Search results
From GDPRhub
- Article 17 GDPR (category GDPR Articles) (section (b) Withdrawal of consent and no other legal basis is available)provided for in Article 6(1)(a) GDPR or, as the case may be, Article 9(2)(a) GDPR, and consent is withdrawn according to Article 7(3) GDPR, data must be61 KB (8,488 words) - 15:47, 18 March 2024
- Tietosuojavaltuutetun toimisto (Finland) - 6652/154/19 (category Article 17(3)(b) GDPR)request because the processing was necessary according to Article 17(3)(b) GDPR and Article 17(3)(e) GDPR. The controller stated that, according to Chapter 819 KB (2,951 words) - 12:30, 23 April 2024
- Datatilsynet (Denmark) - 2020-32-1733 (category Article 17(3)(b) GDPR)pursuant to the Article 17(3)(b) of the GDPR. However, Statistics Denmark has been criticised for not complying with the Article 5(1)(d) of the GDPR, namely,16 KB (2,377 words) - 16:39, 6 December 2023
- AEPD (Spain) - EXP202202000 (category Article 17(3)(b) GDPR)information correctly published at the time. The DPA noted that under Article 17(3)(b) GDPR, personal data shall not be erased if their processing is necessary20 KB (3,107 words) - 10:49, 13 December 2023
- Rb. Noord-Holland - C/15/311101 / HA RK 20-227 (category Article 17(3)(b) GDPR)by law to retain the data. The municipality relied on Article 17(3)(b) GDPR and Article 7.3.8(3) of the Youth Act to argue that it was obliged to retain22 KB (3,333 words) - 13:22, 2 June 2021
- Rb. Overijssel - AK 20 1535 (category Article 17(3)(b) GDPR)assistance under Article 2.3 of the Youth Act and that deletion would violate the Archives Act (Archiefwet) and Article 17(3)(b) GDPR. The mother objected23 KB (3,225 words) - 11:52, 4 October 2021
- Personvernnemnda (Norway) - PVN-2022-19 (category Article 17(3)(b) GDPR)to the Norwegian DPA. The DPA found that the exceptions under Article 17(3)(b) and (d) GDPR applied in this case, since the controller had vuewed the information23 KB (3,547 words) - 10:05, 17 November 2023
- GHAL - 200.256.387 (category Article 17(3)(b) GDPR)virtue of Article 17(3)(b) GDPR. Indeed, it further is justified that the task carried out in the public interest under Article 6(1)(e) GDPR does not constitute27 KB (4,289 words) - 07:57, 7 March 2022
- RvS - 202107090/1/A3 (category Article 17(3)(b) GDPR)under Article 17 is not applicable as long as the retention period runs, as stated in Article 17(3)(b). Archiving as such does not breach the GDPR. Consequently4 KB (340 words) - 11:45, 4 October 2023
- IP (Slovenia) - 07141-9/2023/10 (category Article 17(3)(b) GDPR)rise to the exclusion ground for the right to erasure pursuant to Article 17(3)(b) GDPR. However, the DPA noted that the controller not only published the6 KB (553 words) - 14:57, 6 December 2023
- Datatilsynet (Norway) - PVN-2022-21 (category Article 17(3)(b) GDPR)pursuant to Article 17(1) GDPR, and secondly, that the DPA must also decide on the scope of the exceptions that follow from Article 17(3)(b) GDPR and 17(3)(d)GDPR25 KB (3,868 words) - 15:17, 26 April 2023
- Rb. Amsterdam - c/13/673085 / HA ZA 19-340 (category Article 17(3)(b) GDPR)cannot obtain the deletion of the data referred to in Article 17 GDPR, because Article 17 (3) (b) GDPR precludes this. By publishing the decision, the District25 KB (4,071 words) - 13:55, 20 September 2021
- HDPA (Greece) - 33/2020 (category Article 17(3)(e) GDPR)such a fulfilment by Article 12(3) & (4) GDPR. For this reason, an administrative fine of 1000 EUR was imposed (Article 83(5)b GDPR). Share your comments20 KB (2,270 words) - 15:37, 6 December 2023
- GHSHE - 200.297.497 01 (category Article 17(3)(b) GDPR)based on Article 17 of the GDPR. There are a number of exceptions to the right to erasure. For example, Article 17(3)(b) and (c) of the GDPR provide that54 KB (9,028 words) - 11:38, 23 February 2022
- Rb. Noord-Holland - 20/3831 (category Article 17(3) GDPR)base the processing of personal data on Article 6(1)(e) GDPR. The court held that pursuant to Article 17(3) GDPR there is no obligation for a government30 KB (4,206 words) - 08:37, 14 October 2021
- Article 6 GDPR (category GDPR Articles) (section Tension with Article 5 and 12 GDPR in case of routine reliance on Article 6(4) GDPR)proportionate (Article 7 and 8 EU Charter of Fundamental Rights) and in compliance with Article 6(2) and (3) GDPR. According to Article 6(3) GDPR, the legal108 KB (17,005 words) - 15:39, 18 March 2024
- access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction (Article 18 GDPR), notification (Article 19 GDPR) or data46 KB (5,825 words) - 11:12, 7 November 2023
- Article 13 GDPR (category GDPR Articles) (section (b) Contact details of the data protection officer)consent under Article 7(3), object under Article 21 GDPR or if the processing is in fact compliant with the principles of Article 5(1) GDPR. Simply listing71 KB (9,532 words) - 13:30, 6 March 2024
- GHAL - 200.278.124/01 (category Article 5(1)(c) GDPR)in Article 17 GDPR (cf. Article 17 (3) b GDPR). In that case, the data subject does not have the right to object as referred to in Article 21 GDPR, because35 KB (5,805 words) - 10:04, 14 December 2023
- consent under Article 6(4) GDPR and further processing for a compatible purpose under Article 6(4) GDPR. See the commentary on Article 6(4) GDPR for details51 KB (6,355 words) - 08:25, 18 April 2024
- are dealt with in Article 12(6) GDPR. It is unclear why Article 12(2) GDPR refers to Articles 15 to 22 GDPR, while Article 11(2) GDPR only refers to Articles76 KB (11,304 words) - 08:37, 4 March 2024
- (see Article 52 GDPR) and shall be provided with various competencies (Articles 55, 56 GDPR), tasks (Article 57 GDPR) and powers (Article 58 GDPR). For125 KB (16,328 words) - 16:01, 8 March 2024
- Rb. Oost-Brabant - ECLI:NL:RBZWB:2023:7274 (category Article 17 GDPR)the data subject's erasure request (Article 17 GDPR) and their Article 22 GDPR claim. In relation to Article 17 GDPR, the Court held that the Municipality4 KB (378 words) - 09:36, 7 November 2023
- with Article 13, Article 14 GDPR gives expression to the principle of transparency enshrined in Article 5(1)(a) GDPR and further defined in Article 12 GDPR47 KB (5,644 words) - 17:49, 5 March 2024
- IDPC (Malta) - CDP/IMI/LSA/17/2022 (category Article 17(3) GDPR)made pursuant of Article 17 GDPR. However, this is different when Article 17(3) GDPR applies, which describes that Article 17(1) and 17(2) do not apply7 KB (825 words) - 13:19, 9 November 2022
- further details see Article 14(1)(d) GDPR. Similar to the ex-ante information in Article 13(1)(e) and 14(1)(e) GDPR, Article 15(1)(c) GDPR requires the controller73 KB (9,896 words) - 15:46, 18 March 2024
- DPC (Ireland) - Inquiry into Airbnb Ireland UC - 14 September 2023 (category Article 17(3)(e) GDPR)too. In the controller’s view this is allowed under Article 17(3)(b) GDPR and Article 17(3)(e) GDPR, as the information was kept for legal compliance purposes10 KB (1,221 words) - 09:38, 30 October 2023
- freedoms of individuals", as stated in Article 35(1) and further elucidated in Article 35(3) and Article 35(4) GDPR. The WP29 developed a list of criteria52 KB (7,297 words) - 08:05, 18 July 2023
- between Article 21(3) GDPR and Article 17 GDPR on the right to erasure must be considered. The tight relationship between Article 21(3) and Article 17(1)(c)49 KB (5,993 words) - 06:22, 16 June 2023
- Kühling/Buchner, DSGVO, Article 2 GDPR, margin number 15 (C.H. Beck 2020, 3rd edition). Bäcker, in Wolff, Brink, BeckOK Datenschutzrecht, Article 2 GDPR, margin number34 KB (4,652 words) - 12:07, 12 November 2023
- categories of data established in Article 9(2)(a) GDPR, Article 9(2)(c) GDPR, Article 9(2)(g) GDPR and Article 9(2)(i) GDPR directly correlate with a specific44 KB (5,905 words) - 14:00, 24 October 2023
- Article 24 GDPR (category Article 24 GDPR) (section Shall implement appropriate technical and organisational measures to ensure GDPR compliance)(e.g. Article 25 (1) and (2), Article 28(1), Article 32(1) GDPR, Article 89(1) GDPR). These measures can also be regarded as measures under Article 24(1)30 KB (3,458 words) - 10:31, 25 April 2024
