authority Datatilsynet states that data processing involving the use of Google’s cloud-based Workspace software suite – which includes Gmail, Google Docs, Calendar and Google Drive – does not meet the requirements of the GDPR.
European Commission urges Slovenia to comply with GDPR obligations
Slovenia has still not reformed its national data protection framework after the GDPR’s entering into force. The European Commission is now sending Slovenia a ‘reasoned opinion’ for failing to comply with key obligations of the GDPR and to enable its data protection authority to use all the corrective powers of the GDPR. The reasoned opinion follows a previous letter of formal notice to which Slovenia did not respond adequately, according to the European Commission. Slovenia now has two months to respond to the Commission’s opinion. If the reply is not satisfactory, the Commission may decide to refer the matter to the Court of Justice of the European Union.
Google may share footage of Nest doorbell with authorities without permission
Google can share recordings made with the Nest doorbell with authorities without users’ consent. The company confirms this to tech news site CNET. In the Nest user agreement, Google states that in case of an emergency it can share images of the doorbell with, for example, law enforcement agencies without permission. Previously, Amazon was found to do this with images from the Ring doorbell.
Taxi app Didi fined over a billion euros in China
Taxi app Didi (‘Chinese Uber’) has been fined €1.1 billion in China. Didi is a Chinese company that was founded in 2012 and focuses on services related to passenger transport and rental cars, bicycle sharing and meal delivery. Didi now operates in 17 countries worldwide. The Chinese regulator CAC launched an investigation into Didi in July 2021. The company was alleged to have illegally collected personal data from users. While this investigation was under way, Didi was no longer allowed to admit new users to its platform. App shops also had to remove Didi’s app. Now that the investigation is over, the taxi app is allowed to return to Chinese app shops.
Google postpones end of tracking cookies by another year
Google has again postponed its ban on third-party tracking cookies: initially the company was aiming for 2022, then next year, and now 2024. The so-called “Privacy Sandbox” is intended to make the search giant’s advertising system as privacy-friendly as possible. Now Google says that advertisers need more time to test the Privacy Sandbox. Third-party tracking cookies can therefore only be phased out by mid-2024 at the earliest. Anthony Chavez, vice president of the Privacy Sandbox at Google, writes this in a blog.
No Facebook “summer break” in Europe
Facebook and Instagram are not going anywhere for now. The Irish data protection authority (DPC) wants to tighten the reins on Meta, but not every member state agrees. In July, the DPC proposed a ban on Meta’s intercontinental data transfers, threatening to remove Facebook and Instagram from Europe. Recently, the data protection authorities of a number of other member states objected, as a result of which the ban is off the table for the time being. It could now be months to years before the case is followed up. In 2018, the DPC launched a similar case against data transfers from WhatsApp. It took three years to conclude the case.
German court: American clouds not GDPR-compliant
Cloud services of subsidiaries of American companies are not GDPR-compliant. A German court has ruled that organisations can therefore bypass them in public tenders in favour of other cloud providers that do comply with the GDPR. By decision of 13 July 2022, the Vergabekammer Baden-Württemberg granted the request of an unsuccessful competitor. It was ‘irrelevant whether the server through which the data is made accessible is located within the EU’, according to the Vergabekammer. The case has already been appealed.