Search results
From GDPRhub
- elements in Article 2(1) are fulfilled, the GDPR applies unless the processing falls under one of the exemptions named in Article 2(2)(a) to (d) GDPR. The first34 KB (4,652 words) - 12:07, 12 November 2023
- CJEU - C-311/18 - Schrems II (category Article 2(2) GDPR)under Article 57(1)(f) of the GDPR, each supervisory authority is required on its territory to handle complaints which, in accordance with Article 77(1)12 KB (1,780 words) - 17:22, 10 March 2022
- Beck, 2018, 2nd edition). We refer, in that respect, to the Commentary on Article 2(2)(c) GDPR. Spiecker et al., GDPR Article-by-Article Commentary (2023)33 KB (3,748 words) - 14:25, 7 November 2023
- CJEU - C-439/19 - B v. Latvijas Republikas Saeima (category Article 2(2)(a) GDPR)the GDPR, and no exception is applicable. Article 2(2)(a) and (b) of the GDPR represents partly a continuation of the first indent of Article 3(2) of Directive12 KB (1,792 words) - 18:13, 1 February 2023
- HDPA (Greece) - 30/2020 (category Article 2(2)(c) GDPR)(Articles 58(2)(i) GDPR) & 83 GDPR) and, after having taken into consideration Article 83(2) GDPR's fine measuring principles and ARTICLE 29 Data Protection20 KB (2,519 words) - 15:36, 6 December 2023
- HDPA (Greece) - 20/2020 (category Article 2(2)(a) GDPR)explanatory statement of the law, Article 10 defines the Authority’s competence in compliance with Article 55 GDPR.Article 55 GDPR provides for a restriction29 KB (4,578 words) - 15:35, 6 December 2023
- Persónuvernd (Iceland) - 2022030544 (category Article 2(2)(c) GDPR)considered an exemption clause of paragraph 2. Article 4 Act no. 90/2018, cf. also point c, paragraph 2 Article 2 regulation (EU) 2016/679, therefore apply9 KB (1,242 words) - 08:18, 28 June 2023
- CNIL (France) - SAN-2020-016 (category Article 2(2) GDPR)a breach of Article L. 34-5 of the French Post and Electronic Communications Code. The CNIL recalls the provisions of Article 5(1)(c) GDPR, according to12 KB (1,602 words) - 17:10, 6 December 2023
- Commissioner (Cyprus) - 11.17.001.010.199 (category Article 2(2)(c) GDPR)relation to the incident and in light of the powers granted to me by section 58(2)(a) of the Regulation (EU) 2016/679, the DPA decided to issue a warning to4 KB (264 words) - 10:29, 7 June 2023
- DSB (Austria) - 2022-0.332.606 (category Article 2(2)(c) GDPR)case fell under the household exception found in Article 2(2)(c) GDPR. According to this provision, the GDPR does not apply to the processing of personal data21 KB (3,166 words) - 13:43, 12 May 2023
- AEPD (Spain) - EXP202207084 (category Article 2(2)(c) GDPR)exclusively private or domestic activity, which is lawful, based on the 2.2.c, GDPR. Share your comments here! Share blogs or news articles here! The decision15 KB (2,384 words) - 10:46, 13 December 2023
- Datatilsynet (Denmark) - 2020-31-4131 (category Article 2(2)(c) GDPR)the processing of personal data is not covered by the GDPR, according to Article 2(2)(c) of the GDPR. However, the DPA concluded that Orienteringsret.dk24 KB (3,651 words) - 16:38, 6 December 2023
- IP - 07121-1/2021/597 (category Article 2(2) GDPR)individual, it should be clarified at the outset that, in accordance with Article 2 (2) of the General Regulation, the General Regulation does not apply to6 KB (911 words) - 16:58, 13 April 2021
- LG Wiesbaden - 3 S 50/21 (category Article 2(2) GDPR)and that none of the exceptions of Article 2(2) GDPR applied. Hence, it concluded the landlord violated Article 15 GDPR. The landlord filed appeal against10 KB (1,376 words) - 12:19, 21 January 2022
- CJEU - C-33/22 - Österreichische Datenschutzbehörde (category Article 2(2)(a) GDPR)security under Article 2(2)(a) GDPR. The GDPR will not apply if the activity of the controller falls outside the scope of Union Law under Article 2(2)(a). The8 KB (1,127 words) - 08:53, 30 January 2024
- CJEU - C-306/21 - Koalitsia ‘Demokratichna Bulgaria – Оbedinenie’ (category Article 2(2)(a) GDPR)stressed that the only exceptions to the GDPR scope of application are provided by Article 2(2) and (3) of the GDPR. These exceptions shall be interpreted3 KB (384 words) - 12:34, 3 May 2023
- DSB (Austria) - 2021-0.285.169 (category Article 2(2)(c) GDPR) (section GDPR Does Not Apply Due to Exception of Article 2(2)(c) GDPR)meaning of Article 4(15) GDPR. The DSB founds that the GDPR does not apply due to the household exception provided for in Article 2(2)(c) GDPR. Pursuant31 KB (4,887 words) - 14:21, 21 July 2021
- IDPC (Malta) - CDP/COMP/429/2023 (category Article 2(2)(c) GDPR)and that therefore the exemption under Article 2(2)(c) GDPR applied. Article 2(2)(c) GDPR states that the GDPR will not apply if the data is processed19 KB (3,039 words) - 14:24, 21 February 2024
- FG Niedersachsen - 12 K 213/19 (category Article 2(2)(a) GDPR)accordance with Article 15 (1) GDPR. They argued that the scope of application of the GDPR is not excluded according to Article 2 (2) because the GDPR should be14 KB (2,189 words) - 12:34, 4 March 2022
- Rb. Gelderland - C/05/368427 (category Article 2(2)(c) GDPR)“household exemption” Article 2(2)(c) GDPR. Therefore, such processing of plaintiff’s photos falls within the scope of the GDPR. Given the lack of consent15 KB (2,291 words) - 16:18, 10 March 2022
- consent under Article 6(4) GDPR and further processing for a compatible purpose under Article 6(4) GDPR. See the commentary on Article 6(4) GDPR for details51 KB (6,355 words) - 08:25, 18 April 2024
- Article 6 GDPR (category GDPR Articles) (section Tension with Article 5 and 12 GDPR in case of routine reliance on Article 6(4) GDPR)possible "legitimate interest" under Article 6(1)(f) GDPR. Equally to Article 6(1)(c) GDPR, Article 6(2) and (3) GDPR require that Union or Member State108 KB (17,005 words) - 15:39, 18 March 2024
- Persónuvernd (Iceland) - 2020010587 (category Article 2(2)(c) GDPR)such processing was falling under the household exemption (Article 2(2)(c) GDPR), and that the GDPR therefore did not apply. For this reason, the Icelandic12 KB (1,620 words) - 11:42, 5 October 2021
- Persónuvernd (Iceland) - 2021010073 (category Article 2(2)(c) GDPR)surveillance cameras could fall outside of the scope of the GDPR in line with Article 2(2)(c) GDPR (i.e. processing of personal data "by a natural person in16 KB (2,277 words) - 09:01, 1 December 2021
- VG Ansbach - AN 14 K 22.00468 (category Article 2(2) GDPR)of the GDPR, which is a condition for a reprimand pursuant to Article 58(2)(b) GDPR. Material scope of the GDPR According to the court, the GDPR applies38 KB (6,226 words) - 15:30, 18 January 2023
- Tietosuojavaltuutetun toimisto (Finland) - 4300/182/2019 (category Article 2(2)(d) GDPR)document. Concerning the first question, the DPA held that under Article 2(2)(d) GDPR, the Regulation does not apply to the processing of personal data17 KB (2,394 words) - 16:11, 1 June 2022
- Garante per la protezione dei dati personali (Italy) - 9949494 (category Article 2(2)(c) GDPR)minimization. Therefore, the controller violated Article 5(1)(a) GDPR, Article 5(1)(c) GDPR and Article 6(1) GDPR considering that the first camera was also17 KB (2,504 words) - 07:59, 29 November 2023
- Rb. Overijssel - C/08/262365 / KG ZA 21-46 (category Article 2(2)(c) GDPR)household activity (as referred to in Article 2 (2) (c) of the GDPR). This means that the provisions of the GDPR and the GDPR Implementation Act apply to the14 KB (1,985 words) - 11:14, 22 April 2021
- Persónuvernd (Iceland) - no. 2020010552 (category Article 2(2)(c) GDPR)restrictions. Hence, the exemption to the material scope of the GDPR set in Article 2(2)(c) GDPR could not apply in the case at hand. The Icelandic DPA then26 KB (4,068 words) - 10:39, 7 December 2021
- BVwG - W274 2243175-1 (category Article 2(2)(c) GDPR)(1) GDPR declares that the GDPR is applicable in addition to the GDPR, without referring to the exceptions in Article 2 (2), (3) and (4) of the GDPR. In27 KB (4,375 words) - 12:17, 21 January 2022