- and interpretation as in Article 22(3) GDPR. → You can find all related decisions in Category:Article 22 GDPR Article 20 of GDPR proposal, COM(2012) 11 final31 KB (4,768 words) - 06:24, 16 June 2023
- Article 32 GDPR (category GDPR Articles) (section (b) Ongoing confidentiality, integrity, availability and resilience of processing systems and services)Regulation (GDPR): A Commentary, Article 32 GDPR, p. 636 (Oxford University Press 2020). Jandt, in Kühling, Buchner, DS-GVO BDSG, Article 32 GDPR, margin number41 KB (5,197 words) - 12:17, 17 April 2024
- Article 18 GDPR (category GDPR Articles) (section (d) Objection to processing under Article 21(1) GDPR)and (3) GDPR), inform him or her about the measures taken (Article 12(3) and (4) GDPR), the right to receive this service free of charge (Article 12(5)32 KB (3,730 words) - 08:43, 7 March 2024
- requirements of data minimization (Article 5(1)(c) GDPR) and storage limitation (Article 5(1)(e) GDPR). Under Article 30(1)(f) GDPR, where possible, the controller31 KB (3,327 words) - 15:31, 5 June 2023
- Article 23 GDPR (category GDPR Articles) (section (a) National security, (b) Defense and (c) Public security)access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction of processing (Article 18 GDPR), notification obligation44 KB (4,896 words) - 06:25, 16 June 2023
- not directly mentioned by Article 33(3)(b)-(d) GDPR could be shared as additional information by the controller Article 34(3) GDPR lists three exemptions37 KB (3,962 words) - 15:20, 16 June 2023
- Article 27 GDPR (category GDPR Articles) (section (a) Processing Which is Occasional and Does Not Include Data in the Sense of Articles 9 and 10 GDPR)with the GDPR (Article 31 GDPR). Direct liability of the representative is limited to the obligations set out in Article 30 and Article 58(1)(a) GDPR. Article25 KB (2,418 words) - 14:11, 24 May 2023
- will not have to submit another request for erasure under Article 17(1)(b) GDPR. Article 7(4) GDPR provides some useful guidance on the factors to be taken31 KB (3,489 words) - 16:00, 8 March 2024
- Article 46 GDPR (category GDPR Articles) (section (b) Binding corporate rules in accordance with Article 47)access (Article 15 GDPR), rectification (Article 16 GDPR), deletion (Article 17 GDPR), restriction of processing (Article 18 GDPR), objection (Article 21 GDPR)34 KB (3,646 words) - 08:53, 27 March 2023
- Article 83 GDPR (category GDPR Articles) (section (6) Non-compliance with orders pursuant to Article 58(2) GDPR)out pursuant to Article 83(1) GDPR. This part of Article 83 concerns the principle of "unity of action" (see above). With Article 83(3) GDPR, the legislator55 KB (7,622 words) - 14:04, 7 November 2023
- Article 33 GDPR (category GDPR Articles) (section (3) Minimal requirements of the controller's notification.)respect of Article 33. If a controller who is not established in the EU but falls under the scope of Article 3(2) or Article 3(3) of the GDPR experiences54 KB (6,536 words) - 08:22, 16 June 2023
- compliance with the GDPR. Article 28(3)(h) GDPR enables such a task in case processors are used. According to Article 28(3)(h) GDPR, the processor should72 KB (9,140 words) - 13:12, 2 June 2023
- exercise on their behalf all rights foreseen under Articles 77 and 78 GDPR and Article 20 of L. 4624/2019. The mandate shall be given with a specific written23 KB (2,039 words) - 08:15, 25 April 2024
- from any of the GDPR’s protections. → You can find all related decisions in Category:Article 39 GDPR Just as Article 38 GDPR, Article 39 GDPR also shows similarities23 KB (2,165 words) - 15:10, 27 July 2023
- all related decisions in Category:Article 3 GDPR EDPB, ‘Guidelines 3/2018 on the territorial scope of the GDPR (Article 3)’, 12 November 2019 (Version 2.1)37 KB (4,635 words) - 13:29, 24 October 2023
- Article 29 GDPR (category GDPR Articles) (section Commonalities and differences in relation to Article 28(3)(b) GDPR)relevance of Article 29 GDPR were rooted in the fact that Article 28(3)(b) GDPR already seems to cover much of the scope of Article 29 GDPR. More specifically13 KB (674 words) - 13:15, 2 June 2023
- Garante per la protezione dei dati personali (Italy) (section Complaints Procedure under Art 77 GDPR)Garante. For example, Article 3 reiterates the general principles of fairness and transparency of the proceeding before the DPA. Article 12 ensures a right7 KB (808 words) - 08:17, 16 February 2023
- Article 57 GDPR (category GDPR Articles) (section (a) Monitor and enforce the application of the GDPR)commentary to Article 60 GDPR, Article 61 GDPR, Article 62 GDPR, Article 63 GDPR, Article 64 GDPR, Article 65 GDPR, Article 66 GDPR and Article 56 GDPR. The SA60 KB (7,796 words) - 20:12, 1 April 2024
- NAIH (Hungary) - NAIH-2727-2/2022. (category Article 5(1)(b) GDPR)and Article 58 (2) GDPR (b) condemns the Applicant for violating: - Article 5 (1) (a) and (b) of the GDPR, - Article 5 (2) of the GDPR, - Article 6 (1)79 KB (12,461 words) - 16:08, 22 June 2022
- Article 97 GDPR (category Article 97 GDPR)years as per Article 45(3) GDPR, and subject to regular reporting, which Article 97(2) GDPR provides for. The third paragraph of Article 97 GDPR, obliges the16 KB (778 words) - 08:24, 19 October 2023
- Article 70 GDPR (category Article 70 GDPR) (section (3) Forwarding the opinions, guidelines, and recommendations)leeway exists only in cases of Article 64(2) GDPR but not the context of Article 70(2) GDPR. According to Article 70(3) GDPR, the EDPB is obligated to “forward27 KB (3,038 words) - 12:19, 11 October 2023
- pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and (b) the processing is carried40 KB (5,349 words) - 07:05, 1 June 2023
- EDPB in accordance with Article 70(1)(b) GDPR. According to Article 45(5) GDPR, the continued monitoring referred to in paragraph 3, or other information43 KB (5,641 words) - 14:58, 28 April 2022
- Article 54 GDPR (category GDPR Articles) (section (b) Qualifications and eligibility conditions for SA members)provided for in Article 52(3) GDPR and Articles 53(3) and 53(4) GDPR. For more information on SA members and staff, please refer to Article 52(2) GDPR (SA members)34 KB (3,649 words) - 13:19, 30 October 2023
- Article 40 GDPR (category GDPR Articles) (section (3) Controllers and processors that are not subject to the GDPR)requirements. Although Article 40(5) GDPR mentions that the competent DPA will be determined through the application of Article 55 GDPR, the GDPR does not provide44 KB (5,008 words) - 14:50, 28 July 2023
- Article 50 GDPR (category GDPR Articles)similar to the ones laid out by Article 50 GDPR. Article 50 GDPR is divided in two different parts: letters (a) and (b) aim for cooperation with other17 KB (1,142 words) - 15:41, 28 April 2022
- processing), Article 57 GDPR (tasks of SAs), Article 58 GDPR (powers of SAs), as well as Article 65 GDPR (dispute resolution by the board), Article 63 GDPR (consistency55 KB (7,446 words) - 22:28, 1 April 2024
- categories of data under Article 9 GDPR or data relating to criminal convictions and offences under Article 10 GDPR. Article 37(2) GDPR allows for the designation43 KB (4,904 words) - 12:59, 21 July 2023
- Category:Article 47 GDPR Kuner, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation (GDPR) Update of Selected Articles, Article 68 GDPR, p29 KB (2,823 words) - 15:15, 28 April 2022
- Article 49 GDPR (category GDPR Articles) (section (b) Necessary for the performance of a contract between the data subject and the controller or the implementation of pre-contractual measures taken at the data subject's request)adequacy decision pursuant to Article 45 GDPR shall be used, when it exists; second, appropriate safeguards under Article 46 GDPR, such as binding corporate29 KB (3,500 words) - 08:54, 27 March 2023
- Article 65 GDPR (category GDPR Articles) (section (b) Conflict of views on the lead supervisory authority (LSA))lead SA (“LSA”) (Article 65(1)(b) GDPR), and where a SA is not following an opinion of the EDPB (Article 6(1)(c) GDPR). Article 65(1)(a) GDPR addresses the33 KB (4,185 words) - 16:09, 2 November 2023
- Article 43 GDPR (category GDPR Articles)pursuant to Article 55 or 56 or by the Board pursuant to Article 63. In the case of accreditation pursuant to point (b) of paragraph 1 of this Article, those22 KB (1,634 words) - 14:40, 28 July 2023
