Search results | European Data Protection Board

Clubhouse fined EUR 2 million by the Italian SA
20 January 2023
News
… Reference: Principles relating to processing of personal data (Article 5(1)(a)(e); Lawfulness of processing (Article … and modalities for the exercise of the rights of the data subject (Article 12); Information to be provided where … controllers not established in the Union (Article 27); Data protection impact assessment (Article 35) …
Commercial prospecting: French SA fined CEGEDIM SANTÉ EUR 800 000
17 September 2024
News
… Article 5 (Principles relating to processing of personal data) Decision: Administrative fine Key words: Health … had processed, without authorisation, non-anonymous health data, transmitted to its customers in order to carry out … French SA to use them (Article 66.III of the French Data Protection Act). To assess whether or not the data processed …
Hungarian SA’s decision: failure by an airline company to comply with an erasure request concerning an email address used for direct marketing
2 February 2024
News
… and modalities for the exercise of the rights of the data subject), Article 17 (Right to erasure (‘right to be forgotten’)), Article 25 (Data protection by design and by default) Decision: reprimand Key … and modalities for the exercise of the rights of the data subject), Article 17 (Right to erasure (‘right to be …
French SA: Cookies placed without consent: SHEIN fined 150 000 000 EUR by the CNIL
4 September 2025
News
… STYLES SERVICES CO. LIMITED Legal Reference: The French Data Protection Act (Article 82): failure to obtain user consent … withdrawing consent Decision: Infringement of the French Data Protection Act, Administrative fine Key words: Cookies … STYLES SERVICES CO. LIMITED Legal Reference: The French Data Protection Act (Article 82): failure to obtain user …
IMY issues an administrative fine against Spotify for shortcomings regarding transparency
12 June 2023
News
… case: Cross-border case LSA: Swedish Authority for Privacy Protection (IMY) CSAs: All other SAs Controller: Spotify … Legal references: Article 15 (Right to access by the data subject), Article 12.1, Article 12.3, Article 58, … the complainants request for access Key words: Exercise of data subject rights, Transparency, Administrative fine …
French SA: Cookies and advertisements inserted between emails: GOOGLE fined 325 000 000 EUR by the CNIL
4 September 2025
News
… without free and informed consent (Article 82 of the French Data Protection Act) Decision: Infringement of the French Post … Electronic Communications Code, Infringement of the French Data Protection Act, Administrative fine and injunction Key … without free and informed consent (Article 82 of the French Data Protection Act) Decision: Infringement of the French …
Monitoring employees and broadcasting CCTV footage: Slovenian SA fines DODO PIZZA
4 November 2024
News
… Decision: Compliance order, Definitive limitation data processing, Administrative fine Key words: CCTV, … people or property (violation of Article 78 of the national Data Protection Act). And second, these CCTV footages were … Decision: Compliance order, Definitive limitation data processing, Administrative fine Key words: CCTV, …
Hungarian SA’s decision: failure by an airline company to comply with an erasure request concerning an email address used for direct marketing
7 December 2023
News
… and modalities for the exercise of the rights of the data subject), Article 17 (Right to erasure (‘right to be forgotten’)), Article 25 (Data protection by design and by default) Decision: Warning Key … and modalities for the exercise of the rights of the data subject), Article 17 (Right to erasure (‘right to be …
Croatian SA imposed an administrative fine on debt collection agency B2 Kapital
16 May 2023
News
… Article 13 (Information to be provided where personal data are collected from the data subject), Article 28 (Processor) Decision: … provision of Article 13, paragraph 1 of the General Data Protection Regulation. This resulted in non-transparent … Article 13 (Information to be provided where personal data are collected from the data subject), Article 28 …
Norwegian Supervisory Authority with final decision to fine NAV
21 June 2022
News
… (Art. 6) and principles relating to processing of personal data (Art. 5) Decision: Infringement of the GDPR and fine … process had no legal basis according to the General Data Protection Regulation. Publication of a CV has been a … (Art. 6) and principles relating to processing of personal data (Art. 5) Decision: Infringement of the GDPR and fine …
