The Croatian supervisory authority imposed a fine of €5,470,000 on the debt collection company EOS Matrix.
The grounds for the fine were that the data controller failed to take adequate technical and administrative measures to ensure data security, processed personal data of persons who are not legal representatives of the debtor in debtor-creditor relations without relying on one of the conditions listed in Article 6 of the GDPR, processed health data of data subjects in breach of Article 9 of the GDPR, breached the obligation to provide transparent information to data subjects, and processed data of 49,850 data subjects in breach of general principles by recording telephone conversations without a processing condition.
Last year, Randal Quran Reid was taken into custody by Georgia police because facial recognition technology identified him on a surveillance camera in a stolen credit card case.
Sam Starks, Quran's lawyer for the system that misidentified him in the Louisiana incident, said: 'Even with standards and protocols in place, the use of this technology by law enforcement raises serious civil liberties and privacy concerns.
The lawsuit filed over the incident accuses the detective who conducted the procedures of false arrest, malicious prosecution and negligence, and seeks damages.
The ICO, the UK's data protection authority, has published guidance on how to conduct workplace monitoring lawfully and fairly in both the public and private sectors.
The guidance includes recommendations for lawful monitoring, such as informing employees, using the least intrusive means for the intended purpose, relying on explicit consent or other processing conditions, and keeping information limited to the purpose.
Air Canada announced that an unauthorised group of individuals gained access to the company's internal system and compromised the personal information of an unknown number of employees.
Peter Fitzpatrick, a spokesman for the airline, said no customers' personal information was affected by the breach.
The Norwegian Data Protection Authority has asked the political parties for explanation following complaints from many people who received e-mails from political parties in the run-up to the municipal elections.
The e-mails were sent to residents of Stavanger municipality as part of the municipal elections. The authority then asked the Labour Party, on behalf of the majority parties, to provide an explanation of the purpose and legal basis for the processing. The deadline for responding to this request is 29 September 2023.