Search results

  • EDPBI:FR:OSS:D:2024:1411

    19 August 2024
    … of the controller) Article 33 (Notification of a personal data breach to the supervisory authority) Keywords Accountability Personal data breach Outcome Dismissal/Rejection of the case …

  • The French Supervisory Authority fines ORANGE €50 million

    23 January 2025
    News
    … spite of user consent withdrawal (Article 82 of the French Data Protection Act) Decision: Infringement of the French … Electronic Communications Code, Infringement of the French Data Protection Act, Administrative fine Key words: … spite of user consent withdrawal   Decision For these two breaches, the restricted committee decided to impose a …

  • EDPBI:DEHE:OSS:D:2020:162

    11 November 2020
    … of processing) Article 33 (Notification of a personal data breach to the supervisory authority) Article 34 (Communication of a personal data breach to the data subject) Keywords Data security …

  • EDPBI:NO:OSS:D:2021:219

    12 May 2021
    … of processing) Article 33 (Notification of a personal data breach to the supervisory authority) Keywords Data security Personal data breach Outcome No violation …

  • EDPBI:NO:OSS:D:2023:850

    21 June 2023
    … Article 5 (Principles relating to processing of personal data) Article 32 (Security of processing) Article 33 (Notification of a personal data breach to the supervisory authority) Keywords Data

  • Belgian DPA fine for unlawful processing of video images

    25 November 2020
    News
    … a fine of 1,500 EUR for unlawful processing of personal data made via a video surveillance system. The positioning … this video system also constituted an infringement of the data protection by design principle, the DPA concluded.   … resulted in the decision that a priori analysed potential breaches of the GDPR. Decision of the Litigation Chamber The …

  • Polish DPA imposes a fine on Warsaw University of Technology for not complying with its obligation

    14 January 2022
    News
    … Legal Reference: Principles (Art. 5(1)(f), Art. 5(2)), Data protection by design and by default (Art. 25(1)), … fine issued Key words: principles, processing, security, data protection   Summary of the Decision   Origin of the … after the Polish Data Protection Authority received a data breach notification. As it was indicated, an unauthorized …

  • Clubhouse fined EUR 2 million by the Italian SA

    20 January 2023
    News
    … Reference: Principles relating to processing of personal data (Article 5(1)(a)(e); Lawfulness of processing (Article … and modalities for the exercise of the rights of the data subject (Article 12); Information to be provided where … failure to designate a representative in the EU in breach of Article 27(4); failure to carry out a DPIA with …

  • The Romanian National Supervisory Authority sancions SC CNTAR TAROM SA

    7 November 2019
    News
    … with Article 32 paragraphs (1) and (2) of the General Data Protection Regulation. The investigation was carried out as a result of a data breach notification of the supervisory authority by SC … with Article 32 paragraphs (1) and (2) of the General Data Protection Regulation. The investigation was carried …

  • Guidelines 2/2020 on articles 46 (2) (a) and 46 (3) (b) of Regulation 2016/679 for transfers of personal data between EEA and non-EEA public authorities and bodies

    24 February 2020
    Guidelines
    … 46 (3) (b) of Regulation 2016/679 for transfers of personal data between EEA and non-EEA public authorities and bodies … 46 (3) (b) of Regulation 2016/679 for transfers of personal data between EEA and non-EEA public authorities and bodies … Guidelines Topics: Administrative arrangement The European Data Protection Board welcomes comments on the  Guidelines …

  • EDPBI:EE:OSS:D:2024:445

    18 December 2024
    … Article 5 (Principles relating to processing of personal data) Article 24 (Responsibility of the controller) Article … of processing) Article 34 (Communication of a personal data breach to the data subject) Keywords Principles …

  • Swedish SA: Administrative fine against two companies in the SL Group

    17 July 2025
    News
    … Article 9 (Processing of special categories of personal data), Article 83 (General conditions for imposing … fines) Decision: Administrative fine Key words: Personal data breach, Sensitive data, Administrative fine, Data retention, … Article 9 (Processing of special categories of personal data), Article 83 (General conditions for imposing …

  • Norwegian DPA issues fine to Coop Finnmark

    11 February 2021
    News
    … fine to Coop Finnmark 11 February 2021 Norway The Norwegian Data Protection Authority has issued a fine in the amount of … in this case. Lacked legal basis All processing of personal data requires a legal basis in order to be lawful. After … explains. This case was reported as a personal data breach notification from Coop Finnmark AS on April 10th …

  • EDPBI:DEBB:OSS:D:2020:145

    13 October 2020
    … reference Article 6 (Lawfulness of processing) Keywords Data security E-Commerce Legitimate interest Privacy … Brandenburg Commissioner for Data Protection and Access to Information Stahnsdorfer Damm … mitiga- tion and investigation of fraud attempts, security breaches and other prohi- bited or illegal activities in …

  • Personalised advertising: French SA fined CRITEO EUR 40,000,000

    15 June 2023
    News
    … and modalities for the exercise of the rights of the data subject),  Article 13 (Information to be provided where personal data are collected from the data subject),  Article 15 … into CRITEO.   Key Findings The French SA found five breaches of the GDPR: Failure to demonstrate that the person …

  • Final decision of Hungarian Supervisory Authority about infringement of Article 26 of the GDPR caused by a foundation

    3 January 2024
    News
    … 2023 Cross-border case Hungarian National Authority for Data Protection and Freedom of Information (Hungarian … Supervisory Authority, SA) and CSAs: Office for Personal Data Protection of the Slovak Republic (Slovak Supervisory … respective responsibilities.  , The Foundation was found in breach of Article 26(1) of the GDPR, as the cooperation …

  • The Icelandic SA: The University of Iceland fined 1.500.000 ISK for the use of video surveillance

    6 September 2023
    News
    … Article 5 (Principles relating to processing of personal data), Article 12 (Transparent information, communication, … and modalities for the exercise of the rights of the data subject),  Article 13 (Information to be provided where … system, unfairly and in an untransparent manner, in breach of Article 5(1)(a), and had not informed the data

  • The CNIL’s restricted committee imposes a financial penalty of 50 Million euros against GOOGLE LLC

    21 January 2019
    News
    … the company GOOGLE LLC, in accordance with the General Data Protection Regulation (GDPR), for lack of transparency, … ads personalization. On 25 and 28 May 2018, the National Data Protection Commission (CNIL) received group complaints … the CNIL’s restricted committee responsible for examining breaches of the Data Protection Act observed two types of …

  • One-Stop-Shop case digests

    … taken by, and involving, different SAs relating to specific data subject rights. The projects are conducted by external … One-Stop-Shop case digest on Security of Processing and Data Breach Notification 18 January 2024 Publication Type: … taken by, and involving, different SAs relating to specific data subject rights. The projects are conducted by external …

  • Monitoring employees and broadcasting CCTV footage: Slovenian SA fines DODO PIZZA

    4 November 2024
    News
    … Decision: Compliance order, Definitive limitation data processing, Administrative fine Key words: CCTV, … business model. Key findings The Slovenian SA found two breaches in the inspection proceeding. First, unlawful CCTV … people or property (violation of Article 78 of the national Data Protection Act). And second, these CCTV footages were …