Search results
From GDPRhub
- the establishment of SAs are set out in Article 51(1) and 52 GDPR, Article 54(1)(a) GDPR repeats that these should be legislated for through a Member State's34 KB (3,649 words) - 13:19, 30 October 2023
- Article 51 GDPR (category GDPR Articles) (section (1) Establishment of a supervisory authority (SA))controller is subject, under Article 6(1)(c) GDPR. In line with the general objectives of the GDPR, as outlined in Article 1 GDPR Article 16 TFEU, SAs are also27 KB (2,604 words) - 14:24, 16 January 2024
- DSB (Austria) - 2021-0.586.257 (category Article 51(1) GDPR)to Art. 44 GDPR is dismissed. Legal basis: Art. 4 (1), (2), (7) and (8), Art. 5, Art. 44, Art. 46 (1) and (2) (c), Art. 51 (1), Art. 57 (1) (d) and (f)108 KB (17,097 words) - 13:52, 12 May 2023
- CJEU - C-132/21 - Nemzeti Adatvédelmi és Információszabadság Hatóság (category Article 77(1) GDPR)preliminary ruling: ‘(1) Must Articles 77(1) and 79(1) GDPR be interpreted as meaning that the administrative appeal provided for in Article 77 GDPR constitutes9 KB (1,308 words) - 12:54, 28 June 2023
- DSB (Austria) - 2020-0.349.984 (category Article 51(1) GDPR)no. 2, Art. 5 para. 1 lit. f, Art. 6 Para. 1 lit. c and lit. f, Art. 13, Art. 51 Para. 1, Art. 57 Para. 1 lit. f and Art. 77 Para. 1 of Regulation (EU)28 KB (4,228 words) - 14:00, 12 May 2023
- DSB (Austria) - 2022-0.560.569 (category Article 51(1) GDPR)hereinafter: previous search term GDPR next search term), OJ No. L 119 of 4 May 2016 p. 1; Sections 1, 18 (1) and 24 (1) and (5) of the Data Protection Act7 KB (900 words) - 16:20, 15 November 2022
- DSB (Austria) - 2021-0.820.321 (category Article 51(1) GDPR)basis: Article 51 (1), Article 57 (1) (f) and Article 77 (1) of Regulation (EU) 2016/679 (General Data Protection Regulation, hereinafter: GDPR), OJ No18 KB (2,823 words) - 13:18, 9 December 2021
- DSB (Austria) - 2021-0.568.642 (category Article 51(1) GDPR)Paragraph 1 lit. f, Art. 51 Paragraph 1, Art. 57 Paragraph 1 lit. Basic Regulation, hereinafter: GDPR), OJ No. L 119 of 4.5.2016 p. 1; Sections 1 (1), 18 (1)33 KB (5,128 words) - 09:43, 2 December 2021
- DSB (Austria) - 2021-0.119.956 (category Article 51(1) GDPR)Regarding points 1 and 2 a) Basic information about Article 15 GDPRa) Basic information about Article 15 GDPR Pursuant to Article 15 Para. 1 GDPR, the data subject50 KB (8,021 words) - 15:40, 18 January 2024
- Datatilsynet (Norway) - 20/02136 (notification) (category Article 51(1) GDPR)legal basis under Article 6(1) GDPR, and special category personal data without a valid exemption from the prohibition in Article 9(1) GDPR. Grindr has until77 KB (11,517 words) - 10:36, 22 October 2022
- CJEU - C-33/22 - Österreichische Datenschutzbehörde (category Article 2(2)(a) GDPR)outlined in Article 2(2)(a) GDPR. The DPA appealed this decision. The Supreme Administrative Court referred three questions to the CJEU: 1) Does the GDPR apply8 KB (1,127 words) - 08:53, 30 January 2024
- AEPD (Spain) - EXP202305050 (category Article 58(1) GDPR)Agency sanction QUALITY for an infringement of Article 58.1 of the GDPR, typified in Article 83.5 of the GDPR, with a fine of €20,000.00. This proposed resolution57 KB (9,217 words) - 10:44, 13 December 2023
- categories of data established in Article 9(2)(a) GDPR, Article 9(2)(c) GDPR, Article 9(2)(g) GDPR and Article 9(2)(i) GDPR directly correlate with a specific44 KB (5,905 words) - 14:00, 24 October 2023
- consent under Article 6(4) GDPR and further processing for a compatible purpose under Article 6(4) GDPR. See the commentary on Article 6(4) GDPR for details51 KB (6,355 words) - 08:25, 18 April 2024
- APD/GBA (Belgium) - 136/2023 (category Article 5(1)(f) GDPR)violating Article 5(1)(f) GDPR, Article 5(1)(a) GDPR, Article 5(2) GDPR, Article 12 GDPR, Article 13 GDPR, Article 14 GDPR, Article 24(1) GDPR, and Article58 KB (9,184 words) - 16:49, 12 December 2023
- opening clause under Article 88(1) GDPR, any rules introduced must meet the criteria imposed by Article 88(2) GDPR. Lastly, Article 88(3) GDPR imposes an obligation32 KB (3,228 words) - 13:32, 30 November 2023
- BVwG (Austria) - W211 2268942-1 (category Article 55(3) GDPR)accordance with Section 1 Paragraph 1 of the GDPR by not observing the principles in accordance with Articles 5 and 6 of the GDPR. The complaint in question75 KB (12,118 words) - 15:46, 14 February 2024
