Regulator wants changes in how search results are ranked, and more user control over moving and sharing personal data with third parties.
Data controller
Key questions around informed consent, transparent privacy information, and people's rights over their data have been addressed in the new guidance.
Ineffective response to security alerts, inadequate access controls, lack of active directory tiering, and penetration testing shortcomings all cited as factors.
Failure to adequately monitor the work of third-party agencies and security deficiencies of online portal lead to a €45m ($51m) fine.