The Data Protection Club of L’Usine Digitale brings you the best news from the week of October 7 regarding data protection. On the list: two online foresight companies condemned by the CNIL, the Inter-Ministerial Health Data Strategy Presentation, or even Marriott convicted for repeated data leaks.
-
The CNIL imposes sanctions on two online foresight companies. The National Commission for Information Technologies and Liberties (Cnil) issued two deliberations on September 26 that imposed fines on the companies Cosmospace and Telemaque of €250,000 for the former and €150,000 for the latter.After the inspections, the authority noted several shortcomings, such as the collection of sensitive data without the consent of the persons concerned, the retention of data for an excessive period, the sending of prospecting messages to people who did not express their consent, as well as, in the case of Cosmospace, the systematic recording of telephone calls.
The amount of penalties was determined according to the seriousness of the incidents that were monitored. The joint database between the two companies contains data on more than 1.5 million people. The CNIL also points out that the financial situation of companies was taken into account when deciding on discouraging but proportionate fines.
-
It urged Marriott to strengthen its data security policy. The Federal Trade Commission (FTC), the US federal agency responsible for monitoring compliance with consumer law and anti-competitive business practices, said it is requiring the Marriott hotel chain and its subsidiary Starwood Hotels & Resorts Worldwide to implement a security program to address the accusations. Of data breaches that occurred between 2014 and 2020.Marriott and Starwood have also agreed to provide their U.S. customers with a way to request deletion of personal data associated with their email address or loyalty account number. The company will also be required to audit loyalty accounts at the customer’s request and return stolen loyalty points, the FTC said. In a separate agreement, it agreed to pay a $52 million fine to 49 states and the District of Columbia to resolve similar data security allegations.
-
Collection of personal data: Meta convinces the German antitrust authority to close its proceedings. After several years of proceedings, Meta agreed to take a series of measures to give German users of its social networks more freedom in managing their personal data. This allowed it to escape punishment from the German Competition Authority, which opened a procedure in 2019 preventing it from accessing its users’ information without their consent.