- CE - N° 431350 (category Article 2(2)(a) GDPR)Defence and falls outside the scope of Union law, as foreseen in Article 2(2)(a) GDPR. More precisely, the processing is subject to the specific provisions28 KB (4,291 words) - 16:06, 22 March 2022
- RvS - 201903166/1/A3 (category Article 2(2)(c) GDPR)regulations 2. On May 24, 2016, Regulation 2016/979 (General Data Protection Regulation) (hereinafter: GDPR ) entered into force. The GDPR has been applicable26 KB (3,742 words) - 09:55, 9 April 2020
- Persónuvernd - 2020010548 (category Article 2(2)(c) GDPR)are to become part of a file. According to para. Article 4 Act no. 90/2018, Coll. paragraph 2 (c) Article 2 of the Regulation, the Act and the Regulation23 KB (3,745 words) - 09:50, 6 May 2021
- VG Regensburg - RN 9 K 19.1061 (category Article 2 GDPR)of personal data mentioned in Article 2 (2) GDPR are not relevant. Contrary to the plaintiff's view, Article 2(2)(d) GDPR does not apply in the present94 KB (15,537 words) - 09:09, 25 August 2020
- access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction (Article 18 GDPR), notification (Article 19 GDPR) or data46 KB (5,825 words) - 11:12, 7 November 2023
- Article 15 GDPR (category GDPR Articles) (section Additional information under Article 15(1)(a) to (h))decision". Similar to the ex-ante information in Article 13(2)(f) and 14(2)(f) GDPR, Article 15(2) GDPR requires that in case the controller transfers data73 KB (9,896 words) - 15:46, 18 March 2024
- (see Article 52 GDPR) and shall be provided with various competencies (Articles 55, 56 GDPR), tasks (Article 57 GDPR) and powers (Article 58 GDPR). For125 KB (16,328 words) - 16:01, 8 March 2024
- reliance on Article 6(1)(f) GDPR or at least exercise the right to object under Article 21 GDPR. If the legal basis is Article 6(1)(f) GDPR (i.e. 'legitimate71 KB (9,532 words) - 13:30, 6 March 2024
- Article 12 GDPR (category GDPR Articles) (section (2) Facilitation of the exercise of rights and identification)are dealt with in Article 12(6) GDPR. It is unclear why Article 12(2) GDPR refers to Articles 15 to 22 GDPR, while Article 11(2) GDPR only refers to Articles76 KB (11,304 words) - 08:37, 4 March 2024
- Article 83 GDPR (category GDPR Articles) (section (6) Non-compliance with orders pursuant to Article 58(2) GDPR)flows by the SA pursuant to Article 58(2) GDPR or failure to provide access in violation of Article 58(1) GDPR. Article 83(6) GDPR is a superfluous provision55 KB (7,622 words) - 14:04, 7 November 2023
- Article 17 GDPR (category GDPR Articles) (section (ii) Erasure following objection under Article 21(2))provided for in Article 6(1)(a) GDPR or, as the case may be, Article 9(2)(a) GDPR, and consent is withdrawn according to Article 7(3) GDPR, data must be61 KB (8,488 words) - 15:47, 18 March 2024
- NAIH (Hungary) - NAIH-4177-………./2021 (category Article 2(2)(c) GDPR)Directive 95/46 / EC Article 6 of Regulation (EU) 2016/679 (hereinafter: GDPR) repealing Directive And Article 13 (1) to (2) of the GDPR. II. The Authority43 KB (6,928 words) - 09:36, 26 November 2021
- DSB (Austria) - 2022-0.083.310 (category Article 2(2)(a) GDPR)Paragraph 2 TFEU and is therefore in accordance with Article 2 Paragraph 2 lit a GDPR is excluded from the material scope of application of the GDPR (VwGH December52 KB (8,272 words) - 16:33, 18 January 2024
- Article 32 GDPR (category GDPR Articles) (section (2) Certain risks must always be taken into account)Regulation (GDPR): A Commentary, Article 32 GDPR, p. 636 (Oxford University Press 2020). Jandt, in Kühling, Buchner, DS-GVO BDSG, Article 32 GDPR, margin number41 KB (5,197 words) - 12:17, 17 April 2024
- categories of data established in Article 9(2)(a) GDPR, Article 9(2)(c) GDPR, Article 9(2)(g) GDPR and Article 9(2)(i) GDPR directly correlate with a specific44 KB (5,905 words) - 14:00, 24 October 2023
- AEPD (Spain) - PS/00410/2020 (category Article 2(2)(c) GDPR)as established in article 2.2 of the RGPD and article 2.2.a) of the LO- PDGDD, the following should be noted: it says to article 2.2 of the RGPD: "two47 KB (7,334 words) - 17:00, 14 December 2022
- VGH München - 5 BV 20.2104 (category Article 2(2)(d) GDPR)the GDPR pursuant to Article 2(2)(d). Article 79 GDPR does not explicitly limit judicial remedies to the rights enshrined in Chapter III of the GDPR. Following61 KB (10,218 words) - 12:31, 13 June 2023
- LG Itzehoe - 10 O 84/20 (category Article 2(2)(c) GDPR)applies according to § 1 paragraph 1 sentence 2 im Within the material scope of the GDPR (Art. 2 Para. 1, Para. 2 lit. c). requirement for the The applicability48 KB (7,794 words) - 14:12, 6 July 2022
- APD/GBA (Belgium) - 138/2022 (category Article 5(2) GDPR)an infringement of Article 5 (1) a), b) and c) and (2) of the GDPR and Article 24 (1) of the GDPR; and - an infringement of article 8 of the law of 2143 KB (6,274 words) - 08:57, 29 June 2023
- CJEU - C-180/21 - Inspektor v Inspektorata kam Visshia sadeben savet (category Article 6(1)(f) GDPR)light of Article 2(2)(a) GDPR. The public prosecutor’s office must be considered to be a ‘controller’, within the meaning not only of Article 4(7) GDPR, but8 KB (1,144 words) - 09:49, 5 January 2024
- CJEU - C‑272/19 - VQ v. Land Hessen (category Article 4(7) GDPR)the meaning of Article 4(7) GDPR? (2) Is the referring court an independent and impartial court or tribunal within the meaning of Article 267 TFEU read9 KB (1,276 words) - 12:35, 15 June 2023
- CJEU - C-175/20 - Valsts ieņēmumu dienests (category Article 5(1)(c) GDPR)the meaning of Article 3(7) Directive 2016/680. Therefore, such requests do not fall under the exception provided for in Article 2(2)(d) GDPR, as this data12 KB (1,818 words) - 15:15, 12 May 2023
- affected since, under Article 28(1) GDPR, a controller shall only use processors providing the same standards under Article 25 GDPR. Manufacturers or producers43 KB (4,675 words) - 06:43, 16 June 2023
- from Articles 13(2)(b) and 14(2)(c) GDPR. However, Article 21(4) GDPR specifies that the right to object under Article 21(1) and 21(2) GDPR (i.e. the right49 KB (5,993 words) - 06:22, 16 June 2023
- with Article 13, Article 14 GDPR gives expression to the principle of transparency enshrined in Article 5(1)(a) GDPR and further defined in Article 12 GDPR47 KB (5,644 words) - 17:49, 5 March 2024
- Article 24 GDPR (category Article 24 GDPR) (section Shall implement appropriate technical and organisational measures to ensure GDPR compliance)(e.g. Article 25 (1) and (2), Article 28(1), Article 32(1) GDPR, Article 89(1) GDPR). These measures can also be regarded as measures under Article 24(1)30 KB (3,458 words) - 10:31, 25 April 2024
- DSB (Austria) - 2022-0.585.764 (category Article 2(2)(c) GDPR)personal data in accordance with Article 4, number one, GDPR. 3.2.4. The GDPR defines the term processing in Art. 4 Z 2 GDPR by listing a number of possible77 KB (13,004 words) - 14:44, 9 May 2023
- mechanism referred to in Article 63 GDPR (Article 28(8) GDPR). The Commission has made use of its power under Article 28(7) GDPR and published standard contractual72 KB (9,140 words) - 13:12, 2 June 2023
- Article 33 GDPR (category GDPR Articles) (section (2) Processor's notification in the event of a personal data breach)respect of Article 33. If a controller who is not established in the EU but falls under the scope of Article 3(2) or Article 3(3) of the GDPR experiences54 KB (6,536 words) - 08:22, 16 June 2023
- Article 7 GDPR (category GDPR Articles) (section (2) Consent request in the context of a written declaration concerning other matters)accountability in Article 5(2) GDPR, paragraph (2) specifies further requirements in the general principle of transparency under Article 5(1)(a) GDPR, paragraph31 KB (3,489 words) - 16:00, 8 March 2024
