2 September 2024
… Administrative fine against bank for transferring customer data to Meta 2 September 2024 Sweden Background information … Article 5 (Principles relating to processing of personal data), Article 32 (Security of processing), Article 83 … data. Decision The bank has violated the general data protection regulation, GDPR, by not having taken appropriate …
26 August 2024
… 290 million euro on Uber because of transfers of drivers' data to the US 26 August 2024 France Netherlands Belgium … International transfer, Third party access to personal data Summary of the Decision Origin of the case The … the US, without using transfer tools. Because of this, the protection of personal data was not sufficient. The Court of …
20 December 2022
… acting in accordance with established procedures counteract data loss 20 December 2022 Poland Background information … case Controller: Mayor of the Commune Legal Reference: Data protection by design and by default Article 25(1) …
31 March 2022
… risks and increase security in the processing of personal data of affected persons. The data that is processed to issue a duplicate SIM card and the … personal data, and their treatment must be subject to data protection regulations. It has been verified that the …
31 March 2022
… risks and increase security in the processing of personal data of affected persons. The data that is processed to issue a duplicate SIM card and the … personal data, and their treatment must be subject to data protection regulations. It has been verified that the …
14 August 2020
… nature which should not have been disclosed. The Danish Data Protection Agency assessed the case and found that PrivatBo … has not complied with the requirements of Article 32 of the Data Protection Regulation to implement appropriate …
12 July 2019
… the processing operations exempt from the requirement of a data protection impact assessment (Article 35(5) GDPR) 12 July … the processing operations exempt from the requirement of a data protection impact assessment (Article 35(5) GDPR) …
2 September 2020
… Infringement of the principle of lawfulness of personal data processing and making intentionally available without a … and the evidence proving the appointment of the Data Protection Officer. As a result, the President of the UODO imposed an …
13 October 2021
… from controller or processor (Section 157, Italian Data protection Code) SA’s power to request information from … controller or processor (Section 157 and 166 par.2, Italian Data protection Code) Decision: Infringement of the GDPR, …
9 July 2019
… Health 9 July 2019 Belgium This Tuesday, the Belgian Data Protection Authority decided to reprimand the FPS Public … authority concerned. … This Tuesday, the Belgian Data Protection Authority decided to reprimand the FPS …
4 July 2025
… measures following Inquiry into transfers of EEA User Data to China 4 July 2025 Ireland Background information … (s): Article 13 (Information to be provided where personal data are collected from the data subject), Article 46 … transferred via remote access were afforded a level of protection essentially equivalent to that guaranteed within …
21 April 2022
… Key words: Temperature checks, special categories of data, Article 9, airports, covid-19, health data, cameras Summary of the Decision Origin of the case … to travellers as well as in the quality of the data protection impact assessment (DPIA) and the record of …
27 January 2020
… 27 January 2020 Cyprus The Commissioner for Personal Data Protection (Cypriot SA) fined LGS Handling Ltd, Louis Travel … entail the processing of "special categories of personal data", as defined under Article 9(1) of the GDPR. Providing …
8 February 2023
… between controller and processor does not guarantee data security – an administrative fine imposed by the Polish … and (2) GDPR (Principles relating to processing of personal data), Article 24 (1) GDPR (Responsibility of the controller), Article 25 (1) GDPR (Data protection by design and by default), Article 28 (1) and (3) …
3 February 2023
… National case Controller: DISCORD INC. Legal Reference: Data retention periods (article 5.1.e of the GDPR), Information to individuals (article 13 of the GDPR), Data protection by default (article 25.2 of the GDPR), Security …
21 October 2022
… 17 (Right to erasure (‘right to be forgotten’)) Keywords Data protection officer Exercise of data subject rights Right to erasure …
26 January 2021
… Technology 26 January 2021 Netherlands The Dutch Data Protection Authority (DPA) has issued a formal warning to a … face of everyone who entered the store and compared it to a database of people who had been banned from entering stores. …
12 December 2023
… Complainant lodged a complaint by e-mail with the Romanian data protection authority concerning an unsuccessful unsubscribe … As this involved the cross-border processing of personal data, an Internal Market System (IMI) procedure was launched …
29 March 2023
… Spain, Italy Controller: Cityscoot Legal Reference: Data minimisation (article 5.1.c of the GDPR), Contractual … information on electronic devices (article 82 of the French Data Protection Act) Decision: Infringement of the GDPR, …
10 December 2019
… the infringement of certain provisions of General Data Protection Regulation (GDPR). The controller was sanctioned … Hora Credit IFN SA sent documents containing the personal data of another person to the e-mail address. Although this …