Search results | European Data Protection Board

EDPBI:DEBE:OSS:D:2019:27
2 July 2019
… Decision nr 27 EDPBI:DEBE:OSS:D:2019:27 2 July 2019 LSA DE/BE CSA AT … access to his personal data in accordance with Article 15 GDPR. The controller attempted to provide the complainant … months after the deadline established under Article 12 (3) GDPR.Findings The LSA determined that the controller …
EDPBI:DEBB:OSS:D:2019:53
2 October 2019
… Register entry 58950 - IMI A60DD 74979 Dear colleagues, on 27 August 2019, the above-mentioned draft decision was … cross-border processing under Art. 4 No. 23 lit. b GDPR, the ÖDSB initiated an Art. 56 identification procedure … controller’s main establishment in is according to art. 56 GDPR and § 19 Federal Data Protection Act the lead su- …
Italian SA fines US company offering diabetes app
13 October 2022
News
… Controller: US Company – Senseonics INC Legal Reference: GDPR Article 5, para 1 letters a), b) and f) (lawfulness, … data are collected from the data subject) and Article 27 (Representatives of controllers or processors not … in the Union) Decision: finding of infringements of the GDPR (imposition of administrative fine and order to comply) …
EDPBI:LV:OSS:D:2019:79
8 November 2019
… of Latvia/ Data State Directorate Case No.L-2-4.3/4627 Decision Riga, 8 November 2019 No.2-2.2/45 On imposition … of the General Data Protection Regulation1 (hereinafter—the GDPR), Section 5(1)(2) of the Personal Data Processing Law … and mobile phone number. In his Complaint, refers to the GDPR, Chapter III, “Rights of the data subject”, which …
Liechtenstein SAs list of the kind of processing operations which are subject to the requirement for a Data Protection Impact Assessment under Article 35(4) of the General Data Protection Regulation (EU) 2016/679 (GDPR)
27 February 2019
Decision by the SA
… of the General Data Protection Regulation (EU) 2016/679 (GDPR) Decision Type SA Liechtenstein 27 February 2019 Data Protection Impact Assessment (DPIA) … of a data protection impact assessment (Article 35.4 GDPR) … DATENSCHUTZSTELLE FÜRSTENTUM LIECHTENSTEIN Version …
Finnish SA: administrative fine on company for processing health information without an appropriate consent
27 January 2023
News
… health information without an appropriate consent 27 January 2023 Finland Italy Belgium Czech Republic France … that the company did not have the consent required by the GDPR for processing data on body mass indices and maximal … The consent requested did not meet the requirements of the GDPR as it was not specific and informed. The SA finds that …
Icelandic SA fines eCommerce 2020 ApS EUR 50 204 for processing credit information without a legal basis
27 June 2023
News
… 204 for processing credit information without a legal basis 27 June 2023 Iceland Background information Date of … lawful ground for all processing operations (Article 6 (1) GDPR) Failure to comply with the obligation to process … fairly and in a transparent manner (Article 5(1)(a) GDPR) Decision No provision that clearly stipulates the …
Icelandic SA fines A.I.C. ehf. EUR 24 141 for processing credit information without a legal basis
27 June 2023
News
… 141 for processing credit information without a legal basis 27 June 2023 Iceland Background information Date of … lawful ground for all processing operations (Article 6 (1) GDPR) Failure to comply with the obligation to process … fairly and in a transparent manner (Article 5(1)(a) GDPR) Decision No provision that clearly stipulates the …
The Norwegian Data Protection Authority: Ferde AS fined
13 October 2021
News
… 2021 Norway Background information Date of final decision: 27 September 2021 Cross-border case or national case: … Controller: Ferde AS Legal Reference: Processor (ARTICLE 28 GDPR), Security of Processing (ARTICLE 32 GDPR), General principle for transfers (ARTICLE 44 GDPR) …
Dutch Supervisory Authority imposes a fine on Clearview because of illegal data collection for facial recognition
3 September 2024
News
