Search results | European Data Protection Board

Data brokers: French SA fined Tagadamedia €75,000
2 February 2024
News
… to be collected in compliance with the requirements of the GDPR. During the investigations, the company provided the … of any legal basis. The French SA found two breaches of the GDPR: Failure to comply with the obligation to have a legal basis for the processing of data (Article 6 of the GDPR) Failure to comply with the obligation to implement a …
Databeskyttelsesrådet vedtager en erklæring om alderssikring, opretter en taskforce om håndhævelse af kunstig intelligens og fremsætter henstillinger til WADA
12 February 2025
Press releases
… Databeskyttelsesrådets formand, Anu Talus, udtaler: "GDPR er en retlig ramme, der fremmer ansvarlig innovation. GDPR er udformet med henblik på at opretholde høje … den internationale standard for databeskyttelse (ISDP) med GDPR. Antidopingkodekset og -standarderne bør sikre, at de …
EDPB Video
22 May 2019
News
… EDPB Video 22 May 2019 EDPB 1 year ago, the GDPR entered into application, but what has changed for you? … 1 year ago, the GDPR entered into application, but what has changed for you? …
Data scraping: French Supervisory Authority fined KASPR €240 000
23 January 2025
News
… Key Findings The CNIL found several breaches of the GDPR: Failure to comply with the obligation to have a legal basis (Article 6 of the GDPR) Failure to comply with the obligation to define and … to the purpose of the processing (Article 5-1-e of the GDPR) Failure to comply with the obligation to provide …
Data scraping: French SA fined KASPR €200 000
9 January 2025
News
… Key Findings The CNIL found several breaches of the GDPR: Failure to comply with the obligation to have a legal basis (Article 6 of the GDPR) Failure to comply with the obligation to define and … to the purpose of the processing (Article 5-1-e of the GDPR) Failure to comply with the obligation to provide …
The Belgian Data Protection Authority has issued a warning and reprimand to a regional public environmental institution for wrongful processing of personal data from the National Register.
7 October 2020
News
… Register, constitutes unlawful processing (article 6.1 GDPR), as the legal ground for the processing activities in … carrying out a task in the public interest (article 6.1.e. GDPR), and this processing in concreto was not necessary to … data minimisation (resp. article 5.1.d. and article 5.1.c. GDPR.), which means the institution breaches these …
Databeskyttelsesrådet bidrager til evalueringen af retshåndhævelsesdirektivet og vedtager henstillinger om anvendelsen af bindende virksomhedsregler for databehandlere
19 January 2026
Press releases
… for retshåndhævelsesdirektivet, navnlig dets grænse til GDPR, og om mere grundigt at tackle de udfordringer, der er … der i det væsentlige svarer til det, der er fastsat i GDPR. De nye anbefalinger bygger på de aftaler, der er … for konkrete BCR-P-ansøgninger siden ikrafttrædelsen af GDPR, samt på det arbejde, der er udført i forbindelse med …
Hellenic SA: Ex officio audit of processing of personal data in the context of COVID-19 self-test result declaration
12 September 2022
News
… Affairs, Greek Seamen’s Fund (NAT) Legal Reference: GDPR: Principles relating to processing of personal data … assessment (Article 35) Decision: Infringement of the GDPR, Reprimand, Administrative fines Key words: Ex officio … (SA), in exercising its ex officio competence under the GDPR and the national Law 4624/2019 , examined the …
Whistle-blowing without privacy: the Italian SA fines hospital and IT service provider
10 June 2022
News
… of the whistle-blowing management system Legal Reference: GDPR: Art. 5, para. 1, letters a) and f) (lawfulness, … of processing); Art. 35 (DPIA). Decision: finding of GDPR infringement; imposition of administrative fine. Key … activity was found in the record referred to in Article 30 GDPR; the authentication credentials enabling the …
The Cypriot Supervisory Authority banned the processing of an automated tool, used for scoring sick leaves of employees, known as the "Bradford Factor’’ and subsequently fined the controller
27 January 2020
News
… of personal data", as defined under Article 9(1) of the GDPR. Providing personal data to an automated system, … needs to be in line with the principles defined in the GDPR. The controller carried out an impact assessment of the … issues with specific rules in line with article 88 of the GDPR. After assessing all the elements gathered for the …
