European parliament found to have broken EU rules on data transfers and cookie consents
News and information from the Advent IM team.
The European Union’s chief data protection supervisor has sanctioned the European Parliament for a series of breaches of the bloc’s data protection rules.
The decision sounds a loud warning to sites and services in the region about the need for due diligence of personal data flows and transfers — including proper scrutiny of any third party providers, plug-ins or other bits of embedded code — to avoid the risk of costly legal sanction. Although the parliament has avoided a financial penalty this time.
The European Data Protection Supervisor’s (EDPS) intervention relates to a COVID-19 test booking website which the European Parliament launched in September 2020 — using a third party provider, called Ecolog.
The website attracted a number of complaints, filed by six MEPs, last year — with the support of the European privacy campaign group noyb — over the presence of third party trackers and confusing cookie consent banners, among a raft of other compliance problems which also included transparency and data access issues.
Read via Yahoo