- exercise on their behalf all rights foreseen under Articles 77 and 78 GDPR and Article 20 of L. 4624/2019. The mandate shall be given with a specific written23 KB (2,039 words) - 08:15, 25 April 2024
- APD/GBA (Belgium) - 31/2022 (category Article 5(1)(a) GDPR)would be based 5. 1, a) GDPR, Article 6, Article 12.1 GDPR and Article 14.1 a) GDPR. 67. Moreover, a controller, in this case defendant 1, cannot suffice84 KB (12,933 words) - 16:46, 12 December 2023
- Articles 4(11), 6(1)(a), 7 and 8 GDPR. For the definition of 'consent', see the more commentary under Article 6(1)(a) GDPR and Article 7 GDPR. For the definition125 KB (16,328 words) - 16:01, 8 March 2024
- Article 67 GDPR (category Article 67 GDPR)Commission (covering Articles 64 to 66 GDPR). For the purposes of the pilot project, the SAs referred to in Article 51 GDPR and the EDPB shall be considered15 KB (810 words) - 16:13, 2 November 2023
- all related decisions in Category:Article 75 GDPR Dix, in Kühling, Buchner, DS-GVO BDSG, Article 75 GDPR, margin number 1 (C.H. Beck 2020, 3rd edition). Case20 KB (1,347 words) - 14:21, 17 October 2023
- specific rules. Article 82 GDPR introduces a right to compensation for damage caused as a result of an infringement of the GDPR. Article 82(1) contains the33 KB (4,215 words) - 09:57, 19 March 2024
- Article 52 GDPR (category GDPR Articles) (section (1) Complete independence of supervisory authorities (SAs))the GDPR do not apply. Member States can establish one or several SAs for monitoring the implementation of the GDPR (Article 51 GDPR). Article 52(1) GDPR47 KB (5,594 words) - 22:45, 1 April 2024
- APD/GBA (Belgium) - 105/2023 (category Article 5(1)(a) GDPR)((articles 5. 1, a) GDPR , 12.1 GDPR and 14.1 a) and c) GDPR) and how the accountability obligation was fulfilled (art 5.2 GDPR and 24 GDPR). The parties102 KB (15,787 words) - 07:39, 6 September 2023
- resolution mechanism under Article 65 GDPR in connection with Article 63 GDPR is triggered (Article 60 (4) GDPR). Article 60(2) GDPR clarifies that also in35 KB (4,017 words) - 16:04, 18 March 2024
- commentary to Article 60 GDPR, Article 61 GDPR, Article 62 GDPR, Article 63 GDPR, Article 64 GDPR, Article 65 GDPR, Article 66 GDPR and Article 56 GDPR. The SA60 KB (7,796 words) - 20:12, 1 April 2024
- Article 83 GDPR (category GDPR Articles) (section (6) Non-compliance with orders pursuant to Article 58(2) GDPR)flows by the SA pursuant to Article 58(2) GDPR or failure to provide access in violation of Article 58(1) GDPR. Article 83(6) GDPR is a superfluous provision55 KB (7,622 words) - 14:04, 7 November 2023
- between Article 21(3) GDPR and Article 17 GDPR on the right to erasure must be considered. The tight relationship between Article 21(3) and Article 17(1)(c)49 KB (5,993 words) - 06:22, 16 June 2023
- VG Ansbach - AN 14 K 22.00468 (category Article 6(1)(f) GDPR)58(2)(b) GDPR responsible for issuing a warning pursuant to Article 51(1) GDPR and Section 40 BDSG in conjunction with Article 18(1) sentence 1 BayDSG.38 KB (6,226 words) - 15:30, 18 January 2023
- Article 15 GDPR (category GDPR Articles) (section Additional information under Article 15(1)(a) to (h))further details see Article 14(1)(d) GDPR. Similar to the ex-ante information in Article 13(1)(e) and 14(1)(e) GDPR, Article 15(1)(c) GDPR requires the controller73 KB (9,896 words) - 15:46, 18 March 2024
- Regulation (GDPR), Article 91 GDPR, p. 1263 (Oxford University Press 2020). Tosoni, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article25 KB (2,482 words) - 10:04, 19 March 2024
- Article 55 GDPR (category GDPR Articles) (section (1) Territorial competence of supervisory authorities (SAs))which would be competent under Article 55(1) GDPR, as provided in Article 56 GDPR in connection with Article 60 GDPR. For more information see commentary35 KB (3,971 words) - 21:34, 1 April 2024
- mentioned in Article 26(1), but also encompasses other obligations of controllers under the GDPR. EDPB: This extends to various obligations under the GDPR, including37 KB (3,915 words) - 12:49, 24 May 2023
- under Article 13 should not be too long. Article 12 GDPR may be limited by Union or national Law in accordance with Article 23 GDPR. Article 12(1) GDPR76 KB (11,304 words) - 08:37, 4 March 2024
