Nordic electronics retailer Elkjop has been hit with a €1.8 million fine for implementing unlawful consent mechanisms. The penalty came five years after privacy advocates first flagged the practices as violations.
Elkjop's consent system required users to accept non-essential cookies and tracking before accessing services, a practice regulators determined violated EU privacy law. Users were not given genuine free choice, as refusing consent blocked access to core functionality.
The company was warned about these practices years earlier but failed to implement compliant systems. When enforcement finally arrived, the scale of the violation—affecting numerous customers across multiple jurisdictions—resulted in the substantial fine.
The case underscores enforcement gaps in privacy regulation. Despite clear guidance on consent requirements, companies can operate unlawfully for extended periods before facing consequences. GDPR requires affirmative, informed consent with equal friction for accepting and rejecting tracking. Forced consent arrangements that penalize users for privacy choices remain a widespread violation across e-commerce platforms.
Let's Encrypt experienced widespread certificate renewal failures today, according to the service status page. The incident affected numerous users attempting to renew their SSL certificates.
Microsoft has identified a lightweight backdoor malware that targets cryptocurrency wallets and spreads via USB drives. The malware, known as Crypto Clipper, communicates through the Tor network to evade detection.
India's government told the Delhi High Court that Telegram acknowledged its inability to proactively detect channels selling leaked exam papers. The platform was warned two weeks before being blocked in the country.
Australia's communications regulator will require businesses to register their SMS and MMS sender identities. The move aims to combat spam and fraudulent messaging.