The Daily, here.
Showing posts with label platform: business model. Show all posts
Showing posts with label platform: business model. Show all posts
Friday, August 07, 2020
Thursday, July 30, 2020
Tuesday, January 19, 2016
Tuesday, October 20, 2015
UK’s largest online pharmacy fined £130,000 for selling patients’ data to scammers
MedConfidential, here.
ICO's "Monetary Penalty Notice" here.
"35. Pharmacy2U has obtained personal data unfairly because its online registration form and privacy policy did not inform its customers that it intended to sell their details to third party organisations, in addition to sending out its own marketing material. It would not be within a customer’s reasonable expectation that this form of disclosure would occur, even if they were willing to agree to the receipt of marketing material from Pharmacy2U itself. If a customer wished to take up Pharmacy2U’s offer to opt out of “Selected company data sharing”, they also had to go to the trouble of logging into their account and changing the setting.
36. In addition, Pharmacy2U did not provide the further information that was necessary to enable the processing in respect of its customers to be fair.
37. In the circumstances, Pharmacy2U’s customers did not give their informed consent to the sale of their personal data to third party organisations. Therefore Pharmacy2U did not have a lawful basis for processing the data under Part I of Schedule 2 to the DPA.
73. The Commissioner has decided that it is appropriate to issue a monetary penalty in this case, in light of the nature and seriousness of the contravention, Pharmacy2U’s shortcomings in terms of its DPA duties and the risks posed to a number of individuals. He has also considered the importance of monetary penalties in dissuading future contraventions of the DPA and encouraging compliance, in accordance with his policy."
ICO's "Monetary Penalty Notice" here.
"35. Pharmacy2U has obtained personal data unfairly because its online registration form and privacy policy did not inform its customers that it intended to sell their details to third party organisations, in addition to sending out its own marketing material. It would not be within a customer’s reasonable expectation that this form of disclosure would occur, even if they were willing to agree to the receipt of marketing material from Pharmacy2U itself. If a customer wished to take up Pharmacy2U’s offer to opt out of “Selected company data sharing”, they also had to go to the trouble of logging into their account and changing the setting.
36. In addition, Pharmacy2U did not provide the further information that was necessary to enable the processing in respect of its customers to be fair.
37. In the circumstances, Pharmacy2U’s customers did not give their informed consent to the sale of their personal data to third party organisations. Therefore Pharmacy2U did not have a lawful basis for processing the data under Part I of Schedule 2 to the DPA.
73. The Commissioner has decided that it is appropriate to issue a monetary penalty in this case, in light of the nature and seriousness of the contravention, Pharmacy2U’s shortcomings in terms of its DPA duties and the risks posed to a number of individuals. He has also considered the importance of monetary penalties in dissuading future contraventions of the DPA and encouraging compliance, in accordance with his policy."
Subscribe to:
Posts (Atom)
-
Centre for a Digital Society , Video here . These are my very rough talking points on pay or okay in full length (more than I actually had...
-
Arstechnica.co.uk, here .
-
LG Frankfurt am Main, 2-06 O 172/09 (verkündet am 13.05.2009). Lesenswertes aus der Begründung (meine Hervorhebungen): "Vorstellbare ...
-
EPRS, here .
-
Lesechos.fr, ici .
-
Searle Center on Law, Regulation, and Economic Growth, June 4-5 2015, Agenda here .
-
N.Kroes, here .
-
On with Kara Swisher, here .
-
E. Schmidt, here . { " Everything needs to change , so everything can stay the same" }
-
CERRE, Panel here . CERRE Report, here .