- Article 53 GDPR (category GDPR Articles) (section (1) Authority appointing the members of the supervisory authority (SA))the SAs' tasks, please refer to Article 57 GDPR and for their powers please refer to Article 58 GDPR. See Recital 122 GDPR. In this respect, reference should29 KB (2,894 words) - 23:06, 1 April 2024
- Article 99 GDPR (category Article 99 GDPR)shall apply from 25 May 2018. There is no relevant recital for Article 99 GDPR. Article 99 GDPR sets out the dates of the Regulation's entry into force and12 KB (295 words) - 08:25, 19 October 2023
- Article 29 GDPR (category GDPR Articles) (section Commonalities and differences in relation to Article 28(3)(b) GDPR)relevance of Article 29 GDPR were rooted in the fact that Article 28(3)(b) GDPR already seems to cover much of the scope of Article 29 GDPR. More specifically13 KB (674 words) - 13:15, 2 June 2023
- Article 96 GDPR (category Article 96 GDPR)protected by Article 96 GDPR if it is found to be incompatible with other GDPR provisions. → You can find all related decisions in Category:Article 96 GDPR It follows13 KB (450 words) - 08:22, 19 October 2023
- Article 94 GDPR (category Article 94 GDPR)under the GDPR. → You can find all related decisions in Category:Article 94 GDPR Kühling, Raab, in Kühling, Buchner, GVO BDSG, Article 94 GDPR, margin numbers13 KB (530 words) - 09:40, 3 October 2023
- Article 87 GDPR (category Article 87 GDPR)process them. This was already the case under Article 8(7) of the DPD, the precursor of Article 87 GDPR. In many Member States, the processing of NIN and15 KB (660 words) - 09:37, 1 December 2023
- Article 97 GDPR (category Article 97 GDPR)recitals for Article 97 GDPR. Article 97 GDPR imposes a "comprehensive reporting obligation" upon the Commission. The first paragraph of Article 97 GDPR sets out16 KB (778 words) - 08:24, 19 October 2023
- decisions in Category:Article 74 GDPR For more on this point, see Article 72 GDPR. Dix in Kühling, Buchner, DS-GVO BDSG, Article 74 GDPR, margin number 7 (C15 KB (808 words) - 09:44, 17 October 2023
- Article 59 GDPR (category GDPR Articles)accordance with Article 58(2) [GDPR]”. These is a reference to the information that SAs must keep in internal records according to Article 57(1)(u) GDPR. The report15 KB (718 words) - 15:31, 19 October 2023
- in the EDPB's Rules of Procedure (“RoP”). Article 33(1) RoP stipulates that in “accordance with Art 76 (1) GDPR”, discussions of the Board and of expert15 KB (787 words) - 08:17, 19 October 2023
- Article 48 GDPR (category GDPR Articles)subject to the GDPR or, in cases where they are not established in the EU, act within the material and territorial scope of the GDPR. Article 48 GDPR refers to14 KB (716 words) - 15:19, 28 April 2022
- Article 10 GDPR (category GDPR Articles)from Article 6(1) GDPR and comply with the principles enshrined in Article 5 GDPR. Additionally, the processing will still be subject to other GDPR provisions17 KB (1,768 words) - 15:41, 18 March 2024
- non-material damage. Article 32(1) GDPR reflects the principle of integrity and confidentiality enshrined in Article 5(1)(f) GDPR. The controller and the41 KB (5,197 words) - 12:17, 17 April 2024
- Article 24 GDPR (category Article 24 GDPR) (section (1) Appropriate technical and organisational measures)(e.g. Article 25 (1) and (2), Article 28(1), Article 32(1) GDPR, Article 89(1) GDPR). These measures can also be regarded as measures under Article 24(1)30 KB (3,458 words) - 10:31, 25 April 2024
- Article 63 GDPR (category Article 63 GDPR)to in Article 46(2)(d) GDPR, contractual clauses referred to in Article 46(3)(a) GDPR, or binding corporate rules within the meaning of Article 47 GDPR15 KB (851 words) - 06:55, 29 April 2022
- the information society service(s)." According to Article 4(25) GDPR, which in turn refers to Article 1(1) of Directive (EU) 2015/1535, an "information society19 KB (1,335 words) - 13:56, 24 October 2023
- Article 98 GDPR (category Article 98 GDPR)accordance with Article 98'. → You can find all related decisions in Category:Article 98 GDPR The CJEU has yet to rule on Article 98 GDPR. Nonetheless, the15 KB (943 words) - 09:58, 8 November 2023
- Article 19 GDPR (category GDPR Articles)of Article 15(1)(c) GDPR, which permits in certain cases that the information provided is limited to "categories of recipient[s]": Article 15 GDPR is a19 KB (1,436 words) - 12:35, 12 May 2023