Norwegian Supervisory Authority issues fine to the Norwegian parliament
4 March 2022
News
… (Art. 32) and Principles relating to processing of personal data (Art. 5) Decision: Infringement of the GDPR and fine … of the case The Norwegian parliament – the Storting – had a data breach in late 2020. In January 2022, the Norwegian … similar effective security measures to achieve satisfactory protection. Decision The Norwegian SA have issued a EUR …
Guidelines 08/2020 on the targeting of social media users
7 September 2020
Guidelines
… New Technology Automated decision & profiling The European Data Protection Board welcomes comments on the Guidelines 8/2020 … set out in the Regulation and in accordance with applicable data protection rules. All legal details can be found in our … and freedoms of users posed by the processing of personal data.................... 5 4 Actors and …
Ministry of Migration and Asylum receives administrative fine and GDPR compliance order following an own-initiative investigation by the Greek SA
15 April 2024
News
… fine Keywords: own-initiative investigation, biometric data, Data Protection Impact Assessments Summary of the Decision … fine Keywords: own-initiative investigation, biometric data, Data Protection Impact Assessments Summary of the Decision …
Romanian SA fines UiPath SRL for breaching Articles 25 and 32 GDPR
18 July 2023
News
… Controller: UiPath SRL Legal references: Article 25 (Data protection by design and by default), Article 32 (Security … Decision: Administrative fine, Compliance order Key words: Data protection by design and by default, Personal data … Controller: UiPath SRL Legal references: Article 25 (Data protection by design and by default), Article 32 …
Guidelines 1/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the Regulation 2016/679
30 May 2018
Guidelines
… - version adopted after public consultation The European Data Protection Board welcomes comments on the Guidelines 1/2018 … In addition, if your comments also contain personal data, and you accept the publication of such data, please … 9 4.3. The European Data Protection Seal …
Decision of the FI SA regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to Article 41 GDPR
29 January 2021
Decision by the SA
… 1 (10) Office of the Data Protection Ombudsman P.O. Box 800, 00531 Helsinki, Finland – … with regard to the processing of their per- sonal data and on the free movement of such data, and repealing … 1 (3) Office of the Data Protection Ombudsman P.O. Box 800, 00531 Helsinki, …
Hungarian SA: deletion request in concerning an airline company
19 January 2024
News
… Article 5 (Principles relating to processing of personal data), Article 6 (Lawfulness of processing), Article 12 … and modalities for the exercise of the rights of the data subject), Article 17 (Right to erasure (‘right to be … activities in relation to the exercise of her data protection rights. For the infringement described above, …
The Norwegian Supervisory Authority issues fine for automatic forwarding of e-mail
15 March 2022
News
… Norwegian SA have concluded that, pursuant to the General Data Protection Regulation , the employer had no legal basis for … in violation of the rules concerning notification of the data subject and the obligation to consider the employee’s … Norwegian SA have concluded that, pursuant to the General Data Protection Regulation , the employer had no legal basis …
The Norwegian SA imposes fine against Elektro & Automasjon Systemer AS
13 December 2021
News
… A credit rating is the result of a compilation of personal data from many different sources and shows the likelihood of … on loans, mortgages and debt-to-income ratio. The General Data Protection Regulation requires all processing of personal … A credit rating is the result of a compilation of personal data from many different sources and shows the likelihood of …
Belgian SA: a baptized person has the right to be deleted from the baptismal register
11 January 2024
News
… Article 9 (Processing of special categories of personal data), Article 16 (Right to rectification), Article 21 … order, Erasure order Key words: Right to erasure, Sensitive data, Exercise of data subject rights, Lawfulness of … party then lodged a complaint with the Belgian Data Protection Authority. Key Findings The Church's legal …