Offbeat

Legal

Year 1 of GDPR: Over 200,000 cases reported, firms fined €56 meeelli... Oh, that's mostly Google

2019 just a transition year, says French watchdog


European data protection agencies have issued fines totalling €56m for GDPR breaches since it was enforced last May, from more than 200,000 reported cases – but watchdogs have said they're just warming up.

An assessment from the European Data Protection Board (EDPB), which is made up of regulators across the region, found that, in the first nine months, there were 206,326 cases reported under the new law from the supervisory authorities in the 31 countries in the European Economic Area.

Vivienne Artz, chief privacy officer of market data purveyor Refinitiv, cited the report (PDF), published at the end of February, at a panel event assessing the first year of GDPR at a data protection conference in London this week run by the International Association of Privacy Professionals.

About 65,000 were initiated on the basis of a data breach report by a data controller, while about 95,000 were complaints. Some 52 per cent of the overall cases have already been closed, with 1 per cent facing a challenge in national courts.

Artz said that the total fines came to €55.96m – which she observed seemed like a lot before you realise that almost all of it comes from French data watchdog CNIL's €50m fine for Google.

Indeed, the figure emphasises the size of CNIL's fine – which was the first it had handed out under GDPR – and the body's director of the rights protection and sanctions directorate, Mathias Moulin, was on the panel to set out its reasoning.

He said the breach was "massive and highly intrusive", and that the fine had been based on five factors. These included the type of violation, its scale – it was continuous, rather than a one-off, and affected lots of people and massive amounts of data – and the size of the company.

But given the huge range of potential fines – which has risen from "up to £500,000" (in the UK) to "up to" €20m or 4 per cent of annual turnover – the EDPB has also tasked data protection agencies with "harmonising" their approaches.

At the event, Stephen Eckersley from the UK Information Commissioner's Office revealed that his organisation was working with the data protection agencies in the Netherlands and Norway to establish a "matrix" for calculating fines. This won't be public-facing, he said, but will instead be a "toolkit" for watchdogs.

As for the ICO's enforcement actions, he said that there were some GDPR cases in progress, but that the past year had been mostly focused on legacy investigations, with fines handed to Uber, Facebook and Equifax.

Even CNIL's Moulin, said that last year "should be considered a transition year" for GDPR, as national regulators had to focus on finalising their rules and approaches, and spent most of their time tying up probes under the previous regime.

One thing that did change immediately under GDPR, if not the fines, was the number of incident reports. This was particularly so for companies turning themselves in over data breaches.

Eckersley said there was a "massive increase" in reports of data breaches in the first month at 1,700. This has levelled out a little, but there are still about 400 coming in a month. Overall, he expects the total to reach about 36,000 this year – up from 18,000 to 20,000 previously.

In order to deal with the increased demand – and organisations' propensity to report "just in case" – the ICO has set up a dedicated team for personal data breaches, so data controllers have a single point of contact to help them assess whether to make a formal notification.

The panel also noted that, while data breaches are more likely to hit the headlines, there are many more complaints coming in about other aspects of privacy regulations. For instance, Eckersley said that about half of the complaints relate to the way subject access requests have been handled. ®

Send us news
27 Comments

HPE sees ‘no indication’ its tech was sold to Chinese military, seeks answers from Uncle Sam on sanctions

In the dark about how New H3C chip org ended up on USA’s naughty list

HPE has said it sees “no indication” its technology has been sold to China’s military

This comes after a company within its China-based joint-venture New H3C – which is the exclusive provider of HPE servers, storage, and associated technical services in the Middle Kingdom – was last week added to the USA’s Entity List of businesses banned for supporting the modernization of the People’s Liberation Army.

HPE’s entanglement with H3C dates to its 2009 acquisition of network equipment maker 3Com, which in 2003 created a joint venture in China with Huawei to target the Chinese market. The name H3C reflects that parentage – the H is for Huawei and the 3C represent 3Com. By 2007, 3Com had bought out Huawei's share of the joint venture.

Continue reading

James Webb Space Telescope may actually truly launch this century, says NASA

Will it fly by Christmas? Betteridge's law probably applies

The very-much-delayed James Webb Space Telescope is being pumped with fuel and prepared for liftoff after an anomaly knocked back its launch date to no earlier than December 22.

“Engineering teams have completed additional testing confirming NASA’s James Webb Space Telescope is ready for flight, and launch preparations are resuming toward Webb’s target launch date of Wednesday, Dec 22, at 0720 EST,” the US space agency said in a statement.

The observatory was due to fly on December 18 but was held back after a "sudden, unplanned release of a clamp band." The clamp band attaches the telescope to the launch vehicle adapter and the accidental release sent a vibration rippling through the instrument. A panel of experts led by NASA conducted a series of tests to check for any potential damage, and concluded the telescope was fine.

Continue reading

Twitter CEO Jack Dorsey rebrands himself a 'single point of failure' and quits

That's so Meta

Twitter CEO Jack Dorsey resigned on Monday, anointing CTO Parag Agrawal as the social network company's new chief executive and announcing the elevation of board member Bret Taylor, former CTO of Facebook, to Independent Chair of the Board.

Dorsey, who remains CEO of payments biz Square, explained his decision to depart in a letter posted to Twitter.

"There's a lot of talk about the importance of a company being 'founder-led,'" Dorsey wrote. "Ultimately I believe that's severely limiting and a single point of failure. I've worked hard to ensure this company can break away from its founding and founders. There are three reasons I believe now is the right time."