- accountability obligation enshrined in Article 5(2) GDPR. This theory is not totally convincing. In light of Article 5(2) GDPR, a reversal of burden of proof for33 KB (4,215 words) - 09:57, 19 March 2024
- Article 57 GDPR (category GDPR Articles) (section (a) Monitor and enforce the application of the GDPR)commentary to Article 60 GDPR, Article 61 GDPR, Article 62 GDPR, Article 63 GDPR, Article 64 GDPR, Article 65 GDPR, Article 66 GDPR and Article 56 GDPR. The SA60 KB (7,796 words) - 20:12, 1 April 2024
- compliance with the GDPR under Article 58(2)(d) GDPR or even ban it under Article 58(2)(f) GDPR. Therefore, complaints under Article 77 GDPR should extend to33 KB (3,641 words) - 09:51, 19 March 2024
- First-tier Tribunal - Clearview AI Inc. v ICO (category Article 3(2)(b) GDPR)also submits that were the criteria in Article 3(2)(b) to be met, both Article 2(2)(a) GDPR/ Article 3(2A) UK GDPR operate to take this case beyond the material99 KB (16,103 words) - 08:41, 25 October 2023
- processing), Article 57 GDPR (tasks of SAs), Article 58 GDPR (powers of SAs), as well as Article 65 GDPR (dispute resolution by the board), Article 63 GDPR (consistency55 KB (7,446 words) - 22:28, 1 April 2024
- Article 34 GDPR (category GDPR Articles) (section (2) Minimal requirements of the controller's communication to the data subject)meaning Recital 86 GDPR). However, Article 34 GDPR does not provide a specific deadline of 72 hours as is the case in Article 33 GDPR. Instead, timelines37 KB (3,962 words) - 15:20, 16 June 2023
- Garante per la protezione dei dati personali (Italy) (section Complaints Procedure under Art 77 GDPR)reference, see Article 143 of the Code). However, detailed time-limits can be found in Regolamento n. 2/2019 cited above. Under Article 154 of the Code7 KB (808 words) - 08:17, 16 February 2023
- access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction of processing (Article 18 GDPR), notification obligation44 KB (4,896 words) - 06:25, 16 June 2023
- must also be involved in the drafting of the DPIA under Article 35(2) GDPR and Article 39(1)(c) GDPR, and their advice should be recorded by the controller52 KB (7,297 words) - 08:05, 18 July 2023
- Article 46 GDPR (category GDPR Articles) (section (c) Standard data protection clauses adopted by the Commission under Article 93(2))access (Article 15 GDPR), rectification (Article 16 GDPR), deletion (Article 17 GDPR), restriction of processing (Article 18 GDPR), objection (Article 21 GDPR)34 KB (3,646 words) - 08:53, 27 March 2023
- FG München - 15 K 1212/19 (category Article 2(2)(d) GDPR)whether Art. 15 GDPR applies to the investigation files at all, since according to Art. 2 Para. 2 d GDPR, Section 2a Para. 4 AO, the GDPR does not apply98 KB (16,511 words) - 08:37, 9 May 2022
- resolution mechanism under Article 65 GDPR in connection with Article 63 GDPR is triggered (Article 60 (4) GDPR). Article 60(2) GDPR clarifies that also in35 KB (4,017 words) - 16:04, 18 March 2024
- Article 30 GDPR (category GDPR Articles) (section (2) Record of processing activities by the processor)applicability of Article 49(1) GDPR, the documentation of suitable safeguards (Article 30(2)(c) GDPR). See commentary under Article 30(1)(e) GDPR. The processor's31 KB (3,327 words) - 15:31, 5 June 2023
- OGH - 6Ob56/21k (category Article 2(2)(c) GDPR)obliged to comply with the GDPR provisions as a processor, while the controller could invoke the exemption of Article 2(2)(c) GDPR. The court then refers to127 KB (21,056 words) - 08:17, 19 August 2021
- entering the contract, Article 22(2)(a) GDPR does not mention this additional aspect. In any case, the application of Article 22(2)(a) GDPR is always subjected31 KB (4,768 words) - 06:24, 16 June 2023
- requirements. Although Article 40(5) GDPR mentions that the competent DPA will be determined through the application of Article 55 GDPR, the GDPR does not provide44 KB (5,008 words) - 14:50, 28 July 2023
- of enforcing the GDPR in Spain. Its head office is in Madrid. The requirement to have a data protection authority stems from Article 44 of the Spanish4 KB (386 words) - 15:29, 3 September 2021
- categories of data under Article 9 GDPR or data relating to criminal convictions and offences under Article 10 GDPR. Article 37(2) GDPR allows for the designation43 KB (4,904 words) - 12:59, 21 July 2023
- information as outlined in Articles 13 and 14 of the GDPR (see above). Article 26(2) of the GDPR emphasizes the significance of these specific obligations37 KB (3,915 words) - 12:49, 24 May 2023
- the GDPR (Article 3)’, 12 November 2019 (Version 2.1), p. 6 (available here). EDPB, ‘Guidelines 3/2018 on the territorial scope of the GDPR (Article 3)’37 KB (4,635 words) - 13:29, 24 October 2023
- leeway exists only in cases of Article 64(2) GDPR but not the context of Article 70(2) GDPR. According to Article 70(3) GDPR, the EDPB is obligated to “forward27 KB (3,038 words) - 12:19, 11 October 2023
- Article 18 GDPR (category GDPR Articles) (section (d) Objection to processing under Article 21(1) GDPR)contrast to Article 23(1)(e) GDPR, which sets out strict requirements for the Union or Member State's law restricting GDPR rights, Article 18(2) GDPR does not32 KB (3,730 words) - 08:43, 7 March 2024
- Regulation (GDPR): A Commentary, Article 38 GDPR, p. 707 (Oxford University Press 2020). Bergt, in Kühling, Buchner, DS-GVO BDSG, Article 38 GDPR, margin number29 KB (2,951 words) - 14:19, 25 July 2023
- Article 79 GDPR (category GDPR Articles) (section Infringement of the plaintiff’s rights under the GDPR)under Article 79 GDPR – or both. This flexibility allows for parallel proceedings under both Article 77 GDPR and under Article 79 GDPR. As the GDPR foresees31 KB (3,550 words) - 11:11, 29 November 2023
- Article 78 GDPR (category GDPR Articles) (section (2) Right to judicial remedy against DPA inactivity)or infringes the GDPR or any other applicable laws, including national ones. See commentary under Article 77 GDPR. Article 78(1) GDPR establishes both30 KB (3,874 words) - 10:46, 7 December 2023
- and jurisdiction provisions (Articles 47(1)(b), 47(2)(d), 47(2)(e), 47(2)(g), 47(2)(i), 47(2)(l) GDPR); a duty for the EU BCR member to accept responsibility29 KB (2,823 words) - 15:15, 28 April 2022
- Article 55 GDPR (category GDPR Articles) (section (2) Exclusive competence regarding processing for compliance with a legal obligation or in the public interest)which would be competent under Article 55(1) GDPR, as provided in Article 56 GDPR in connection with Article 60 GDPR. For more information see commentary35 KB (3,971 words) - 21:34, 1 April 2024
- processing (Article 36(3)(c) GDPR); the contact details of the Data Protection Officer (DPO) (Article 36(3)(d) GDPR); a copy of the DPIA (Article 36(3)(e)31 KB (3,646 words) - 08:51, 21 July 2023
- controller is subject, under Article 6(1)(c) GDPR. In line with the general objectives of the GDPR, as outlined in Article 1 GDPR Article 16 TFEU, SAs are also27 KB (2,604 words) - 14:24, 16 January 2024
- from any of the GDPR’s protections. → You can find all related decisions in Category:Article 39 GDPR Just as Article 38 GDPR, Article 39 GDPR also shows similarities23 KB (2,165 words) - 15:10, 27 July 2023
- in Category:Article 45 GDPR Kuner, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation (GDPR): A Commentary, Article 45 GDPR, p. 774 (Oxford43 KB (5,641 words) - 14:58, 28 April 2022
- with the GDPR (Article 31 GDPR). Direct liability of the representative is limited to the obligations set out in Article 30 and Article 58(1)(a) GDPR. Article25 KB (2,418 words) - 14:11, 24 May 2023
- a binding dispute resolution procedure in accordance with Article 65 GDPR. Article 64(2) GDPR allows any SA, the EDPB Chair or the Commission to request23 KB (2,079 words) - 16:07, 2 November 2023
