8 June 2023
… The French SA has identified several infringements of the GDPR and a breach of the French Data Protection Act by KG … the personal data collected and used (Article 5.1.c GDPR) Failure to have a legal basis for the use of banking data (Article 6 GDPR) Failure to obtain prior consent to the collection of …
27 January 2025
… with Article 13 (1)(c)(e) and (f); and Article 13(2)(a) GDPR). Furthermore, customers did not receive sufficient … with Article 15 (1)(a)(c) and (d) and Article 15 (2) GDPR). These are violations of the GDPR. On several points, Netflix provided too little … with Article 13 (1)(c)(e) and (f); and Article 13(2)(a) GDPR). Furthermore, customers did not receive sufficient …
4 July 2025
… met TikTok’s transparency requirements as required by the GDPR. Key Findings The Irish SA found that that TikTok’s transfers to China infringed Article 46(1) GDPR because it failed to verify, guarantee and demonstrate … to that guaranteed within the EU. Article 13(1)(f) GDPR requires data controllers to provide data subjects with …
22 March 2022
… Legal Reference: Articles 5(1)(f), 5(2), 24(1) and 32(1) GDPR Decision: Administrative fine of €17m imposed Key … the requirements of Articles 5(1)(f), 5(2), 24(1) and 32(1) GDPR in relation to the processing of personal data relevant … found that Meta Platforms infringed Articles 5(2) and 24(1) GDPR. While the DPC found that the information and …
24 January 2023
… instructed the IE DPA to add an infringement of Art. 6(1) GDPR. Additionally, the EDPB instructed the IE DPA to … of the principle of fairness under Art. 5(1)(a) GDPR. The EDPB further decided that the IE DPA must carry … it processes special categories of personal data (Art. 9 GDPR); whether it processes data for the purposes of …
23 September 2021
… National case Legal Reference: Information (Article 14 GDPR), Right of access by the data subject (Article 15 GDPR) Decision: Infringement of the GDPR, reprimand, and order to comply Summary of the Decision … National case Legal Reference: Information (Article 14 GDPR), Right of access by the data subject (Article 15 GDPR) …
29 November 2019
… mentioned in Article 83 paragraph (5) letter a) of GDPR – fine in the amount of 2389.05 lei, the equivalent of … mentioned in Article 83 paragraph (5) letter b) of GDPR – reprimand; for the contravention found pursuant to … mentioned in Article 83 paragraph (4) letter a) of GDPR – reprimand. The sanctions were imposed following a …
14 January 2020
… as a controller had complied with the requirements of the GDPR and that its internal policies and regulations provided … had a legal right under Articles 5(1) and 6(1)(f) of the GDPR to carry out an internal investigation searching and … in his corporate PC. Following the finding that the GDPR had been infringed, the Authority decided in this …
29 April 2022
… in the interpretation and consistent application of the GDPR by endorsing and adopting no less than 57 Guidelines … is crucial for ensuring a consistent interpretation of the GDPR. To stay on top of this growing workload and make the … use of the possibilities for cooperation foreseen in the GDPR, we will yearly identify a number of cross-border cases …
27 May 2018
… 2003 (see WP29 opinion of 2003 available here ). ICANN’s GDPR compliance process appears to have been formally … are concerned over the entry into application of the GDPR on 25 May 2018. The GDPR does not allow national supervisory authorities nor the … 2003 (see WP29 opinion of 2003 available here ). ICANN’s GDPR compliance process appears to have been formally …
17 May 2023
… Findings The French SA has identified four breaches of the GDPR and a breach of the French Data Protection Act by … the purposes for which they are processed (Article 5.1(e) GDPR) Failure to obtain consent from individuals to collect their health data (Article 9 GDPR) Failure to provide a formal legal framework for the …
7 February 2023
… Legal references: Article 83 (1- 3) and (4) (a) and (5) (a) GDPR (General conditions for imposing administrative fines), Article 28 (1) (3) and (9) GDPR (Processor), Article 33 (1) GDPR (Notification of a personal data breach to the … Legal references: Article 83 (1- 3) and (4) (a) and (5) (a) GDPR (General conditions for imposing administrative fines), …
3 August 2019
… of Article 5 of the General Data Protection Regulation (‘GDPR’) requires that the personal data processed by … controller did not comply with its obligations under the GDPR as it did not take sufficient action to assure itself …
18 September 2023
… Findings The French SA has found several breaches of the GDPR: Infringement of the data minimisation (Article 5(1)(c) of the GDPR) Infringement of the ban on processing sensitive data (Article 9 of the GDPR) A breach of the ban on processing personal data … Findings The French SA has found several breaches of the GDPR: Infringement of the data minimisation (Article 5(1)(c) …
4 January 2021
… period Information note on data transfers under the GDPR after the Brexit transition period Guidelines on restrictions of data subject rights under Article 23 GDPR - version for public consultation Guidelines on the … of the Second Payment Services Directive (PSD2) and the GDPR (following public consultation) Guidelines on articles …
29 March 2023
… Legal Reference: Data minimisation (article 5.1.c of the GDPR), Contractual framework between the controller and processors (article 28.3 of the GDPR), Inform and collect user consent before writing and … French Data Protection Act) Decision: Infringement of the GDPR, Infringement of the French Data Protection Act, …
12 September 2022
… Right to object (Article 21) Decision: Infringement of the GDPR, Administrative fine Key words: Unlawful processing, … rights, in breach of the provision of Article 12(2) of the GDPR, and that the processing in question took place without … of the provisions of Articles 5(1)(a), 5(2) and (6) of the GDPR. Decision The Hellenic SA imposed a fine of EUR …
15 December 2020
… Commission (DPC) has today announced a conclusion to a GDPR investigation it conducted into Twitter International … found that Twitter infringed Article 33(1) and 33(5) of the GDPR in terms of a failure to notify the breach on time to … Concerned Supervisory Authorities under Article 60 of the GDPR in May of this year, was the first one to go through …
14 March 2018
… their rights and obligations. We are also empowered by the GDPR to make binding decisions towards national supervisory … their rights and obligations. We are also empowered by the GDPR to make binding decisions towards national supervisory …
16 December 2020
… adopted its first binding decision on the basis of Art. 65 GDPR on November 9th. This decision concerns a draft … consistency mechanism Further information on the Art. 65 GDPR procedure is available here … adopted its first binding decision on the basis of Art. 65 GDPR on November 9th. This decision concerns a draft …