- Article 41 GDPR (category GDPR Articles) (section (b) Established procedures for assessing controllers and processors)clear from the wording of Article 41(1) GDPR. Article 41(1) GDPR does not define accreditation. Nonetheless, Article 41(2) GDPR provides a criterion against30 KB (2,720 words) - 14:02, 28 July 2023
- Article 61 GDPR (category Article 61 GDPR) (section (3) Requirements of an assistance request and limitation of utilization of requested information)standards of clarity (Article 61(3) GDPR). Requests are imperative and, subject to specific exceptions (Article 61(4) and (5) GDPR), must be fulfilled and24 KB (2,181 words) - 11:46, 15 January 2024
- Article 64 GDPR (category Article 64 GDPR) (section (3) Conditions for the adoption of the opinion and timeline)64(2) GDPR). The remaining paragraphs of Article 64(3)-(8) GDPR lay down substantive rules and a detailed procedure for the EDPB’s opinions. Article 64(1) GDPR23 KB (2,079 words) - 16:07, 2 November 2023
- Article 76 GDPR (category Article 76 GDPR)Regulation (GDPR), Article 76 GDPR, p. 1111-1112 (Oxford University Press 2020). Docksey, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article15 KB (787 words) - 08:17, 19 October 2023
- processing (Article 36(3)(c) GDPR); the contact details of the Data Protection Officer (DPO) (Article 36(3)(d) GDPR); a copy of the DPIA (Article 36(3)(e) GDPR)31 KB (3,646 words) - 08:51, 21 July 2023
- Article 92 GDPR (category Article 92 GDPR) (section (2) Delegation of power under Article 12(8) and 43(8) GDPR)pursuant to Article 92(5) GDPR. Article 92(5) GDPR imposes a further condition for the delegation of power, in line with Article 290(2)(b) TFEU. A delegated19 KB (1,525 words) - 08:18, 19 October 2023
- Protection Regulation (GDPR), Article 75 GDPR, p. 1105 (Oxford University Press 2020). Dix, in Kühling, Buchner, DS-GVO BDSG, Article 75 GDPR, margin number 620 KB (1,347 words) - 14:21, 17 October 2023
- Article 91 GDPR (category Article 91 GDPR) (section Rules that are comprehensive and in line with the GDPR)purposes of Article 17 TFEU and the DPD, and the Advocate General's Opinion in the same case suggests that this may be true also under Article 91 GDPR”. See25 KB (2,482 words) - 10:04, 19 March 2024
- Article 69 GDPR (category Article 69 GDPR)proposed amendments to the GDPR (pursuant to Article 70(1)(b) GDPR). Although not explicitly mentioned in Article 69(2) GDPR, the requirement that the Board18 KB (1,327 words) - 12:36, 14 December 2023
- which would be competent under Article 55(1) GDPR, as provided in Article 56 GDPR in connection with Article 60 GDPR. For more information see commentary35 KB (3,971 words) - 21:34, 1 April 2024
- Article 74 GDPR (category Article 74 GDPR)decisions in Category:Article 74 GDPR For more on this point, see Article 72 GDPR. Dix in Kühling, Buchner, DS-GVO BDSG, Article 74 GDPR, margin number 7 (C15 KB (808 words) - 09:44, 17 October 2023
- Article 44 GDPR (category GDPR Articles)important to note that Article 13(1)(f) GDPR, Article 14(1)(f) GDPR, Article 15(1)(c) GDPR and Article 15(2) GDPR, make specific reference to transfers of personal21 KB (1,831 words) - 08:51, 27 March 2023
- Article 93 GDPR (category Article 93 GDPR) (section (3) Urgency procedure under Article 8 of Regulation (EU) No. 182/2011)organisation), Article 45(5) GDPR (revocation, change of such determinations); Articles 46(2)(c) and (d) GDPR (standard protection clauses); Article 47(3) GDPR (formats17 KB (1,096 words) - 08:19, 19 October 2023
- Article 78 GDPR (category GDPR Articles) (section (3) Competent courts and national procedural requirements)Articles 58(1)(d) or 58(3)(a) and 58(3)(b) GDPR do not qualify as decisions and cannot be subject to legal actions under Article 78(1) GDPR. A data subject has30 KB (3,874 words) - 10:46, 7 December 2023
- VG Berlin - 1 K 561/21 (category Article 17(3) GDPR)information. The data subject could also not rely on Article 17(3)(b) GDPR nor on Article 18(1)(c) GDPR in order to prevent the automatic deletion of the57 KB (9,204 words) - 10:55, 23 November 2023
- Article 38 GDPR (category GDPR Articles) (section (3) Independence, no retaliation, direct communication with management)Regulation (GDPR): A Commentary, Article 38 GDPR, p. 707 (Oxford University Press 2020). Bergt, in Kühling, Buchner, DS-GVO BDSG, Article 38 GDPR, margin number29 KB (2,951 words) - 14:19, 25 July 2023
- this purpose (Article 52(4)(5)(6) GDPR). Elements of SAs' complete independence are also addressed in Article 53 GDPR and Article 54 GDPR. The CJEU in the47 KB (5,594 words) - 22:45, 1 April 2024
- of such processing (see Article 5(1)(b) GDPR), the requirement to have a legitimate basis laid down by law (see Article 6(1) GDPR), the right to access and48 KB (5,978 words) - 15:57, 1 February 2024
- occupation. For example, Article 52(2) GDPR requires SA members to remain free from external influence and Article 52(3) GDPR entails a prohibition of29 KB (2,894 words) - 23:06, 1 April 2024
- Press 2020). Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1090. Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1090. CJEU22 KB (2,177 words) - 10:01, 19 March 2024
- APD/GBA (Belgium) - 66/2021 (category Article 4(3) GDPR)infringement committed to Article 12.3 and 12.4 GDPR as well as to Articles 11 §3, 11/1 § 3, 11/2§3 and 11/3 §3 of the law of 3 August 2012 . 2.3.2. With regard to88 KB (13,010 words) - 20:12, 30 December 2021
- TA Luxembourg - N° 46416 (category Article 96 GDPR)right to erasure on behalf of Mr. X, please informs that pursuant to Article 17 (3b) GDPR I cannot give a favorable response since the processing of personal64 KB (10,128 words) - 08:51, 24 November 2021
- Article 95 GDPR (category Article 95 GDPR)situation, Article 95 GDPR will not be relevant, and the GDPR applies as normal. Notably, Recital 173 GDPR, which relates to Article 95 GDPR, omits reference20 KB (1,539 words) - 08:21, 19 October 2023
- conduct under Article 83 GDPR should be excluded from penalties issued under Article 84 GDPR is debated. Whilst the wording of the GDPR is simply unclear19 KB (1,477 words) - 14:12, 7 November 2023
- CJEU - Joined Cases C‑26/22 and C‑64/22 - SCHUFA (category Article 17(1)(d) GDPR)interests under Article 6(1)(f) GDPR. On the erasure obligations under Article 17 GDPR, the CJEU held that under Article 17(1)(d) GDPR SCHUFA will be under15 KB (2,180 words) - 08:23, 13 December 2023
- dsb.gv.at/dam/jcr:ee7b155a-0a1f-4d00-98e9-902314c7022d/Datenschutzbericht%202022.pdf Report: Europe’s governments are failing the GDPR by Brave, page 6 -11 KB (1,468 words) - 13:27, 14 May 2023
- CJEU - C-154/21 - RW v Österreichische Post (category Article 12(5)(b) GDPR)or excessive (Article 12(5)(b) GDPR). The CJEU agreed with the reffering court that it was unclear from the wording of Article 15(1)(c) GDPR whether there8 KB (992 words) - 17:03, 4 February 2023
- BVwG - W211 2222613-2/12E (redirect from BVwG - W211 2222613-2/12E (request for preliminary ruling under Article 267 TFEU)) (category Article 15(3) GDPR)the personal data to be provided pursuant to Article 15(1) GDPR: must Article 15(3) first sentence of the GDPR be interpreted as meaning that, due to the51 KB (8,592 words) - 07:03, 2 November 2021
- entitled to erasure under Article 17(1)(d) GDPR, as the data processing was not lawful. In any case, the requirements of Article 6 GDPR were no longer met 651 KB (8,215 words) - 09:55, 13 May 2022
- CNIL (France) - SAN-2020-012 (category Article 4(7) GDPR)the fine, the criteria specified in the same article 83. 111. Article 83 of the GDPR, as referred to in Article 20, paragraph III, of the Data Protection93 KB (14,936 words) - 17:09, 6 December 2023
- Court of Appeal of Brussels - 2019/AR/1600 (category Article 5(1)(c) GDPR)violation of Article 6(1) GDPR; 2. Did not provide the complainant with enough information prior to the processing, in violation of Article 13 GDPR; 3. Processed60 KB (9,144 words) - 16:17, 22 March 2022
- BVwG - W258 2217446-1 (category Article 17(3) GDPR)personal data under Article 9(1) GDPR. Their processing would require the data subjects' explicit consent under Article 9(2)(a) GDPR and § 151(4) GewO,79 KB (12,652 words) - 09:41, 10 September 2021