- unlike delegated acts made under Article 92 GDPR. Article 93(2) GDPR explicitly provides for the application of Article 5 of Regulation (EU) No 182/201117 KB (1,096 words) - 08:19, 19 October 2023
- Article 44 GDPR (category GDPR Articles)important to note that Article 13(1)(f) GDPR, Article 14(1)(f) GDPR, Article 15(1)(c) GDPR and Article 15(2) GDPR, make specific reference to transfers of personal21 KB (1,831 words) - 08:51, 27 March 2023
- Article 50 GDPR (category GDPR Articles)exchange of knowledge between them. This way, Article 50 GDPR expands the exhortation under Article 57(1)(g) GDPR that calls for cooperation between EU DPAs17 KB (1,142 words) - 15:41, 28 April 2022
- proposed amendments to the GDPR (pursuant to Article 70(1)(b) GDPR). Although not explicitly mentioned in Article 69(2) GDPR, the requirement that the Board18 KB (1,327 words) - 12:36, 14 December 2023
- practices published under Article 70(3) GDPR. Though Article 70(3) GDPR already obliges the EDPB to make these public, Article 71(2) GDPR ensures that the public15 KB (1,196 words) - 08:15, 19 October 2023
- access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction (Article 18 GDPR), notification (Article 19 GDPR) or data46 KB (5,825 words) - 11:12, 7 November 2023
- falls outside the scope of Article 57 GDPR should be deemed inadmissible for the purposes of Article 31 GDPR. Article 31 GDPR can be read as a supporting22 KB (2,042 words) - 14:29, 20 November 2023
- establishes an EU-wide penalty regime for violations under Article 83 GDPR, Article 84(1) GDPR dispenses with complete harmonisation. It does, however, provide19 KB (1,477 words) - 14:12, 7 November 2023
- will not have to submit another request for erasure under Article 17(1)(b) GDPR. Article 7(4) GDPR provides some useful guidance on the factors to be taken31 KB (3,489 words) - 16:00, 8 March 2024
- Recital 167 GDPR and Article 291 TFEU, the aim of implementing acts is to “ensure uniform conditions for implementing” the GDPR. In its GDPR Certification22 KB (1,634 words) - 14:40, 28 July 2023
- Article 95 GDPR (category Article 95 GDPR)situation, Article 95 GDPR will not be relevant, and the GDPR applies as normal. Notably, Recital 173 GDPR, which relates to Article 95 GDPR, omits reference20 KB (1,539 words) - 08:21, 19 October 2023
- binding decision under Article 66 GDPR, at the request of the Hamburg SA which adopted provisional measures under Article 66(1) GDPR, based on its consideration20 KB (1,590 words) - 16:11, 2 November 2023
- Article 16 GDPR (category GDPR Articles)However, Article 5(1)(d) GDPR gives the controller some leeway to continue processing inaccurate data - see more details under Article 5(1)(d) GDPR. Article23 KB (2,489 words) - 23:24, 6 March 2024
- simple majority principle under Article 72(1) GDPR would have applied regardless of Article 73(1) GDPR. In addition, the GDPR explicitly legislates for a simple19 KB (1,530 words) - 14:23, 12 October 2023
- from any of the GDPR’s protections. → You can find all related decisions in Category:Article 39 GDPR Just as Article 38 GDPR, Article 39 GDPR also shows similarities23 KB (2,165 words) - 15:10, 27 July 2023
- decisions pursuant to Article 65 GDPR (Article 70(1)(t) GDPR). Article 68 GDPR is the first of nine Articles (Articles 68-76 GDPR) governing the EDPB set20 KB (1,632 words) - 10:01, 11 October 2023
- Article 92 GDPR (category Article 92 GDPR) (section (2) Delegation of power under Article 12(8) and 43(8) GDPR)first glance, Article 92 GDPR's wording seems to be in conflict with Article 290(1) TFEU, but in actuality it is not. Article 92(2) GDPR must be read in19 KB (1,525 words) - 08:18, 19 October 2023
- accordance with Article 58(1) GDPR. Article 90 GDPR was drafted with a view to regulate potential conflicts between the application of the GDPR on the one hand18 KB (1,599 words) - 12:26, 29 April 2022
- Article 11 GDPR (category GDPR Articles) (section (1) If the data subject is not identified, the GDPR applies in part)subjects - which would be counterproductive. Article 11 GDPR is meant to address this matter. Under Article 11(1) GDPR, when a processing operation does not or20 KB (1,854 words) - 16:32, 8 March 2024
- affected since, under Article 28(1) GDPR, a controller shall only use processors providing the same standards under Article 25 GDPR. Manufacturers or producers43 KB (4,675 words) - 06:43, 16 June 2023
