Search results | European Data Protection Board

Irish Supervisory Authority fines TikTok €530 million and orders corrective measures following Inquiry into transfers of EEA User Data to China
4 July 2025
News
… measures following Inquiry into transfers of EEA User Data to China 4 July 2025 Ireland Background information … (s): Article 13 (Information to be provided where personal data are collected from the data subject), Article 46 … transferred via remote access were afforded a level of protection essentially equivalent to that guaranteed within …
Polish DPA imposes 100 000 PLN fine on the Surveyor General of Poland
2 September 2020
News
… Infringement of the principle of lawfulness of personal data processing and making intentionally available without a … and the evidence proving the appointment of the Data Protection Officer. As a result, the President of the UODO imposed an … Infringement of the principle of lawfulness of personal data processing and making intentionally available without a …
Long cooperation between controller and processor does not guarantee data security – an administrative fine imposed by the Polish SA
8 February 2023
News
… between controller and processor does not guarantee data security – an administrative fine imposed by the Polish … and (2) GDPR (Principles relating to processing of personal data), Article 24 (1) GDPR (Responsibility of the controller), Article 25 (1) GDPR (Data protection by design and by default), Article 28 (1) and (3) …
Belgian DPA reprimands Federal Public Service Health
9 July 2019
News
… Health 9 July 2019 Belgium This Tuesday, the Belgian Data Protection Authority decided to reprimand the FPS Public … This Tuesday, the Belgian Data Protection Authority decided to reprimand the FPS Public …
Italian SA reprimands a real estate agency and fines it because it failed to reply to the SA’s requests for information
13 October 2021
News
… from controller or processor (Section 157, Italian Data protection Code) SA’s power to request information from … controller or processor (Section 157 and 166 par.2, Italian Data protection Code) Decision: Infringement of the GDPR, … from controller or processor (Section 157, Italian Data protection Code) SA’s power to request information from …
Temperature checks at Brussels South Charleroi Airport (Belgium) as part of the fight against COVID-19
21 April 2022
News
… Key words: Temperature checks, special categories of data, Article 9, airports, covid-19, health data, cameras Summary of the Decision Origin of the case … to travellers as well as in the quality of the data protection impact assessment (DPIA) and the record of …
EDPBI:IE:OSS:D:2022:524
21 October 2022
… 17 (Right to erasure (‘right to be forgotten’)) Keywords Data protection officer Exercise of data subject rights Right to erasure …
Dutch Supervisory Authority imposes a fine on Clearview because of illegal data collection for facial recognition
3 September 2024
News
… Authority imposes a fine on Clearview because of illegal data collection for facial recognition 3 September 2024 … Article 9 (Processing of special categories of personal data), Article 12 (Transparent information, communication … 5(1), opening words and subsection (a) of the General Data Protection Regulation (hereinafter: GDPR), read in …
The Polish SA has once again investigated Virgin Mobile's personal data breach
20 January 2023
News
… SA has once again investigated Virgin Mobile's personal data breach 20 January 2023 Poland Background information … Article 5(1)(f), Accountability Article 5(2), Data protection by design and by default Article 25(1), … Article 5(1)(f), Accountability Article 5(2), Data protection by design and by default Article 25(1), …
The Cypriot Supervisory Authority banned the processing of an automated tool, used for scoring sick leaves of employees, known as the "Bradford Factor’’ and subsequently fined the controller
27 January 2020
News
… 27 January 2020 Cyprus The Commissioner for Personal Data Protection (Cypriot SA) fined LGS Handling Ltd, Louis Travel … entail the processing of "special categories of personal data", as defined under Article 9(1) of the GDPR. Providing … The Commissioner for Personal Data Protection (Cypriot SA) fined LGS Handling Ltd, Louis …
Dutch DPA issues Formal Warning to a Supermarket for its use of Facial Recognition Technology
26 January 2021
News
… Technology 26 January 2021 Netherlands The Dutch Data Protection Authority (DPA) has issued a formal warning to a … face of everyone who entered the store and compared it to a database of people who had been banned from entering stores. … The Dutch Data Protection Authority (DPA) has issued a formal warning …
The French SA fines DISCORD EUR 800.000
3 February 2023
News
… National case Controller: DISCORD INC. Legal Reference: Data retention periods (article 5.1.e of the GDPR), Information to individuals (article 13 of the GDPR), Data protection by default (article 25.2 of the GDPR), Security … National case Controller: DISCORD INC. Legal Reference: Data retention periods (article 5.1.e of the GDPR), …
CEF 2026: EDPB launches coordinated enforcement action on transparency and information obligations under the GDPR
19 March 2026
Press releases
… . The GDPR ensures that individuals are informed when their data is being processed (under Art. 12, 13 and 14). This … control over their data. Next steps During 2026, 25 Data Protection Authorities (DPAs) across Europe will take part … action on the designation and position of Data Protection Officers . In 2025, the EDPB issued the report on its third …
Italian SA bans use of Google Analytics: no adequate safeguards for data transfers from Caffeina Media S.r.l. to the U.S.
30 June 2022
News
… SA bans use of Google Analytics: no adequate safeguards for data transfers from Caffeina Media S.r.l. to the U.S. 30 … 5 and 24); transparency (Article 13); transfers of personal data to third countries (Articles 44 and 46). Decision: … to supplement the data transfer instruments (Standard data protection contractual clauses) did not ensure an adequate …
Hungarian SA’s procedure on the handling of unsubscribe from newsletter
12 December 2023
News
… Complainant lodged a complaint by e-mail with the Romanian data protection authority concerning an unsuccessful unsubscribe … As this involved the cross-border processing of personal data, an Internal Market System (IMI) procedure was launched … Complainant lodged a complaint by e-mail with the Romanian data protection authority concerning an unsuccessful …
The Lithuanian SA adopted a decision on the right to access data exercised by the financial institution
26 January 2023
News
… The Lithuanian SA adopted a decision on the right to access data exercised by the financial institution 26 January 2023 … institution Legal references: The right of access to data (Art. 15 of GDPR) Decision: The complaint was upheld … data controller’s premises. Key Findings The State Data Protection Inspectorate (hereinafter - the Inspectorate) …
French SA fines Cityscoot 125 000€
29 March 2023
News
… Spain, Italy Controller: Cityscoot Legal Reference: Data minimisation (article 5.1.c of the GDPR), Contractual … information on electronic devices (article 82 of the French Data Protection Act) Decision: Infringement of the GDPR, … Spain, Italy Controller: Cityscoot Legal Reference: Data minimisation (article 5.1.c of the GDPR), Contractual …
EDPB identifies challenges hindering the full implementation of the right to erasure
18 February 2026
News
… 18 February 2026 EDPB Brussels, 18 February - The European Data Protection Board (EDPB) has adopted a report on its … action on the designation and position of Data Protection Officers . In 2025, the EDPB issued the report on its third … Brussels, 18 February - The European Data Protection Board (EDPB) has adopted a report on its …
Romanian Supervisory Authority fine against Hora Credit IFN S.A.
10 December 2019
News
… the infringement of certain provisions of General Data Protection Regulation (GDPR). The controller was sanctioned … Hora Credit IFN SA sent documents containing the personal data of another person to the e-mail address. Although this … the infringement of certain provisions of General Data Protection Regulation (GDPR). The controller was …
The Norwegian SA issues one administrative fine and five reprimands for unlawful sharing of personal information through tracking pixels
30 June 2025
News
… and modalities for the exercise of the rights of the data subject), Article 13 (Information to be provided where personal data are collected from the data subject), Article 9 … of the Decision Origin of the case The Norwegian Data Protection Authority conducted an inspection of six websites …