The Austrian data protection authority (DSB) has ruled that Microsoft illegally tracked school children via cookies in Microsoft 365 Education without proper consent, violating GDPR. Microsoft must cease this tracking within four weeks, and the decision highlights systemic GDPR compliance issues affecting millions of users across Europe.
No articles specifically tagged for Austria yet. Check our blog for general compliance coverage.
The Austrian Data Protection Authority (DSB) has ruled that Microsoft violated GDPR by installing tracking cookies on school children's devices without proper consent. Microsoft has been ordered to cease tracking within four weeks, with broad implications for organizations using Microsoft 365 across Europe due to enforcement challenges and compliance concerns.
An investigation into Austrian credit agency CRIF reveals widespread misuse of public registries by data brokers for credit scoring, violating GDPR's purpose limitation principle. The case demonstrates increased regulatory scrutiny of data scraping practices and automated scoring systems, highlighting gaps in technical and legal protections against mass data harvesting.
An investigation reveals Austrian data brokers systematically scrape public registries for commercial credit scoring, violating GDPR's purpose limitation principle. The Austrian Data Protection Authority has previously ruled against such practices, and noyb is preparing a class action lawsuit, signaling increased enforcement scrutiny.
noyb has filed two GDPR complaints with the Austrian data protection authority against TikTok, AppsFlyer, and Grindr for unlawful cross-app tracking and incomplete data access responses. The complaints allege processing of sensitive sexual orientation data without consent and violation of data subject access rights, potentially leading to corrective actions and fines under Article 83 GDPR. This enforcement action signals increased regulatory scrutiny of cross-app tracking practices and GDPR compliance obligations.