- in principle (see hereunder Article 65(2) GDPR) to adopt a decision under Article 65 GDPR is reached, since Article 64 GDPR only requires a simple majority33 KB (4,185 words) - 16:09, 2 November 2023
- functions, a permissive function (Article 88(1) GDPR) and a conditional function (Article 88(2) GDPR). While Article 88(2) GDPR determines the scope of the opening32 KB (3,228 words) - 13:32, 30 November 2023
- Article 66 GDPR (category Article 66 GDPR) (section (2) Adoption of a final decision after provisional measures)derogation from Article 64(3) and Article 65(2), an urgent opinion or an urgent binding decision referred to in paragraphs 2 and 3 of this Article shall be adopted20 KB (1,590 words) - 16:11, 2 November 2023
- to in Article 61(6) GDPR. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 93(2) GDPR. → You24 KB (2,181 words) - 11:46, 15 January 2024
- Article 44 GDPR (category GDPR Articles)important to note that Article 13(1)(f) GDPR, Article 14(1)(f) GDPR, Article 15(1)(c) GDPR and Article 15(2) GDPR, make specific reference to transfers of personal21 KB (1,831 words) - 08:51, 27 March 2023
- Article 41 GDPR (category GDPR Articles) (section (2) Criteria for accreditation from the competent supervisory authority)clear from the wording of Article 41(1) GDPR. Article 41(1) GDPR does not define accreditation. Nonetheless, Article 41(2) GDPR provides a criterion against30 KB (2,720 words) - 14:02, 28 July 2023
- Article 49 GDPR (category GDPR Articles)Regulation (GDPR): A Commentary, Article 49 GDPR, p. 846 (Oxford University Press 2020). EDPB, ‘Guidelines 2/2018 on derogations of Article 49 under Regulation29 KB (3,500 words) - 08:54, 27 March 2023
- According to Article 80(2) GDPR, where legislated for by Member States, this right extends to Articles 77, 78 and 79 GDPR, but not Article 82 GDPR. This exclusion26 KB (2,575 words) - 15:50, 9 November 2023
- the application of the GDPR. You can find further details about the territorial scope in Article 3 GDPR. According to Article 1(2), the Regulation generally28 KB (3,831 words) - 16:21, 14 March 2024
- Article 8 GDPR (category GDPR Articles) (section (2) Verification of parental consent by the controller)directly to children. As such, Article 8 GDPR stipulates additional requirements for consent by children. Article 8 GDPR applies only if the processing19 KB (1,335 words) - 13:56, 24 October 2023
- Article 11 GDPR (category GDPR Articles) (section (1) If the data subject is not identified, the GDPR applies in part)processing (Article 32(1) GDPR) and the general principles of processing set out in Article 5 GDPR. In confirming the above interpretation, Paragraph 2 sets out20 KB (1,854 words) - 16:32, 8 March 2024
- Article 20 GDPR (category GDPR Articles) (section (2) Right to have personal data directly transmitted to another controller)consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and (b) the processing is40 KB (5,349 words) - 07:05, 1 June 2023
- Article 89 GDPR (category Article 89 GDPR) (section (2) Derogations Possible for Scientific or Historical Research Purposes or Statistical Purposes)Hence, Article 89(2) and (3) GDPR also allow for specific derogation to the GDPR for these purposes, as further detailed below. Article 89(1) GDPR provides29 KB (3,695 words) - 13:44, 21 March 2024
- consistency mechanism under Article 65(2)(1) GDPR and the adoption of the EDPS’s rules of procedure under Article 72(2) GDPR. Notably, each EDPB member22 KB (2,266 words) - 08:26, 17 October 2023
- Article 62 GDPR (category Article 62 GDPR) (section (2) Right to participate in joint operations and the obligation to invite other supervisory authorities)ng, Article 62 GDPR, margin number 11 (Beck 2018, 2nd edition). Riccio, Scorza, Belisario, GDPR e normativa privacy – Commentario, Article 62 GDPR (Wolters22 KB (1,915 words) - 13:46, 15 January 2024
- Article 42 GDPR (category GDPR Articles) (section (2) Demonstrating safeguards through data protection certification mechanisms, seals or marks)difference between Article 42(1) GDPR and Article 42(2) GDPR is that in the former, the applicant for certification is subject to the GDPR, while in latter27 KB (2,452 words) - 14:26, 28 July 2023
- Chair represents the Board (Article 68(2) GDPR) and is responsible for directing the work of the secretariat (Article 75(2) GDPR). Other specific responsibilities15 KB (808 words) - 09:44, 17 October 2023
- Article 19 GDPR (category GDPR Articles)definition for "processing" in Article 4(2) GDPR). If data is been made public, the applicable provision is Article 17(2) GDPR, provided that all requirements19 KB (1,436 words) - 12:35, 12 May 2023
- codes of conduct on the basis of Article 41 of Regulation 2016/679 and of a certification body on the basis of Article 43 of Regulation 2016/679; To ensure9 KB (993 words) - 07:10, 28 July 2022
- Article 93 GDPR (category Article 93 GDPR) (section (2) Examination procedure under Article 5 of Regulation (EU) No. 182/2011)unlike delegated acts made under Article 92 GDPR. Article 93(2) GDPR explicitly provides for the application of Article 5 of Regulation (EU) No 182/201117 KB (1,096 words) - 08:19, 19 October 2023
- Article 69 GDPR (category Article 69 GDPR) (section (2) The Board shall neither seek nor take instructions from any body)proposed amendments to the GDPR (pursuant to Article 70(1)(b) GDPR). Although not explicitly mentioned in Article 69(2) GDPR, the requirement that the Board18 KB (1,327 words) - 12:36, 14 December 2023
- Datenschutzrecht, Article 73 GDPR, margin number 3 (C.H. Beck 2019, 1st edition). Nguyen, in Gola, DS-GVO, Article 73 GDPR, margin number 2 (C.H. Beck 2018, 2nd edition);19 KB (1,530 words) - 14:23, 12 October 2023
- Article 75 GDPR (category Article 75 GDPR) (section (2) Exclusive Performance of Tasks under the Instructions of the Chair)Protection Regulation (GDPR), Article 75 GDPR, p. 1105 (Oxford University Press 2020). Dix, in Kühling, Buchner, DS-GVO BDSG, Article 75 GDPR, margin number 620 KB (1,347 words) - 14:21, 17 October 2023
- Article 92 GDPR (category Article 92 GDPR) (section (2) Delegation of power under Article 12(8) and 43(8) GDPR)objections pursuant to Article 92(5) GDPR. Article 92(5) GDPR imposes a further condition for the delegation of power, in line with Article 290(2)(b) TFEU. A delegated19 KB (1,525 words) - 08:18, 19 October 2023
- provided for in Article 52(3) GDPR and Articles 53(3) and 53(4) GDPR. For more information on SA members and staff, please refer to Article 52(2) GDPR (SA members)34 KB (3,649 words) - 13:19, 30 October 2023
- conduct under Article 83 GDPR should be excluded from penalties issued under Article 84 GDPR is debated. Whilst the wording of the GDPR is simply unclear19 KB (1,477 words) - 14:12, 7 November 2023
- Article 43 GDPR (category GDPR Articles)with the examination procedure referred to in Article 93(2). You can help us fill this section! Article 43 GDPR explains the procedure involved in establishing22 KB (1,634 words) - 14:40, 28 July 2023
- Article 76 GDPR, p. 1111-1112 (Oxford University Press 2020). Docksey, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 76 GDPR, p.15 KB (787 words) - 08:17, 19 October 2023
- explicit wording of Article 81 GDPR does not limit its application to proceedings instigated either under Article 78 GDPR or Article 79 GDPR. Secondly, the27 KB (2,619 words) - 14:52, 16 November 2023
- practices published under Article 70(3) GDPR. Though Article 70(3) GDPR already obliges the EDPB to make these public, Article 71(2) GDPR ensures that the public15 KB (1,196 words) - 08:15, 19 October 2023
- Article 97 GDPR (category Article 97 GDPR)years as per Article 45(3) GDPR, and subject to regular reporting, which Article 97(2) GDPR provides for. The third paragraph of Article 97 GDPR, obliges the16 KB (778 words) - 08:24, 19 October 2023
