Search results | European Data Protection Board

EDPBI:FR:OSS:D:2025:3488
27 May 2025
… of processing) Article 33 (Notification of a personal data breach to the supervisory authority) Keywords Notification of personal data breach Data security Outcome No sanction Other …
Romanian Supervisory Authority's fine of 9,544.40 lei (EUR 2,000) against Telekom Romania Mobile Communications SA
25 November 2019
News
… Communications SA was sanctioned with a reprimand for the breach of provisions of Article 32 paragraph (1) letter b) … Communications SA could not prove the accuracy of the data processed, which led to the violation of the basic principle for data processing provided by Article 5 paragraph (1) letter …
Guidelines 4/2019 on Article 25 Data Protection by Design and by Default
20 October 2020
Guidelines
… Guidelines 4/2019 on Article 25 Data Protection by Design and by Default 20 October 2020 … Adopted 1 Guidelines 4/2019 on Article 25 Data Protection by Design and by Default Version 2.0 Adopted … appropriate measures designed to prevent and manage data breach incidents; to guarantee the proper execution of data …
EDPBI:EE:OSS:D:2024:445
18 December 2024
… Article 5 (Principles relating to processing of personal data) Article 24 (Responsibility of the controller) Article … of processing) Article 34 (Communication of a personal data breach to the data subject) Keywords Principles …
The Icelandic SA: The University of Iceland fined 1.500.000 ISK for the use of video surveillance
6 September 2023
News
… Article 5 (Principles relating to processing of personal data), Article 12 (Transparent information, communication, … and modalities for the exercise of the rights of the data subject), Article 13 (Information to be provided where … system, unfairly and in an untransparent manner, in breach of Article 5(1)(a), and had not informed the data …
Swedish SA: Administrative fine against two companies in the SL Group
17 July 2025
News
… Article 9 (Processing of special categories of personal data), Article 83 (General conditions for imposing … fines) Decision: Administrative fine Key words: Personal data breach, Sensitive data, Administrative fine, Data retention, … Article 9 (Processing of special categories of personal data), Article 83 (General conditions for imposing …
One-Stop-Shop case digests
… taken by, and involving, different SAs relating to specific data subject rights. The projects are conducted by external … One-Stop-Shop case digest on Security of Processing and Data Breach Notification 18 January 2024 Publication Type: … taken by, and involving, different SAs relating to specific data subject rights. The projects are conducted by external …
Dutch DPA: Orthodontic practice fined for unsecured patient website
10 June 2021
News
… patient website 10 June 2021 Netherlands The Dutch Data Protection Authority (DPA) has imposed a €12,000 fine … website. As a result, patients’ sensitive personal data, such as their citizen service number (BSN), could have … case. If the confidentiality of sensitive personal data is breached, this could put people at serious risk. It could, …
Personalised advertising: French SA fined CRITEO EUR 40,000,000
15 June 2023
News
… and modalities for the exercise of the rights of the data subject), Article 13 (Information to be provided where personal data are collected from the data subject), Article 15 … into CRITEO. Key Findings The French SA found five breaches of the GDPR: Failure to demonstrate that the person …
The French SA fines Clearview AI EUR 20 million
20 October 2022
News
… AI Legal Reference: Lawfulness of processing of personal data (article 6 of the GDPR), Rights of individuals … AI formal notice to cease the collection and use of data of persons on French territory in the absence of a … Key Findings Unlawful processing of personal data (breach of article 6 of the GDPR) Individuals' rights not …
Commercial prospection: the French SA fines TotalEnergies Électricité et Gaz France €1,000,000
6 July 2022
News
… (Article 21), Information to be provided where personal data have not been obtained from the data subject (Article 14), Information, communication and … The amount of this fine was decided in the light of the breaches identified as well as all the measures taken by the …
Italian SA: unfettered employee surveillance to be banned
13 May 2021
News
… 1, letters a) and c) (lawfulness, fairness, transparency; data minimisation); Article 6 (Lawful processing); Article 9 (Processing of special category data); Article 13 (Information); Article 35 (DPIA); Article … nature of the information that had been processed in breach of the law. Additionally, the municipality was …
EDPB informs stakeholders about the implications of the DPF and adopts a statement on the first review of the Japan adequacy decision
19 July 2023
News
… information note for individuals and entities transferring data to the U.S.. This note aims to provide concise and … to the U.S., the redress mechanisms available under the Data Privacy Framework (DPF), and the new redress mechanism … a processing, the strengthening of the duty to notify data breaches to the Japanese data protection authority and to …
Polish SA: administrative fine of EUR 1 170 for Social Welfare Centre and EUR 2 341 EUR for Mayor of Aleksandrów for ignoring the risk of ransomware attack
25 September 2025
News
… Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 28 … processing), Article 33 (Notification of a personal data breach to the supervisory authority) Decision: …
The Belgian Supervisory Authority sanctions telecom operator for 14 months late reply to a right to access request
2 September 2024
News
… and modalities for the exercise of the rights of the data subject), Article 15 (Right to access by the data subject) Decision: Administrative fine Key words: … the modalities of the right to access, the defendant has breached the articles 12.2, 12.3 et 15 GDPR because of the …
Decision by the Austrian SA against Clearview AI Infringements of Articles 5, 6, 9, 27 GDPR
12 May 2023
News
… Infringement of the GDPR, Order to erase complainant’s data, Order to name an Article 27 representative Key words: Facial recognition; biometric data Summary of the Decision Origin of the case … The permanent storage of personal data also constitutes a breach of data minimisation principle. Article 9(1): The …
Polish SA: administrative fine of 262 500 € for hidden video surveillance in neonatology department and failure to implement appropriate security measures
2 May 2025
News
… Article 5 (Principles relating to processing of personal data), Article 6 (Lawfulness of processing), Article 9 (Processing of special categories of personal data), Article 13 (Information to be provided where … to the President of the Personal Data Protection Office a breach involving the loss or theft of memory cards from the …
Polish SA: administrative fine of 54 600 € for failure to implement appropriate technical and organisational measures to ensure a level of security
28 November 2024
News
… Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 … Article 5 (Principles relating to processing of personal data) Decision: Administrative fine, Compliance order Key … Administrative fine, Data subject rights, Personal data breach, Principles relating to processing of personal data, …
Guidelines 3/2019 on processing of personal data through video devices
12 July 2019
Guidelines
… Guidelines 3/2019 on processing of personal data through video devices Guidelines 3/2019 on processing of personal data through video devices The European Data Protection Board welcomes comments on the Guidelines … 09-10 July 2019 Guidelines 3/2019 on processing of personal data through video devices Version for public consultation …
Guidelines 2/2020 on articles 46 (2) (a) and 46 (3) (b) of Regulation 2016/679 for transfers of personal data between EEA and non-EEA public authorities and bodies
24 February 2020
Guidelines
… 46 (3) (b) of Regulation 2016/679 for transfers of personal data between EEA and non-EEA public authorities and bodies … 46 (3) (b) of Regulation 2016/679 for transfers of personal data between EEA and non-EEA public authorities and bodies … Guidelines Topics: Administrative arrangement The European Data Protection Board welcomes comments on the Guidelines …