Search results | European Data Protection Board

Polish SA: administrative fine of EUR 1 170 for Social Welfare Centre and EUR 2 341 EUR for Mayor of Aleksandrów for ignoring the risk of ransomware attack
25 September 2025
News
… Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 28 … processing), Article 33 (Notification of a personal data breach to the supervisory authority) Decision: …
EDPB informs stakeholders about the implications of the DPF and adopts a statement on the first review of the Japan adequacy decision
19 July 2023
News
… information note for individuals and entities transferring data to the U.S.. This note aims to provide concise and … to the U.S., the redress mechanisms available under the Data Privacy Framework (DPF), and the new redress mechanism … a processing, the strengthening of the duty to notify data breaches to the Japanese data protection authority and to …
Italian SA: unfettered employee surveillance to be banned
13 May 2021
News
… 1, letters a) and c) (lawfulness, fairness, transparency; data minimisation); Article 6 (Lawful processing); Article 9 (Processing of special category data); Article 13 (Information); Article 35 (DPIA); Article … nature of the information that had been processed in breach of the law. Additionally, the municipality was …
Decision by the Austrian SA against Clearview AI Infringements of Articles 5, 6, 9, 27 GDPR
12 May 2023
News
… Infringement of the GDPR, Order to erase complainant’s data, Order to name an Article 27 representative Key words: Facial recognition; biometric data Summary of the Decision Origin of the case … The permanent storage of personal data also constitutes a breach of data minimisation principle. Article 9(1): The …
Polish SA: administrative fine of 262 500 € for hidden video surveillance in neonatology department and failure to implement appropriate security measures
2 May 2025
News
… Article 5 (Principles relating to processing of personal data), Article 6 (Lawfulness of processing), Article 9 (Processing of special categories of personal data), Article 13 (Information to be provided where … to the President of the Personal Data Protection Office a breach involving the loss or theft of memory cards from the …
The Belgian Supervisory Authority sanctions telecom operator for 14 months late reply to a right to access request
2 September 2024
News
… and modalities for the exercise of the rights of the data subject), Article 15 (Right to access by the data subject) Decision: Administrative fine Key words: … the modalities of the right to access, the defendant has breached the articles 12.2, 12.3 et 15 GDPR because of the …
Polish SA: administrative fine of 54 600 € for failure to implement appropriate technical and organisational measures to ensure a level of security
28 November 2024
News
… Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 … Article 5 (Principles relating to processing of personal data) Decision: Administrative fine, Compliance order Key … Administrative fine, Data subject rights, Personal data breach, Principles relating to processing of personal data, …
The Norwegian Supervisory Authority’s fines Lillestrøm Municipal Council
5 May 2022
News
… and fine imposed Key words: special categories of personal data, unauthorised access Summary of the Decision Origin … of 21 attachments contained special categories of personal data, see Article 9 (1) of the GDPR. The municipality … Authority also received notice of a personal data breach from Lillestrøm Municipal Council on 29 September. …
Guidelines 3/2019 on processing of personal data through video devices
12 July 2019
Guidelines
… Guidelines 3/2019 on processing of personal data through video devices Guidelines 3/2019 on processing of personal data through video devices The European Data Protection … A company is experiencing difficulties with security breaches in their public entrance and is using video …
BfDI imposes Fines on Telecommunications Service Providers
18 December 2019
News
… 18 December 2019 Germany The Federal Commissioner for Data Protection and Freedom of Information (BfDI) imposed a … another case, the BfDI imposed a fine of EUR 10. 000 on Rapidata GmbH. Concerning this matter, the Federal Commissioner … The BfDI considers this authentication procedure to be in breach of Article 32 of the GDPR which obliges the company …
Italian SA bans remote surveillance of customer care employees
28 October 2021
News
… Reference: GDPR: Article 5 (Principles applying to personal data processing); Article 6 (Lawfulness of processing); … service; inbound calls management; trade union agreements; data minimization Summary of the … found that the company had processed its employees’ data in breach of sector-specific national law and the general …
EDPB adopts first Art. 65 decision
10 November 2020
News
… after the company notified the Irish SA of a personal data breach on 8 January 2019. In May 2020, the Irish SA shared … the role of Twitter International Company as the (sole) data controller, and the quantification of the proposed …
Commercial prospecting: French SA fined CEGEDIM SANTÉ EUR 800 000
17 September 2024
News
… Article 5 (Principles relating to processing of personal data) Decision: Administrative fine Key words: Health … had processed, without authorisation, non-anonymous health data, transmitted to its customers in order to carry out … of April 10, 2014). Then, the French SA found two breaches: Failure to comply with the obligation to carry out …
EDPBI:DEBB:OSS:D:2020:145
13 October 2020
… reference Article 6 (Lawfulness of processing) Keywords Data security E-Commerce Legitimate interest Privacy … Decision 80.7KB Download … Brandenburg Commissioner for Data Protection and Access to Information Stahnsdorfer Damm … mitiga- tion and investigation of fraud attempts, security breaches and other prohi- bited or illegal activities in …
French SA: Cookies placed without consent: SHEIN fined 150 000 000 EUR by the CNIL
4 September 2025
News
… STYLES SERVICES CO. LIMITED Legal Reference: The French Data Protection Act (Article 82): failure to obtain user … withdrawing consent Decision: Infringement of the French Data Protection Act, Administrative fine Key words: Cookies … it has repeatedly sanctioned organisations for similar breaches and has made its decisions public. The massive …
Employee monitoring: French SA fined Amazon France Logistique €32 million
23 January 2024
News
… Article 5 (Principles relating to processing of personal data), Article 6 (Lawfulness of processing), Article 12 … and modalities for the exercise of the rights of the data subject), Article 13 (Information to be provided where … from employees. Key Findings The French SA found several breaches of the GDPR regarding: Warehouse stock and order …
Ministry of Migration and Asylum receives administrative fine and GDPR compliance order following an own-initiative investigation by the Greek SA
15 April 2024
News
… fine Keywords: own-initiative investigation, biometric data, Data Protection Impact Assessments Summary of the Decision … on the Hellenic Ministry of Migration and Asylum for the breaches found in relation to the cooperation with the …
Administrative fines imposed on a telephone service provider
7 October 2019
News
… a telephone service provider (1) Imposition of a fine for breach of the principle of accuracy and data protection by design when keeping personal data of subscribers The Hellenic DPA has received complaints …
The French SA fines CALOGA €80 000
5 June 2025
News
… Article 5 (Principles relating to processing of personal data) Decision: administrative fine Key words: … in this ecosystem, in particular intermediaries who resell data, known as data brokers. Thus, the CNIL carried out … on the market, the financial benefit derived from the breaches and the complete cessation of activity of the …
Guidelines 2/2020 on articles 46 (2) (a) and 46 (3) (b) of Regulation 2016/679 for transfers of personal data between EEA and non-EEA public authorities and bodies
24 February 2020
Guidelines
… 46 (3) (b) of Regulation 2016/679 for transfers of personal data between EEA and non-EEA public authorities and bodies … 46 (3) (b) of Regulation 2016/679 for transfers of personal data between EEA and non-EEA public authorities and bodies … if one of the parties becomes aware of a personal data breach, it will inform the other party (ies) as soon as …