European parliament found to have broken EU rules on data transfers and cookie consents
News and information from the Advent IM team.
- by Olivia Lawlor-Blackburn
- Industry News
The European Union’s chief data protection supervisor has sanctioned the European Parliament for a series of breaches of the bloc’s data protection rules.
The decision sounds a loud warning to sites and services in the region about the need for due diligence of personal data flows and transfers — including proper scrutiny of any third party providers, plug-ins or other bits of embedded code — to avoid the risk of costly legal sanction. Although the parliament has avoided a financial penalty this time.
The European Data Protection Supervisor’s (EDPS) intervention relates to a COVID-19 test booking website which the European Parliament launched in September 2020 — using a third party provider, called Ecolog.
The website attracted a number of complaints, filed by six MEPs, last year — with the support of the European privacy campaign group noyb — over the presence of third party trackers and confusing cookie consent banners, among a raft of other compliance problems which also included transparency and data access issues.
Read via Yahoo