- of the use of GDPR and other aspects which the GDPR leaves for definition to the member states (for ex. Art. 6(3), some aspects of Art. 9(2), Art. 10, Art10 KB (1,242 words) - 10:51, 6 February 2024
- Article 53 GDPR (category GDPR Articles) (section (2) Qualification, experience and skills of the member(s))occupation. For example, Article 52(2) GDPR requires SA members to remain free from external influence and Article 52(3) GDPR entails a prohibition of29 KB (2,894 words) - 23:06, 1 April 2024
- laid down in Article 57 GDPR. The powers of SAs are both investigative and corrective, which are set out in Article 58 GDPR. Article 52(2) GDPR requires two47 KB (5,594 words) - 22:45, 1 April 2024
- one of the 'other administrative or non-judicial' remedies, which Article 78(2) GDPR refers to. If the DPA decides to uphold their decision, they will10 KB (1,078 words) - 06:40, 26 March 2023
- Article 10 GDPR (category GDPR Articles)from Article 6(1) GDPR and comply with the principles enshrined in Article 5 GDPR. Additionally, the processing will still be subject to other GDPR provisions17 KB (1,768 words) - 15:41, 18 March 2024
- decisions pursuant to Article 65 GDPR (Article 70(1)(t) GDPR). Article 68 GDPR is the first of nine Articles (Articles 68-76 GDPR) governing the EDPB set20 KB (1,632 words) - 10:01, 11 October 2023
- Article 16 GDPR (category GDPR Articles)related decisions in Category:Article 16 GDPR Meents, Hinzpeter in Taeger, Gabel, DSGVO – BDSG, Article 16 GDPR, margin number 2 (Deutscher Fachverlag, 4th23 KB (2,489 words) - 23:24, 6 March 2024
- Article 90 GDPR (category Article 90 GDPR) (section (2) Notification of national implementation to the Commission)accordance with Article 58(1) GDPR. Article 90 GDPR was drafted with a view to regulate potential conflicts between the application of the GDPR on the one hand18 KB (1,599 words) - 12:26, 29 April 2022
- exercise on their behalf all rights foreseen under Articles 77 and 78 GDPR and Article 20 of L. 4624/2019. The mandate shall be given with a specific written23 KB (2,039 words) - 08:15, 25 April 2024
- Article 91 GDPR (category Article 91 GDPR) (section Rules that are comprehensive and in line with the GDPR)Regulation (GDPR), Article 91 GDPR, p. 1263 (Oxford University Press 2020). Tosoni, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article25 KB (2,482 words) - 10:04, 19 March 2024
- Article 94 GDPR (category Article 94 GDPR)date of effect under Article 94 GDPR. In order to ensure a sense of continuity within the regulatory framework, Article 94(2) GDPR provides that any reference13 KB (530 words) - 09:40, 3 October 2023
- Article 95 GDPR (category Article 95 GDPR)situation, Article 95 GDPR will not be relevant, and the GDPR applies as normal. Notably, Recital 173 GDPR, which relates to Article 95 GDPR, omits reference20 KB (1,539 words) - 08:21, 19 October 2023
- Article 98 GDPR (category Article 98 GDPR)Regulation. Noting that a broader reading of Article 98 GDPR is supported by the wording of Article 2(3) GDPR, which provides that: 'For the processing of15 KB (943 words) - 09:58, 8 November 2023
- Article 67 GDPR (category Article 67 GDPR)referred to in Article 64. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 93(2). Recital 167:15 KB (810 words) - 16:13, 2 November 2023
- Article 99 GDPR (category Article 99 GDPR)Journal of the European Union. 2. It shall apply from 25 May 2018. There is no relevant recital for Article 99 GDPR. Article 99 GDPR sets out the dates of the12 KB (295 words) - 08:25, 19 October 2023
- Article 59 GDPR (category GDPR Articles)accordance with Article 58(2) [GDPR]”. These is a reference to the information that SAs must keep in internal records according to Article 57(1)(u) GDPR. The report15 KB (718 words) - 15:31, 19 October 2023
- falls outside the scope of Article 57 GDPR should be deemed inadmissible for the purposes of Article 31 GDPR. Article 31 GDPR can be read as a supporting22 KB (2,042 words) - 14:29, 20 November 2023
- deals with processing within the scope of the GDPR. Part 2 deals with processing outside of the scope of the GDPR. Part 3 deals with processing by competent18 KB (2,488 words) - 15:22, 14 December 2021
- Press 2020). Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1090. Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1090. CJEU22 KB (2,177 words) - 10:01, 19 March 2024
- of such processing (see Article 5(1)(b) GDPR), the requirement to have a legitimate basis laid down by law (see Article 6(1) GDPR), the right to access and48 KB (5,978 words) - 15:57, 1 February 2024
- be read jointly with the Decree n° 2019-536 of May 29. According to Article 8(I)(2)(d) of the loi "Informatique et Liberté", a data subject or their representative(s)8 KB (824 words) - 22:52, 27 February 2024
- Article 63 GDPR (category Article 63 GDPR)to in Article 46(2)(d) GDPR, contractual clauses referred to in Article 46(3)(a) GDPR, or binding corporate rules within the meaning of Article 47 GDPR15 KB (851 words) - 06:55, 29 April 2022
- Article 29 GDPR (category GDPR Articles) (section Commonalities and differences in relation to Article 28(3)(b) GDPR)relevance of Article 29 GDPR were rooted in the fact that Article 28(3)(b) GDPR already seems to cover much of the scope of Article 29 GDPR. More specifically13 KB (674 words) - 13:15, 2 June 2023
- organisation-fined-for-gdpr-rule-breach-1.4255692?mode=amp https://www.irishlegal.com/article/tusla-fined-40-000-in-second-gdpr-breach https://www.dataprotection8 KB (1,034 words) - 14:13, 20 August 2021
- Article 87 GDPR (category Article 87 GDPR)process them. This was already the case under Article 8(7) of the DPD, the precursor of Article 87 GDPR. In many Member States, the processing of NIN and15 KB (660 words) - 09:37, 1 December 2023
- Article 96 GDPR (category Article 96 GDPR)protected by Article 96 GDPR if it is found to be incompatible with other GDPR provisions. → You can find all related decisions in Category:Article 96 GDPR It follows13 KB (450 words) - 08:22, 19 October 2023
- the GDPR by Brave, page 6 - https://brave.com/wp-content/uploads/2020/04/Brave-2020-DPA-Report.pdf Report: Europe’s governments are failing the GDPR by11 KB (1,468 words) - 13:27, 14 May 2023
- Article 48 GDPR (category GDPR Articles)subject to the GDPR or, in cases where they are not established in the EU, act within the material and territorial scope of the GDPR. Article 48 GDPR refers to14 KB (716 words) - 15:19, 28 April 2022
- Article 50 GDPR (category GDPR Articles)exchange of knowledge between them. This way, Article 50 GDPR expands the exhortation under Article 57(1)(g) GDPR that calls for cooperation between EU DPAs17 KB (1,142 words) - 15:41, 28 April 2022
- DPC (Ireland) - 05/SIU/2018 (category Article 2 GDPR)here is covered by the GDPR. For further information and relevant legal provisions, please see Article 2(2)(d) GDPR, Articles 1 and 2 LED, and Part 5 and13 KB (1,414 words) - 15:11, 14 March 2023
- including claims for damages. 2. Actions against decisions of the European Data Protection Supervisor, including decisions under Article 63(3), shall be brought8 KB (1,078 words) - 12:58, 10 May 2024
- to § 14(1)(1)(6) BDSG the BfDI is responsible for complaints under Article 77 GDPR. The BfDI has to inform the complainant about the ongoing procedure3 KB (297 words) - 14:49, 1 December 2020
- democratic legitimation necessary under Article 23(1) second sentence in conjunction with Article 20(1) and (2) and Article 79(3) of the Basic Law. Since data18 KB (1,831 words) - 13:49, 3 November 2022
- the parties. Section 100 of the Slovak Data Protection Act implements Article 77 GDPR. The complaint shall include (Section 100 (3)): The name, surname, correspondence9 KB (1,006 words) - 07:13, 7 July 2021
- BVwG - W211 2227144-1 (category Article 2 GDPR)the violation of his GDPR rights by the parliamentary committee? The BVwG initially held that the exemption under Article 2(2)(a) GDPR (processing of personal38 KB (5,801 words) - 10:08, 10 September 2021
