Search results | European Data Protection Board

Thirty-second plenary session: Statement on the interoperability of contact tracing applications, statement on the opening of borders and data protection rights, response letters to MEP Körner on laptop camera covers and encryption and letter to the Commi
17 June 2020
Press releases
… two letters to MEP Körner - on encryption and on Article 25 GDPR - and a letter to CEAOB on PCAOB arrangements. The EDPB … necessary in this context. The statement also addresses the GDPR principles that Member States need to pay special … encryption would seriously undermine compliance with GDPR security obligations applicable to controllers and …
Thirty-second plenary session: Statement on the interoperability of contact tracing applications, statement on the opening of borders and data protection rights, response letters to MEP Körner on laptop camera covers and encryption and letter to the Commi
17 June 2020
Press releases
… two letters to MEP Körner - on encryption and on Article 25 GDPR - and a letter to CEAOB on PCAOB arrangements. The EDPB … necessary in this context. The statement also addresses the GDPR principles that Member States need to pay special … encryption would seriously undermine compliance with GDPR security obligations applicable to controllers and …
EDPBI:DEBE:OSS:D:2020:124
13 July 2020
… breach or mitigate its adverse effects (Art. 33 (3) (d) GDPR) The company hired a forensics firm to identify network … or public com- munication (Art. 34 (1) or Art. 34 (3) (c) GDPR) The concerned data subjects were informed of the … incident occurred, e.g. encryption (Arti- cle 34 (3) (a) GDPR) - 3 - The stolen passwords were hashed with PBKDF2-SHA …
European Data Protection Board - Fifth Plenary session: EU-Japan draft adequacy decision, DPIA lists (DK, HR, LU, and SI), and guidelines on accreditation
5 December 2018
Press releases
… into application of the General Data Protection Regulation (GDPR), it will set a precedent. DPIA lists The EDPB adopted … an important tool for the consistent application of the GDPR across the EEA. DPIA is a process to help identify and … and challenges of consistency in practice. The GDPR does not require full harmonisation or an 'EU list', …
Vinted platform's practices under scrutiny of supervisory authorities
18 November 2021
News
… cooperation to investigate compliance of this website with GDPR. The supervisory authorities have jointly established a … the compliance of the processing of data by Vinted with the GDPR provisions. … "The news here published concerns … cooperation to investigate compliance of this website with GDPR. The supervisory authorities have jointly established a …
TikTok: Italian SA warns against 'personalised' ads based on legitimate interest
15 July 2022
News
… legitimate interest (Article 6(1)(f) GDPR) Decision: Issuance of warning to controller that … transposing directive 2002/58/EC and Article 6(1)(f) GDPR; Key words: Personalised advertising; legal basis; … user’s consent; warning to controller; Article 58(2)(a) GDPR; Section 154(1)(f) of Italian personal data protection …
Eighteenth Plenary Session: adopted documents
24 February 2020
News
… documents: EDPB Contribution to the evaluation of the GDPR under Article 97 Guidelines on Articles 46 (2) (a) and … documents: EDPB Contribution to the evaluation of the GDPR under Article 97 Guidelines on Articles 46 (2) (a) and …
EDPB publishes final version of guidelines on data transfers to third country authorities and SPE training material on AI and data protection
5 June 2025
News
… adopted the final version of its guidelines on Art.48 GDPR about data transfers to third country authorities … the simplification of record-keeping obligation under the GDPR. Data transfers to third country authorities … In its guidelines, the EDPB zooms in on Art. 48 GDPR and clarifies how organisations can best assess under …
Italian SA reprimands a real estate agency and fines it because it failed to reply to the SA’s requests for information
13 October 2021
News
… Reference: Purpose limitation (article 5, par. 1, let. b) GDPR), lawfulness of processing (article 6, par. 1, let. a) GDPR), adequacy of the measures (articles 24, 25 GDPR); SA’s power to request information from controller or …
EDPBI:FR:OSS:D:2020:105
11 May 2020
… of Article 56.1 of the General Data Protection Regulation (GDPR). lodged a complaint with the CNIL regarding the … in accordance with the provisions of Article 58.2.b) of the GDPR. Indeed, has to ensure and be able to demonstrate that … manner in relation to them (Articles 5.1.a) and 5.2 GDPR). In addition, pursuant to Articles 17.1 and 21.1 GDPR, …