- DSB (Austria) - D124.1177/0006-DSB/2019 (category Article 17(3)(d) GDPR) (section Article 17(1)(d) GDPR)as there is no reference to Article 17 GDPR. The DSB decided that there is no ground for erasure under Article 17(1)(d) GDPR. According to the DSB there31 KB (4,648 words) - 13:56, 12 May 2023
- AEPD (Spain) - PS/00240/2019 (category Article 5(1)(b) GDPR)given that Article 6(1), Article 5(1)(a), Article 5(1)(d), Article 5(1)(c), and Article 14 GDPR were infringed in connection to Article 5(1)(b), the AEPD602 KB (102,229 words) - 14:21, 13 December 2023
- HDPA (Greece) - 6/2020 (category Article 17(3) GDPR)addition to Article 17(3)(b) of the GDPR, paragraph 1 applies accordingly in the case of Article 17(1)(a) of the GDPR, if the deletion would conflict with statutory29 KB (4,557 words) - 15:33, 6 December 2023
- VK Baden-Württemberg - 1 VK 23/22 (category Article 44 GDPR)within the meaning of Article 4 no. 2 of the GDPR and the term "transfer" within the meaning of Article 44 et seq. of the GDPR. GDPR had to be differentiated62 KB (10,113 words) - 12:48, 17 August 2022
- Hoge Raad - 21/00241 (category Article 17 GDPR)erasure provided for in Article 17 GDPR? b) that person is not entitled to a right of objection as referred to in Article 21 GDPR? 3. If the answer29 KB (4,605 words) - 17:00, 15 December 2021
- CNPD (Luxembourg) - Délibération n° 20FR/2021 (category Article 38(3) GDPR)regard to the criteria set out in Article 83.2 of the GDPR for breach of Articles 38.1, 38.3, 39.1 a) and 39.1 b) of the GDPR. 80. Regarding the amount of the66 KB (9,458 words) - 19:42, 4 September 2021
- IMY (Sweden) - DI-2020-11373 (category Article 44 GDPR)not be based on Article 45. Article 46.1 provides, among other things, that in the absence of a decision in accordance with Article 45.3 a personal data113 KB (12,773 words) - 15:20, 6 December 2023
- DSB (Austria) - 2021-0.586.257 (category Article 4(1) GDPR)question if Google LLC violated Articles 5 et seqq. GDPR in connection with Article 28(3)(a) and Article 29 GDPR. The DSB fully upheld the complaint with regard108 KB (17,097 words) - 13:52, 12 May 2023
- BVwG - W214 2233132-1/13E (category Article 15(1)(c) GDPR)under Article 77 GDPR was very clear and limited in scope. However, the DSB went on to assert a violation of Article 12 GDPR and Article 15(1)(h) GDPR, acting47 KB (7,519 words) - 09:28, 13 February 2024
- AEPD (Spain) - EXP202203969 (category Article 6(1) GDPR)accordance with article 89.2 of the LPACAP). B.B.B. INSPECTOR/INSTRUCTOR C/ Jorge Juan, 6 www.aepd.es 28001 – Madrid sedeagpd.gob.es 15/17 EXHIBIT File index45 KB (7,135 words) - 13:08, 13 December 2023
- VGH Baden-Württemberg - 1 S 397/19 (category Article 17(1)(d) GDPR)force: "According to Article 16 sentence 1 GDPR, every data subject has the right to request the controller (see Article 4(7) GDPR) to correct incorrect112 KB (19,310 words) - 08:08, 23 June 2022
- EDPB - Binding Decision 3/2022 - 'Meta (Facebook)' (category Article 4 GDPR)administrative fine for the infringement of Article 6(1) or Article 6(1)(b) GDPR meet the requirements of Article 4(24) GDPR. 504. The EDPB decides that the relevant53 KB (8,413 words) - 14:10, 30 January 2023
- CJEU - T‑200/21 JS v European Data Protection Supervisor (EDPS) (category Article 17 GDPR)right to erasure (“right to be forgotten”) of Article 17 GDPR and Article 19 of Regulation 2018/1725. Under GDPR, such prolonged and unrestricted data retention61 KB (9,971 words) - 14:28, 4 January 2024
- CNIL (France) - SAN-2022-019 (category Article 3(2) GDPR)did not react either. GDPR applicable? (Article 3(2) GDPR) The DPA held that the GDPR was applicable pursuant of Article 3(2) GDPR. Because the controller11 KB (1,452 words) - 17:03, 6 December 2023
- OLG Köln - 15 U 89/19 (category Article 17(3) GDPR)under Article 17(3) GDPR. Two doctors sued a platform for deletion of their basic profile set up on the platform without their consent under Article 17 GDPR143 KB (24,273 words) - 15:59, 10 March 2022
- OLG Nürnberg - 8 U 2907/21 (category Article 12(5)(b) GDPR)right to access under Article 15 GDPR because the controller was entitled to reject the request pursuant to Article 12(5)(b) GDPR. The court reasoned that24 KB (3,847 words) - 15:19, 11 September 2022
- Personvernnemnda (Norway) - 2021-18 (20/02059) (category Article 17(1)(c) GDPR)around the processing of personal data subject to Article 10 GDPR. Pursuant to Article 6(1)(f) GDPR, the Privacy Appeals Board conducted a balancing test36 KB (5,859 words) - 06:40, 6 July 2022
- IMY (Sweden) - DI-2020-11397 (category Article 44 GDPR)of personal data of data subjects guaranteed by Article 44 GDPR and consequently breached Article 44 GDPR. The DPA issued a fine of 300,000 SEK (approx.121 KB (13,722 words) - 15:16, 5 July 2023
- OLG Köln - 15 U 126/19 (category Article 17(3) GDPR)pursuant to Article 17(1)(d) GDPR since the data was unlawfully processed. The defendant claimed that its activities fall under exception in (Article 85 GDPR)121 KB (20,412 words) - 15:58, 10 March 2022
- IMY (Sweden) - DI-2020-11370 (category Article 44 GDPR)established on Article 45. Article 46.1 provides, among other things, that in the absence of a decision in accordance with Article 45.3 a personal data131 KB (14,752 words) - 08:36, 5 July 2023
- BVwG - W211 2225136-1 (category Article 17 GDPR)objected to its processing pursuant to Article 21(1) of the GDPR (Article 17(1)(a), (c)(1) and (d) of the GDPR). A request for erasure would therefore39 KB (6,244 words) - 09:40, 10 September 2021
- APD/GBA (Belgium) - 37/2020 (category Article 17 GDPR)Union (Article 3.2);19 b. the third scenario concerns the application of the PGRD to processing of personal data in the Union (Article 3.3) (b) the staff131 KB (22,429 words) - 16:57, 12 December 2023
- AEPD (Spain) - EXP202205104 (category Article 6(1) GDPR)third parties (article 83.2.k, of the GDPR in relation to article 76.2.b, of the LOPDGDD). The Judgment of the National Court of 10/17/2007 (rec. 63/2006)26 KB (4,147 words) - 13:27, 13 December 2023
- BVerfG - 1 BvR 16/13 (category Article 17 GDPR)2, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3133 KB (21,944 words) - 15:59, 22 March 2022
- AEPD (Spain) - EXP202301529 (category Article 17 GDPR)violated the provisions of Article 17 of the GDPR and Article 21 of the GDPR and urge GLOBAL CAPITAL GROUP SPAIN, S.L. with NIF B87258091, so that, within20 KB (3,078 words) - 13:05, 13 December 2023
- AEPD (Spain) - EXP202100764 (category Article 5(1)(f) GDPR)IMPOSE COMMUNITY OWNERS B.B.B., with NIF ***NIF.1, for a violation of Article 5.1.f) of the GDPR, typified in Article 83.5 of the GDPR, a fine of ONE THOUSAND34 KB (5,184 words) - 13:22, 13 December 2023
- CNIL (France) - SAN-2019-005 (category Article 5(1)(e) GDPR)violates Article 32 GDPR. Retaining personal data of an applicant for a lease after another applicant has been selected also violates Article 5(1)(e) GDPR41 KB (6,558 words) - 17:09, 6 December 2023
- AEPD (Spain) - EXP202209511 (category Article 6(1) GDPR)IMPOSE B.B.B., with NIF ***NIF.1, for a violation of Article 6.1 and another of article 13 of the RGPD, typified in Article 83.5 letters a) and b) of the22 KB (3,257 words) - 13:28, 13 December 2023
- APD/GBA (Belgium) - 53/2020 (category Article 5(1)(b) GDPR)taken up again at Article 5.1(b) of the GDPR under the Principles for the Processing of Personal Data (Chapter II). 16. Article 5.1(b) of the GDMP provides35 KB (5,853 words) - 16:58, 12 December 2023
- AEPD (Spain) - EXP202205932 (category Article 6(1) GDPR)basis under Article 6(1) GDPR. In light of this, the DPA issued a fine of €70,000 to másLUZ Energía (SIE) by virtue of Article 83(5) GDPR for unlawful32 KB (4,952 words) - 13:11, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 3216/452/17 (category Article 5(1)(a) GDPR)violated Article 5(1)(a) GDPR, Article 5(1)(c) GDPR, Article 9 GDPR and Article 25(2) GDPR. As a result, and in accordance with Article 58(2)(d) GDPR, the60 KB (9,117 words) - 14:46, 24 January 2024
