Search results | European Data Protection Board

The Icelandic SA: The municipality of Kópavogur fined ISK 4,000,000 for the use of the Seesaw educational system
2 May 2023
News
… did not meet the minimum requirements (Article 28(3)(a) GDPR) Failure to provide a transparent arrangement for the … out jointly with another data controller (Article 26 GDPR) Failure to demonstrate a lawful ground for all processing operations (Article 6 GDPR) Failure to comply with the obligation to process …
Icelandic SA: the municipality of Hafnarfjörður fined EUR 18.580 for the use of Google Workspace for Education
26 April 2024
News
… of Hafnarfjörður infringed multiple Articles of the GDPR with its use of Google’s educational system i.e.: … accordance with the Regulation (Articles 5, 24(1) & 28(1) GDPR) Data processing agreement did not meet the minimum requirements (Article 28(3)(a) GDPR) Failure to demonstrate a specified, explicit, and …
Icelandic SA: the municipality of Reykjanesbær fined EUR 16.590 for the use of Google Workspace for Education
26 April 2024
News
… of Reykjanesbær infringed multiple Articles of the GDPR with its use of Google’s educational system i.e.: … accordance with the Regulation (Articles 5, 24(1) & 28(1) GDPR) Data processing agreement did not meet the minimum requirements (Article 28(3)(a) GDPR) Failure to demonstrate a specified, explicit, and …
EDPBI:CZ:OSS:D:2019:28
11 July 2019
… a. Privacy Policy, 15 sheets, b. Compliance with the GDPR — FAQ, 5 sheets; 15. Supplemental statement of the … party failed to comply with Articles 5(2) and 24(1) GDPR, which was interpreted as the obligation to take into … to properly show compliance with Articles 5(2) and 24(1) GDPR was provided. The last objection was partially …
Twelfth Plenary Session: adopted documents
15 July 2019
News
… Committee on the implications of the US CLOUD Act Art.64 GDPR Opinion on Standard Contractual Clauses for processors under Art.28.8 GDPR by DK SA Art. 64 GDPR Opinion on Accreditation Criteria for monitoring bodies …
Icelandic SA: the municipality of Kópavogur fined EUR 19.907 for the use of Google Workspace for Education
26 April 2024
News
… of Kópavogur infringed multiple Articles of the GDPR with its use of Google’s educational system i.e.: … accordance with the Regulation (Articles 5, 24(1) & 28(1) GDPR) Data processing agreement did not meet the minimum requirements (Article 28(3)(a) GDPR) Failure to demonstrate a specified, explicit, and …
Irish Supervisory Authority announces decision in Facebook “Data Scraping” inquiry
1 December 2022
News
… and consistency mechanism outlined in Article 60 GDPR. LSA: Irish Supervisory Authority (SA). and CSAs: all … Ireland Limited) (‘Meta Platforms’). Legal Reference: GDPR obligation for Data Protection by Design and Default (Article 25 GDPR). Decision: infringement of Articles 25(1) and 25(2) …
Simplification of record-keeping obligation: EDPB and EDPS adopt letter to EU Commission
8 May 2025
News
… the simplification of record-keeping obligation under the GDPR, amounting to a targeted amendment of Art. 30(5) GDPR. The joint letter replies to the letter sent by the … how it intends to introduce specific modifications to the GDPR. The EDPB and EDPS understand that a formal …
EDPB Launches Data Protection Guide for small business
27 April 2023
News
… compliant. The Guide aims to raise awareness about the GDPR and to provide practical information to SMEs about GDPR compliance in an accessible and easily understandable … tools and practical tips to help them comply with the GDPR. It includes concrete examples gathered during our 5 …
Greek SA: fine imposed on employer for failure to satisfy the right to object and unlawful processing of employee’s personal data
28 March 2022
News
… Foreign languages private school Legal Reference: GDPR: Article 5(1)(a): Principle of lawfulness, fairness and … Article 21: Right to object Decision: Infringement of the GDPR, Administrative fine Key words: Right to object, … the provisions of Articles 5(1)(f)(a), 5(2) and 13 of the GDPR and in any case without clearly specifying the legal …
