INFO5301 Data Privacy and General Data Protection Regulation
1.5 What is the highest fine to date that has been handed out for GDPR non-compliance?
What was the reason of that financial penalty?
1. 746 million euros to Amazon in 2021.
2. 900 million euros to Google in 2020.
3. 405 million euros to Instagram in Jan 2022.
Answer: (1)
The biggest GDPR fine in the regulation’s short history was a penalty handed out to Ama-
zon. In July 2021, Luxembourg’s data protection authority told Amazon it would have to
pay a penalty of 746 million euros, following an investigation into the way the company
processes customer data.
Ref: GDPR Fines: The Biggest Privacy Sanctions Handed Out So Far
1.6 According to Article 5, in digital analytics, how long should data be kept?
Answer: To be defined on a case-by-case basis by each organisation.
In Article 5 of the GPDR, it is specified that data must be kept "for no longer than is neces-
sary for the purposes for which they are processed". It is therefore up to the controller to
determine and justify the duration of the data retention period.
Duration: 20 min
Exercise 2:
The Facebook data privacy scandal centers around the collection of personally identifiable
information of "up to 87 million people" by the political consulting and strategic communi-
cation firm Cambridge Analytica.
Information about the data misuse was disclosed in 2018 by Christopher Wylie, a former
Cambridge Analytica employee, in interviews with The Guardian andThe New York Times .
Reference:
Tech article on Facebook data privacy scandal: A cheat sheet
URL: https://www.techrepublic.com/article/facebook-data-privacy-scandal-a-cheat-sheet/
Research on this data privacy breach and answer the following questions.
2.1 What were the consequences of this privacy breach. How did it happen?
Answer: - Personal information of 87 million Facebook users was collected by a third party
app and shared with Cambridge Analytica which then used the dataset to provide analytical
assistance to 2016 presidential campaigns of Donald Trump.
The Cambridge Analytica portion of the data privacy scandal starts in February 2014. The
company was able to harvest personally identifiable information through a personality quiz
app called thisisyourdigitiallife developed by Aleksandr Kogan, based on the OCEAN per-
sonality model. Information gathered via this app is useful in building a "psychographic"
Information Security Management Page 3of 6