- CNIL (France) - SAN-2020-014 (category Article 9 GDPR)breach of Article 32 of the GDPR has occurred. B. On the failure to notify the data breach to the CNIL 32. Pursuant to Article 33 (1) of the GDPR, in the26 KB (4,050 words) - 17:10, 6 December 2023
- AEPD (Spain) - PS/00188/2019 (category Article 5(1)(f) GDPR)concluded on 16/09/17. The rented property is located in the ***The owner is Ms. A.A.A. with ID ***NIF.1 and the tenants are Mr. B.B.B. and Ms. C.C.C. It39 KB (6,623 words) - 14:08, 13 December 2023
- HDPA (Greece) - 11/2024 (category Article 17 GDPR)to object to the GDPR does not limit the grounds on which data subjects may request erasure pursuant to Article 17 para. 1 of the GDPR. The data subject36 KB (5,761 words) - 17:19, 22 April 2024
- APD/GBA (Belgium) - 21/2022 (category Article 5(1)(f) GDPR) (section Accountability (Article 24 GDPR), data protection by design and by default (Article 25 GDPR), integrity and confidentiality (Article 5(1)(f) GDPR), as well as security of processing (Article 32 GDPR))pursuant to Article 17(2) DPA Act. 9. Moreover, as regards the one-stop-shop mechanism, Article 56 GDPR states: "Without prejudice to Article 55, the supervisory429 KB (58,279 words) - 09:12, 2 November 2022
- AEPD (Spain) - EXP202105680 (category Article 83(5)(b) GDPR)very serious in article 72.1. e) from the LOPDGDD, with 10,000 euros. -article 13 of the GDPR, in accordance with article 83.5 b) of the GDPR, and for the66 KB (10,558 words) - 13:14, 13 December 2023
- AEPD (Spain) - EXP202206735 (category Article 6 GDPR)according to article 4.1 of the GDPR, is data personnel and their protection, therefore, is the subject of said Regulation. In article 4.2 of the GDPR defines75 KB (12,421 words) - 13:23, 13 December 2023
- AEPD (Spain) - E/10529/2021 (category Article 45 GDPR)that the controller had not violated Article 45 GDPR nor any of the subsequent Articles from Chapter V of the GDPR. The AEPD took into account that the44 KB (6,642 words) - 10:34, 13 December 2023
- AP (The Netherlands) - 26.11.2020 (category Article 32(1) GDPR)then enter a password before gaining access to the computer. 3.3.3 Control of logging 3.3.3.1 Facts The OLVG information security & privacy policy states67 KB (11,415 words) - 17:15, 12 December 2023
- OLG Dresden - 4 U 1905/21 (category Article 12(5)(b) GDPR)that a controller is allowed to reject a request to access under Article 12(5)(b) GDPR as "excessive" if the request's sole purpose is to verify the validity40 KB (6,325 words) - 16:12, 18 May 2022
- AEPD (Spain) - EXP202206626 (category Article 5(1)(c) GDPR)RESOLVES: FIRST: IMPOSE D. B.B.B. with NIF ***NIF.1, for a violation of the Article 5.1.c) of the RGPD, typified in Article 83.5 of the RGPD, a fine of35 KB (5,475 words) - 13:21, 13 December 2023
- APD/GBA (Belgium) - 02/2021 (category Article 6 GDPR)02/2021 - 14/26 3. Motifs 3.1 Compétence de la Chambre de Résolution des Litiges (Article 2 AVG ; Article 4 WOG) 55. Conformément à l'article 2, paragraphe96 KB (15,396 words) - 16:50, 12 December 2023
- HDPA (Greece) - 28/2023 (category Article 58(2) GDPR)council in Greece to cease their processing activities, under Article 58(2) GDPR and Article 15(8) of Law 4624/2019, because of an unresolved data breach9 KB (1,211 words) - 20:32, 8 January 2024
- AEPD (Spain) - EXP202203617 (category Article 5(1)(c) GDPR)RESOLVES: FIRST: IMPOSE B.B.B., with NIF ***NIF.1, for a violation of Article 6 of the GDPR, typified in Article 83.5.a) of the GDPR, and classified as very74 KB (11,726 words) - 13:02, 13 December 2023
- IMY (Sweden) - DI-2020-11368 (category Article 44 GDPR)not be based on Article 45. Article 46.1 provides, among other things, that in the absence of a decision in accordance with Article 45.3 a personal data115 KB (12,842 words) - 08:38, 5 July 2023
- BVwG - W245 2252208-1/36E and W245 2252221-1/30E (category Article 44 GDPR)norm addressee of Chapter V GDPR. The bB be directly responsible for BF2, which violated Art. 44 ff GDPR. Regarding The GDPR is applicable to the processing158 KB (26,392 words) - 08:25, 7 June 2023
- territorial application of the requirements set out in Article 82 of the Data Protection Act is set out in Article 3, paragraph I, of the same Act, which states:73 KB (11,864 words) - 17:03, 6 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - TSV/26/2020 (category Article 58(2)(b) GDPR)violated Article 5(1)(e) GDPR and Article 25(2) GDPR. As a result, the DPA issued a reprimand to the controller in accordance with Article 58(2)(b) GDPR. Pursuant77 KB (12,352 words) - 07:20, 23 April 2024
- APD/GBA (Belgium) - 31/2020 (category Article 5(1)(c) GDPR)this case under Article 6(1)(a) or 6(1)(c)? If Article 6(1)(a) applies, do the requirements for parental consent under Article 8 GDPR also apply? Did the48 KB (7,926 words) - 16:56, 12 December 2023
- CNIL (France) - SAN-2022-025 (category Article 4(11) GDPR)fine, the criteria specified in the same Article 83." 112. Under Article 83 of the GDPR, as referred to in Article 20(III) of the Data Protection Act: "182 KB (13,463 words) - 17:03, 6 December 2023
- Datatilsynet (Denmark) - 2018-32-0357 (category Article 4(11) GDPR) (section 5.3.3. Is valid consent obtained?)The heading of Article 6(1) and the wording “has given” in Article 6(1)(a) support this interpretation. It follows logically from Article 6 and Recital65 KB (9,767 words) - 16:22, 6 December 2023
- AEPD (Spain) - PS/00001/2021 (category Article 5(1)(f) GDPR)5; 110/1984, of November 26, FJ 3; 89/1987, of June 3, FJ 3; 231/1988, of December 2, FJ 3; 197/1991, of October 17, FJ 3, and in general the SSTC 134/1999270 KB (43,335 words) - 12:39, 13 December 2023
- HDPA (Greece) - 31/2023 (category Article 5(1)(c) GDPR)with the principles of article 5 par. 1 GDPR. It is no coincidence that the GDPR includes accountability (see Article 5 para. 2 GDPR) in the regulation of61 KB (10,257 words) - 10:15, 1 November 2023
- AEPD (Spain) - EXP202209001 (category Article 83(5)(b) GDPR)€600. SECOND: NOTIFY this resolution to B.B.B.. THIRD: ORDER to B.B.B., with NIF ***NIF.1, which by virtue of article 58.2.d) of the RGPD, within a period22 KB (3,303 words) - 13:28, 13 December 2023
- Commissioner (Cyprus) - 11.17.001.010.007 (category Article 15(3) GDPR)intention to infringe either article 5(1)( c) or article 34(1) of the GDPR. Legal framework 8.1. Pursuant to Article 5(1)(c) of the GDPR “Personal Data shall be:20 KB (3,082 words) - 13:42, 31 January 2024
- Garante per la protezione dei dati personali (Italy) - 9852214 (category Article 5 GDPR)in particular of children was in breach of Article 5, Article 6, Article 8, Article 9, and Article 25 GDPR. Consequently, the DPA urgently imposed upon36 KB (5,598 words) - 10:15, 8 February 2023
- Court of Appeal of Brussels - 2022/AR/549 (category Article 17(3)(e) GDPR)that “Recital 65 of the GDPR also includes the exception of the legal defense as provided for in article 17.3.e of the GDPR to the right to erasure",37 KB (5,765 words) - 09:53, 14 December 2023
- Commissioner (Cyprus) - 11.17.001.009.232 (category Article 12(3) GDPR)breaching Article 12(3) GDPR, since it failed to notify the data subject that her erasure request was satisfied, as well as Article 24(1) GDPR, given that17 KB (2,515 words) - 11:17, 6 February 2024
- RvS - 202100789/1/A3 (category Article 17(3)(e) GDPR)in accordance with Article 5, paragraph 1, preamble and under b, of the GDPR. 4.4. Article 6, paragraph 1, opening words, of the GDPR stipulates that processing20 KB (2,965 words) - 12:52, 28 June 2023
- APD/GBA (Belgium) - 08/2019 (category Article 12(3) GDPR)violated Articles 12(3), (4), 13(2)(b), 30(1)(d) and (g) of the GDPR and issued a warning by virtue of Article 58(2)(b) of the GDPR. Due to the anonimisation24 KB (3,843 words) - 16:51, 12 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 9209/157/2019 (category Article 17(3) GDPR)Protection Regulation (2016/679) Article 12 (4), Article 17 (3), Article 21 (2) and (3), Article 25 (2), Article 58 (2) (b) Section 2 of the Health Care Professional20 KB (3,108 words) - 13:02, 3 March 2024
