Search results | European Data Protection Board

Irish Supervisory Authority’s final decision summary: fines confirmed
29 November 2022
News
… Legal Reference: 1. Articles 5(1)(f) and 32(1) of the GDPR 2. Article 5(1), Article 32(1), Article 33(1) of the GDPR 3. Article 15, Article 13, Article 12 of the GDPR 4. Article 5(1)(f) and 32(1), Article 24 and 30(1), …
Icelandic SA: the municipality of Kópavogur fined EUR 19.907 for the use of Google Workspace for Education
26 April 2024
News
… of Kópavogur infringed multiple Articles of the GDPR with its use of Google’s educational system i.e.: … accordance with the Regulation (Articles 5, 24(1) & 28(1) GDPR) Data processing agreement did not meet the minimum requirements (Article 28(3)(a) GDPR) Failure to demonstrate a specified, explicit, and …
Endorsed WP29 Guidelines
… meeting the European Data Protection Board endorsed the GDPR related WP29 Guidelines: Guidelines on consent under … 9/2022 on personal data breach notification under GDPR Guidelines on the right to data portability under … records of processing activities pursuant to Article 30(5) GDPR Working Document Setting Forth a Co-Operation Procedure …
Sixteenth Plenary Session: adopted documents
11 December 2019
News
… Session, the EDPB adopted the following documents: Art. 64 GDPR Opinion on Accreditation Requirements for Codes of … Right to be Forgotten in the search engine cases under the GDPR” (part 1) … During its December Plenary Session, the EDPB adopted the following documents: Art. 64 GDPR Opinion on Accreditation Requirements for Codes of …
Riktlinjer 2/2019 om behandling av personuppgifter enligt artikel 6.1 b i dataskyddsförordningen i samband med tillhandahållandet av onlinetjänster till registrerade
16 October 2019
Guidelines
… on the processing of personal data under Article 6(1)(b) GDPR in the context of the provision of online services to … Article 6(1) of the General Data Protection Regulation1 (GDPR) specifies that processing shall be lawful only on the … to respect the principle of fairness. 2. Article 6(1)(b) GDPR provides a lawful basis for the processing of personal …
Belgian DPA fines controller for sending a direct marketing message to the wrong person and for not responding adequately to the subsequent request for access
19 June 2020
News
… answer to the request of the plaintiff (Article 15 GDPR), did not respond within the deadline set by the GDPR (Article 12.3 GDPR) and was not sufficiently transparent (Article 12.1 …
EDPB launches French and German versions of its Data Protection Guide for small business
17 May 2024
News
… The Guide provides practical information to SMEs about GDPR compliance and benefits in an accessible and easily … Guide for small business covers various aspects of the GDPR, from data protection basics, to data subject rights … practical materials to help SMEs on their way to become GDPR compliant In the near future, the Guide will become …
Icelandic SA: the municipality of Garðabær fined EUR 16 590 for the use of Google Workspace for Education
26 April 2024
News
… municipality of Garðabær infringed multiple Articles of the GDPR with its use of Google’s educational system i.e.: … accordance with the Regulation (Articles 5, 24(1) & 28(1) GDPR) Data processing agreement did not meet the minimum requirements (Article 28(3)(a) GDPR) Failure to ensure that data is not further processed …
New EDPB opinion on certification criteria
19 September 2022
News
… may lead to an inconsistent application of the GDPR and a number of changes need to be made in … order to fulfil the requirements imposed by Art. 42 GDPR. After approval by the DPA, the certification mechanism … and data protection seals in accordance with Art. 42 (8) GDPR. … During its latest plenary, the EDPB adopted its …
New EDPB opinion on certification criteria
19 September 2022
News
… may lead to an inconsistent application of the GDPR and a number of changes need to be made in … order to fulfil the requirements imposed by Art. 42 GDPR. After approval by the DPA, the certification mechanism … and data protection seals in accordance with Art. 42 (8) GDPR. … During its latest plenary, the EDPB adopted its …