- 64(2) GDPR). The remaining paragraphs of Article 64(3)-(8) GDPR lay down substantive rules and a detailed procedure for the EDPB’s opinions. Article 64(1) GDPR23 KB (2,079 words) - 16:07, 2 November 2023
- Article 38 GDPR (category GDPR Articles) (section (1) DPO's involvement in any data protection issues)Regulation (GDPR): A Commentary, Article 38 GDPR, p. 707 (Oxford University Press 2020). Bergt, in Kühling, Buchner, DS-GVO BDSG, Article 38 GDPR, margin number29 KB (2,951 words) - 14:19, 25 July 2023
- framework of voluntary cooperation provided for in Article 62(1) GDPR is partly supplemented by Article 62(2) GDPR, which contains several cases in which joint22 KB (1,915 words) - 13:46, 15 January 2024
- with the GDPR (Article 31 GDPR). Direct liability of the representative is limited to the obligations set out in Article 30 and Article 58(1)(a) GDPR. Article25 KB (2,418 words) - 14:11, 24 May 2023
- Article 61 GDPR (category Article 61 GDPR) (section (1) Exchange of information and mutual assistance)request (Article 61(5) GDPR), the requesting SA may adopt a provisional measure on the territory of its Member State under Article 55(1) GDPR. If the SA24 KB (2,181 words) - 11:46, 15 January 2024
- compliance with the GDPR under Article 58(2)(d) GDPR or even ban it under Article 58(2)(f) GDPR. Therefore, complaints under Article 77 GDPR should extend to33 KB (3,641 words) - 09:51, 19 March 2024
- Press 2020). Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1090. Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1090. CJEU22 KB (2,177 words) - 10:01, 19 March 2024
- within the meaning of Article 72(1) GDPR. The GDPR does not contain detailed content requirements for the RoP. Article 74(2) GDPR only stipulates that the22 KB (2,266 words) - 08:26, 17 October 2023
- Article 70 GDPR (category Article 70 GDPR) (section (1) Tasks to ensure the consistent application of the Regulation)leeway exists only in cases of Article 64(2) GDPR but not the context of Article 70(2) GDPR. According to Article 70(3) GDPR, the EDPB is obligated to “forward27 KB (3,038 words) - 12:19, 11 October 2023
- Article 30 GDPR (category GDPR Articles) (section (1) Record of processing activities by the controller)requirements of data minimization (Article 5(1)(c) GDPR) and storage limitation (Article 5(1)(e) GDPR). Under Article 30(1)(f) GDPR, where possible, the controller31 KB (3,327 words) - 15:31, 5 June 2023
- access (Article 15 GDPR), rectification (Article 16 GDPR), deletion (Article 17 GDPR), restriction of processing (Article 18 GDPR), objection (Article 21 GDPR)34 KB (3,646 words) - 08:53, 27 March 2023
- other DPAs concerned. The BCR Lead the submits, following Article 64(1) GDPR and Article 64(4) GDPR, a draft decision to the EDPB. The EDPB, in turn, issues29 KB (2,823 words) - 15:15, 28 April 2022
- Article 42 GDPR (category GDPR Articles) (section (1) Defining certification mechanisms, data protection seals, and marks)difference between Article 42(1) GDPR and Article 42(2) GDPR is that in the former, the applicant for certification is subject to the GDPR, while in latter27 KB (2,452 words) - 14:26, 28 July 2023
- the parties. Section 100 of the Slovak Data Protection Act implements Article 77 GDPR. The complaint shall include (Section 100 (3)): The name, surname, correspondence9 KB (1,006 words) - 07:13, 7 July 2021
- complaint under Article 77(1) GDPR on behalf of the data subject and to represent the them before all supervisory authorities (“SA”) (Article 4(21) GDPR). Secondly26 KB (2,575 words) - 15:50, 9 November 2023
- Article 34 GDPR (category GDPR Articles) (section (1) Communication of a personal data breach to the data subject)the competent supervisory authority of such a breach. Article 34(1) GDPR differs from Article 33 GDPR. Instead of having to notify the supervisor authority37 KB (3,962 words) - 15:20, 16 June 2023
- clear from the wording of Article 41(1) GDPR. Article 41(1) GDPR does not define accreditation. Nonetheless, Article 41(2) GDPR provides a criterion against30 KB (2,720 words) - 14:02, 28 July 2023
- explicit wording of Article 81 GDPR does not limit its application to proceedings instigated either under Article 78 GDPR or Article 79 GDPR. Secondly, the27 KB (2,619 words) - 14:52, 16 November 2023
- deadline of Article 36(1) GDPR, and it is still disputed whether the outcome of the procedure rather resembles that of Article 58(3)(a) GDPR or Article 58(3)(b)31 KB (3,646 words) - 08:51, 21 July 2023
