The American company Airbnb has ended the processing of Dutch national identity numbers (BSN) at the insistence of the Dutch data protection authority (Dutch DPA). Airbnb now immediately and automatically deletes the BSN from all digital copies of Dutch identity documents and has deleted all previously collected national identity numbers. The Dutch DPA has received approximately 100 signals from Dutch citizens about the unlawful use of their BSN by Airbnb, and has collaborated with the Irish Data Protection Commissioner to make Airbnb end the infringement.
The Spanish Data Protection Agency (AEPD) just published a resolution imposing fines of €300k to WhatsApp and Facebook each for exchanging, sharing and crossing personal data data without appropriate user consent.
The British Labour party bought data on more than 1 million new and expectant mothers and their children from a leading baby club ahead of the 2017 general election. The Information Commissioner’s Office has issued a notice of intent to fine Emma’s Diary £140,000 for the infraction.
Facebook is to be fined £500,000, the maximum amount possible, for its part in the Cambridge Analytica scandal, the information commissioner has announced. The fine is for two breaches of the Data Protection Act. The Information Commissioner’s Office concluded that Facebook failed to safeguard its users’ information and that it failed to be transparent about how that data was harvested by others.