#63: From Clearview Controversies to Meta Mishaps: Sweden’s GDPR Wins, and Global Fines

In this episode, Jyri, Milla, and Pilvi walk  you through the latest hottest tea in privacy and data protection. First, we turn our attention to the herald of doom itself: Clearview and the actions taken by the Dutch Data Protection Authority (fine of 30,5 million euros and then some). Will the Dutch DPA follow through with going after the management and inflict personal liability the managers or directors of Cleaview? We also explore whether such a grim herald can have any positive aspects. The Dutch DPA suggests that the government could create its own version of Clearview, raising an important question. Should we, as a human society, pursue every technological capability simply because we can? Next, we visit the herald of digital future and all things beautiful, that is of course Sweden. The Swedish data protection authority, IMY, has given out two fines for unfortunate use of Meta pixels by a pharmacy and a bank that led to leaking sensitive personal data to Meta. The cases have some meme aspects (legal said no) but also raise up important questions: what is the root cause? Could Meta’s way of enrolling in updates be the one to blame? What steps to take to ensure your organization’s compliance? Then, we take a look at the latest blog by Anu Talus, the Finnish Data Protection Ombudsman and the the Chair of the European Data Protection Board. She admires Sweden (don’t we all?), who seems to thrive under the GDPR rules whereas Finland’s Data Protection Authority remains under-resourced, raising concerns about its ability to support future demands. She distinctly calls out for the ability to fine the public sector also in Finland (one of the few countries where this isnt possible), and discusses the AI Act. Lastly, we dive into a fast-paced Lightning Round™ of key data protection developments. From the Belgian DPA’s crackdown on dark patterns in cookie consent to fines against Uniqlo by the Spanish DPA (AEPD), and a penalty for Vejen Municipality in Denmark over stolen school laptops, important actions are shaping the landscape. We also explore Liechtenstein’s insights on remote work and This and much more (such as some tips on who to follow on LinkedIn) awaits behind the play-button! Did you enjoy our show? Support us by buying us a coffee here: https://bmc.link/privacypod4u We would love to get feedback – so please tag us, follow us, DM us, or send us traditional email: Twitter: https://twitter.com/PodPrivacy, #privacypod Instagram: @privacypod LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/ Email: [email protected]   Links: Clearview fine: https://www.autoriteitpersoonsgegevens.nl/en/current/dutch-dpa-imposes-a-fine-on-clearview-because-of-illegal-data-collection-for-facial-recognition   Swedish Meta Pixel cases: https://www.imy.se/nyheter/sanktionsavgift-mot-avanza-for-overforing-av-personuppgifter-till-meta/ https://www.imy.se/nyheter/sanktionsavgifter-mot-apoteket-och-apohem-for-overforing-av-personuppgifter-till-meta/   Anu Talus’ blog: https://tietosuoja.fi/-/tekoaly-hoi-missa-suomen-digistrategia-   Belgian DPA’s cookie case: https://www.gegevensbeschermingsautoriteit.be/publications/beslissing-ten-gronde-nr.-113-2024-van-6-september-2024.pdf   Uniqlo fine: https://www.edpb.europa.eu/news/national-news/2024/spanish-supervisory-authority-fined-uniqlo-europe-ltd-violations-article_en   Vejen Municipality fine: https://www.datatilsynet.dk/afgoerelser/afgoerelser/2024/aug/endnu-en-kommune-indstillet-til-boede-for-manglende-kryptering   The DPA of Lichtenstein’s activity report for 2023: https://www.datenschutzstelle.li/application/files/3417/2526/0394/WEB_Datenschutzstelle_Taetigkeitsbericht_2023.pdf