- CNIL (France) - SAN-2021-023 (category Article 56 GDPR) (section The material competence of the CNIL and the non-application of the "one-stop shop" mechanism provided for by the GDPR)all" button be considered a breach of GDPR Article 4(11) and Article 7, read in conjunction with GDPR Article 5(3) -Privacy while the data controller gives120 KB (19,650 words) - 09:00, 6 April 2022
- APD/GBA (Belgium) - 149/2023 (category Article 7(3) GDPR)online booking platform, for failing to comply with Article 12(3) GDPR and because Article 6(1)(f) GDPR was not a valid legal basis to publish personal data113 KB (17,325 words) - 08:50, 19 March 2024
- HDPA (Greece) - 3/2022 (category Article 4(7) GDPR)exercise the right of access under Article 15 GDPR and the right to restriction of processing under Article 18 GDPR against three mobile telephone service11 KB (1,492 words) - 13:09, 23 November 2022
- CNIL (France) - SAN-2019-010 (category Article 5(1)(c) GDPR)investigations the CNIL found five breaches of the GDPR: - Violation of the right to object, Article 21(2) GDPR: no procedure was implemented to ensure effectively62 KB (10,001 words) - 17:09, 6 December 2023
- Commissioner (Cyprus) - 11.17.001.008.222 (category Article 12(3) GDPR)infringement of Article 12(3) GDPR, as explained above, under the provisions of Article 83 of the GDPR, I take into account the following mitigating (1-3) and aggravating16 KB (2,438 words) - 09:07, 9 June 2023
- AEPD (Spain) - EXP202105344 (category Article 6(1) GDPR)Agency RESOLVES: FIRST: IMPOSE B.B.B., with NIF ***NIF.1, for an infraction of article 6.1 of the RGPD, typified in article 83.5 of the RGPD, a fine of €1022 KB (3,319 words) - 13:00, 13 December 2023
- Datatilsynet (Denmark) - 2019-32-0709 (category Article 17(1)(b) GDPR)in accordance with Article 6 (1). Travel cards have also referred to Article 17 (1) (b) of the Data Protection Regulation. 3, letter b, according to which24 KB (3,763 words) - 16:23, 6 December 2023
- Commissioner (Cyprus) - 11.17.001.007.220 (category Article 7(4) GDPR)time tracking system, due to a lack of compatibility with Article 7(4) and Article 35(9) of GDPR. KEO PLC decided to upgrade its ERP system, whose upgrade56 KB (8,913 words) - 16:52, 6 December 2023
- HDPA (Greece) - 56/2021 (category Article 13 GDPR)and Article of 11Law No. 3471/2006, in accordance with Article 13(58i2) of the GDPR in conjunction with Article 83(1)(a) of the GDPR. 5 of the GDPR, and54 KB (8,916 words) - 15:22, 22 February 2022
- AEPD (Spain) - PS/00220/2020 (category Article 17 GDPR)significant negligent action (Article 83(2)(b) GDPR) and that basic personal identifiers were affected (Article 83(2)(g) GDPR). The economic volume of the28 KB (4,295 words) - 14:11, 13 December 2023
- Commissioner (Cyprus) - 11.17.001.010.201 (category Article 5(1)(a) GDPR)not be employee consent [Article 6(1)(a)], due to the nature of the employer-employee relationship.' 3. Rationale 3.1 Definitions 3.1.1 According to Articles23 KB (3,737 words) - 10:30, 7 June 2023
- AEPD (Spain) - EXP202201721 (category Article 6(1) GDPR)violated Article 6 and Article 32 GDPR. The DPA seems to consider the authentication procedure itself as "processing" and therefore Article 32 GDPR applies79 KB (12,408 words) - 13:24, 13 December 2023
- Commissioner (Cyprus) - 17.05.23 (category Article 5(1)(c) GDPR)in relation to the purpose pursued, in violation of Article 29(1) of Law 125(I)/2018. Article 85 GDPR mandates member states to legislate for the reconciliation31 KB (4,973 words) - 16:50, 6 December 2023
- FiS - 7565-20 (category Article 5(1)(b) GDPR)webmasters and internet users to freedom of expression and information under Article 17(3). The DPA issued a sanction fee because Google failed to comply with7 KB (849 words) - 14:23, 1 November 2022
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 3) (category Article 35(1) GDPR)protection regulation's article 5, subsection 2, cf. Article 5, subsection 1, letter a, Article 24, cf. Article 28, subsection 1, Article 35, subsection 1, as117 KB (18,075 words) - 10:19, 12 September 2022
- AEPD (Spain) - PS/00273/2020 (category Article 17 GDPR)proposing that B.B.B. with NIF *** NIF.1, with a fine of € 1,000 (thousand euros) for the violation of article 21 of the LSSI, typified in article 38.4.d) of15 KB (2,337 words) - 14:24, 13 December 2023
- APD/GBA (Belgium) - 55/2021 (category Article 6(3) GDPR)application of Article 17.3.b, the complainant cannot invokea reason provided for in article 17.1 or 17.2 for requesting the erasure of data concerning him.b) The81 KB (13,211 words) - 16:59, 12 December 2023
- AEPD (Spain) - EXP202201746 (category Article 5(1)(f) GDPR)infringement of Article 32 GDPR. Therefore, the Spanish DPA issued a warning sanction for each violation of Article 5(1)(f) and Article 32 GDPR. AEPD highlighted62 KB (9,703 words) - 13:05, 13 December 2023
- VG Potsdam - VG 3 K 1458/19 (category Article 17 GDPR)relied, was repealed, see Article 65 (1) of Regulation (EU) 2018/1861. b) The requirements of Article 17 letter d GDPR, to which Article 53 paragraph 1 of Regulation23 KB (3,560 words) - 14:17, 21 February 2024
- IMY (Sweden) - DI-2020-10561 (category Article 12(3) GDPR)Networks AB for violating Article 17 GDPR by not deleting personal data of the complainant without undue delay and Article 23 GDPR by providing incorrect17 KB (1,940 words) - 15:23, 6 December 2023
- AEPD (Spain) - EXP202210525 (category Article 6(1) GDPR)claimed party, for the alleged infringement of article 6 of the GDPR, typified in article 83.5 of the GDPR. FOURTH: On January 16, 2023, the aforementioned22 KB (3,427 words) - 13:26, 13 December 2023
- AEPD (Spain) - E/00113/2019 (category Article 17(1)(b) GDPR)lack of consent, he exercised his right to erasure according to Article 17(1)(b) GDPR. The AEPD found that the complainant had provided the FEDA with his27 KB (4,497 words) - 13:38, 13 December 2023
- HDPA (Greece) - 20/2022 (category Article 12(3) GDPR)violation of article 17 in combination with article 21 par. 3 and article 12 paragraph 3 of the GDPR and article 25 paragraph 1 of the GDPR. For its judgment16 KB (2,374 words) - 11:46, 18 August 2022
- UODO (Poland) - ZSPR.421.7.2019 (category Article 7(3) GDPR)violation of the provisions of Article 5(1)(a), Article 6(1), Article 7(3), Article 12(2), Article 17(1)(b) and Article 24(1) of Regulation 2016/679 imposes60 KB (9,815 words) - 10:02, 17 November 2023
- AEPD (Spain) - EXP202205353 (category Article 5(1)(f) GDPR)the alleged violation of article 5.1.f) of the GDPR and article 32 of the GDPR, typified in article 83.5 and 83.4 of the GDPR. The initiation agreement22 KB (3,386 words) - 16:05, 13 December 2023
- AEPD (Spain) - PS/00451/2019 (category Article 6(1)(f) GDPR)BACKGROUND FIRST: D. A.A.A. On 10 October 2019, in the name and on behalf of Mr. B.B.B. (hereinafter, the claimant) filed a complaint with the Spanish Data Protection26 KB (4,231 words) - 14:44, 13 December 2023
- BVwG - W214 2233132-1/27E (category Article 15 GDPR)2023 standard B-VG Art 133 Paragraph 4 DSG §24 DSG §4 GDPR Art 12 GDPR Art 15 GDPR Art 15 Paragraph 1 litc GDPR Art77 UWG §26b paragraph 1 B-VG Art. 13387 KB (14,194 words) - 10:07, 15 February 2024
- CNIL (France) - SAN-2020-009 (category Article 5(1)(a) GDPR)and 13 GDPR? Is the information provided to data subjects throughout the subscription process in compliance with the provisions of Article 13 GDPR? Does48 KB (7,404 words) - 17:09, 6 December 2023
- Commissioner (Cyprus) - 11.17.001.008.001 (category Article 5(1)(f) GDPR)principlesprocessing of subparagraphs b '. y '. d 'and e' of par. 1 of article 5 as well as of article 6 par. 1ΓΚΠΔ ... ». 3. Reasoning 3.1. The data contained in an61 KB (9,412 words) - 16:52, 6 December 2023
- Commissioner (Cyprus) - 11.17.001.008.042 (category Article 7(3) GDPR)An employer should explore the specific exceptions in Article 9(2)(b) GDPR to Article 9(2)(j) GDPR to lawfully process health-related data of employees4 KB (472 words) - 16:52, 6 December 2023
- NAIH (Hungary) - NAIH/2020/193/8 (category Article 12(3) GDPR)been deleted by the employer upon request pursuant to Article 16, Article 17 and Article 5(1)(d) GDPR (inaccuracy of personal data). Therefore, the employer58 KB (9,413 words) - 10:11, 17 November 2023