- CJEU - C-205/21 - Ministerstvo na vatreshnite raboti (category Article 9 GDPR)listed in Article 2(3) of that directive and Article 2(2) of that regulation, apply. 62 In particular, it should be noted that Article 9 of the GDPR and Article110 KB (18,000 words) - 08:01, 5 June 2023
- OVG Münster - 16 A 1582/21 (category Article 12(5) GDPR) (section Processing of Personal Data Partly by Automated Means, Article 2(1) GDPR)12(5)(1) GDPR apply. However, it leaves open whether the material scope of application of the GDPR is opened or not opened due to Article 2(2)(a) GDPR. In any123 KB (20,784 words) - 10:11, 26 November 2021
- OLG Hamm - 8 U 94/22 (category Article 5(1)(a) GDPR)principle of Fairness (Article 5(1)(a) GDPR), purpose limitation (Article 5(1)(b) GDPR) and data minimisation (Article 5(1)(c) GDPR) would not prevent the56 KB (9,184 words) - 15:04, 18 July 2023
- Recitals GDPR (section Recitals from the GDPR)data is a fundamental right. Article 8(1) of the Charter of Fundamental Rights of the European Union (the ‘Charter’) and Article 16(1) of the Treaty on the182 KB (24,065 words) - 13:40, 9 July 2021
- DSB (Austria) - 2021-0.586.257 (category Article 4(2) GDPR)website controller qualifies as controller (Article 4(7) GDPR) and Google LLC as processor (Article 4(8) GDPR) for data processing in connection with Google108 KB (17,097 words) - 13:52, 12 May 2023
- CJEU - C-300/21 - Österreichische Post AG (category Article 82 GDPR)of the GDPR, 2) existence of damage suffered, and 3) a causal link between that infringement and that damage. The CJEU held that Article 82(1) GDPR must5 KB (683 words) - 12:50, 28 June 2023
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 1) (category Article 5(2) GDPR)Protection Ordinance Article 5, paragraph Article 5 (2) 1, letter c and letter f., Article 5, paragraph Article 6 (1) (a) Article 32 (1), (1), (33) 1 and48 KB (7,442 words) - 10:24, 12 September 2022
- Datatilsynet (Norway) - 20/02136 (category Article 3(2) GDPR) (section Special categories of data under Article 9 GDPR)elements. Infringement of Article 6 and 9 GDPR qualifies for the maximum amount for administrative fines as set out in Article 83(5) GDPR: 20,000,000 € or 4%18 KB (2,375 words) - 16:17, 6 December 2023
- FG München - 15 K 118/20 (category Article 4(7) GDPR)the GDPR under Article 2(2)(a) GDPR. Furthermore, the court extensively discussed the material scope of application according to Article 2(1) GDPR. At85 KB (14,338 words) - 22:04, 9 February 2022
- CNIL (France) - SAN-2020-012 (category Article 4(7) GDPR)the fine, the criteria specified in the same article 83. 111. Article 83 of the GDPR, as referred to in Article 20, paragraph III, of the Data Protection93 KB (14,936 words) - 17:09, 6 December 2023
- The Court’s conclusion follows from reading Article 5(3) of the ePrivacy directive in conjunction with Article 2(h) of Directive 95/46/EC, and noting that6 KB (893 words) - 15:22, 24 March 2022
- BVwG - W211 2222613-2/12E (category Article 15(3) GDPR)the personal data to be provided pursuant to Article 15(1) GDPR: must Article 15(3) first sentence of the GDPR be interpreted as meaning that, due to the51 KB (8,592 words) - 07:03, 2 November 2021
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 2) (category Article 5(2) GDPR)pursuant to Article 5(2) GDPR in conjunction with Article 5(1)(a) GDPR. Failure to demonstrate that processing is performed in accordance with the GDPR The DPA75 KB (11,733 words) - 16:33, 21 August 2022
- IMY (Sweden) - DI-2020-11373 (category Article 44 GDPR)DI-2020-11373 2(23) Date: 2023-06-30 2.2.1 Applicable regulations, etc. ................................................... .....9 2.2.2 The Privacy Protection113 KB (12,773 words) - 15:20, 6 December 2023
- Spain the GDPR is developed by the Ley Orgánica 3/2018 de Protección de Datos Personales y garantía de los derechos digitales (LOPDGDD). Article 7.2 LOPDGDD15 KB (1,875 words) - 16:18, 13 July 2022
- CJEU - C-434/16 - Peter Nowak (category Article 15 GDPR)constitute information relating to that candidate, within the meaning of Article 2(a) of Directive 95/46". From the start of its analysis it emphasised that6 KB (766 words) - 21:17, 5 March 2024
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 3) (category Article 58(2)(f) GDPR)protection regulation's article 5, subsection 2, cf. Article 5, subsection 1, letter a, Article 24, cf. Article 28, subsection 1, Article 35, subsection 1, as117 KB (18,075 words) - 10:19, 12 September 2022
- exemption is based on Article 85(2) GDPR. According to Article 26(3) of the 2018 Act, certain GDPR provisions (listed in Article 26(9)) will not apply14 KB (2,011 words) - 15:42, 25 November 2020
- artistic or literary purposes, only Article 24, Article 26, Article 28, Article 29, Article 32, and Article 40- Article 43 applies, following § 3. Special8 KB (1,064 words) - 12:53, 23 June 2023
- CJEU - Joined Cases C‑26/22 and C‑64/22 - SCHUFA (category Article 6(1) GDPR)interests under Article 6(1)(f) GDPR. On the erasure obligations under Article 17 GDPR, the CJEU held that under Article 17(1)(d) GDPR SCHUFA will be under15 KB (2,180 words) - 08:23, 13 December 2023
- the age of consent under GDPR is kept, namely 16 (art. 8.1 GDPR). See Article 7 of the national implementing law. See Article 5 of the national implementing16 KB (2,260 words) - 19:26, 30 November 2021
- BVwG - W258 2217446-1 (category Article 9(2) GDPR)personal data under Article 9(1) GDPR. Their processing would require the data subjects' explicit consent under Article 9(2)(a) GDPR and § 151(4) GewO,79 KB (12,652 words) - 09:41, 10 September 2021
- Tietosuojavaltuutetun toimisto (Finland) - 4680/182/18 (category Article 9(2)(a) GDPR)according to Article 9(2)(a) GDPR. On the basis of the information gathered, the DPA held that the controller had violated Article 9 GDPR. As a result49 KB (7,496 words) - 14:44, 24 January 2024
- HDPA (Greece) - 28/2023 (category Article 58(2) GDPR)council in Greece to cease their processing activities, under Article 58(2) GDPR and Article 15(8) of Law 4624/2019, because of an unresolved data breach9 KB (1,211 words) - 20:32, 8 January 2024
- IMY (Sweden) - DI-2020-11397 (category Article 44 GDPR)of personal data of data subjects guaranteed by Article 44 GDPR and consequently breached Article 44 GDPR. The DPA issued a fine of 300,000 SEK (approx.121 KB (13,722 words) - 15:16, 5 July 2023
- IMY (Sweden) - DI-2020-11368 (category Article 44 GDPR)...................... .11 2.2.1 Applicable regulations, etc. ................................................ ...11 2.2.2 The Privacy Protection Authority's115 KB (12,842 words) - 08:38, 5 July 2023
- IMY (Sweden) - DI-2020-11370 (category Article 44 GDPR)..................... .14 2.2.1 Applicable regulations, etc. ................................................... ...14 2.2.2 The Privacy Protection Authority's131 KB (14,752 words) - 08:36, 5 July 2023
- EDPB - Binding Decision 3/2022 - 'Meta (Facebook)' (category Article 4 GDPR)reasoned in accordance with Article 4(24) GDPR and, after conducting its own assessment of the factors under Article 83(2) GDPR, found that the proposed fine53 KB (8,413 words) - 14:10, 30 January 2023
- CJEU - C-136/17 - GC and Others (category Article 9(2) GDPR)and ‘criminal convictions’ within the meaning of Article 8(5) of Directive 95/46 (and Article 10 GDPR). In addition the court judged that a search engine4 KB (438 words) - 14:23, 11 August 2022
- LG Köln - 33 O 376/22 (category Article 46(2)(c) GDPR)protection within the meaning of Article 45 of the GDPR and without appropriate safeguards within the meaning of Article 46 of the GDPR. Furthermore, the plaintiff66 KB (9,990 words) - 12:30, 29 January 2024
