Search results | European Data Protection Board

Employee monitoring: French SA fined Amazon France Logistique €32 million
23 January 2024
News
… Article 5 (Principles relating to processing of personal data), Article 6 (Lawfulness of processing), Article 12 … and modalities for the exercise of the rights of the data subject), Article 13 (Information to be provided where … from employees. Key Findings The French SA found several breaches of the GDPR regarding: Warehouse stock and order …
Mišljenje 4/2019 o Nacrtu administrativnog dogovora za prijenos osobnih podataka između financijskih nadzornih tijela Europskoga gospodarskog prostora („EGP”) i financijskih nadzornih tijela izvan EGP-a
12 February 2019
Opinion of the Board (Art. 64)
… o Nacrtu administrativnog dogovora za prijenos osobnih podataka između financijskih nadzornih tijela Europskoga … Administrative Arrangement for the transfer of personal data between European Economic Area (“EEA”) Financial … such as “personal data”, “processing”, “personal data breach”, “right of access”, “right of erasure” which are in …
EDPBI:FR:OSS:D:2021:181
6 January 2021
Decision by the SA
… and modalities for the exercise of the rights of the data subject) Article 32 (Security of processing) Keywords Personal data breach Data security Password Data subject rights …
Norwegian DPA: Norwegian Confederation of Sport fined for inadequate testing
15 June 2021
News
… for inadequate testing 15 June 2021 Norway The Norwegian Data Protection Authority has fined the Norwegian … GDPR violation. The backdrop for this case is that personal data about 3.2 million Norwegians was available online for … Data Protection Authority also found the incident to be in breach of the principles of legality, data minimisation and …
Telephone Operators: Italian SA Fines Wind EUR 17 million and Iliad EUR 0.8 million
27 July 2020
News
… on July 9th on account of several instances of unlawful data processing that were mostly related to marketing. The … similar infringements that had occurred when the previous data protection law was in force. The fine was imposed … activities to call centres, which collected data in breach of the law. The pleadings submitted by Wind Tre and …
EDPBI:ES:OSS:D:2024:1400
14 August 2024
… Article 5 (Principles relating to processing of personal data) Article 32 (Security of processing) Keywords Personal data breach Outcome Administrative fine decision-no-1400.pdf …
Icelandic SA: the municipality of Reykjavík fined 5.000.000 ISK for the use of the Seesaw educational system
16 May 2022
News
… Controller: The municipality of Reykjavík. Legal Reference: data protection principles (Article 5), lawfulness of processing (Article 6), transparency (Article 13), data protection by design and default (Article 25), joint … SA concluded that the municipality of Reykjavík had breached various provisions of the GDPR using Seesaw. …
The French SA fines CALOGA €80 000
5 June 2025
News
… Article 5 (Principles relating to processing of personal data) Decision: administrative fine Key words: … in this ecosystem, in particular intermediaries who resell data, known as data brokers. Thus, the CNIL carried out … on the market, the financial benefit derived from the breaches and the complete cessation of activity of the …
The Belgian Supervisory Authority sanctions telecom operator for 14 months late reply to a right to access request
2 September 2024
News
… and modalities for the exercise of the rights of the data subject), Article 15 (Right to access by the data subject) Decision: Administrative fine Key words: … the modalities of the right to access, the defendant has breached the articles 12.2, 12.3 et 15 GDPR because of the …
Polish SA: administrative fine of EUR 15 556 for University Children’s Clinical Hospital in Białystok for failing to implement appropriate technical and organisational measures
25 September 2025
News
… Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 … access to the IT systems was blocked, resulting in a breach of the confidentiality and availability of personal …
The French SA fines SOLOCAL €900 000
21 May 2025
News
… professionals in the sector, particularly those who resell data, including the many intermediaries in this ecosystem known as data brokers. The French SA carried out investigations on … on the market, the financial benefit derived from the breaches, and the measures taken by the company to comply …
Swedish SA fines Board of Education in the City of Stockholm
24 November 2020
News
… the City of Stockholm 24 November 2020 Sweden The Swedish Data Protection Authority has reviewed the so-called School … Board of Education in the City of Stockholm. The Swedish Data Protection Authority has received a number of personal data breach notifications from the City of Stockholm's Board of …
EDPBI:NO:OSS:D:2024:1408
20 August 2024
… and modalities for the exercise of the rights of the data subject) Article 13 (Information to be provided where personal data are collected from the data subject) Keywords … Privacy statement International transfer Personal data breach Right to erasure Outcome No sanction …
Administrative fines imposed on a telephone service provider
7 October 2019
News
… a telephone service provider (1) Imposition of a fine for breach of the principle of accuracy and data protection by design when keeping personal data of subscribers The Hellenic DPA has received complaints … of a fine for breach of the principle of accuracy and data protection by design when keeping personal data of …
Ministry of Migration and Asylum receives administrative fine and GDPR compliance order following an own-initiative investigation by the Greek SA
15 April 2024
News
… fine Keywords: own-initiative investigation, biometric data, Data Protection Impact Assessments Summary of the Decision … on the Hellenic Ministry of Migration and Asylum for the breaches found in relation to the cooperation with the … fine Keywords: own-initiative investigation, biometric data, Data Protection Impact Assessments Summary of the …
October plenary - adopted documents
21 October 2022
News
… regarding their approval by the Board as European Data Protection Seal pursuant to Article 42.5 (GDPR) 10 … the design choices for a digital euro from the privacy and data protection perspective 10 October 2022 Publication … public consultation. Guidelines 9/2022 on personal data breach notification under GDPR 10 October 2022 Publication …
French SA: Cookies placed without consent: SHEIN fined 150 000 000 EUR by the CNIL
4 September 2025
News
… STYLES SERVICES CO. LIMITED Legal Reference: The French Data Protection Act (Article 82): failure to obtain user … withdrawing consent Decision: Infringement of the French Data Protection Act, Administrative fine Key words: Cookies … it has repeatedly sanctioned organisations for similar breaches and has made its decisions public. The massive …
First fine by the Romanian Supervisory Authority
26 June 2019
News
… into the controller UNICREDIT BANK S.A. and found that it breached the provisions of Article 25 (1) of Regulation (EU) … natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data …
EDPBI:FR:OSS:D:2021:310
30 December 2021
… Article 5 (Principles relating to processing of personal data) Article 13 (Information to be provided where personal data are collected from the data subject) Article 17 (Right … be informed Right to erasure Data retention Personal data breach Data security Password Outcome Administrative fine …
1 year GDPR – taking stock
22 May 2019
Press releases
… days short of the GDPR’s first anniversary, the European Data Protection Board surveyed the Supervisory Authorities … 2017. Over 144.000 queries and complaints* and over 89.000 data breaches have been logged by the EEA Supervisory … days short of the GDPR’s first anniversary, the European Data Protection Board surveyed the Supervisory Authorities …