- proceedings under Article 79(1) GDPR where no subjective rights under the GDPR are concerned. For example, a data subject cannot use Article 79(1) GDPR to bring31 KB (3,550 words) - 11:11, 29 November 2023
- Article 18 GDPR (category GDPR Articles) (section (d) Objection to processing under Article 21(1) GDPR)the basis of (i) its legitimate interest (Article 6(1)(f) GDPR) or (ii) the public interest (Article 6(1)(e) GDPR). Hence, data subjects may find themselves32 KB (3,730 words) - 08:43, 7 March 2024
- elements in Article 2(1) are fulfilled, the GDPR applies unless the processing falls under one of the exemptions named in Article 2(2)(a) to (d) GDPR. The first34 KB (4,652 words) - 12:07, 12 November 2023
- Article 85 GDPR (category Article 85 GDPR) (section (1) Reconciling data protection rules with freedom of expression)into force of the GDPR. Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1073. Spiecker et al., GDPR Article-by-Article Commentary (2023)33 KB (3,748 words) - 14:25, 7 November 2023
- According to the final paragraph in Article 49(1) GDPR, when none of the derogations described above (Article 49(1)(a-g) GDPR) is applicable, transfers to third29 KB (3,500 words) - 08:54, 27 March 2023
- Article 17 GDPR (category GDPR Articles) (section (i) Erasure following objection under Article 21(1))provided for in Article 6(1)(a) GDPR or, as the case may be, Article 9(2)(a) GDPR, and consent is withdrawn according to Article 7(3) GDPR, data must be61 KB (8,488 words) - 15:47, 18 March 2024
- categories of data listed under Article 9(1) GDPR. There have been conflicting arguments as to whether Article 22(1) GDPR lays down a right or a general31 KB (4,768 words) - 06:24, 16 June 2023
- Article 89 GDPR (category Article 89 GDPR) (section (1) Mandatory Appropriate Safeguards for Archiving Purposes in the Public Interest, Scientific or Historical Research Purposes,...)Hence, Article 89(2) and (3) GDPR also allow for specific derogation to the GDPR for these purposes, as further detailed below. Article 89(1) GDPR provides29 KB (3,695 words) - 13:44, 21 March 2024
- additional benefit of Article 14(1)(d) GDPR may be questionable, if one agrees that Article 14(1)(c) (see commentary on Article 13(1)(c) GDPR) already requires47 KB (5,644 words) - 17:49, 5 March 2024
- the application of the GDPR. You can find further details about the territorial scope in Article 3 GDPR. According to Article 1(2), the Regulation generally28 KB (3,831 words) - 16:21, 14 March 2024
- Article 78 GDPR (category GDPR Articles) (section (1) Right to an effective judicial remedy against an SA's decision)or infringes the GDPR or any other applicable laws, including national ones. See commentary under Article 77 GDPR. Article 78(1) GDPR establishes both30 KB (3,874 words) - 10:46, 7 December 2023
- lead SA (“LSA”) (Article 65(1)(b) GDPR), and where a SA is not following an opinion of the EDPB (Article 6(1)(c) GDPR). Article 65(1)(a) GDPR addresses the33 KB (4,185 words) - 16:09, 2 November 2023
- Article 13 GDPR (category GDPR Articles) (section Automated decision-making ... referred to in Article 22(1) and (4))reliance on Article 6(1)(f) GDPR or at least exercise the right to object under Article 21 GDPR. If the legal basis is Article 6(1)(f) GDPR (i.e. 'legitimate71 KB (9,532 words) - 13:30, 6 March 2024
- the territorial scope of the GDPR (Article 3)’, 12 November 2019 (Version 2.1), p. 16 (available here) referring to Article 1(1)(b) Directive (EU) 2015/153537 KB (4,635 words) - 13:29, 24 October 2023
- Article 23 GDPR (category GDPR Articles) (section Consultation with the DPAs (Articles 36(4) and 57(1)(c) GDPR))access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction of processing (Article 18 GDPR), notification obligation44 KB (4,896 words) - 06:25, 16 June 2023
- Article 37 GDPR (category GDPR Articles) (section (1) Obligation to designate a data protection officer)surveillance cameras, it was therefore in breach of Article 37(1)(b) GDPR by not having a DPO. Article 37(1) GDPR specifies three conditions in which the designation43 KB (4,904 words) - 12:59, 21 July 2023
- Article 33 GDPR (category GDPR Articles) (section (1) Controller's notification in the event of a personal data breach)agreement on joint responsibility as required under Article 26(1) of the GDPR. Article 33(1) GDPR outlines that controllers (as defined above) have an54 KB (6,536 words) - 08:22, 16 June 2023