- Court of Appeal of Brussels - 2019/AR/1600 (category Article 13(2)(a) GDPR)violation of Article 6(1) GDPR; 2. Did not provide the complainant with enough information prior to the processing, in violation of Article 13 GDPR; 3. Processed60 KB (9,144 words) - 16:17, 22 March 2022
- Norges Høyesterett - 2021-2403-A (category Article 9(2)(a) GDPR)other two conditions of Article 6 (1) (f) of the GDPR are not met. (26) The second condition of Article 6 (1) (f) of the GDPR is that the processing of46 KB (7,024 words) - 06:18, 6 March 2022
- Personvernnemnda (Norway) - 2021-20 (20/01648) (category Article 5(1)(a) GDPR)Appeals Board assessed if a fine could be imposed as per Article 83(5) GDPR, cf. Article 83(2) GDPR, and in which case, how large it should be. The Board31 KB (5,018 words) - 18:44, 5 March 2022
- VK Baden-Württemberg - 1 VK 23/22 (category Article 44 GDPR)within the meaning of Article 4 no. 2 of the GDPR and the term "transfer" within the meaning of Article 44 et seq. of the GDPR. GDPR had to be differentiated62 KB (10,113 words) - 12:48, 17 August 2022
- CJEU - C-77/21 - Digi (category Article 5(2) GDPR)compliant with Articles 5 and 6 GDPR. According to Article 6 GDPR, when a controller did not rely on consent (Article 6(1)(a) GDPR), its processing should be49 KB (7,800 words) - 09:22, 5 January 2024
- the context of the employment relationship. In application of Article 88 of the GDPR, Article 111 of the Code provides that such data shall be processed in6 KB (757 words) - 13:53, 16 August 2022
- entitled to erasure under Article 17(1)(d) GDPR, as the data processing was not lawful. In any case, the requirements of Article 6 GDPR were no longer met 651 KB (8,215 words) - 09:55, 13 May 2022
- CNIL (France) - SAN-2019-005 (category Article 32(2) GDPR)violates Article 32 GDPR. Retaining personal data of an applicant for a lease after another applicant has been selected also violates Article 5(1)(e) GDPR41 KB (6,558 words) - 17:09, 6 December 2023
- CJEU - C‑340/21 - Natsionalna agentsia za prihodite (category Article 5 GDPR)judicial remedy against the controller under Article 79(1) GDPR. Having said that, Article 32(1) and (2) GDPR make it clear that national courts must assess13 KB (1,963 words) - 11:04, 5 January 2024
- CJEU - C-40/17 - Fashion ID (category Article 80 GDPR)arguing that it wasn’t a controller within the definition set out under Article 2(d) Directive 95/46 and that NRW did not have legal standing to bring a6 KB (492 words) - 13:09, 1 June 2023
- AEPD (Spain) - PS/00240/2019 (category Article 5(1)(b) GDPR)Therefore, given that Article 6(1), Article 5(1)(a), Article 5(1)(d), Article 5(1)(c), and Article 14 GDPR were infringed in connection to Article 5(1)(b), the602 KB (102,229 words) - 14:21, 13 December 2023
- Personvernnemnda (Norway) - 2018-14 (15/01355) (category Article 9(2)(a) GDPR)that the Medical List does today, cf. GDPR Article 4, No. 11, Article 6 No. 1 letter a, Article 7 and Article 9 No. 2 letter a If current practice is invalid144 KB (23,058 words) - 18:48, 5 March 2022
- Rb. Rotterdam - C/10/576091/HA RK 19-701 (category Article 15(3) GDPR)the documents or files containing their personal data under Article 15(3) GDPR and Article 12 of the ePrivacy Directive. However, there is a right to a14 KB (2,154 words) - 16:27, 10 March 2022
- Tietosuojavaltuutetun toimisto (Finland) - 6689/186/20 (category Article 5(1) GDPR)section 6 (2) of the Data Protection Act.n as a safeguard in accordance with subsection 2.n as a safeguard in accordance with subsection 2. 15. According41 KB (6,555 words) - 08:37, 4 March 2024
- Chapter 2 § 6 in the Instrument of Government. The right to free speech is secured in Chapter 2 § 1 in the Instrument of Government and Chapter 2 § 1 of7 KB (793 words) - 14:08, 1 October 2021
- Protection Act 2019 sets exceptions in Article 9(1) GDPR, Article 15 GDPR, Article 16 GDPR, Article 18 GDPR and Article 21 GDPR for scientific or historical research10 KB (1,037 words) - 14:52, 10 July 2020
- CJEU - C-252/21 - Meta Platforms and Others v Bundeskartellamt (category Article 6 GDPR)pursued by Meta pursuant to Article 6(1)(f) GDPR. Lastly, the CJEU noted that the fact that Article 6(1)(a) and Article 9(2)(a) GDPR must be interpreted as8 KB (1,231 words) - 08:22, 6 July 2023
- APD/GBA (Belgium) - 01/2021 (category Article 60 GDPR)Constitution. It therefore went on to say that, Article 57 of the Law, read in combination with Article 60 of the same Law, provide that procedures must19 KB (2,707 words) - 16:50, 12 December 2023
- Garante per la protezione dei dati personali (Italy) - 9870832 (category Article 5 GDPR)imposed on OpenAI a temporary limitation of processing pursuant to Article 58(2)(f) GDPR. Such limitation concerns all processing operations involving data14 KB (2,049 words) - 07:46, 1 August 2023
- APD/GBA (Belgium) - 26/2021 (category Article 6 GDPR)repealing Directive 95/46 / EC (General Data Protection Regulation, hereinafter “GDPR”); In view of the law of 3 December 2017 establishing the Data Protection8 KB (1,156 words) - 16:56, 12 December 2023
- freedoms, under Article L 521-2 of the Code of Administrative Justice or where it exists serious doubts as the legality of the decision, under Article L 521-110 KB (1,108 words) - 09:37, 29 September 2021
- How to add a new decision (section Add a GDPR Article)6(1)(a) GDPR for consent and Article 6(1) GDPR if there was no legal basis at all). If any other EU law was relied on, add the Article and name of the law and17 KB (2,638 words) - 11:18, 19 February 2024
- GDPRhub style guide (section GDPR)in the Member States. Example: Article 6(1)(a) GDPR Example: Not Art. 6 Abs 1 Lit a GDPR or Article 6 GDPR or GDPR Article 6, Sec 1(a) Recitals are also17 KB (2,510 words) - 13:56, 24 April 2023
- ANSPDCP (Romania) - Fine against Telekom Romania mobile communications S.A. 2 (category Article 32(2) GDPR)to the data. The infringement of Article 32 of the GDPR led to a €10,000 fine (RON 48,748). The infringement of Article 3 of Law 506/2004 led to a fine7 KB (900 words) - 15:18, 13 December 2023
- CJEU - C-645/19 - Facebook Ireland and others v Gegevensbeschermingsautoriteit (category Article 56(2) GDPR)the exceptions to the one stop shop mechanism applies (Article 55(2), Article 56(2), or Article 66). It interesting to note that the Court confirms that10 KB (1,311 words) - 15:26, 13 June 2023
- HDPA (Greece) - 2/2020 (category Article 12(4) GDPR)provisions of Article 58 (2) (i) of the GDPR, each supervisory authority has, inter alia, the power to impose an administrative fine under Article 83, depending12 KB (1,773 words) - 15:33, 6 December 2023
- many waivers from GDPR for research purposes under Article 89 GDPR. It is questionable of the law is constitutional and in line with GDPR. § 151 of the Austrian8 KB (721 words) - 09:32, 24 April 2024
- APD/GBA (Belgium) - 81/2020 (category Article 5(2) GDPR)period allotted to it to do so (Article 15.1 combined with Article 12.3. of GDPR as well as Article 12.2. of the GDPR (obligation to facilitate the exercise127 KB (21,484 words) - 17:01, 12 December 2023
- UODO (Poland) - ZSPR.421.2.2019 (category Article 5(2) GDPR)and (f), Article 5(2), Article 6(1), Article 7(1), Article 24(1), Article 25(1), Article 32(1)(b), Article 32(1)(c) and Article 32(1)(b), Article 32(1)(c)71 KB (11,304 words) - 10:01, 17 November 2023
- HDPA (Greece) - 18/2020 (category Article 5(2) GDPR)as the obligation of accountability by article.5 par.2 GDPR, i.e. it violated fundamental principles of the GDPR on the protection of personal data. 8.12 KB (1,733 words) - 15:34, 6 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 8493/161/21 (category Article 12(2) GDPR)the controller had violated Article 5(1)(a) GDPR, Article 12 GDPR, Article 13 GDPR, Article 15 GDPR and Article 25(1) GDPR. As a result, the DPA issued52 KB (7,936 words) - 22:32, 2 March 2024
