Search results | European Data Protection Board

EDPBI:CZ:OSS:D:2019:28
11 July 2019
… Article 5 (Principles relating to processing of personal data) Article 6 (Lawfulness of processing) Keywords Consumer … 1/11 THE OFFICE FOR PERSONAL DATA PROTECTION Pplk. Sochora 27, 170 00 Prague 7, Czech … the above conclusion in itself does not mean that the is in breach of the rules stipulated by Regulation (EU) 2016/679, …
Italian SA bans remote surveillance of customer care employees
28 October 2021
News
… Reference: GDPR: Article 5 (Principles applying to personal data processing); Article 6 (Lawfulness of processing); … service; inbound calls management; trade union agreements; data minimization Summary of the … found that the company had processed its employees’ data in breach of sector-specific national law and the general …
EDPBI:LU:OSS:D:2025:3423
23 April 2025
… and modalities for the exercise of the rights of the data subject) Article 15 (Right of access by the data subject) Article 32 (Security of processing) Keywords Consumer protection Personal data breach E-Commerce Outcome No sanction SA LU Decision 861.5KB …
October plenary - adopted documents
21 October 2022
News
… regarding their approval by the Board as European Data Protection Seal pursuant to Article 42.5 (GDPR) 10 … the design choices for a digital euro from the privacy and data protection perspective 10 October 2022 Publication … public consultation. Guidelines 9/2022 on personal data breach notification under GDPR 10 October 2022 Publication …
French SA: Cookies and advertisements inserted between emails: GOOGLE fined 325 000 000 EUR by the CNIL
4 September 2025
News
… without free and informed consent (Article 82 of the French Data Protection Act) Decision: Infringement of the French … Electronic Communications Code, Infringement of the French Data Protection Act, Administrative fine and injunction Key … this context was therefore not valid, which constituted a breach of the French Data Protection Act (Article 82). …
BfDI imposes Fines on Telecommunications Service Providers
18 December 2019
News
… 18 December 2019 Germany The Federal Commissioner for Data Protection and Freedom of Information (BfDI) imposed a … another case, the BfDI imposed a fine of EUR 10. 000 on Rapidata GmbH. Concerning this matter, the Federal Commissioner … The BfDI considers this authentication procedure to be in breach of Article 32 of the GDPR which obliges the company …
Polish SA: administrative fine of 54 600 € for failure to implement appropriate technical and organisational measures to ensure a level of security
28 November 2024
News
… Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 … Article 5 (Principles relating to processing of personal data) Decision: Administrative fine, Compliance order Key … Administrative fine, Data subject rights, Personal data breach, Principles relating to processing of personal data, …
EDPBI:NO:OSS:D:2024:1408
20 August 2024
… and modalities for the exercise of the rights of the data subject) Article 13 (Information to be provided where personal data are collected from the data subject) Keywords … Privacy statement International transfer Personal data breach Right to erasure Outcome No sanction …
EDPBI:NL:OSS:D:2024:1534
13 November 2024
… Main legal reference Article 33 (Notification of a personal data breach to the supervisory authority) Article 5 (Principles relating to processing of personal data) Keywords Consumer protection Outcome …
Guidelines 07/2020 on the concepts of controller and processor in the GDPR
6 September 2020
Guidelines
… Type: Guidelines Topics: Controller Processor The European Data Protection Board welcomes comments on the Guidelines … set out in the Regulation and in accordance with applicable data protection rules. All legal details can be found in our … play a crucial role in the application of the General Data Protection Regulation 2016/679 (GDPR), since they …
Swedish SA fines Board of Education in the City of Stockholm
24 November 2020
News
… the City of Stockholm 24 November 2020 Sweden The Swedish Data Protection Authority has reviewed the so-called School … Board of Education in the City of Stockholm. The Swedish Data Protection Authority has received a number of personal data breach notifications from the City of Stockholm's Board of …
Parere 5/2019 sull'interazione tra la direttiva e-privacy e il regolamento generale sulla protezione dei dati, in particolare per quanto concerne competenze, compiti e poteri delle autorità per la protezione dei dati
12 March 2019
Opinion of the Board (Art. 64)
… in particular regarding the competence, tasks and powers of data protection authorities Adopted on 12 March 2019 adopted … 15 5 On the competence, tasks and powers of data protection authorities … application of this article relates to the personal data breach notification obligation, which is imposed by both the …
Telephone Operators: Italian SA Fines Wind EUR 17 million and Iliad EUR 0.8 million
27 July 2020
News
… on July 9th on account of several instances of unlawful data processing that were mostly related to marketing. The … similar infringements that had occurred when the previous data protection law was in force. The fine was imposed … activities to call centres, which collected data in breach of the law. The pleadings submitted by Wind Tre and …
EDPBI:FR:OSS:D:2021:310
30 December 2021
… Article 5 (Principles relating to processing of personal data) Article 13 (Information to be provided where personal data are collected from the data subject) Article 17 (Right … be informed Right to erasure Data retention Personal data breach Data security Password Outcome Administrative fine …
Administrative fines imposed on a telephone service provider
7 October 2019
News
… a telephone service provider (1) Imposition of a fine for breach of the principle of accuracy and data protection by design when keeping personal data of subscribers The Hellenic DPA has received complaints … of a fine for breach of the principle of accuracy and data protection by design when keeping personal data of …
Riconoscimento facciale negli aeroporti: le persone dovrebbero avere il massimo controllo sui dati biometrici
24 May 2024
Press releases
… le potenziali violazioni commesse e cessate prima di tale data. Le indagini nazionali relative a potenziali violazioni … intelligence Consistency New Technology Cybersecurity and data breach …
Polish SA: administrative fine of EUR 15 556 for University Children’s Clinical Hospital in Białystok for failing to implement appropriate technical and organisational measures
25 September 2025
News
… Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 … access to the IT systems was blocked, resulting in a breach of the confidentiality and availability of personal …
Guidelines 10/2020 on restrictions under Article 23 GDPR
18 December 2020
Guidelines
… Type: Guidelines Topics: Restrictions The European Data Protection Board welcomes comments on the Guidelines … set out in the Regulation and in accordance with applicable data protection rules. All legal details can be found in our … GDPR........................... 9 3.3.7 Protection of the data subject or the rights and freedoms of …
EDPBI:BG:OSS:D:2023:1066
13 September 2023
… Article 5 (Principles relating to processing of personal data) Article 25 (Data protection by design and by default) Article 28 … fine Data protection by design and by default Personal data breach Processor Responsibility of the controller Outcome …
Norwegian DPA: Norwegian Confederation of Sport fined for inadequate testing
15 June 2021
News
… for inadequate testing 15 June 2021 Norway The Norwegian Data Protection Authority has fined the Norwegian … GDPR violation. The backdrop for this case is that personal data about 3.2 million Norwegians was available online for … Data Protection Authority also found the incident to be in breach of the principles of legality, data minimisation and …