- up. Indeed, the wording of Article 40(1) establishes that they “shall encourage” this (emphasis added). Article 40(1) GDPR clarifies that codes of conduct44 KB (5,008 words) - 14:50, 28 July 2023
- must also be involved in the drafting of the DPIA under Article 35(2) GDPR and Article 39(1)(c) GDPR, and their advice should be recorded by the controller52 KB (7,297 words) - 08:05, 18 July 2023
- with the support of the EDPB in accordance with Article 70(1)(b) GDPR. According to Article 45(5) GDPR, the continued monitoring referred to in paragraph43 KB (5,641 words) - 14:58, 28 April 2022
- consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and (b) the processing is40 KB (5,349 words) - 07:05, 1 June 2023
- processing), Article 57 GDPR (tasks of SAs), Article 58 GDPR (powers of SAs), as well as Article 65 GDPR (dispute resolution by the board), Article 63 GDPR (consistency55 KB (7,446 words) - 22:28, 1 April 2024
- mechanism referred to in Article 63 GDPR (Article 28(8) GDPR). The Commission has made use of its power under Article 28(7) GDPR and published standard contractual72 KB (9,140 words) - 13:12, 2 June 2023
- Article 6 GDPR (category GDPR Articles) (section Tension with Article 5 and 12 GDPR in case of routine reliance on Article 6(4) GDPR)possible "legitimate interest" under Article 6(1)(f) GDPR. Equally to Article 6(1)(c) GDPR, Article 6(2) and (3) GDPR require that Union or Member State108 KB (17,005 words) - 15:39, 18 March 2024
- of such processing (see Article 5(1)(b) GDPR), the requirement to have a legitimate basis laid down by law (see Article 6(1) GDPR), the right to access and48 KB (5,978 words) - 15:57, 1 February 2024
- HDPA (Greece) - 23/2020 (category Article 4(1) GDPR)principle of proportionality (Article 8(1) CFR, Article 9A Greek Constitution, Recital 64 GDPR), underlined that the GDPR totally respects all fundamental9 KB (1,089 words) - 15:35, 6 December 2023
- HDPA (Greece) - 33/2020 (category Article 51 GDPR)presenting the principles of data processing of Article 5(1) GDPR, underlined that, based on Article 5(2) GDPR, it is the data processor's responsibility to20 KB (2,270 words) - 15:37, 6 December 2023
- HDPA (Greece) - 20/2020 (category Article 6(1)(e) GDPR)explanatory statement of the law, Article 10 defines the Authority’s competence in compliance with Article 55 GDPR.Article 55 GDPR provides for a restriction29 KB (4,578 words) - 15:35, 6 December 2023
- protection authorities (Art. 78.1 GDPR), as well as by the possibility to bring actions directly in court (Art. 79 GDPR). Against the decisions that put15 KB (1,875 words) - 16:18, 13 July 2022
- than those expressly indicated in Article 22(1), with the exception of personal data referred to in Article 10 GDPR. This means that data concerning criminal9 KB (1,215 words) - 16:58, 18 May 2021
- EDPB - Urgent Binding Decision 01/2023 (category Article 6(1)(f) GDPR)advertising purposes on the basis of Article 6(1)(b) GDPR and Article 6(1)(f) GDPR, pursuant to Article 58(2)(f) GDPR, to be effective one week after notification346 KB (48,181 words) - 16:39, 12 December 2023
- BVerfG - 1 BvR 16/13 (category Article 17 GDPR)third-party action (1.). On the complainant's side, his general right of personality (Article 2.1 in conjunction with Article 1.1 of the Basic Law) in133 KB (21,944 words) - 15:59, 22 March 2022
- NAIH (Hungary) - NAIH/2019/51/11 (category Article 5(1)(e) GDPR)The NAIH fined €1.500 an employer in the public sector for unlawful search in archived e-mail account of former employee. An employer searched in the archived3 KB (299 words) - 10:09, 17 November 2023
- HDPA (Greece) - 51/2021 (category Article 21(1) GDPR)organization (definition) Article 5.1: Data processing principles Article 5.1.a: Principle of legality, objectivity and transparency Article 5.1. b: Principle of9 KB (1,168 words) - 15:30, 6 December 2023
- the age of consent under GDPR is kept, namely 16 (art. 8.1 GDPR). See Article 7 of the national implementing law. See Article 5 of the national implementing16 KB (2,260 words) - 19:26, 30 November 2021
- AEPD (Spain) - PS/00341/2019 (category Article 21 GDPR)the authority initiated proceedings for the alleged infringement of Article 5(1)(d) GDPR against the political party aforementioned. The Political party acknowledged26 KB (4,032 words) - 14:31, 13 December 2023
