Search results | European Data Protection Board

Hellenic SA fines Debt Management Company for unlawful processing of personal data and non-essential examination of rights to object and erasure
12 September 2022
News
… Right to object (Article 21) Decision: Infringement of the GDPR, Administrative fine Key words: Unlawful processing, … rights, in breach of the provision of Article 12(2) of the GDPR, and that the processing in question took place without … of the provisions of Articles 5(1)(a), 5(2) and (6) of the GDPR. Decision The Hellenic SA imposed a fine of EUR …
Health data breach: Dedalus Biologie fined 1.5 million euros
4 May 2022
News
… the authority of the controller or processor (Article 29 GDPR), Security of processing (Article 32 GDPR), Processor (Article 28 GDPR) Decision: Administrative fine Key words: Health data …
Polish SA imposed a fine for processing without legal basis
30 November 2022
News
… case: National case Legal references: Article 6 (1) GDPR (Lawfulness of processing), Article 5 (1) (a) GDPR (Principles relating to processing of personal data), Article 9 (1) and (2) GDPR (Processing of special categories of personal data), …
Belgian DPA imposed a fine of 1,000 EUR on an association that sent direct marketing messages to (former) donors for fundraising
26 June 2020
News
… on the basis of its legitimate interest (Article 6.1, f) GDPR), sent direct marketing messages to (former) donors for … subject to the data controller pursuant to Article 17.1 GDPR and its right to object pursuant to Article 21.2 GDPR. The Litigation Chamber decided that the data …
Employee monitoring: French SA fined Amazon France Logistique €32 million
23 January 2024
News
… Key Findings The French SA found several breaches of the GDPR regarding: Warehouse stock and order management: … with the principle of data minimisation (Article 5.1.c GDPR). Failure to ensure lawful processing (Article 6 GDPR) by using three indicators which are illegal: the "Stow …
EDPB plenaries, subgroups and taskforces
… under authorities in third countries, under the GDPR Passenger Name Records (PNR) Border controls … focus on cooperation and consistency mechanism under the GDPR and related legislative developments Procedural questions concerning Article 56 GDPR and Chapter VII (Section 1 and 2) GDPR Procedural …
French SA fines Cityscoot 125 000€
29 March 2023
News
… Legal Reference: Data minimisation (article 5.1.c of the GDPR), Contractual framework between the controller and processors (article 28.3 of the GDPR), Inform and collect user consent before writing and … French Data Protection Act) Decision: Infringement of the GDPR, Infringement of the French Data Protection Act, …
Polish SA imposed a fine for lack of cooperation with the supervisory authority
23 March 2022
News
… national case: National case Legal references: Article 31 GDPR(Co-operation with the supervisory authority), Article 58 (1) (e) GDPR, Article 58 (2) (i) GDPR, Article 83 (1-3) and (5) (e) GDPR (General conditions …
Administrative fine for housing association for lack of personal data breach notification to the Polish SA
1 March 2023
News
… case Legal references: Article 83 (1), (2), (4) (a) GDPR (General conditions for imposing administrative fines), Article 57 (1) (a) and (h) GDPR, Article 58 (2) (e) and (i) GDPR, Article 33 (1) GDPR (Notification of a personal data …
Belgian DPA imposes €20.000 fine on Proximus for several data protection infringements
20 August 2020
News
… the e-Privacy Directive forms lex specialis vis-à-vis the GDPR (as lex generalis), as stated in article 95 GDPR, the provisions with regard to consent of the GDPR remain applicable as preconditions for lawful …
The Icelandic SA: The University of Iceland fined 1.500.000 ISK for the use of video surveillance
6 September 2023
News
… not complied with data protection principles in Article 5 GDPR and not informed the data subjects about processing in accordance with Article 12 and 13 GDPR. Key Findings Failure to comply with the obligation … fairly and in a transparent manner (Article 5(1)(a) GDPR) Failure to inform the data subjects about processing …
EDPB Statement : EDPB cooperation on the elaboration of guidelines
16 December 2021
Statements
… law. In seeking to ensure the consistent application of the GDPR, the process leading to consensus or majority positions … law and procedures. Within the framework provided by the GDPR, the Members of the Board work together in a respectful … that hold one position or another – it is simply the GDPR working as intended. In this regard, although not …
Boosting enforcement and cooperation - EDPB sets out priorities
22 February 2023
News
… by national DPAs via binding decisions under Art. 65 GDPR and to advise the EU legislator on data protection … further guidance and develop awareness-raising tools on the GDPR for a wider audience. Furthermore, the EDPB intends to … such as on the interplay between the AI Act and the GDPR and on the use of social media by public bodies. … The …
The Lithuanian SA adopted a decision on the actions of the organisation on the processing of children’s image data
26 January 2023
News
… a legal basis for the processing of data (Article 6(1)(a) GDPR), conditions for consent (Article 7 GDPR) Decision: The complaint was found to be well-founded … the corrective actions provided for in Article 58(2) of the GDPR have been taken Summary of the Decision Origin of …
Company offering electronic communication services – no complete information of the data subjects & no sufficient technical and organisational measures
22 January 2024
News
… order to verify the compliance with the provisions of the GDPR, and more precisely concerning the legal basis of the … that the data controller violated article 13.1.e) of the GDPR (no information about the recipients of the personal … the CNPD identified a violation of article 24.1 of the GDPR (responsibility of the data controller), as personal …
Lithuanian SA: fine of € 2 385 276 on Vinted, UAB (company)
26 July 2024
News
… the company to applicants (infringements of Article 5(1)(a) GDPR (principles of fairness and transparency, Article 12(1) and (4) GDPR); processing in the context of a company’s ‘shadow … (infringements of lawfulness principle, Article 5(1)(a) GDPR and Article 6(1) GDPR); improper implementation of the …
Hungarian SA’s decision on the handling of access request by an airline company
7 December 2023
News
… can therefore be lawful only if it has a legal basis under GDPR Article 6(1). Where the processing also involves … the controller must have a legal basis under Article 6(1) GDPR or the processing must also comply with one of the situations set out in Article 9(2) GDPR. The reply of the Company to the request of access …
Hungarian SA’s decision: failure by an airline company to comply with an erasure request concerning an email address used for direct marketing
2 February 2024
News
… request, hence the Company breached Article 12(3) of GDPR when they failed to meet the Complainant’s erasure … right to erasure according to Article 17(1)(b) of GDPR. The Company also failed to meet the requirements of … database, so the Company breached Article 25(1) of GDPR. Decision The Authority established that the Company …
Italian SA bans use of Google Analytics: no adequate safeguards for data transfers from Caffeina Media S.r.l. to the U.S.
30 June 2022
News
… (Articles 44 and 46). Decision: infringement of the GDPR; order to comply; order to suspend data flows to U.S.; … data transfers despite their being in violation of the GDPR. Key Findings: The Italian SA found that Caffeina … be transferred to the U.S. in violation of Chapter V of the GDPR, since the measures adopted by Google to supplement the …
The Lithuanian SA adopted a decision on the processing of personal data for the purpose of direct marketing
26 January 2023
News
… of legality, fairness and transparency (Art. 5(1)(a) of GDPR), consent of the data subject (Art. 7(2) of GDPR), direct marketing (Art. 81(1) of ECL) Decision: The … was upheld, infringements of Art. 5(1)(a) and Art. 7(2) of GDPR and Art. 81(1) ECL Summary of the Decision Origin …