Search results | European Data Protection Board

The Polish supervisory authority imposed first administrative fine on a public entity
31 October 2019
News
… 40,000 on a public entity for failure to comply with the GDPR. The reason for imposing the fine was that the mayor of … of the Office concluded that Article 28 (3) of the GDPR had been violated. This provision obliges the … of lawfulness of processing (Article 5(1)(a) of the GDPR) and the principle of confidentiality (Article 5(1)(f) …
Administrative criminal proceedings of the Austrian data protection authority against Österreichische Post AG (Austrian Postal Service)
23 October 2019
News
… on the basis of the evidence that ÖPAG had violated the GDPR by processing personal data on the alleged political … purpose of direct marketing, as this is not covered by the GDPR. These violations of the GDPR were committed unlawfully and culpably, which is why …
Commercial prospecting and personal rights: French SA fined NS CARDS FRANCE €105,000
15 January 2024
News
… Key Findings The French SA found several breaches of the GDPR: Failure to comply with the obligation to retain data … purpose for which it was collected (article 5.1.e of the GDPR) Failure to comply with the obligation to inform individuals (Articles 12 and 13 of the GDPR) Failure to comply with the obligation to ensure the …
Commercial prospecting: French SA fined HUBSIDE.STORE €525,000
15 April 2024
News
… Key Findings The French SA found several breaches of the GDPR: Failure of the obligation to have a legal basis for processing data (Article 6 GDPR). The misleading appearance of the data collection … not have a valid legal basis for data collection (Article 6 GDPR) for commercial prospecting by phone calls. It also …
Legal studies by external providers
… context of scientific research Study on the enforcement of GDPR obligations against entities established outside the EEA but falling under Article 3(2) GDPR Study on the national administrative rules impacting … study on the appropriate safeguards under Article 89(1) GDPR for the processing of personal data for scientific …
Lack of resources puts enforcement of individuals’ data protection rights at risk
13 September 2022
News
… implementation of the General Data Protection Regulation (GDPR). There are high expectations regarding the GDPR’s success in reining in data protection abuses, … its legal duties at the service of the EDPB and of the GDPR. Should this happen, the enforcement of individuals’ …
EDPB adopts letters to Access Now and BEUC on TikTok and an Art. 65 dispute resolution binding decision regarding Instagram
29 July 2022
Press releases
… a dispute resolution decision on the basis of Art. 65 GDPR . The binding decision seeks to address the lack of … with Art. 5(1)(a) and (c), 6(1), 12(1), 13, 24, 25 and 35 GDPR in respect of certain processing of children’s personal … draft decision with the CSAs in accordance with Art. 60(3) GDPR. Several CSAs issued objections pursuant to Art. 60(4) …
EDPB adopts letters to UN & ENISA
23 November 2021
News
… should be consistent with the obligations laid down in the GDPR and should facilitate the compliance of cloud service providers and their clients with the GDPR, also considering the Schrems II ruling. … During … should be consistent with the obligations laid down in the GDPR and should facilitate the compliance of cloud service …
Letter to ICANN
5 July 2018
Letters
… (ICANN), providing guidance to enable ICANN to develop a GDPR-compliant model for access to personal data processed … personal data concerning registrants in compliance with the GDPR, without leading to an unlimited publication of those … (ICANN), providing guidance to enable ICANN to develop a GDPR-compliant model for access to personal data processed …
June Plenary - adopted documents
30 June 2022
News
… regarding the structural and procedural enforcement of the GDPR and its work to promote and safeguard data protection … concerning Accor SA. In accordance with Art. 65 (5) GDPR, the EDPB will publish its decision on its website … concerning Accor SA. In accordance with Art. 65 (5) GDPR, the EDPB will publish its decision on its website …
Norwegian DPA imposes fine against Grindr LLC
21 December 2021
News
… of data (Article 9) Decision: Infringement of the GDPR declared and fine imposed Key words: Data sharing, … users. The Authority consider that this was contrary to the GDPR requirements for valid consent. The Authority consider … category data that merit particular protection under the GDPR. As the consents Grindr collected were not valid, …
EDPB publishes three guidelines following public consultation
24 February 2023
News
… the provisions on international transfers as per Chapter V GDPR : The Guidelines clarify the interplay between the territorial scope of the GDPR (Art. 3) and the provisions on international transfers … design patterns in social media interfaces that infringe on GDPR requirements. The guidelines give concrete examples of …
EDPB: cookie pledge initiative should help protect fundamental rights and freedoms of users
19 December 2023
News
… any of the draft pledge principles would be contrary to the GDPR and the ePrivacy Directive. The draft pledging … by organisations does not equal compliance with the GDPR or ePrivacy Directive. The data protection authorities … competent to exercise their powers when necessary. Topics: GDPR e-Privacy … During its latest plenary, the EDPB adopted …
Belgian DPA imposes fine of 1000 euro on a controller for not responding to a request to object to the processing of his data for marketing purposes
16 June 2020
News
… processing of his data for marketing purposes (article 15.3 GDPR), and for not collaborating with the authority (article 31 GDPR). In a previous decision, the Belgian DPA had ordered … a complete lack of interest for both the application of the GDPR and the procedure. For this attitude, as well as the …
The Romanian National Supervisory Authority issues a fine against ING Bank N.V. Amsterdam – Sucursala București
4 November 2019
News
… conjunction with Article 5 paragraph (1) letter f) of the GDPR, which lead to the application of an administrative … the provisions of Article 32 paragraph (1) letter d) of the GDPR. In this context, we mention that Article 25 paragraph (1) of GDPR provides the following: ”Taking into account the state …
Berlin SA imposes 300 000 euro fine against bank after lack of transparency over automated rejection of credit card application
31 May 2023
News
… national case: National case Legal references: Art. 5(1)(a) GDPR, Art. 15 (1)(h) GDPR, Art. 22(3) GDPR Decision: Administrative fine Key words: Algorithms, …
Hellenic DPA fines Clearview AI 20 million euros
20 July 2022
News
… case Controller: Clearview AI Inc. Legal Reference: GDPR: Article 3: Territorial scope. Article 5(1)(a) and (2): … not established in the Union. Decision: Infringement of the GDPR, Administrative fine. Key words: Web scraping, Images … and transparency (art. 5 paragraphs 1(a) and (2), 6, 9 GDPR) and its obligations under Articles 12, 14, 15 and 27 …
EDPB Video
22 May 2019
News
… EDPB Video 22 May 2019 EDPB 1 year ago, the GDPR entered into application, but what has changed for you? … answer to these questions in a nutshell: … 1 year ago, the GDPR entered into application, but what has changed for you? …
Data scraping: French SA fined KASPR €200 000
9 January 2025
News
… Key Findings The CNIL found several breaches of the GDPR: Failure to comply with the obligation to have a legal basis (Article 6 of the GDPR) Failure to comply with the obligation to define and … to the purpose of the processing (Article 5-1-e of the GDPR) Failure to comply with the obligation to provide …
Data scraping: French Supervisory Authority fined KASPR €240 000
23 January 2025
News
… Key Findings The CNIL found several breaches of the GDPR: Failure to comply with the obligation to have a legal basis (Article 6 of the GDPR) Failure to comply with the obligation to define and … to the purpose of the processing (Article 5-1-e of the GDPR) Failure to comply with the obligation to provide …