TikTok pålagt at sætte en stopper for brug af urimelig designpraksis over for børn efter afgørelse fra Databeskyttelsesrådet
15 September 2023
News
… i henhold til den generelle forordning om databeskyttelse (GDPR). Databeskyttelsesrådets afgørelse blev truffet den … praksis tilsidesatte princippet om rimelighed i henhold til GDPR. Databeskyttelsesrådet pålagde derfor den irske … denne tilsidesættelse, samt at pålægge TikTok at overholde GDPR ved at sætte en stopper for brugen af en sådan …
Polish SA: administrative fine of EUR 4 022 773 for McDonald’s Polska sp. z o.o. and EUR 43 680 for 24/7 Communication Sp. z o.o. for negligence in risk analysis and safeguards
25 September 2025
News
… was signed, despite the fact that in accordance with the GDPR (Art. 28 (4) and (9)) and the concluded obligation … concerning the protection of personal data (Article 38 (1) GDPR). In McDonald’s, the DPO was not involved in the … fine of 387 738 € for infringement of Article 28 (1) of the GDPR, EUR 3 231 143 for infringement of Article 24 (1), 25 …
European Data Protection Board - 43rd Plenary session
16 December 2020
News
… adopted an information note on data transfers under the GDPR after the Brexit transition period ends . The EDPB … on restrictions of data subject rights under Article 23 GDPR . The guidelines aim to recall the conditions … in light of the Charter of Fundamental Rights and the GDPR. They provide a thorough analysis of the criteria to …
Det Europæiske Databeskyttelsesråd — 35. plenarmøde: Orienterende note om bindende virksomhedsregler med den britiske tilsynsmyndighed som ledende myndighed
23 July 2020
News
… betragtes som kompetent tilsynsmyndighed i henhold til GDPR ved udløbet af overgangsperioden, vil de afgørelser om … er truffet af den britiske tilsynsmyndighed i henhold til GDPR, ikke længere have retsvirkning i EØS-området. Desuden … er godkendt af den britiske tilsynsmyndighed i henhold til GDPR, vil kræve, at den nye ledende EØS-tilsynsmyndighed for …
Eighteenth Plenary Session: adopted documents
24 February 2020
News
… documents: EDPB Contribution to the evaluation of the GDPR under Article 97 Guidelines on Articles 46 (2) (a) and … documents: EDPB Contribution to the evaluation of the GDPR under Article 97 Guidelines on Articles 46 (2) (a) and …
Romanian Supervisory Authority sanction on data controller UTTIS INDUSTRIES SRL
1 July 2019
News
… Euros) for the infringement of provisions of Article 12 of GDPR and; a fine of 7100.55 lei (the equivalent of 1500 … of Article 5 (1) letter c) in conjunction with Article 6 of GDPR. The sanctions were applied to the data controller … number, by disclosure, according to Article 6 of GDPR. The National Supervisory Authority applied the …
Norwegian DPA: Order to improve solutions for consent
1 July 2021
News
… the requirements of the General Data Protection Regulation (GDPR). This is in response to a complaint from an … that this type of obtaining consent is in violation of the GDPR. The regulation requires consent to be freely given and specific. “It is a basic requirement of the GDPR that consent for processing of personal data must be …
Thirty-second plenary session: Statement on the interoperability of contact tracing applications, statement on the opening of borders and data protection rights, response letters to MEP Körner on laptop camera covers and encryption and letter to the Commi
17 June 2020
Press releases
… two letters to MEP Körner - on encryption and on Article 25 GDPR - and a letter to CEAOB on PCAOB arrangements. The EDPB … necessary in this context. The statement also addresses the GDPR principles that Member States need to pay special … encryption would seriously undermine compliance with GDPR security obligations applicable to controllers and …
The French SA fines CALOGA €80 000
5 June 2025
News
… consent, in compliance with the requirements of the GDPR, which would have formed the basis for the prospecting … (Article L. 34-5 of the CPCE as referred to in Article 7 of GDPR): under the system implemented by CALOGA, it was not … to have a legal basis for processing data (Article 6 of the GDPR): As part of its activity as a data broker, the company …
Polish DPA: Withdrawal of consent shall not be impeded
6 November 2019
News
… of processing of personal data, specified in the GDPR. The President of the Personal Data Protection Office … actions were also inconsistent with Article 7(3) of the GDPR. The company did not take into account the principle … of the subject rights, as required by Article 12(2) of the GDPR. The proceedings of the President of PDPO established …