- APD/GBA (Belgium) - 149/2023 (category Article 13(2) GDPR)of article 4.19 of the GDPR – (article 13.1. c) of the GDPR) and does not mention the data retention periods personal data processed (article 13.2. a)113 KB (17,325 words) - 08:50, 19 March 2024
- Tietosuojavaltuutetun toimisto (Finland) - 3216/452/17 (category Article 9(2)(a) GDPR)violated Article 5(1)(a) GDPR, Article 5(1)(c) GDPR, Article 9 GDPR and Article 25(2) GDPR. As a result, and in accordance with Article 58(2)(d) GDPR, the60 KB (9,117 words) - 14:46, 24 January 2024
- CJEU - C‑634/21 - SCHUFA (category Article 22(2)(b) GDPR)meaning of Article 22(1) of that regulation.’ Moreover, the Court addressed the relationship between Article 22(2)(b) GDPR and national law. Article 22(2)(b)6 KB (783 words) - 16:05, 12 December 2023
- BVwG - W211 2210458-1/10 (category Article 2(1) GDPR)2019, BVwerG 6 C 2.18 "It follows that the opening clauses of Article 6.2 and 6.3 GDPR for processing operations under Article 6.1(1)(e) GDPR do not cover92 KB (15,435 words) - 16:00, 22 March 2022
- HDPA (Greece) - 4/2020 (category Article 5(2) GDPR)parent's request, thus violating Article 15(1) and (4) GDPR as well as the principle of accountability pursuant to Article 5(2) GDPR. The complainant requested18 KB (2,865 words) - 15:33, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9574709 (category Article 58(2)(d) GDPR)Moreover, the information provided as per Article 13 GDPR were not compliant with the requirements of Article 12 GDPR in light of the fact that TikTok services17 KB (2,519 words) - 15:55, 6 December 2023
- VG Wiesbaden - 6 K 788/20.WI (category Article 4(4) GDPR)decision within the meaning of Article 22(1) and Article 22(2) GDPR - then the opening clause of Article 22(2)(b) GDPR does not apply to national rules52 KB (8,534 words) - 12:58, 15 December 2021
- CJEU - C-667/21 - Krankenversicherung Nordrhein (category Article 9(2)(h) GDPR)processing of data concerning health laid down in Article 9(1) GDPR is possible under Article 9(2)(h) GDPR) in a case such as the present one, are there further14 KB (1,916 words) - 16:03, 2 February 2024
- DSB (Austria) - D124.1177/0006-DSB/2019 (category Article 9(2)(j) GDPR) (section Article 17(1)(d) GDPR)Articles 5(1)(b) and (e), 9(2)(j), 89(1) GDPR and Section 7(1)(1) and (2)(1) GDPR. In particular, it follows from Article 9(2)(j) GDPR that the processing of31 KB (4,648 words) - 13:56, 12 May 2023
- HDPA (Greece) - 19/2020 (category Article 5(2) GDPR)previous relationship with her. The HDPA held that according to the GDPR and Article 11 of L. 3471/2006, in electronic political communication a politician2 KB (168 words) - 15:35, 6 December 2023
- BVwG - W245 2252208-1/36E and W245 2252221-1/30E (category Article 46(2)(c) GDPR)(VWA ./05, see point II.2), the XXXX (VWA ./06, see point II.2) and a certificate of representation (VWA ./07, see point II.2). I.2. As a result, the BA continued158 KB (26,392 words) - 08:25, 7 June 2023
- HDPA (Greece) - 31/2020 (category Article 4(2) GDPR)DPA held that a CCTV system shall be handled as subject to Article 4(1) and Article 4(2) of GDPR Regulation. That judgment does not mean that any CCTV surveillance6 KB (719 words) - 15:36, 6 December 2023
- Datatilsynet (Norway) - 21/03530 (category Article 58(2)(f) GDPR)by the EDPB pursuant to Article 66(2) GDPR. Temporary ban on processing (order) Pursuant to Article 66(1) GDPR and 58(2)(f) GDPR the Norwegian DPA consequently99 KB (14,431 words) - 16:20, 6 December 2023
- HDPA (Greece) - 3/2022 (category Article 58(2)(f) GDPR)the meaning of Article 4(7) GDPR. Furthermore, the erasure or destruction of personal data is a form of processing based on Article 4(2) GDPR. The DPA has11 KB (1,492 words) - 13:09, 23 November 2022
- APD/GBA (Belgium) - 06/2019 (category Article 58(2)(i) GDPR)c), Article 6.1., Article 13.1. c), Article 13.1. c), Article 13.1. e) and Article 13.2. a) of the DGPS pursuant to Article 101 of the ICA, to impose20 KB (3,137 words) - 16:51, 12 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - TSV/26/2020 (category Article 25(2) GDPR)violated Article 5(1)(e) GDPR and Article 25(2) GDPR. As a result, the DPA issued a reprimand to the controller in accordance with Article 58(2)(b) GDPR. Pursuant77 KB (12,352 words) - 07:20, 23 April 2024
- The heading of Article 6(1) and the wording “has given” in Article 6(1)(a) support this interpretation. It follows logically from Article 6 and Recital65 KB (9,767 words) - 16:22, 6 December 2023
- AEPD (Spain) - EXP202203969 (category Article 6(1) GDPR)” Regarding section k) of article 83.2 of the GDPR, the LOPDGDD, article 76, "Sanctions and corrective measures", provides: "2. In accordance with the provisions45 KB (7,135 words) - 13:08, 13 December 2023
- LG Krefeld - 2 O 448/20 (category Article 15(1) GDPR)regarded as an access request under Article 15(1) GDPR. According to Recital 63 GDPR, the right of access under Article 15 GDPR serves data subjects to be informed17 KB (2,758 words) - 14:10, 15 December 2021
- BVwG - W214 2233132-1/13E (category Article 15(1)(c) GDPR)under Article 77 GDPR was very clear and limited in scope. However, the DSB went on to assert a violation of Article 12 GDPR and Article 15(1)(h) GDPR, acting47 KB (7,519 words) - 09:28, 13 February 2024
- Helsingin hallinto-oikeus (Finland) - 116/2024 (category Article 25(2) GDPR)life insurance company had breached Article 5(1)(a) GDPR, Article 5(1)(c) GDPR, Article 9 GDPR and Article 25(2) GDPR as its as its practice was to process41 KB (6,133 words) - 10:29, 25 March 2024
- guaranteed human rights. This right is explicitly enshrined in Article 38. In Slovenia the GDPR is not implemented by the national law. Slovenia remains the4 KB (391 words) - 09:57, 17 May 2021
- HDPA (Greece) - 48/2021 (category Article 5(2) GDPR)provisions Article 4.11: Consent (definition) Article 4.12: Violation of personal data (definition) Article 5.2: Principle of accountability Article 6.1.a:8 KB (1,028 words) - 12:49, 24 November 2021
- Personvernnemnda (Norway) - 2021-03 (category Article 5(2) GDPR)Ordinance Article 6 No. 1 letter f, for failure to assess protests, cf. Article 21, and for lack of information, cf. Article 13. 2. Pursuant to Article 58 (2)25 KB (4,046 words) - 18:37, 5 March 2022
- Datatilsynet (Norway) - 20/02178 (category Article 5(2) GDPR)breached Article 6(1)(f) GDPR for lack of legal basis, Article 21 for lack of considering an objection, Article 13 for lack of information and Article 24 for7 KB (802 words) - 18:53, 17 May 2022
- CNIL (France) - SAN-2022-019 (category Article 3(2) GDPR)did not react either. GDPR applicable? (Article 3(2) GDPR) The DPA held that the GDPR was applicable pursuant of Article 3(2) GDPR. Because the controller11 KB (1,452 words) - 17:03, 6 December 2023
- Hoge Raad - 21/00241 (category Article 6(1)(c) GDPR)processed on the basis of Article 6(1)(c) GDPR does not have the rights to erasure and objection contained in Article 17 and Article 21 GDPR respectively. This29 KB (4,605 words) - 17:00, 15 December 2021
- HDPA (Greece) - 20/2023 (category Article 12(2) GDPR)registered letter in violation of article 15 (1) cond. 12 par. 2, 3 and 4 GDPR and c) 30,000 euros for violation of Article 25 (1) GDPR because it did not in practice6 KB (634 words) - 17:48, 17 July 2023
- AP (The Netherlands) - 26.11.2020 (category Article 32(1) GDPR)that the letter in question referred to Article 58(1)(a) of the GDPR and Article 5:16 in conjunction with Article 5:17 of the Awb does not make this any67 KB (11,415 words) - 17:15, 12 December 2023
- OLG Nürnberg - 8 U 2907/21 (category Article 12(5)(b) GDPR)right to access under Article 15 GDPR because the controller was entitled to reject the request pursuant to Article 12(5)(b) GDPR. The court reasoned that24 KB (3,847 words) - 15:19, 11 September 2022