Irish SA fines Meta Platforms (formerly Facebook) €17M for data breaches
22 March 2022
News
… Legal Reference: Articles 5(1)(f), 5(2), 24(1) and 32(1) GDPR Decision: Administrative fine of €17m imposed Key … the requirements of Articles 5(1)(f), 5(2), 24(1) and 32(1) GDPR in relation to the processing of personal data relevant … found that Meta Platforms infringed Articles 5(2) and 24(1) GDPR. While the DPC found that the information and …
EDPB publishes Binding Decision concerning WhatsApp
24 January 2023
News
… instructed the IE DPA to add an infringement of Art. 6(1) GDPR. Additionally, the EDPB instructed the IE DPA to … of the principle of fairness under Art. 5(1)(a) GDPR. The EDPB further decided that the IE DPA must carry … it processes special categories of personal data (Art. 9 GDPR); whether it processes data for the purposes of …
Thirty-ninth plenary session: EDPB adopts guidelines on the concept of relevant and reasoned objection
12 October 2020
News
… of the concept, which will help streamline future Art. 65 GDPR procedures. Within the cooperation mechanism set out by the GDPR, the supervisory authorities (SAs) have a duty to … to reach consensus”. According to Article 60(3) and (4)GDPR, the lead supervisory authority (LSA) is required to …
The French SA fines Clearview AI EUR 20 million
20 October 2022
News
… Lawfulness of processing of personal data (article 6 of the GDPR), Rights of individuals (articles 12, 15 and 17 of the GDPR), Cooperation with supervisory authority (article 31 of the GDPR) Decision: Infringement of the GDPR, Administrative …
Online clairvoyance reading: French SA fined KG COM EUR 150,000
8 June 2023
News
… The French SA has identified several infringements of the GDPR and a breach of the French Data Protection Act by KG … the personal data collected and used (Article 5.1.c GDPR) Failure to have a legal basis for the use of banking data (Article 6 GDPR) Failure to obtain prior consent to the collection of …
Personalised advertising: French SA fined CRITEO EUR 40,000,000
15 June 2023
News
… Key Findings The French SA found five breaches of the GDPR: Failure to demonstrate that the person has given consent (Article 7.1 GDPR) Failure to comply with the obligation of information and transparency (Articles 12 and 13 GDPR) Failure to respect the right of access (Article 15.1 …
Irish Supervisory Authority fines TikTok €530 million and orders corrective measures following Inquiry into transfers of EEA User Data to China
4 July 2025
News
… met TikTok’s transparency requirements as required by the GDPR. Key Findings The Irish SA found that that TikTok’s transfers to China infringed Article 46(1) GDPR because it failed to verify, guarantee and demonstrate … to that guaranteed within the EU. Article 13(1)(f) GDPR requires data controllers to provide data subjects with …
Commercial prospecting and personal rights: French SA fined GROUPE CANAL+ EUR 600,000
12 October 2023
News
… Findings The French SA has found several breaches of the GDPR: Failure to comply with the obligation to obtain … Post and Electronic Communications Code (CPCE) and 7 of the GDPR) Failure to provide information (Articles 13 and 14 of the GDPR) and to respect the exercise of rights (Articles 12 and …
Record fine for Instagram following EDPB intervention
15 September 2022
News
… Ireland Limited (Meta IE)) and has issued a record GDPR fine of €405 million. The LSA’s final decision follows … second highest fine since the entry into application of the GDPR - it is also the first EU-wide decision on children’s … EDPB’s binding decision was adopted on the basis of Art. 65 GDPR, after the Irish DPA as lead supervisory authority …
The French SA fines the economic interest group INFOGREFFE EUR 250000
16 September 2022
News
… Reference: data retention periods (Article 5.1.e of the GDPR), security of personal data (Article 32 of the GDPR) Decision: infringement of the GDPR, Administrative fine Key words: website, data retention …