Search results | European Data Protection Board

Guidelines 3/2019 on processing of personal data through video devices
12 July 2019
Guidelines
… Guidelines 3/2019 on processing of personal data through video devices Guidelines 3/2019 on processing of personal data through video devices The European Data Protection … A company is experiencing difficulties with security breaches in their public entrance and is using video …
Whistle-blowing without privacy: the Italian SA fines hospital and IT service provider
10 June 2022
News
… confidentiality); Art. 13 and 14 (Information); Art. 25 (Data protection by design and by default); Art. 28 … originated from a set of inspections on the processing of data acquired via whistle-blowing management systems, with … processing activities for which it was the controller (in breach of Article 28, paragraphs 1 and 3, GDPR) – ranging …
Polish SA: administrative fine of 17 880 € for Commander-in-Chief of the Polish Police for disclosing data of a citizen at a press conference
2 May 2025
News
… for Commander-in-Chief of the Polish Police for disclosing data of a citizen at a press conference 2 May 2025 Poland … Article 9 (Processing of special categories of personal data), Article 24 (Responsibility of the controller) … Making the data available by the Commander-in-Chief in breach of the GDPR (without a legal basis) during the …
EDPBI:EE:OSS:D:2024:445
18 December 2024
… Article 5 (Principles relating to processing of personal data) Article 24 (Responsibility of the controller) Article … of processing) Article 34 (Communication of a personal data breach to the data subject) Keywords Principles …
The French Supervisory Authority fines ORANGE €50 million
23 January 2025
News
… spite of user consent withdrawal (Article 82 of the French Data Protection Act) Decision: Infringement of the French … Electronic Communications Code, Infringement of the French Data Protection Act, Administrative fine Key words: … spite of user consent withdrawal Decision For these two breaches, the restricted committee decided to impose a …
Guidelines 2/2020 on articles 46 (2) (a) and 46 (3) (b) of Regulation 2016/679 for transfers of personal data between EEA and non-EEA public authorities and bodies
24 February 2020
Guidelines
… 46 (3) (b) of Regulation 2016/679 for transfers of personal data between EEA and non-EEA public authorities and bodies … 46 (3) (b) of Regulation 2016/679 for transfers of personal data between EEA and non-EEA public authorities and bodies … if one of the parties becomes aware of a personal data breach, it will inform the other party (ies) as soon as …
Lithuanian DPA imposes fine for improperly processed personal data of the parents of an adopted child
21 October 2020
News
… DPA imposes fine for improperly processed personal data of the parents of an adopted child 21 October 2020 Lithuania The State Data Protection Inspectorate – personal data protection … the principle of accuracy of processed personal data and breached Articles 5(1)(d) and 5(1)(f) of the GDPR. When …
The Norwegian SA issues fine to the Norwegian Public Service Pension Fund
24 November 2021
News
… Reference: Principles relating to processing of personal data (article 5), Legal basis (Article 6) Decision: Infringement of the GDPR Key words: Income Data, Lack of Procedures, Special Categories of Data … and national insurance. The Norwegian SA concluded that SPK breached the fundamental principles for the processing of …
The French SA fines DISCORD EUR 800.000
3 February 2023
News
… National case Controller: DISCORD INC. Legal Reference: Data retention periods (article 5.1.e of the GDPR), Information to individuals (article 13 of the GDPR), Data protection by default (article 25.2 of the GDPR), … public. The amount of the fine was decided regarding the breaches identified, the number of people concerned, but …
Belgian DPA fine for unlawful processing of video images
25 November 2020
News
… a fine of 1,500 EUR for unlawful processing of personal data made via a video surveillance system. The positioning … this video system also constituted an infringement of the data protection by design principle, the DPA concluded. … resulted in the decision that a priori analysed potential breaches of the GDPR. Decision of the Litigation Chamber The …
EDPB Annual Report 2021: Enhancing the depth and breadth of data protection
12 May 2022
Press releases
… EDPB Annual Report 2021: Enhancing the depth and breadth of data protection 12 May 2022 EDPB Today, Andrea Jelinek, Chair of the European Data Protection Board (EDPB) presented the EDPB Annual … and recommendations on topics such as personal data breach notifications, connected vehicles and virtual voice …
The Romanian National Supervisory Authority sancions SC CNTAR TAROM SA
7 November 2019
News
… with Article 32 paragraphs (1) and (2) of the General Data Protection Regulation. The investigation was carried out as a result of a data breach notification of the supervisory authority by SC …
Opinion 4/2019 on the draft AA between EEA and non-EEA Financial Supervisory Authorities
12 February 2019
Opinion of the Board (Art. 64)
… Administrative Arrangement for the transfer of personal data between European Economic Area (“EEA”) Financial … 8 adopted 3 The European Data Protection Board Having regard to Article 63, Article … such as “personal data”, “processing”, “personal data breach”, “right of access”, “right of erasure” which are in …
Polish DPA imposes a fine on Warsaw University of Technology for not complying with its obligation
14 January 2022
News
… Legal Reference: Principles (Art. 5(1)(f), Art. 5(2)), Data protection by design and by default (Art. 25(1)), … fine issued Key words: principles, processing, security, data protection Summary of the Decision Origin of the … after the Polish Data Protection Authority received a data breach notification. As it was indicated, an unauthorized …
Norwegian DPA issues fine to Coop Finnmark
11 February 2021
News
… fine to Coop Finnmark 11 February 2021 Norway The Norwegian Data Protection Authority has issued a fine in the amount of … in this case. Lacked legal basis All processing of personal data requires a legal basis in order to be lawful. After … explains. This case was reported as a personal data breach notification from Coop Finnmark AS on April 10th …
Clubhouse fined EUR 2 million by the Italian SA
20 January 2023
News
… Reference: Principles relating to processing of personal data (Article 5(1)(a)(e); Lawfulness of processing (Article … and modalities for the exercise of the rights of the data subject (Article 12); Information to be provided where … failure to designate a representative in the EU in breach of Article 27(4); failure to carry out a DPIA with …
EDPBI:SE:OSS:D:2022:352
29 March 2022
… reference Article 32 (Security of processing) Keywords Data security Personal data breach Outcome Reprimand Decision 79.9KB Descarga … Decision …
One-Stop-Shop case digests
… taken by, and involving, different SAs relating to specific data subject rights. The projects are conducted by external … One-Stop-Shop case digest on Security of Processing and Data Breach Notification 18 January 2024 Publication Type: …
Dictamen 5/2021 sobre el proyecto de acuerdo administrativo para la transferencia de datos personales entre el Haut Conseil du Commissariat aux Comptes (H3C) y la Public Company Accounting Oversight Board (PCAOB)
2 February 2021
Opinion of the Board (Art. 64)
… Administrative Arrangement for the transfer of personal data between the Haut Conseil du Commissariat aux Comptes … 9 Adopted 3 The European Data Protection Board Having regard to Article 63, Article … data”, “processing of personal data”, “personal data breach”, “right of access” and “right of erasure”. 3 …
EDPBI:NO:OSS:D:2025:1660
21 February 2025
… reference Article 32 (Security of processing) Keywords Data security Personal data breach Outcome Dismissal/Rejection of the case …