Data Protection News Roundup – 14th May 2019

Who’s getting it wrong?

The Turkish Personal Data Protection Authority has fined Facebook 1.65 million Turkish lira (around £213,000) for an API bug that exposed personal photos of 300,000 Turkish users.

Paint manufacturer Farrow and Ball has lost its appeal against a fine issued by the ICO for non-payment of the annual data protection fee. The company had appealed its £4,000 fine on a number of grounds including that the person responsible was on holiday. The first-tier tribunal accepted that although the non-payment was an oversight, the company should have had measures in place to prevent this happening. The ICO said: “Controllers are given adequate opportunity to pay the fee to the ICO before they are issued with a fine. Being on holiday is no excuse.” Under the GDPR, all UK based organisations are required to pay an annual data protection fee ranging from £40 to £2,900, depending on number of employees and annual turnover.

The Scottish National party faces being fined for a breach of data protection laws after sending out tens of thousands of European election mailings to the wrong addresses. The Information Commissioner’s Office confirmed on Friday morning that it was investigating following the SNP’s self-referral after voters across Scotland received letters addressed to strangers or neighbours. The election letters were signed by the SNP leader, Nicola Sturgeon, and urged voters to back the party on 23rd May. The wrong recipients included Monica Lennon, a Labour MSP, who did not recognise the person Ms Sturgeon was addressing.



Other News

Verizon’s head of global security services, Bryan Sartin, has said that data breached are a “time bomb” under companies that let customer information go astray and he is “surprised” more breaches had not become public. He was speaking following the publication of the annual Verizon Data Breach Investigations Report. The report logs information about more than 40,000 incidents such as spam and malware campaigns.

Key takeaways from the report: 

  • A positive trend the report highlighted is a fall in people falling victim to booby-trapped emails, 3% of those targeted compared with 12% the year before.
  • C-level executives are 12 times more likely to be the target of security incidents and 9 times more likely to be the target of data breaches than in last year’s report.
  • 43% of all breaches occurred at small businesses
  • Financial gain remains the top driver of all data breaches at 71%
  • 69% of breaches are from outsider threats with insiders accounting for 34%.
  • 56% of data breaches took months of longer to discover.

Read the report here.

WhatsApp is urging users to update their app to the latest version to avoid falling victim to a breach discovered last month. Cyber attackers were able to install spyware on WhatsApp through its voice call function. Read more here.

According to a recent survey by anonymous workplace chat platform, Blind, 53.5% of tech employees strongly agree that their company makes customer data protection a top priority. Apple had the highest employee confidence with 93.4% of employees answering “Strongly Agree” or “Agree”. Read more here.


Uber drivers are threatening to take legal action over claims the company has refused to disclose the personal data it holds about them under the GDPR. According to drivers and data access campaign group Worker Info Exchange, the ride-hailing app is “withholding” GPS, rating and profiling data, and has failed to explain how it uses their personal data in its work allocation algorithms. Read more here.


Leave a reply

You must be logged in to post a comment.