- Gerechtshof Amsterdam - C/13/640898/HARK17-386 (category Article 17 GDPR)Data in the External Referral Register. (…)” 3 Review 3.1 In an introductory application pursuant to Article 46 of the Personal Data Protection Act (Wbp)26 KB (4,225 words) - 16:00, 15 March 2022
- AEPD (Spain) - PS/00475/2019 (category Article 17 GDPR)complainant as per Article 17 GDPR, as well as his/her right as a consumer to refuse unsolicited commercial phone calls, as per Article 21 GDPR in connection23 KB (3,481 words) - 14:42, 13 December 2023
- AEPD (Spain) - PS/00239/2022 (category Article 17 GDPR)of article 17 of the GDPR. X Classification of the infringement of article 17 of the GDPR The aforementioned infringement of article 17 of the GDPR supposes60 KB (9,630 words) - 12:34, 13 December 2023
- APD/GBA (Belgium) - 38/2021 (category Article 17 GDPR)consent of the 10 complainant (article 6.1 a) of the GDPR combined with article 7 of the GDPR), (2) article 6.1 c) of the GDPR in that the publication results73 KB (11,604 words) - 16:57, 12 December 2023
- UODO (Poland) - ZSPU.421.3.2019 (category Article 5(1)(a) GDPR)provided for in Article 5(1)(a), (e) and (f), Article 5(2), Article 24(1) and (2), Article 28(3), Article 30(1)(d) and (f) and Article 32(1) of the General58 KB (9,357 words) - 10:02, 17 November 2023
- Commissioner (Cyprus) - 11.17.001.010.045 (category Article 5(1)(c) GDPR)that the article’s publication was in violation of Article 5(1)(c) GDPR, Article 6(1)(f) GDPR, when read in line with Article 85 GDPR. Article 5(1)(c) outlines74 KB (12,375 words) - 10:07, 4 October 2023
- AEPD (Spain) - PS/00448/2020 (category Article 17 GDPR)for infringing the following provisions: -Article 17 GDPR – Right to Erasure - €50000 fine -Article 32 GDPR – Failure to implement appropriate technical45 KB (7,217 words) - 14:40, 13 December 2023
- AEPD (Spain) - PS/00070/2019 (category Article 5(1)(b) GDPR)referred to Article 5(1)(a) (principle of lawfulness, fairness and transparency), Article 12(1), Article 7, Article 13 and Article 14 GDPR, the corresponding422 KB (70,184 words) - 13:56, 13 December 2023
- AEPD (Spain) - EXP202315744 (category Article 17 GDPR)captured in activities and/or interviews related to the activity of the B.B.B. TEAM, and may be published on the company's social networks, corporate website20 KB (3,052 words) - 08:17, 16 April 2024
- AEPD (Spain) - PS/00051/2020 (category Article 7(3) GDPR)withdrawal of consent under Article 7(3) GDPR. The Authority also considers the existence of a deletion request under Article 17 GDPR. The AEPD concludes that31 KB (4,853 words) - 13:52, 13 December 2023
- Datatilsynet (Norway) - 21/03530 (category Article 6(1)(b) GDPR)it should have under Article 60 GDPR - Article 61(8) GDPR applied, which meant that the urgent need to act under Article 66(1) GDPR was presumed to be met99 KB (14,431 words) - 16:20, 6 December 2023
- APD/GBA (Belgium) - 81/2020 (category Article 12(3) GDPR)period allotted to it to do so (Article 15.1 combined with Article 12.3. of GDPR as well as Article 12.2. of the GDPR (obligation to facilitate the exercise127 KB (21,484 words) - 17:01, 12 December 2023
- AEPD (Spain) - TD/00034/2020 (category Article 17(3) GDPR)articles 12.5 and 15.3 of the Regulation (EU)2016/679 and in the paragraphs 3 and 4 of article 13 of this organic law " FIFTH: Article 17 of the RGPD states17 KB (2,730 words) - 14:50, 13 December 2023
- APD/GBA (Belgium) - 11/2019 (category Article 5(1)(b) GDPR)provided when personal data are obtained from the data subject (Article 13(1)(b) and Article 13(2)(b) of the DGPS), the Inspection Service notes that the respondent's24 KB (3,844 words) - 16:51, 12 December 2023
- GHAL - 200.186.790/01 (category Article 6(1)(b) GDPR)terminated, must be assessed in the light of Article 6 GDPR and not Article 10 GDPR. Article 6(1)(f) GDPR provides a sufficient basis for processing. The50 KB (8,219 words) - 12:42, 4 March 2022
- Datatilsynet (Norway) - 17/01281 (category Article 58(2)(b) GDPR)grounds as per Article (6)(1)(f) to process the personal data in question. The case revolved around neighbours A and B, who had a conflict. B had installed38 KB (6,275 words) - 16:13, 6 December 2023
- UODO (Poland) - DKE.561.17.2020 (category Article 31 GDPR)entrepreneur. The DPA found that the controller violated Article 31 GDPR and Article 58(1)(e) GDPR and issued a warning to the entrepreneur. The entrepreneur22 KB (3,364 words) - 09:52, 17 November 2023
- AEPD (Spain) - PS/00006/2022 (category Article 17 GDPR)violation of the Article 12 of the GDPR, in conjunction with Article 17 of the GDPR. V Classification of the infringement of article 12 of the GDPR The aforementioned54 KB (8,870 words) - 10:43, 13 December 2023
- AEPD (Spain) - TD/00185/2019 (category Article 17 GDPR)the following article. Once this period has expired, the interested party may consider his or her claim to be accepted. THIRD: Article 17 of the RGPD provides17 KB (2,620 words) - 14:51, 13 December 2023
- CNPD (Luxembourg) - Délibération n° 41FR/2021 (category Article 38(3) GDPR)and independence, as normally required by Article 38(3) GDPR. Regarding the breach of Article 39(1)(b) GDPR, the audit report pointed to the absence of56 KB (8,326 words) - 16:57, 6 December 2023
- AEPD (Spain) - PS/00341/2019 (category Article 21 GDPR)copy of the Electoral Census had been delivered to its representative, Mr. B.B.B, for the purposes provided for in the LOREG (doc.1). Together with said copy26 KB (4,032 words) - 14:31, 13 December 2023
- APD/GBA (Belgium) - 19/2020 (category Article 5(1)(b) GDPR)1 f) GDPR) (and the obligations arising from it – Article 32 GDPR) and the principle of purpose (Article 5 § 1 b) GDPR) which the principle of security39 KB (6,246 words) - 16:55, 12 December 2023
- APD/GBA (Belgium) - 138/2022 (category Article 5(1)(b) GDPR)an infringement of Article 5 (1) a), b) and c) and (2) of the GDPR and Article 24 (1) of the GDPR; and - an infringement of article 8 of the law of 2143 KB (6,274 words) - 08:57, 29 June 2023
- AEPD (Spain) - EXP202200999 (category Article 6(1) GDPR)processing is based on consent under Article 6(1)(a) GDPR, the consent must meet the requirements of, among others, Article 7 GDPR. The DPA observed deficiencies51 KB (7,867 words) - 13:10, 13 December 2023
- AEPD (Spain) - TD/00109/2020 (category Article 17 GDPR)prejudice to Articles 12(5) and 15(3) of the EU Regulation 2016/679 and in Article 13(3) and (4) of this Organic Law". FIFTH: Article 15 of the RGPD provides that19 KB (3,100 words) - 14:50, 13 December 2023
- NAIH (Hungary) - NAIH-1091-10/2022 (NAIH-6936/2021) (category Article 12(3) GDPR)Customer based on Article 58 (2) point b) of the GDPR, because violated: - Article 6 (1) of the GDPR, 16 - Article 5 (2) of the GDPR, - Article 7 (1) of69 KB (11,255 words) - 10:08, 17 November 2023
- BGH - VI ZR 476/18 (category Article 17(3)(a) GDPR)laid down in Article 12(b) and Article 12(1)(b) Federal Basic Law, to order the defendant to pay the costs. 14(1)(a) DS-RL / Article 17(3)(a) DS-GVO, the7 KB (972 words) - 14:15, 20 September 2021
- Garante per la protezione dei dati personali (Italy) - 9547248 (category Article 17(1)(a) GDPR)the meaning of Article 83 and recital 148 of the Regulation”. The Garante hence reprimanded Barclays pursuant to Article 58(2)(b) GDPR. Share your comments22 KB (3,235 words) - 15:55, 6 December 2023
- AEPD (Spain) - PS/00219/2019 (category Article 17(1)(a) GDPR)Administrator of D. B.B.B., the company has not changed their legal representatives. FOUNDATIONS OF LAW I By virtue of the powers that article 58.2 of the RGPD37 KB (5,785 words) - 14:11, 13 December 2023
- AP (The Netherlands) - 24.03.2020 (category Article 4(15) GDPR)volition investigation into CP&A's compliance with Article 9, as well as Article 32 GDPR. Since Article 9 GDPR prohibits the processing of special categories48 KB (7,461 words) - 17:04, 12 December 2023
- AKI (Estonia) - 18.02.2022 (category Article 5(1) GDPR)issues a reprimand under Article 58(2)(b) GDPR. After this, the DPA draws attention to the fact that pursuant of Article 5(1)(a) GDPR, data must be processed42 KB (5,838 words) - 10:27, 13 December 2023
