Search results | European Data Protection Board

Dutch SA fines Netflix for not properly informing customers
27 January 2025
News
… with Article 13 (1)(c)(e) and (f); and Article 13(2)(a) GDPR). Furthermore, customers did not receive sufficient … with Article 15 (1)(a)(c) and (d) and Article 15 (2) GDPR). These are violations of the GDPR. On several points, Netflix provided too little …
Romanian Supervisory Authority fine of 2,389.05 lei (EUR 500) against an Association of Owners
29 November 2019
News
… mentioned in Article 83 paragraph (5) letter a) of GDPR – fine in the amount of 2389.05 lei, the equivalent of … mentioned in Article 83 paragraph (5) letter b) of GDPR – reprimand; for the contravention found pursuant to … mentioned in Article 83 paragraph (4) letter a) of GDPR – reprimand. The sanctions were imposed following a …
Investigation regarding access to and inspection by the employer of an employee’s emails on a company server, illegal installation and operation of a closed-circuit video-surveillance system and infringement of the right of access
14 January 2020
News
… as a controller had complied with the requirements of the GDPR and that its internal policies and regulations provided … had a legal right under Articles 5(1) and 6(1)(f) of the GDPR to carry out an internal investigation searching and … in his corporate PC. Following the finding that the GDPR had been infringed, the Authority decided in this …
Norwegian DPA: Reprimanded after accessing e-mail account
23 September 2021
News
… National case Legal Reference: Information (Article 14 GDPR), Right of access by the data subject (Article 15 GDPR) Decision: Infringement of the GDPR, reprimand, and order to comply Summary of the Decision …
The European Data Protection Board endorsed the statement of the WP29 on ICANN/WHOIS.
27 May 2018
… 2003 (see WP29 opinion of 2003 available here ). ICANN’s GDPR compliance process appears to have been formally … are concerned over the entry into application of the GDPR on 25 May 2018. The GDPR does not allow national supervisory authorities nor the …
Polish SA imposed a fine on the Szczecin-Centrum District Court in Szczecin
19 January 2023
News
… Legal references: Article 83 (1-3) and (4) (a) and (5) (a) GDPR (General conditions for imposing administrative fines), Article 24 (1) GDPR (Responsibility of the controller), Article 25 (1) (2) … protection by design and by default), Article 32 (1) (2) GDPR (Security of processing), Article 5 (1) (e) (f) and (2) …
Failure to notify a personal data breach as the main reason for a fine imposed on a housing association by the Polish SA
7 February 2023
News
… Legal references: Article 83 (1- 3) and (4) (a) and (5) (a) GDPR (General conditions for imposing administrative fines), Article 28 (1) (3) and (9) GDPR (Processor), Article 33 (1) GDPR (Notification of a personal data breach to the …
Temperature checks at Brussels Airport (Belgium) as part of the fight against COVID-19
21 April 2022
News
… Rescue team Legal Reference: Article 5 § 1 c) of the GDPR; Article 6 of the GDPR; Article 9 of the GDPR; Article 12 combined with 13 §1 c) of the GDPR; …
DPAs decide on closer cooperation for strategic files
29 April 2022
Press releases
… in the interpretation and consistent application of the GDPR by endorsing and adopting no less than 57 Guidelines … is crucial for ensuring a consistent interpretation of the GDPR. To stay on top of this growing workload and make the … use of the possibilities for cooperation foreseen in the GDPR, we will yearly identify a number of cross-border cases …
Health data and use of cookies: French SA fines DOCTISSIMO
17 May 2023
News
… Findings The French SA has identified four breaches of the GDPR and a breach of the French Data Protection Act by … the purposes for which they are processed (Article 5.1(e) GDPR) Failure to obtain consent from individuals to collect their health data (Article 9 GDPR) Failure to provide a formal legal framework for the …
EDPB adopted documents - 42nd & 43rd plenary
4 January 2021
News
… period Information note on data transfers under the GDPR after the Brexit transition period Guidelines on restrictions of data subject rights under Article 23 GDPR - version for public consultation Guidelines on the … of the Second Payment Services Directive (PSD2) and the GDPR (following public consultation) Guidelines on articles …
First EDPB Art. 65 Decision
16 December 2020
News
… adopted its first binding decision on the basis of Art. 65 GDPR on November 9th. This decision concerns a draft … consistency mechanism Further information on the Art. 65 GDPR procedure is available here … The EDPB adopted its first binding decision on the basis of Art. 65 GDPR on November 9th. This decision concerns a draft …
Romanian Supervisory Authority issues two fines each of 23,893 lei (EUR 5,000) against Entirely Shipping & Trading S.R.L.
13 December 2019
News
… 12 and 13 of the General Data Protection Regulation (GDPR); the infringement of Article 5 paragraph (1) letter c), Article 6 and Article 7 of GDPR; the infringement of Article 5 paragraph (1) letter c), Article 9 and Article 7 of GDPR; the infringement of Article 5 paragraph (1) letters …
Icelandic SA: the municipality of Reykjavík fined ISK 2,000,000 for the use of Google Workspace for Education
26 April 2024
News
… of Reykjavík infringed multiple Articles of the GDPR with its use of Google’s educational system i.e.: … accordance with the Regulation (Articles 5, 24(1) & 28(1) GDPR) Data processing agreement did not meet the minimum requirements (Article 28(3)(a) GDPR) Failure to ensure that data is not further processed …
Hellenic SA fines Debt Management Company for unlawful processing of personal data and non-essential examination of rights to object and erasure
12 September 2022
News
… Right to object (Article 21) Decision: Infringement of the GDPR, Administrative fine Key words: Unlawful processing, … rights, in breach of the provision of Article 12(2) of the GDPR, and that the processing in question took place without … of the provisions of Articles 5(1)(a), 5(2) and (6) of the GDPR. Decision The Hellenic SA imposed a fine of EUR …
French SA fines Cityscoot 125 000€
29 March 2023
News
… Legal Reference: Data minimisation (article 5.1.c of the GDPR), Contractual framework between the controller and processors (article 28.3 of the GDPR), Inform and collect user consent before writing and … French Data Protection Act) Decision: Infringement of the GDPR, Infringement of the French Data Protection Act, …
Irish Data Protection Commission announces decision in Twitter inquiry
15 December 2020
News
… Commission (DPC) has today announced a conclusion to a GDPR investigation it conducted into Twitter International … found that Twitter infringed Article 33(1) and 33(5) of the GDPR in terms of a failure to notify the breach on time to … Concerned Supervisory Authorities under Article 60 of the GDPR in May of this year, was the first one to go through …
EDPB plenaries, subgroups and taskforces
… under authorities in third countries, under the GDPR Passenger Name Records (PNR) Border controls … focus on cooperation and consistency mechanism under the GDPR and related legislative developments Procedural questions concerning Article 56 GDPR and Chapter VII (Section 1 and 2) GDPR Procedural …
The Lithuanian SA adopted a decision on the actions of the organisation on the processing of children’s image data
26 January 2023
News
… a legal basis for the processing of data (Article 6(1)(a) GDPR), conditions for consent (Article 7 GDPR) Decision: The complaint was found to be well-founded … the corrective actions provided for in Article 58(2) of the GDPR have been taken Summary of the Decision Origin of …
EDPB adopted documents - 48th plenary
22 April 2021
News
… implementing decision pursuant to Regulation (EU) 2016/679 (GDPR) on the adequate protection of personal data in the … Kingdom Guidelines on the application of Article 65(1)(a) GDPR Guidelines on the targeting of social media users … implementing decision pursuant to Regulation (EU) 2016/679 (GDPR) on the adequate protection of personal data in the …