Continue reading

UK Home Secretary delays Autonomy founder extradition decision to mid-December

Could be a Christmas surprise in store from Priti Patel

Autonomy Trial Autonomy founder Mike Lynch's pending extradition to the US has been kicked into the long grass again by the UK Home Office.

Lynch is wanted in the US to stand trial on 17 charges of fraud and false accounting. He is alleged to have defrauded Hewlett Packard investors over the sale of British software firm Autonomy in 2011.

Continue reading

Want to buy your own piece of the Pi? No 'urgency' says Upton of the listing rumours

A British success story... what happens next?

Industry talk is continuing to circulate regarding a possible public listing of the UK makers of the diminutive Raspberry Pi computer.

Over the weekend, The Telegraph reported that a spring listing could be in the offing, with a valuation of more than £370m.

Pi boss, Eben Upton, described the newspaper's article as "interesting" in an email to The Register today, before repeating that "we're always looking at ways to fund the future growth of the business, but the $45m we raised in September has taken some of the urgency out of that."

Continue reading

All change at JetBrains: Remote development now, new IDE previewed

Security, collaboration, flexible working: Fleet does it all apparently

JetBrains has introduced remote development for its range of IDEs as well as previewing a new IDE called Fleet, which will form the basis for fresh tools covering all major programming languages.

JetBrains has a core IDE used for the IntelliJ IDEA Java tool as well other IDEs such as Android Studio, the official programming environment for Google Android, PyCharm for Python, Rider for C#, and so on. The IDEs run on the Java virtual machine (JVM) and are coded using Java and Kotlin, the latter being primarily a JVM language but with options for compiling to JavaScript or native code.

Fleet is "both an IDE and a lightweight code editor," said the company in its product announcement, suggesting perhaps that it is feeling some pressure from the success of Microsoft's Visual Studio Code, which is an extensible code editor. Initial language support is for Java, Kotlin, Go, Python, Rust, and JavaScript, though other languages such as C# will follow. Again like VS Code, Fleet can run on a local machine or on a remote server. The new IDE uses technology developed for IntelliJ such as its code-processing engine for features such as code completion and refactoring.

Continue reading

Nextcloud and cloud chums fire off competition complaint to the EU over Microsoft bundling OneDrive with Windows

No, it isn't the limited levels of storage that have irked European businesses

EU software and cloud businesses have joined Nextcloud in filing a complaint with the European Commission regarding Microsoft's alleged anti-competitive behaviour over the bundling of its OS with online services.

The issue is OneDrive and Microsoft's habit of packaging it (and other services such as Teams) with Windows software.

Nextcloud sells on-premises collaboration platforms that it claims combine "the convenience and ease of use of consumer-grade solutions like Dropbox and Google Drive with the security, privacy and control business needs." Microsoft's cloud storage system, OneDrive, is conspicuous by its absence.

Continue reading

Wind turbine maker Vestas confirms recent security incident <i>was</i> ransomware

10 days after attack 'almost all systems' up and running, refuses to say if ransom was paid

Wind turbine maker Vestas says "almost all" of its IT systems are finally up and running 10 days after a security attack by criminals, confirming that it had indeed fallen victim to ransomware.

Alarm bells rang the weekend before last when the Danish organisation said it had identified a "cyber security incident" and closed off parts of its tech estate to "contain the issue."

Today the business - one of the largest worldwide to design, build, install and maintain wind turbines – said it has undertaken "extensive investigations, forensics, restoration activities and hardening of our IT systems and IT infrastructure."

Continue reading

UK and Ireland S/4HANA migrations accelerated during 2021 COVID-19 lockdowns, figures reveal

User group survey shows concerns linger about support skills for upgrade

UK SAP users stuck with their migrations to S/4HANA during COVID-19 lockdowns this year, according to fresh figures released today. But skills among partners and SAP technical resources are still a worry.

A survey by the UK & Ireland SAP User Group (UKISUG) showed 26 per cent of organisations are now using SAP S/4HANA compared with 16 per cent in the same survey last year.

An increase in 10 points on a survey of 352 SAP user organisations seems reasonably significant, given the nation entered a lockdown on 5 January that did not fully lift until July.

Continue reading

UK Space Agency wants primary school kids to design a logo for first Brit launches

Submissions must create a 'sense of pride.' What could possibly go wrong?

Good news for those in the UK with primary school-aged kids and wondering what to do when the next bout of home-schooling hits: design a logo for the first UK satellite launches.

2022 could be a big year for launching satellites from Blighty's shores as the first launchers gear up for a historic blast-off. Assuming the facilities have been built and all the necessary consents given and boxes ticked.

There are currently seven possible spaceport sites across the UK, from Cornwall in England through Llanbedr in Wales and up to the Western Isles in Scotland. Cash has been lobbed Cornwall's way to support a horizontal launch by Virgin Orbit from Spaceport Cornwall and more toward Scotland for Orbex's ambitions to launch vertically from Sutherland.

Continue reading

Threeshiba: Key Toshiba investor opposes firm's split

3D Investments said plan will result in 'three underperforming companies'

A fund that holds around 7 per cent of Toshiba stock – making it the company's second-largest shareholder – has opposed the Japanese industrial giant's proposed split into three companies, and called for a review of alternative strategies.

A scathing open letter from 3D Investments begins by declaring that the company's "failures of execution and misallocation of capital" are compounded by the board's lack of transparency and have collectively damaged the company's credibility.

The investment firm said Toshiba's strategic review committee (SRC) failed in its attempt to find a plan, with an 8 per cent stock price plunge evidence that the plan to split the company is not a good idea.

Continue reading