EDPB: ‘Consent or Pay’ models should offer real choice
17 April 2024
Press releases
… the EDPB adopted an Opinion following an Art. 64(2) GDPR request by the Dutch, Norwegian & Hamburg Data … factor in the assessment of valid consent under the GDPR. The EDPB stresses that obtaining consent does not … from adhering to all the principles outlined in Art. 5 GDPR, such as purpose limitation, data minimisation and …
Danish SA: fine proposed for Danske Bank
11 April 2022
News
… Reference: Article 5 (2) Decision: Infringement of the GDPR Key words: Deletion Summary of the Decision Origin … million EUR) for the infringement of Article 5 (2) of the GDPR. Decision The Danish Supervisory Authority has reported … million EUR) for the infringement of Article 5 (2) of the GDPR. For further information: …
The CNIL’s restricted committee imposes a financial penalty of 50 Million euros against GOOGLE LLC
21 January 2019
News
… in accordance with the General Data Protection Regulation (GDPR), for lack of transparency, inadequate information and … as defined in the General Data Protection Regulation (“GDPR”), the CNIL sent these two complaints to its European … assess if it was competent to deal with them. Indeed, the GDPR establishes a “one-stop-shop mechanism” which provides …
Finnish DPA imposes financial sanction on a company due to carrying out electronic direct marketing without prior consent as well as neglecting the rights of the data subject
25 September 2020
News
… in accordance with the General Data Protection Regulation (GDPR). The topics of direct marketing included various … Article 4(11) of the EU General Data Protection Regulation (GDPR), the consent must be a freely given, specific, … the data subjects’ right to object in accordance with the GDPR. In the controller’s view, it has targeted the …
Finnish SA: Administrative fine imposed on medical clinic for shortcomings in implementing rights of a data subject
14 March 2022
News
… the data subject (Article 13) Decision: Infringement of the GDPR, administrative fine and reprimand Summary of the … right to inspect their own data in accordance with the GDPR or to give a reason for restricting this right. The … Ombudsman issued the company a reprimand for violating the GDPR and ordered it to change its procedure to comply with …
IMY issues an administrative fine against Spotify for shortcomings regarding transparency
12 June 2023
News
… Origin of the case The General Data Protection Regulation, GDPR, entered into force in 2018 and means, among other … information pursuant to article 15.1 a-h and 15.2 of the GDPR that should be provided to the individual making the … violations of articles 12.1, 15.1 a-d, g and 15.2 of the GDPR. IMY has further found that Spotify had failed in its …
Polish SA: administrative fine of 17 880 € for Commander-in-Chief of the Polish Police for disclosing data of a citizen at a press conference
2 May 2025
News
… examined the case and found that the provisions of the GDPR had been infringed (Article 6(1) and 9(1)). The Polish DPA concludes that this infringement of the GDPR is of a serious nature. The personal data of the person … data available by the Commander-in-Chief in breach of the GDPR (without a legal basis) during the conference entails …
Following EDPB Decision, TikTok ordered to eliminate unfair design practices concerning children
15 September 2023
News
… that TikTok Technology Limited (TikTok) infringed the GDPR's principle of fairness when processing personal data … TikTok infringed the principle of fairness under the GDPR. Consequently, the EDPB instructed the IE DPA to … infringement and to order TikTok to comply with the GDPR by eliminating such design practices. The EDPB also …
European initiative on the designation and position of data protection officers
… the position in their organisations required by Art. 37-39 GDPR and the resources needed to carry out their tasks. The … all DPOs notified in Liechtenstein pursuant to Art. 37 (7) GDPR. The results of the joint initiative will be analysed … the position in their organisations required by Art. 37-39 GDPR and the resources needed to carry out their tasks. The …
The Icelandic DPA has fined a company running ice cream parlours for processing employee‘s personal data via video surveillance camera installed in an employee area.
29 June 2021
News
… and their rights in accordance with Article 13 of the GDPR. Additionally, labels and signs indicating the video … Data Protection and the Processing of Personal Data and the GDPR. Moreover, the data subjects affected by these … personal data merits specific protection according to the GDPR. It was also regarded that employers have a …