… Article 15 (Right to access by the data subject), Article 27 (Representatives of controllers not established in the … (a) of the General Data Protection Regulation (hereinafter: GDPR), read in conjunction with Article 6(1) GDPR. Second, for the purpose of said service, Clearview …
State of play - IMI for GDPR purposes
27 June 2018
Other guidance
… State of play - IMI for GDPR purposes 27 June 2018 EDPB It has been just a month ago that the General Data Protection Regulation (GDPR) entered into application, the long awaited revamp of …
Hellenic SA: imposition of a fine and order to comply following a leak of expats’ personal data file
13 September 2024
News
… 2024 Greece Background information Date of final decision: 27 May 2024 National case Legal Reference (s): GDPR: Article 5.1.a: Principle of lawfulness, fairness and transparency; GDPR: Article 6.1.f: Processing based on legitimate …
Irish SA: inquiry into Bank of Ireland Group
6 April 2022
News
… Ireland Group plc Legal Reference: Article 32(1), 33 and 34 GDPR Decision: Infringement of Article 32(1), 33 and 34 GDPR, Order to comply with article 32(1) GDPR, Issued … Protection Commission (DPC) between 9 November 2018 and 27 June 2019. The notifications related to the corruption of …
Hellenic DPA fines Clearview AI 20 million euros
20 July 2022
News
… case Controller: Clearview AI Inc. Legal Reference: GDPR: Article 3: Territorial scope. Article 5(1)(a) and (2): … not established in the Union. Decision: Infringement of the GDPR, Administrative fine. Key words: Web scraping, Images … 9 GDPR) and its obligations under Articles 12, 14, 15 and 27 of the GDPR. Decision: The Hellenic DPA imposed a fine …
Clubhouse fined EUR 2 million by the Italian SA
20 January 2023
News
… of controllers not established in the Union (Article 27); Data protection impact assessment (Article 35) Decision: Infringement of the GDPR, Administrative fine, Ban on processing, Order to … limitation principles; infringement of Articles 6 and 7 GDPR; failure to provide the information set out by Articles …
Hellenic DPA: Fines imposed to telecommunications companies due to personal data breach and illegal data processing
3 February 2022
News
… 2022 Greece Background information Date of final decision: 27 January 2022 Cross-border case or national case: … Regulation (EU) 611/2013 Decision: Infringement of the GDPR, Fines imposed Key words: GDPR, Data breach, Security, Data protection impact …
Az Európai Adatvédelmi Testület elfogadta a Dél-Koreára vonatkozó megfelelőségi határozattervezetről szóló véleményt
27 September 2021
News
… megfelelőségi határozattervezetről szóló véleményt 27 September 2021 EDPB Brüsszel, szeptember 27. - az Európai … Az EDPB az általános adatvédelmi rendelet (GDPR) általános szempontjaira és a hatóságok által az … Az EDPB az általános adatvédelmi rendelet (GDPR) általános szempontjaira és a hatóságok által az …
Employee monitoring: French SA fined Amazon France Logistique €32 million
23 January 2024
News
… 2024 France Background information Date of final decision: 27 December 2023 Cross-border case or national case: … Key Findings The French SA found several breaches of the GDPR regarding: Warehouse stock and order management: … with the principle of data minimisation (Article 5.1.c GDPR). Failure to ensure lawful processing (Article 6 GDPR) …
The CNPD adopts the certification mechanism GDPR-CARPA
27 June 2022
News
… The CNPD adopts the certification mechanism GDPR-CARPA 27 June 2022 Luxembourg Luxembourg becomes the first country … to introduce a certification mechanism according to the GDPR criteria. The National Data Protection Commission …
Press release on the 2023 coordinated enforcement action of the European Data Protection Board focusing on the role of data protection officers
… of the General Data Protection Regulation (hereinafter: GDPR) 1 . The aim of the coordinated enforcement action is … data protection officers are in accordance with Art. 37-39 GDPR and they have the resources needed to carry out their … 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with …