Search results | European Data Protection Board

Commercial prospecting and personal rights: French SA fined GROUPE CANAL+ EUR 600,000
12 October 2023
News
… and modalities for the exercise of the rights of the data subject), Article 13 (Information to be provided where personal data are collected from the data subject), Article 14 … processing), Article 33 (Notification of a personal data breach to the supervisory authority) Decision: …
Commercial prospecting and personal rights: French SA fined NS CARDS FRANCE €105,000
15 January 2024
News
… Article 5 (Principles relating to processing of personal data), Article 12 (Transparent information, communication … and modalities for the exercise of the rights of the data subject), Article 13 (Information to be provided where … carried out two investigations on the company. It found breaches concerning the time user account data was kept, the …
Spanish Data Protection Authority (AEPD) imposes fine on company for not complying with advertisement exclusion
18 August 2020
News
… Spanish Data Protection Authority (AEPD) imposes fine on company for … advertisement exclusion 18 August 2020 Spain The Spanish Data Protection Authority (AEPD) imposed a fine of 1.200 EUR … the promotion. The AEPD considered that this constitutes a breach of Article 48(1)(b) of the Spanish Law 9/2014 General …
Guidelines on your rights
… Guidelines on your rights Consent Transparency Personal data breach notifications Right to data portability Guidelines 5/2019 on the criteria of the … Consent Transparency Personal data breach notifications Right to data portability Guidelines …
Polish SA: administrative fine of 5 625 € for failure to implement appropriate technical and organisational measures to ensure security
6 February 2025
News
… Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 … Article 5 (Principles relating to processing of personal data) Decision: Administrative fine, Compliance order Key … Administrative fine,Data subject rights, Personal data breach, Principles relating to processing of personal data, …
Hungarian SA’s decision: failure by an airline company to comply with an erasure request concerning an email address used for direct marketing
2 February 2024
News
… and modalities for the exercise of the rights of the data subject), Article 17 (Right to erasure (‘right to be forgotten’)), Article 25 (Data protection by design and by default) … respect to the Complainant’s request, hence the Company breached Article 12(3) of GDPR when they failed to meet the …
The Norwegian Data Protection Authority: Ferde AS fined
13 October 2021
News
… The Norwegian Data Protection Authority: Ferde AS fined 13 October 2021 … on the Norwegian national broadcaster, NRK, the Norwegian Data Protection Authority learned that Ferde AS transfers … Data Protection Authority’s conclusion is that Ferde AS has breached several of the organization’s basic …
Norwegian DPA imposes administrative fine to Østfold HF Hospital
25 November 2020
News
… Østfold HF Hospital 25 November 2020 Norway The Norwegian Data Protection Authority has decided on an administrative … the safe zone. The case started with a notice of personal data breach from the hospital. The folders where the extracts … The Norwegian Data Protection Authority has decided on an administrative …
Hamburg Data Protection Commissioner's €51,000 fine against Facebook Germany GmbH
1 December 2019
News
… Hamburg Data Protection Commissioner's €51,000 fine against Facebook … GmbH 1 December 2019 Germany The Hamburg Commissioner for Data Protection and Freedom of Information imposed a fine of … of personal data of users. Given the negligence of the breach and the fact that Facebook only failed to notify an …
Hungarian SA’s decision: failure by an airline company to comply with an erasure request concerning an email address used for direct marketing
7 December 2023
News
… and modalities for the exercise of the rights of the data subject), Article 17 (Right to erasure (‘right to be forgotten’)), Article 25 (Data protection by design and by default) Decision: Warning … respect to the Complainant’s request, hence the Company breached Article 12(3) GDPR when they failed to meet the …
Norwegian Supervisory Authority issues fine to the Norwegian parliament
4 March 2022
News
… (Art. 32) and Principles relating to processing of personal data (Art. 5) Decision: Infringement of the GDPR and fine … of the case The Norwegian parliament – the Storting – had a data breach in late 2020. In January 2022, the Norwegian … (Art. 32) and Principles relating to processing of personal data (Art. 5) Decision: Infringement of the GDPR and fine …
Data brokers: French SA fined Tagadamedia €75,000
2 February 2024
News
… Data brokers: French SA fined Tagadamedia €75,000 2 February … professionals in the sector, in particular those who resell data, including many intermediaries in this ecosystem, known … operation of any legal basis. The French SA found two breaches of the GDPR: Failure to comply with the obligation …
Italian SA fines US company offering diabetes app
13 October 2022
News
… Article 9 (processing of special categories of personal data, including health data); Article 12 (transparent information, communication … fine and order to comply) Key words: GDPR, data breach, App, health data, lawfulness, fairness and … Article 9 (processing of special categories of personal data, including health data); Article 12 (transparent …
Hidden cameras: the CNIL fined the SAMARITAINE EUR 100 000 for concealing cameras in the store’s reserves
18 November 2025
News
… SAMARITAINE SAS Legal Reference: obligation to process data lawfully and breach of the principle of liability (articles 5-1-a) and … GDPR); Failure to collect adequate, relevant and necessary data (article 5-1-c) of the GDPR); Failure to involve the … SAMARITAINE SAS Legal Reference: obligation to process data lawfully and breach of the principle of liability …
Greek SA: fine imposed on employer for failure to satisfy the right to object and unlawful processing of employee’s personal data
28 March 2022
News
… to object and unlawful processing of employee’s personal data 28 March 2022 Greece Background information Date of … Article 13: Information to be provided where personal data are collected from the data subject. Article 21: Right … and that the processing in question was carried out in breach of the provisions of Articles 5(1)(f)(a), 5(2) and 13 …
December Plenary - adopted documents
12 January 2022
News
… use of the Pegasus spyware Guidelines on examples regarding data breach notifications (following public consultation) Opinion … authority to order ex officio the erasure of personal data, in a situation where such request was not submitted by … use of the Pegasus spyware Guidelines on examples regarding data breach notifications (following public consultation) …
Polish SA: fine of 9 300 € for Independent Public Health Care Centre after hacker attack
28 November 2024
News
… Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 … processing), Article 34 (Communication of a personal data breach to the data subject). Decision: Administrative fine, …
EDPB-EDPS Joint Opinion 2/2021 on standard contractual clauses for the transfer of personal data to third countries
14 January 2021
EDPB/EDPS Joint Opinion
… standard contractual clauses for the transfer of personal data to third countries 14 January 2021 EDPB/EDPS Joint … standard contractual clauses for the transfer of personal data to third countries for the matters referred to in … clauses are suspended or prohibited in the event of the breach of such clauses or if it is impossible to honour …
Commercial prospecting: French SA fined HUBSIDE.STORE €525,000
15 April 2024
News
… Article 14 (Information to be provided where personal data have not been obtained from the data subject) Decision: Administrative fine Key words: … websites. Key Findings The French SA found several breaches of the GDPR: Failure of the obligation to have a …
The Norwegian SA issues one administrative fine and five reprimands for unlawful sharing of personal information through tracking pixels
30 June 2025
News
… and modalities for the exercise of the rights of the data subject), Article 13 (Information to be provided where personal data are collected from the data subject), Article 9 … administrative fine, communication order personal data breach Key words: administrative fine, reprimand to …