A court in the Netherlands has ruled that a Grandmother who shared pictures of her grandchildren on Facebook and Pinterest must take them down under GDPR legislation.
The woman’s daughter claims that she did not give consent for the images to be posted, which ended up with a court battle. The court ruled that the case fell under the European GDPR laws after the woman refused to take down the images.
GDPR rules came into force in 2018, and do not normally apply to personal cases such as this. However, in this case, the court said the images were posted on social media, meaning they were available in the public domain.
The grandmother has been ordered to remove the images or face a €50 (£45) fine for every day that she fails to comply with the order. She could face a maximum fine of up to €1,000 and will be fined an extra €50 per day if she continues to post images of the children in future.
Neil Brown, a technology lawyer at Decoded Legal, told BBC News: “I think the ruling will surprise a lot of people who probably don’t think too much before they tweet or post photos.
“Irrespective of the legal position, would it be reasonable for the people who’ve posted those photos to think, ‘Well, he or she doesn’t want them out there anymore’?”
“The reasonable thing – the human thing to do – is to go and take them down.”
Since the introduction of GDPR, many have been confused by the laws, particularly in regard to individual users posting content online. The rules have a much bigger impact on businesses rather than the public due to the massive fines which companies face.
In February 2019, more than 59,000 data breach notifications had been reported in Europe by public and private organisations since the GDPR came into force, with more than 10,00 occurring in the UK.
- Microsoft Warns of Huge Phishing Campaign Using Excel
- Impact Summit 2020: A Chance for Ethical Businesses to Shine
- Blockchain App Tech Could be Used by the US Department of Defence
In January 2020, European data protection regulators imposed €114 million (£97 million) in fines under GDPR, according to a GDPR Data Breach Survey conducted by law firm DLA Piper, which has an office in Edinburgh.
More than 160,000 data breach notifications were reported across the 28 European Union Member States plus Norway, Iceland, and Liechtenstein.
Patrick Van Eecke, chair of DLA Piper’s international data protection practice, commented at the time: “The early GDPR fines raise many questions. Ask two different regulators about how GDPR fines should be calculated and you will get two different answers.
“We are years away from having legal certainty on this crucial question, but one thing is for certain, we can expect to see many more fines and appeals over the coming years.”