Search results | European Data Protection Board

Employee monitoring: French SA fined Amazon France Logistique €32 million
23 January 2024
News
… Article 5 (Principles relating to processing of personal data), Article 6 (Lawfulness of processing), Article 12 … and modalities for the exercise of the rights of the data subject), Article 13 (Information to be provided where … from employees. Key Findings The French SA found several breaches of the GDPR regarding: Warehouse stock and order …
EDPB informs stakeholders about the implications of the DPF and adopts a statement on the first review of the Japan adequacy decision
19 July 2023
News
… information note for individuals and entities transferring data to the U.S.. This note aims to provide concise and … to the U.S., the redress mechanisms available under the Data Privacy Framework (DPF), and the new redress mechanism … a processing, the strengthening of the duty to notify data breaches to the Japanese data protection authority and to …
EDPBI:FR:OSS:D:2021:310
30 December 2021
… Article 5 (Principles relating to processing of personal data) Article 13 (Information to be provided where personal data are collected from the data subject) Article 17 (Right … be informed Right to erasure Data retention Personal data breach Data security Password Outcome Administrative fine …
Telephone Operators: Italian SA Fines Wind EUR 17 million and Iliad EUR 0.8 million
27 July 2020
News
… on July 9th on account of several instances of unlawful data processing that were mostly related to marketing. The … similar infringements that had occurred when the previous data protection law was in force. The fine was imposed … activities to call centres, which collected data in breach of the law. The pleadings submitted by Wind Tre and …
Ministry of Migration and Asylum receives administrative fine and GDPR compliance order following an own-initiative investigation by the Greek SA
15 April 2024
News
… fine Keywords: own-initiative investigation, biometric data, Data Protection Impact Assessments Summary of the Decision … on the Hellenic Ministry of Migration and Asylum for the breaches found in relation to the cooperation with the …
Icelandic SA: the municipality of Reykjavík fined 5.000.000 ISK for the use of the Seesaw educational system
16 May 2022
News
… Controller: The municipality of Reykjavík. Legal Reference: data protection principles (Article 5), lawfulness of processing (Article 6), transparency (Article 13), data protection by design and default (Article 25), joint … SA concluded that the municipality of Reykjavík had breached various provisions of the GDPR using Seesaw. …
Swedish SA fines Board of Education in the City of Stockholm
24 November 2020
News
… the City of Stockholm 24 November 2020 Sweden The Swedish Data Protection Authority has reviewed the so-called School … Board of Education in the City of Stockholm. The Swedish Data Protection Authority has received a number of personal data breach notifications from the City of Stockholm's Board of …
The French SA fines CALOGA €80 000
5 June 2025
News
… Article 5 (Principles relating to processing of personal data) Decision: administrative fine Key words: … in this ecosystem, in particular intermediaries who resell data, known as data brokers. Thus, the CNIL carried out … on the market, the financial benefit derived from the breaches and the complete cessation of activity of the …
Norwegian DPA: Norwegian Confederation of Sport fined for inadequate testing
15 June 2021
News
… for inadequate testing 15 June 2021 Norway The Norwegian Data Protection Authority has fined the Norwegian … GDPR violation. The backdrop for this case is that personal data about 3.2 million Norwegians was available online for … Data Protection Authority also found the incident to be in breach of the principles of legality, data minimisation and …
Dictamen 17/2020 sobre el proyecto de cláusulas contractuales tipo remitido por la autoridad de control de Eslovenia (artículo 28, apartado 8, del Reglamento general de protección de datos)
19 May 2020
Opinion of the Board (Art. 64)
… 5 2.2.3 The data processor acts according to instructions (Clause 3 of … .................................... 6 2.2.6 Transfer of data to third countries or international organisations … ................... 7 2.2.8 Notification of personal data breach (Clause 9 of the SCCs) …
The French SA fines SOLOCAL €900 000
21 May 2025
News
… professionals in the sector, particularly those who resell data, including the many intermediaries in this ecosystem known as data brokers. The French SA carried out investigations on … on the market, the financial benefit derived from the breaches, and the measures taken by the company to comply …
Administrative fines imposed on a telephone service provider
7 October 2019
News
… a telephone service provider (1) Imposition of a fine for breach of the principle of accuracy and data protection by design when keeping personal data of subscribers The Hellenic DPA has received complaints …
EDPBI:BG:OSS:D:2023:1066
13 September 2023
… Article 5 (Principles relating to processing of personal data) Article 25 (Data protection by design and by default) Article 28 … fine Data protection by design and by default Personal data breach Processor Responsibility of the controller Outcome …
1 year GDPR – taking stock
22 May 2019
Press releases
… days short of the GDPR’s first anniversary, the European Data Protection Board surveyed the Supervisory Authorities … 2017. Over 144.000 queries and complaints* and over 89.000 data breaches have been logged by the EEA Supervisory …
Guidelines 10/2020 on restrictions under Article 23 GDPR
18 December 2020
Guidelines
… Type: Guidelines Topics: Restrictions The European Data Protection Board welcomes comments on the Guidelines … set out in the Regulation and in accordance with applicable data protection rules. All legal details can be found in our … Prevention, investigation, detection and prosecution of breaches of ethics for regulated …
Guidelines 07/2020 on the concepts of controller and processor in the GDPR
6 September 2020
Guidelines
… Type: Guidelines Topics: Controller Processor The European Data Protection Board welcomes comments on the Guidelines … set out in the Regulation and in accordance with applicable data protection rules. All legal details can be found in our … expertise with regard to security measures and data breaches); the processor’s reliability; the processor’s …
Administrative fine of €170,000 imposed on Bergen Municipality
19 March 2019
Press releases
… Municipality 19 March 2019 On March 19th, the Norwegian Data Protection Authority imposed an administrative fine of … the municipality’s computer system, containing the personal data of over 35,000 pupils and employees of the … individuals, primarily children The fact that the security breach encompasses personal data to over 35 000 individuals, …
Belgian SA issues reprimand for lack of transparency concerning a delisting request
5 May 2022
News
… not exclusively against Google LLC, even if it is the sole data controller. On the basis of the CJEU's Google Spain … shortcomings of the GDPR by Google LLC, (2) that these breaches are attributable to Google Belgium SA and (3) that … SA (highest level of protection for the benefit of the data subjects). Decision Even if the BE SA dismissed the …
First fine by the Romanian Supervisory Authority
26 June 2019
News
… into the controller UNICREDIT BANK S.A. and found that it breached the provisions of Article 25 (1) of Regulation (EU) … natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data …
Guidelines 09/2020 on relevant and reasoned objection under Regulation 2016/679
13 October 2020
Guidelines
… Topics: Cooperation between authorities The European Data Protection Board welcomes comments on the Guidelines … set out in the Regulation and in accordance with applicable data protection rules. All legal details can be found in our … however considers that, due to the large scale of the data breach and its possible impact/risk on the private life of …