- APD/GBA (Belgium) - 75/2023 (category Article 12(3) GDPR)paying profiles. II.4. Article 12(1),(2) and (3), Article 17, Article 19, Article 24(1) and Article 25(1) AVG 63. Article 12 (1) GDPR stipulates that the77 KB (11,604 words) - 08:55, 29 June 2023
- Tietosuojavaltuutetun toimisto (Finland) - 4680/182/18 (category Article 9 GDPR)according to Article 9(2)(a) GDPR. On the basis of the information gathered, the DPA held that the controller had violated Article 9 GDPR. As a result49 KB (7,496 words) - 14:44, 24 January 2024
- BVerfG - 1 BvR 276/17 (category Article 17 GDPR)(see Article 19.2, Article 79.3 of the Basic Law) and ensures this protection also with regard to the Union Treaties (see Article 23.1 sentence 3 of the127 KB (21,367 words) - 16:00, 22 March 2022
- VGH München – 11 ZB 19.991 (category Article 5(1)(b) GDPR)reasonable (BayVGH, B. 3.5.2019 - 11 ZB 19.213 - juris marg. 16; SächsOVG, B.v. 10.1.2020 - 6 B 297/19 - juris marg. 3; OVG NW, B.v. 10.9.2019 - 8 B 774/19 - juris31 KB (5,184 words) - 17:19, 15 April 2023
- AEPD (Spain) - TD/00164/2020 (category Article 17 GDPR)articles 12.5 and 15.3 of the Regulation (EU) 2016/679 and in sections 3 and 4 of article 13 of this organic law. " FIFTH: Article 17 of the RGPD provides17 KB (2,571 words) - 14:51, 13 December 2023
- CNPD (Luxembourg) - Délibération n° 24FR/2022 (category Article 13(2)(b) GDPR)based on Article 6.1.f) of the GDPR, but not for all processing based on this article. […] 73 74Investigation report, page 22, point 4.4.2.3.3. WP 260 rev82 KB (11,472 words) - 16:58, 6 December 2023
- DSB (Austria) - 2020-0.816.655 (category Article 3 GDPR)latest at the time of the first communication (Art. 14(3)(a) and (b) GDPR). However, Art. 14(1) to (4) GDPR shall not apply if and to the extent that the data28 KB (4,230 words) - 13:53, 12 May 2023
- Garante per la protezione dei dati personali (Italy) - 9509515 (category Article 6(1)(b) GDPR)such processing to be legitimate on the basis of Article 9 (2) (B) GDPR in conjunction with Article 32 GDPR" (see note cited, p. 4) (see footnote cit., p33 KB (5,342 words) - 15:52, 6 December 2023
- AEPD (Spain) - PS/00365/2019 (category Article 31 GDPR)infringement of Article 31 GDPR in conjunction with Article 58(1)(e) GDPR. The AEPD, therefore, agreed to impose a penalty of € 20000 under Article 83(5)(e) GDPR86 KB (14,295 words) - 14:32, 13 December 2023
- LG Köln - 28 O 138/22 (category Article 82 GDPR)analogously, Section 823 (1) and (2) BGB in conjunction with Article 6 (1) GDPR and Article 17 GDPR. Claims under data protection law could be asserted by way39 KB (6,362 words) - 14:01, 22 June 2023
- AEPD (Spain) - TD/00262/2019 (category Article 17 GDPR)articles 12.5 and 15.3 of the Regulation (UE)2016/679 and in the paragraphs 3 and 4 of article 13 of this organic law "FIFTH: The article 17 of the RGPD establishes17 KB (2,751 words) - 14:51, 13 December 2023
- CNPD (Luxembourg) - Délibération n° 38FR/2021 (category Article 39(1)(b) GDPR)Officer (DPO) under Section 4 of Chapter 4 of the GDPR (see in particular Article 37 GDPR to Article 39 GDPR). One of these audit proceedings concerned a Luxembourg81 KB (11,895 words) - 16:58, 6 December 2023
- CNIL (France) - SAN-2023-016 (category Article 5(1)(b) GDPR)breached Article 5(1)(b) GDPR. Therefore, the DPA handed down a 'call to order' against the joint controllers for breaching Article 5(1)(b) GDPR, and no27 KB (4,166 words) - 17:06, 6 December 2023
- APD/GBA (Belgium) - 06/2019 (category Article 5(1)(c) GDPR)(e) and 13(2)(a) GDPR. Thus, it ordered the controller to comply with the GDPR. In addition it fined € 10,000 under Article 58(2)(i) GDPR for the violation20 KB (3,137 words) - 16:51, 12 December 2023
- AEPD (Spain) - PS/00069/2020 (category Article 83(2)(b) GDPR)(k) GDPR); the fact that basic personal identifiers are affected (83 (2) (g) GDPR); the intentionality or negligence of the infringement (83 (2) (b) GDPR)20 KB (3,066 words) - 13:55, 13 December 2023
- AEPD (Spain) - EXP202203914 (category Article 6(1) GDPR)alleged violation of article 6.1) typified in the Article 83.5.a) of the aforementioned GDPR. SECOND: APPOINT as instructor D. B.B.B. and as secretary to37 KB (5,914 words) - 10:42, 13 December 2023
- APD/GBA (Belgium) - 72/2020 (category Article 5(1)(b) GDPR)consent would not have been systematically required. 2.3 The purpose of the treatment 39. Article 5.1(b) of the GDMP establishes that personal data must be34 KB (5,677 words) - 17:00, 12 December 2023
- Helsingin hallinto-oikeus (Finland) - H6072/2021 (category Article 17(3)(a) GDPR)right of freedom of expression and information within the meaning of Article 17(3)(a) GDPR. The controller also stated that there were compelling legitimate61 KB (9,876 words) - 21:38, 24 March 2024
- OLG Hamm - 7 U 19/23 (category Article 82 GDPR)contract (Article 6(1)(b) GDPR), nor could be based on legitimate interest of the controller (Article 6(1)(f) GDPR). Consent (Article 6(1)(a) GDPR) could130 KB (21,874 words) - 09:43, 15 February 2024
- HDPA (Greece) - 20/2020 (category Article 37(3) GDPR)explanatory statement of the law, Article 10 defines the Authority’s competence in compliance with Article 55 GDPR.Article 55 GDPR provides for a restriction29 KB (4,578 words) - 15:35, 6 December 2023
- AEPD (Spain) - PS/00235/2019 (category Article 6(1)(a) GDPR)thousand euros), under¬ Article 6.1 (a) and Article 5.1 (a) of the GDPR, under consideration as ‘very serious’, in¬ Article 71 (1) (a) and (b), respectively, of24 KB (4,074 words) - 14:21, 13 December 2023
- Rb. Gelderland - C/05/391171 / HA RK 21-135 (category Article 17 GDPR)the principle of storage limitation as used in Article 5 of the GDPR and that Article 17(1)(d) of the GDPR also does not apply.c. Is the method of registration56 KB (9,287 words) - 16:00, 26 January 2022
- Court of Appeal of Brussels - 2022/AR/556 (category Article 5(1)(b) GDPR)reasons, article 780, 3° of the Judicial Code, article 149 of the Constitution and article 6 of the ECHR - the pleas not explicitly stated. 17.3.3. The Procurement83 KB (13,694 words) - 09:53, 14 December 2023
- AZOP (Croatia) - Decision 17-05-2022 (category Article 6 GDPR)consent, in line with Article 6(1)(a) GDPR. The Court recalled that Article 31 of the Croatian Law on the Implementation of the GDPR stipulates that the15 KB (2,261 words) - 15:55, 30 October 2023
- NAIH (Hungary) - NAIH-373-31/2023 (category Article 17(1)(b) GDPR)consent, is in violation of Article 17(1)(b) of the GDPR. 8. On the basis of Article 58, Paragraph 2, Point d) of the GDPR, the Authority instructs Customer140 KB (23,189 words) - 08:25, 20 February 2024
- EDPB - Binding Decision 2/2022 - 'Instagram' (category Article 6(1)(b) GDPR)the performance of a contract (Article 6(1)(b) GDPR) and for legitimate interest (Article 6(1)(f) GDPR). Article 6(1)(b) GDPR In its original draft decision276 KB (38,206 words) - 09:46, 20 January 2023
- AEPD (Spain) - TD/00005/2020 (category Article 17 GDPR)concerned an alleged violation of the applicant's right of erasure (Article 17 GDPR). However, the conflicting information had been anonymized by the webmaster23 KB (3,780 words) - 14:49, 13 December 2023
- LAG Hessen - 9 Sa 1431/19 (category Article 15(1) GDPR)purpose limitation in accordance with Article 5 Paragraph 1 Letter b GDPR (Paal/Pauly/Paal, 3rd edition 2021, GDPR Article 15 Rn. 24). The plaintiff has a right32 KB (5,093 words) - 16:07, 11 September 2022
- AEPD (Spain) - EXP202204515 (category Article 6(1)(a) GDPR)on 12/10/2021, 12/17/2021 and 03/15/2021. The issuer is identified as YOIGO. SECOND: In accordance with article 65.4 of Organic Law 3/2018, of 5 December20 KB (3,159 words) - 13:20, 13 December 2023
- DSB (Austria) - D122.970/0004-DSB/2019 (category Article 17 GDPR)executed. Legal basis: Article 4 lines 1, 2 and 5, Article 11 paragraphs 1 and 2, Article 12 paragraph 2, Article 17 paragraph 1 and Article 58 paragraph 2 lit23 KB (3,622 words) - 13:57, 12 May 2023
- CNPD (Luxembourg) - Délibération n° 18/FR/2022 (category Article 5(1)(b) GDPR)obligations arising from article 12.3 and 4 of the GDPR (methods for exercising the data subject's rights) and Article 15.1.b) and c) 5 of the GDPR (right of access76 KB (11,147 words) - 16:58, 6 December 2023