Austrian Post Fined €18m for Non-Compliance with Data Protection Laws
By Melissa Hall, MacRoberts LLP
Last month, Austria’s supervisory authority (“Austrian DPA”) announced that it is imposing a fine of €18 million against Österreichische Post AG (“Austrian Post”) under the EU data protection laws. The Austrian DPA heard evidence that the Austrian Post had used its customers’ personal data (including data related to age, address and gender) to calculate assumed affiliations with political parties, and then sold its findings. The Austrian Post has indicated that it intends to challenge the fine before the Federal Administrative Court.
Facebook Backs Down to ICO After Investigation into Misuse of Personal Data in Political Campaigns
By Rebecca Henderson, MacRoberts LLP
Facebook have agreed to pay the £500,000 monetary penalty issued by the UK data protection authority, the Information Commissioner’s Office (“ICO”). The fine was originally issued by the ICO on 24 October 2018 (under the pre-GDPR legislation) after a yearlong investigation by the ICO into reports that companies such as Facebook (and its processor, Cambridge Analytica) had misused personal data during political elections.
Initially, Facebook appealed the fine and in June this year, the First Tier Tribunal issued an interim decision (that the ICO then appealed) that procedural fairness and reports of bias within the ICO should be considered and dealt with in Facebook’s appeal against the £500,000 fine imposed by the ICO.
On 30 October 2019, the ICO issued a statement (available here) that it had come to an agreement with Facebook where both parties would withdraw their appeals (and pay their own costs) and Facebook would pay the original £500,000 fine levied by the ICO on the condition that Facebook makes no admission of liability in paying such a fine.
Both the ICO and Facebook are committed to continuing investigations into misuse of personal data in connection with political campaigns and/or elections and, with this settlement, Facebook will also gain access to certain documents held by the ICO to allow it to continue internal investigations into Cambridge Analytica and lessons that can be learned from this incident.