Icelandic SA: the municipality of Garðabær fined EUR 16 590 for the use of Google Workspace for Education
26 April 2024
News
… municipality of Garðabær infringed multiple Articles of the GDPR with its use of Google’s educational system i.e.: … accordance with the Regulation (Articles 5, 24(1) & 28(1) GDPR) Data processing agreement did not meet the minimum requirements (Article 28(3)(a) GDPR) Failure to ensure that data is not further processed …
Record fine for Instagram following EDPB intervention
15 September 2022
News
… Ireland Limited (Meta IE)) and has issued a record GDPR fine of €405 million. The LSA’s final decision follows … second highest fine since the entry into application of the GDPR - it is also the first EU-wide decision on children’s … EDPB’s binding decision was adopted on the basis of Art. 65 GDPR, after the Irish DPA as lead supervisory authority …
EDPB plenaries, subgroups and taskforces
… under authorities in third countries, under the GDPR Passenger Name Records (PNR) Border controls … focus on cooperation and consistency mechanism under the GDPR and related legislative developments Procedural questions concerning Article 56 GDPR and Chapter VII (Section 1 and 2) GDPR Procedural …
EDPB adopts first opinion on certification criteria
2 February 2022
News
… 2 February 2022 EDPB The EDPB adopted its opinion on the GDPR-CARPA certification scheme submitted to the Board by … on criteria for a nationwide certification scheme. The GDPR-CARPA certification scheme is a general scheme, which … said: “This opinion is an important step towards greater GDPR compliance. The main aim of certification mechanisms is …
Geolocalisation data: the French SA fines UBEEQO International €175 000
25 July 2022
News
… Legal Reference: Data minimisation (Article 5.1.c GDPR), Retention period (Article 5.1.e GDPR), Information of individuals (Article 12 GDPR) Decision: Administrative fine Key words: Geolocation …
Romanian Supervisory Authority issues two fines each of 23,893 lei (EUR 5,000) against Entirely Shipping & Trading S.R.L.
13 December 2019
News
… 12 and 13 of the General Data Protection Regulation (GDPR); the infringement of Article 5 paragraph (1) letter c), Article 6 and Article 7 of GDPR; the infringement of Article 5 paragraph (1) letter c), Article 9 and Article 7 of GDPR; the infringement of Article 5 paragraph (1) letters …
Irish Supervisory Authority’s final decision summary: fines confirmed
29 November 2022
News
… Legal Reference: 1. Articles 5(1)(f) and 32(1) of the GDPR 2. Article 5(1), Article 32(1), Article 33(1) of the GDPR 3. Article 15, Article 13, Article 12 of the GDPR 4. Article 5(1)(f) and 32(1), Article 24 and 30(1), …
Endorsed WP29 Guidelines
… meeting the European Data Protection Board endorsed the GDPR related WP29 Guidelines: Guidelines on consent under … 9/2022 on personal data breach notification under GDPR Guidelines on the right to data portability under … records of processing activities pursuant to Article 30(5) GDPR Working Document Setting Forth a Co-Operation Procedure …
Italian SA fines US company offering diabetes app
13 October 2022
News
… Controller: US Company – Senseonics INC Legal Reference: GDPR Article 5, para 1 letters a), b) and f) (lawfulness, … in the Union) Decision: finding of infringements of the GDPR (imposition of administrative fine and order to comply) Key words: GDPR, data breach, App, health data, lawfulness, fairness …
Long cooperation between controller and processor does not guarantee data security – an administrative fine imposed by the Polish SA
8 February 2023
News
… Article 83 (1-3), Article 83 (4) (a), Article 83 (5) (a) GDPR (General conditions for imposing administrative fines), Article 5 (1) (f) and (2) GDPR (Principles relating to processing of personal data), Article 24 (1) GDPR (Responsibility of the controller), Article 25 (1) …