Search results | European Data Protection Board

Polish DPA imposes a fine on Warsaw University of Technology for not complying with its obligation
14 January 2022
News
… Legal Reference: Principles (Art. 5(1)(f), Art. 5(2)), Data protection by design and by default (Art. 25(1)), … fine issued Key words: principles, processing, security, data protection Summary of the Decision Origin of the … after the Polish Data Protection Authority received a data breach notification. As it was indicated, an unauthorized …
Clubhouse fined EUR 2 million by the Italian SA
20 January 2023
News
… Reference: Principles relating to processing of personal data (Article 5(1)(a)(e); Lawfulness of processing (Article … and modalities for the exercise of the rights of the data subject (Article 12); Information to be provided where … failure to designate a representative in the EU in breach of Article 27(4); failure to carry out a DPIA with …
The French Supervisory Authority fines ORANGE €50 million
23 January 2025
News
… spite of user consent withdrawal (Article 82 of the French Data Protection Act) Decision: Infringement of the French … Electronic Communications Code, Infringement of the French Data Protection Act, Administrative fine Key words: … spite of user consent withdrawal Decision For these two breaches, the restricted committee decided to impose a …
Guidelines 2/2020 on articles 46 (2) (a) and 46 (3) (b) of Regulation 2016/679 for transfers of personal data between EEA and non-EEA public authorities and bodies
24 February 2020
Guidelines
… 46 (3) (b) of Regulation 2016/679 for transfers of personal data between EEA and non-EEA public authorities and bodies … 46 (3) (b) of Regulation 2016/679 for transfers of personal data between EEA and non-EEA public authorities and bodies … Guidelines Topics: Administrative arrangement The European Data Protection Board welcomes comments on the Guidelines …
Norwegian DPA issues fine to Coop Finnmark
11 February 2021
News
… fine to Coop Finnmark 11 February 2021 Norway The Norwegian Data Protection Authority has issued a fine in the amount of … in this case. Lacked legal basis All processing of personal data requires a legal basis in order to be lawful. After … explains. This case was reported as a personal data breach notification from Coop Finnmark AS on April 10th …
Swedish SA: Administrative fine against two companies in the SL Group
17 July 2025
News
… Article 9 (Processing of special categories of personal data), Article 83 (General conditions for imposing … fines) Decision: Administrative fine Key words: Personal data breach, Sensitive data, Administrative fine, Data retention, … Article 9 (Processing of special categories of personal data), Article 83 (General conditions for imposing …
The Icelandic SA: The University of Iceland fined 1.500.000 ISK for the use of video surveillance
6 September 2023
News
… Article 5 (Principles relating to processing of personal data), Article 12 (Transparent information, communication, … and modalities for the exercise of the rights of the data subject), Article 13 (Information to be provided where … system, unfairly and in an untransparent manner, in breach of Article 5(1)(a), and had not informed the data …
Personalised advertising: French SA fined CRITEO EUR 40,000,000
15 June 2023
News
… and modalities for the exercise of the rights of the data subject), Article 13 (Information to be provided where personal data are collected from the data subject), Article 15 … into CRITEO. Key Findings The French SA found five breaches of the GDPR: Failure to demonstrate that the person …
EDPBI:DEBB:OSS:D:2020:145
13 October 2020
… reference Article 6 (Lawfulness of processing) Keywords Data security E-Commerce Legitimate interest Privacy … Brandenburg Commissioner for Data Protection and Access to Information Stahnsdorfer Damm … mitiga- tion and investigation of fraud attempts, security breaches and other prohi- bited or illegal activities in …
Fine proposed for Danish recruitment company
15 May 2020
News
… Danish recruitment company 15 May 2020 Denmark The Danish Data Protection Authority considers that in a case on the … JobTeam has not met the basic requirements of the General Data Protection Regulation (GDPR) that personal data must be … It is the view of the Danish Data Protection Agency that a breach of the fundamental principles of the regulation …
One-Stop-Shop case digests
… taken by, and involving, different SAs relating to specific data subject rights. The projects are conducted by external … One-Stop-Shop case digest on Security of Processing and Data Breach Notification 18 January 2024 Publication Type: … taken by, and involving, different SAs relating to specific data subject rights. The projects are conducted by external …
EDPBI:SE:OSS:D:2022:352
29 March 2022
… reference Article 32 (Security of processing) Keywords Data security Personal data breach Outcome Reprimand Decision 79.9KB Preuzimanje …
Final decision of Hungarian Supervisory Authority about infringement of Article 26 of the GDPR caused by a foundation
3 January 2024
News
… 2023 Cross-border case Hungarian National Authority for Data Protection and Freedom of Information (Hungarian … Supervisory Authority, SA) and CSAs: Office for Personal Data Protection of the Slovak Republic (Slovak Supervisory … respective responsibilities. , The Foundation was found in breach of Article 26(1) of the GDPR, as the cooperation …
The CNIL’s restricted committee imposes a financial penalty of 50 Million euros against GOOGLE LLC
21 January 2019
News
… the company GOOGLE LLC, in accordance with the General Data Protection Regulation (GDPR), for lack of transparency, … ads personalization. On 25 and 28 May 2018, the National Data Protection Commission (CNIL) received group complaints … the CNIL’s restricted committee responsible for examining breaches of the Data Protection Act observed two types of …
Dutch DPA: Orthodontic practice fined for unsecured patient website
10 June 2021
News
… patient website 10 June 2021 Netherlands The Dutch Data Protection Authority (DPA) has imposed a €12,000 fine … website. As a result, patients’ sensitive personal data, such as their citizen service number (BSN), could have … case. If the confidentiality of sensitive personal data is breached, this could put people at serious risk. It could, …
Polish SA: administrative fine of EUR 1 170 for Social Welfare Centre and EUR 2 341 EUR for Mayor of Aleksandrów for ignoring the risk of ransomware attack
25 September 2025
News
… Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 28 … processing), Article 33 (Notification of a personal data breach to the supervisory authority) Decision: …
Decision by the Austrian SA against Clearview AI Infringements of Articles 5, 6, 9, 27 GDPR
12 May 2023
News
… Infringement of the GDPR, Order to erase complainant’s data, Order to name an Article 27 representative Key words: Facial recognition; biometric data Summary of the Decision Origin of the case … The permanent storage of personal data also constitutes a breach of data minimisation principle. Article 9(1): The …
Romanian Supervisory Authority's fine of 9,544.40 lei (EUR 2,000) against Telekom Romania Mobile Communications SA
25 November 2019
News
… Communications SA was sanctioned with a reprimand for the breach of provisions of Article 32 paragraph (1) letter b) … Communications SA could not prove the accuracy of the data processed, which led to the violation of the basic principle for data processing provided by Article 5 paragraph (1) letter …
EDPBI:IS:OSS:D:2021:216
29 April 2021
… Article 5 (Principles relating to processing of personal data) Keywords Personal data breach Data security Children Education Outcome …
EDPBI:NO:OSS:D:2025:1660
21 February 2025
… reference Article 32 (Security of processing) Keywords Data security Personal data breach Outcome Dismissal/Rejection of the case …