15 January 2024
… Article 5 (Principles relating to processing of personal data), Article 6 (Lawfulness of processing), Article 13 (Information to be provided where personal data are collected from the data subject) Decision: … facility is rented out for events or other gatherings, in breach of Article 6. Furthermore, the Icelandic SA …
11 June 2021
… says. Medhelp is the medical care provider and personal data controller. In this capacity, they are the ones … to ensure an adequate level of security to protect personal data – in this case voice recordings – so that unauthorized … in health and medical care laid down by law. This is a breach of the GDPR’s principle of lawfulness. Further to the …
4 September 2025
… without free and informed consent (Article 82 of the French Data Protection Act) Decision: Infringement of the French … Electronic Communications Code, Infringement of the French Data Protection Act, Administrative fine and injunction Key … this context was therefore not valid, which constituted a breach of the French Data Protection Act (Article 82). …
26 May 2021
… certify COVID-19 vaccination, recovery or negativity was in breach of privacy laws. The certification was intended to be … this processing, who was authorised to access and use the data, or who was tasked with checking that the certificates … default. At all events, the Region should have performed a data protection impact assessment beforehand in order to …
5 March 2020
… a school 5 March 2020 Poland The President of the Personal Data Protection Office imposed a fine of PLN 20 000 in connection with the breach consisting in the processing of biometric data of children when using the school canteen. The school …
17 January 2020
… concerning respectively illicit processing of personal data in the context of promotional activities and the … criticalities with regard to the general processing of data. The violations brought to light include advertising … such data to Egl. The second fine of EUR 3 million concerns breaches due to the conclusion of unsolicited contracts for …
10 June 2022
… confidentiality); Art. 13 and 14 (Information); Art. 25 (Data protection by design and by default); Art. 28 … originated from a set of inspections on the processing of data acquired via whistle-blowing management systems, with … processing activities for which it was the controller (in breach of Article 28, paragraphs 1 and 3, GDPR) – ranging …
25 November 2020
… a fine of 1,500 EUR for unlawful processing of personal data made via a video surveillance system. The positioning … this video system also constituted an infringement of the data protection by design principle, the DPA concluded. … resulted in the decision that a priori analysed potential breaches of the GDPR. Decision of the Litigation Chamber The …
… developed as part of the EDPB 2021-2023 Strategy to help Data Protection authorities (DPAs) increase their capacity … techniques, Risk analysis and attacks with respect to data re-identification (including inference attacks), … foundations of cryptography DPIA, personal data breaches, risk management Data science or statistical …
28 October 2021
… Decision Origin of the case Image files containing health data about people with no connection to the municipality … to staff at the health clinic. Key Findings The Norwegian Data Protection Authority noted that the municipality did … internal deficiencies in its access management. This is a breach of the requirements regarding personal data security …
21 January 2019
… the company GOOGLE LLC, in accordance with the General Data Protection Regulation (GDPR), for lack of transparency, … ads personalization. On 25 and 28 May 2018, the National Data Protection Commission (CNIL) received group complaints … the CNIL’s restricted committee responsible for examining breaches of the Data Protection Act observed two types of …
28 October 2021
… lawfulness, fairness and transparency (article 5 (1) (a)), data minimisation (article 5 (1) (c)), Transparent … relating to CCTV monitoring of salon premises, the Data Protection Authority has concluded that the enterprise … monitoring of the reception area has been found to be in breach of the General Data Protection Regulation (GDPR). The …
28 October 2021
… and fine imposed Key words: Access Management, Health Data, Information Security Summary of the Decision Origin … to introduce relevant measures in order to improve personal data security. Key Findings The fine is imposed due to a … folder areas outside patient records. This constitutes a breach of the requirements regarding personal data security …
17 September 2020
… Roads Administration 17 September 2020 Norway The Norwegian Data Protection Authority has issued the Norwegian Public … a fine of 37,400 EUR (400 000 NOK) for processing personal data for purposes that were incompatible with the originally … employees. The usage of such photos for documenting breaches of contract several months after the incidents took …
23 September 2021
… Information (Article 14 GDPR), Right of access by the data subject (Article 15 GDPR) Decision: Infringement of the … Key Findings Having investigated the complaint, the Data Protection Authority concluded that the enterprise had … Data Protection Authority has reprimanded an enterprise for breach of the General Data Protection Regulation’s (GDPR) …
3 February 2023
… National case Controller: DISCORD INC. Legal Reference: Data retention periods (article 5.1.e of the GDPR), Information to individuals (article 13 of the GDPR), Data protection by default (article 25.2 of the GDPR), … public. The amount of the fine was decided regarding the breaches identified, the number of people concerned, but …
24 November 2021
… Reference: Principles relating to processing of personal data (article 5), Legal basis (Article 6) Decision: Infringement of the GDPR Key words: Income Data, Lack of Procedures, Special Categories of Data … and national insurance. The Norwegian SA concluded that SPK breached the fundamental principles for the processing of …
16 September 2025
… Article 5 (Principles relating to processing of personal data), Article 6 (Lawfulness of processing), Article 9 (Processing of special categories of personal data), Article 13 (Information to be provided where … scrive a Confcommercio: attenzione agli abusi - Data breach, il Garante sanziona Poste Vita per 80mila euro - …
23 January 2025
… spite of user consent withdrawal (Article 82 of the French Data Protection Act) Decision: Infringement of the French … Electronic Communications Code, Infringement of the French Data Protection Act, Administrative fine Key words: … spite of user consent withdrawal Decision For these two breaches, the restricted committee decided to impose a …
7 November 2019
… with Article 32 paragraphs (1) and (2) of the General Data Protection Regulation. The investigation was carried out as a result of a data breach notification of the supervisory authority by SC …