23 March 2022
… national case: National case Legal references: Article 31 GDPR(Co-operation with the supervisory authority), Article 58 (1) (e) GDPR, Article 58 (2) (i) GDPR, Article 83 (1-3) and (5) (e) GDPR (General conditions …
1 March 2023
… case Legal references: Article 83 (1), (2), (4) (a) GDPR (General conditions for imposing administrative fines), Article 57 (1) (a) and (h) GDPR, Article 58 (2) (e) and (i) GDPR, Article 33 (1) GDPR (Notification of a personal data …
22 January 2024
… order to verify the compliance with the provisions of the GDPR, and more precisely concerning the legal basis of the … that the data controller violated article 13.1.e) of the GDPR (no information about the recipients of the personal … the CNPD identified a violation of article 24.1 of the GDPR (responsibility of the data controller), as personal …
3 December 2024
… dati (EDPB) ha pubblicato le linee guida sull'articolo 48 GDPR sui trasferimenti di dati alle autorità di paesi terzi … Nelle sue linee guida, l'EDPB approfondisce l'articolo 48 GDPR e chiarisce in che modo le organizzazioni possono … flusso di dati costituisce un trasferimento e si applica il GDPR. Un accordo internazionale può prevedere sia una base …
16 June 2022
… on certification as a tool for transfers . Art. 46(2)(f) GDPR introduces approved certification mechanisms as a new … tool for transfers - a new transfer tool introduced by the GDPR. The guidelines provide guidance on how this tool can … a dispute resolution decision on the basis of Art. 65 GDPR . The binding decision seeks to address the lack of …
20 August 2020
… the e-Privacy Directive forms lex specialis vis-à-vis the GDPR (as lex generalis), as stated in article 95 GDPR, the provisions with regard to consent of the GDPR remain applicable as preconditions for lawful …
26 January 2023
… a legal basis for the processing of data (Article 6(1)(a) GDPR), conditions for consent (Article 7 GDPR) Decision: The complaint was found to be well-founded … the corrective actions provided for in Article 58(2) of the GDPR have been taken Summary of the Decision Origin of …
6 September 2023
… not complied with data protection principles in Article 5 GDPR and not informed the data subjects about processing in accordance with Article 12 and 13 GDPR. Key Findings Failure to comply with the obligation … fairly and in a transparent manner (Article 5(1)(a) GDPR) Failure to inform the data subjects about processing …
15 July 2021
… its first urgent binding decision pursuant to Art. 66(2) GDPR following a request from the Hamburg supervisory … Ireland Ltd (Facebook IE) on the basis of Art. 66 (1) GDPR. The DE-HH SA ordered a ban on processing WhatsApp user … existence of urgency, the EDPB considered that Art. 61(8) GDPR was not applicable as the DE-HH SA did not demonstrate …
22 February 2023
… by national DPAs via binding decisions under Art. 65 GDPR and to advise the EU legislator on data protection … further guidance and develop awareness-raising tools on the GDPR for a wider audience. Furthermore, the EDPB intends to … such as on the interplay between the AI Act and the GDPR and on the use of social media by public bodies. … The …
13 October 2021
… Controller: Ferde AS Legal Reference: Processor (ARTICLE 28 GDPR), Security of Processing (ARTICLE 32 GDPR), General principle for transfers (ARTICLE 44 GDPR) Decision: infringement declared and fine imposed Key …
2 February 2024
… request, hence the Company breached Article 12(3) of GDPR when they failed to meet the Complainant’s erasure … right to erasure according to Article 17(1)(b) of GDPR. The Company also failed to meet the requirements of … database, so the Company breached Article 25(1) of GDPR. Decision The Authority established that the Company …
25 November 2020
… decision to specify certain viewpoints, the primacy of the GDPR as EU law resulted in the decision that a priori analysed potential breaches of the GDPR. Decision of the Litigation Chamber The litigation … were not processed in a lawful way under article 6.1.f. GDPR, as there were legitimate interests for the defendants …
30 June 2022
… (Articles 44 and 46). Decision: infringement of the GDPR; order to comply; order to suspend data flows to U.S.; … data transfers despite their being in violation of the GDPR. Key Findings: The Italian SA found that Caffeina … be transferred to the U.S. in violation of Chapter V of the GDPR, since the measures adopted by Google to supplement the …
26 January 2023
… of legality, fairness and transparency (Art. 5(1)(a) of GDPR), consent of the data subject (Art. 7(2) of GDPR), direct marketing (Art. 81(1) of ECL) Decision: The … was upheld, infringements of Art. 5(1)(a) and Art. 7(2) of GDPR and Art. 81(1) ECL Summary of the Decision Origin …
… analyse decisions related to different Articles of the GDPR and include examples of final One-Stop-Shop (OSS) … Supervisory Authorities (SAs) work together to enforce the GDPR. They offer an opportunity to read final decisions … Publication Type: Support Pool of Experts projects Topics: GDPR enforcement Cooperation between authorities English …
8 September 2021
… Legal Reference: Data retention period (Article 5.1.e GDPR), Information (Articles 13 & 14 GDPR) Decision: Fine … had failed to comply with articles 5-1-e, 13 and 14 of the GDPR. Decision Breach of Article 5-1-e of the GDPR The …
26 January 2021
… fine of NOK 100 000 000 for not complying with the GDPR rules on consent. - Our preliminary conclusion is that … to users. We consider that this was contrary to the GDPR requirements for valid consent. - Grindr is seen as a … magnitude as our findings suggest grave violations of the GDPR. Grindr has 13.7 million active users, of which …
7 December 2023
… adopted an order imposing a temporary ban under Art. 66 (1) GDPR on Meta IE and Facebook Norway AS (“Facebook Norway”) … EDPB concluded that there are ongoing infringements of the GDPR and there is an urgent need to act in light of the … found that there was an ongoing infringement of art. 6 (1) GDPR because of the inappropriate use of the legal bases of …
29 March 2021
… investigation under the General Data Protection Regulation (GDPR), in February 2021 imposed a fine for improper … for infringements of Article 32(1) (b) and (c) of the GDPR, namely failure to ensure the ongoing integrity, … to the risk, infringement of Article 32(1)(b)(c) of the GDPR, and also taking into account the factors listed in …