5 November 2019
… for violations of the General Data Protection Regulation (GDPR). During on-site inspections in June 2017 and March … and nine months after the start of application of the GDPR, the company was still unable to either demonstrate a … imposition of a fine for an infringement of Article 25 (1) GDPR and Article 5 GDPR during the period between May 2018 …
7 October 2020
… Register, constitutes unlawful processing (article 6.1 GDPR), as the legal ground for the processing activities in … carrying out a task in the public interest (article 6.1.e. GDPR), and this processing in concreto was not necessary to … data minimisation (resp. article 5.1.d. and article 5.1.c. GDPR.), which means the institution breaches these …
16 December 2020
… adopted an information note on data transfers under the GDPR after the Brexit transition period ends . The EDPB … on restrictions of data subject rights under Article 23 GDPR . The guidelines aim to recall the conditions … in light of the Charter of Fundamental Rights and the GDPR. They provide a thorough analysis of the criteria to …
6 November 2019
… of processing of personal data, specified in the GDPR. The President of the Personal Data Protection Office … actions were also inconsistent with Article 7(3) of the GDPR. The company did not take into account the principle … of the subject rights, as required by Article 12(2) of the GDPR. The proceedings of the President of PDPO established …
24 February 2023
… the provisions on international transfers as per Chapter V GDPR : The Guidelines clarify the interplay between the territorial scope of the GDPR (Art. 3) and the provisions on international transfers … design patterns in social media interfaces that infringe on GDPR requirements. The guidelines give concrete examples of …
15 January 2024
… Key Findings The French SA found several breaches of the GDPR: Failure to comply with the obligation to retain data … purpose for which it was collected (article 5.1.e of the GDPR) Failure to comply with the obligation to inform individuals (Articles 12 and 13 of the GDPR) Failure to comply with the obligation to ensure the …
15 April 2024
… Key Findings The French SA found several breaches of the GDPR: Failure of the obligation to have a legal basis for processing data (Article 6 GDPR). The misleading appearance of the data collection … not have a valid legal basis for data collection (Article 6 GDPR) for commercial prospecting by phone calls. It also …
2 July 2025
… that the DSP: infringed Articles 5(1)(a), 6(1), and 9(1) GDPR by failing to identify a valid lawful basis for the … regard to the preceding finding, infringed Article 5(1)(e) GDPR by retaining biometric data collected as part of SAFE 2 registration; infringed Articles 13(1)(c) and 13(2)(a) GDPR by failing to put in place suitably transparent …
12 September 2022
… Affairs, Greek Seamen’s Fund (NAT) Legal Reference: GDPR: Principles relating to processing of personal data … assessment (Article 35) Decision: Infringement of the GDPR, Reprimand, Administrative fines Key words: Ex officio … (SA), in exercising its ex officio competence under the GDPR and the national Law 4624/2019 , examined the …
9 January 2025
… Key Findings The CNIL found several breaches of the GDPR: Failure to comply with the obligation to have a legal basis (Article 6 of the GDPR) Failure to comply with the obligation to define and … to the purpose of the processing (Article 5-1-e of the GDPR) Failure to comply with the obligation to provide …
23 January 2025
… Key Findings The CNIL found several breaches of the GDPR: Failure to comply with the obligation to have a legal basis (Article 6 of the GDPR) Failure to comply with the obligation to define and … to the purpose of the processing (Article 5-1-e of the GDPR) Failure to comply with the obligation to provide …
31 August 2022
… authority), Article 58 (2) (i) and (1) (a) and (e) GDPR, Article 83 (1-3) and (4) (a) and 5 (e) GDPR (General conditions for imposing administrative fines) … information obligation to the data subject (Article 15 of GDPR). The controller did not take any action in response to …
20 July 2022
… case Controller: Clearview AI Inc. Legal Reference: GDPR: Article 3: Territorial scope. Article 5(1)(a) and (2): … not established in the Union. Decision: Infringement of the GDPR, Administrative fine. Key words: Web scraping, Images … and transparency (art. 5 paragraphs 1(a) and (2), 6, 9 GDPR) and its obligations under Articles 12, 14, 15 and 27 …
2 February 2024
… to be collected in compliance with the requirements of the GDPR. During the investigations, the company provided the … of any legal basis. The French SA found two breaches of the GDPR: Failure to comply with the obligation to have a legal basis for the processing of data (Article 6 of the GDPR) Failure to comply with the obligation to implement a …
19 December 2023
… any of the draft pledge principles would be contrary to the GDPR and the ePrivacy Directive. The draft pledging … by organisations does not equal compliance with the GDPR or ePrivacy Directive. The data protection authorities … competent to exercise their powers when necessary. Topics: GDPR e-Privacy … During its latest plenary, the EDPB adopted …
8 July 2021
… the application of articles 40 (3) and 46 (2) (e) of the GDPR. These provisions stipulate that once approved by a … and used by controllers and processors not subject to the GDPR to provide appropriate safeguards to transfers of data … mechanism, while also taking into account article 64(2) GDPR and EDPB opinion 8/2019 on the competence of a …
21 December 2021
… of data (Article 9) Decision: Infringement of the GDPR declared and fine imposed Key words: Data sharing, … users. The Authority consider that this was contrary to the GDPR requirements for valid consent. The Authority consider … category data that merit particular protection under the GDPR. As the consents Grindr collected were not valid, …
12 October 2022
… that it wishes to see harmonised at EU level to facilitate GDPR enforcement. This “wish list” is one of the key actions … cooperation in view of strong and swift enforcement of the GDPR. We have identified some obstacles beyond our remit … Data Protection Seal by the EDPB pursuant to Art. 42 (5) GDPR. The Europrivacy certification mechanism is a general …
… on the processing of personal data under Article 6(1)(b) GDPR in the context of the provision of online services to … - 22/07/2020 Information note on data transfers under the GDPR in the event of a no-deal Brexit - 12/02/2019 … Guidelines 3/2018 on the territorial scope of the GDPR (Article 3) - version adopted after public consultation …
5 June 2019
… in relation to the application of Articles 40 and 41 GDPR. The guidelines intend to help clarify the procedures … how to interpret and implement the provisions of Article 43 GDPR. In particular, they aim to help Member States, … bodies that issue certification in accordance with the GDPR. The annex provides guidance on the additional …