- APD/GBA (Belgium) - 51/2023 (category Article 5(1)(b) GDPR)Articles 5.1.b) and 5.1.c) of the GDPR pursuant to Article 95, §1, 3° of the LCA; - pursuant to Article 58.2.c) of the GDPR and Article 95, § 1, 5° of the18 KB (2,611 words) - 12:45, 16 June 2023
- HDPA (Greece) - 51/2022 (category Article 4(1) GDPR)national law, Directive 01/2011 and Law 4624/2019, as well as the GDPR. According to Article 9(4) of Directive 01/2011, the transmission to third parties of13 KB (1,901 words) - 08:43, 9 November 2022
- Court of Appeal of Brussels - 2019/AR/1600 (category Article 5(1)(c) GDPR)connection with the violation of article/and 5.1. c); 6.1.; 13.1. (c);13.1(e) and13.2(a)AVG: r PAGE 01-00001582885-0002-0033-01- □1-� r L _JCourt of Appeal Brussels60 KB (9,144 words) - 16:17, 22 March 2022
- CJEU - C-252/21 - Meta Platforms and Others v Bundeskartellamt (category Article 6 GDPR)pursued by Meta pursuant to Article 6(1)(f) GDPR. Lastly, the CJEU noted that the fact that Article 6(1)(a) and Article 9(2)(a) GDPR must be interpreted as8 KB (1,231 words) - 08:22, 6 July 2023
- HDPA (Greece) - 1/2023 (category Article 21(1) GDPR)specifically cites Article 56(2) GDPR, the Greek DPA is competent to investigte this complaint pursuant to Article 55 GDPR. Article 56 applies where there6 KB (760 words) - 15:52, 28 February 2023
- HDPA (Greece) - 65/2022 (category Article 12(1) GDPR)found that there had been a violation of articles 12 para. 1, 3, 4 and 15 para. 1 of the GDPR, to the extent that the complained company never responded5 KB (571 words) - 16:39, 28 February 2023
- HDPA (Greece) - 38/2022 (category Article 51 GDPR)processing personal data, in line with the definition of Article 4(1) GDPR. In accordance with Article 5(3) GDPR, the controller had an obligation to demonstrate9 KB (974 words) - 15:54, 20 December 2022
- HDPA (Greece) - 24/2020 (category Article 51 GDPR)possibility of exercising their right to access (Article 15 GDPR), not mentioning any of the elements of Article 14 GDPR regarding the processing of data, but only8 KB (879 words) - 15:37, 6 December 2023
- Korkein hallinto-oikeus (Finland) - KHO:2021:125 (category Article 51 GDPR)of Directive 95/46 / EC (GDPR), Art. 51, 52, 53.1, 53.3, 53.4 and 54.1 (a) - (e) The Self-Government Act for Åland, section 1, section 3, subsection 246 KB (7,394 words) - 14:08, 21 March 2024
- Datatilsynet (Norway) - 21/03530 (category Article 6(1)(b) GDPR)it should have under Article 60 GDPR - Article 61(8) GDPR applied, which meant that the urgent need to act under Article 66(1) GDPR was presumed to be met99 KB (14,431 words) - 16:20, 6 December 2023
- BVwG - W258 2217446-1 (category Article 4(1) GDPR)personal data under Article 9(1) GDPR. Their processing would require the data subjects' explicit consent under Article 9(2)(a) GDPR and § 151(4) GewO,79 KB (12,652 words) - 09:41, 10 September 2021
- APD/GBA (Belgium) - 48/2021 (category Article 5(1)(a) GDPR)defendant on the basis of Article 100.1, 5 ° LCA given the breach noted in Article 6 of the GDPR combined with Article 5.1.a) of GDPR; - To dismiss the remainder43 KB (6,670 words) - 16:58, 12 December 2023
- DSB (Austria) - 2020-0.605.768 (category Article 41(1) GDPR)Para. 1 GDPR, which pursuant to Art. 57 Para. 1 lit. q GDPR in conjunction with Section 2 (2) of the ÜStAkk-V can be submitted to this. On point 1 (partial19 KB (2,799 words) - 13:52, 12 May 2023
- APD/GBA (Belgium) - 63/2020 (category Article 12(4) GDPR)georganiseerd door de AVG. 1 Gepubliceerd op de website van de GBA. Beslissing ten gronde 63/2020 - 6/8 18. Krachtens de artikels 51.1, 51.2 en 52.1 van de AVG moeten20 KB (2,982 words) - 17:00, 12 December 2023
- personal data, as organized in particular by the GDPR. 20. Under Articles 51.1, 51.2 and 52.1 of the GDPR, Member States must have one or more independent35 KB (5,303 words) - 17:01, 12 December 2023
- CJEU - C-667/21 - Krankenversicherung Nordrhein (category Article 5(1)(f) GDPR)least one of the conditions set out in Article 6(1) GDPR? On the topic of non-material damages 4) Does Article 82(1) GDPR have a specific or general preventive14 KB (1,916 words) - 16:03, 2 February 2024
- OVG Sachsen-Anhalt - 1 M 49/23 (category Article 53(1) GDPR)this regulation in accordance with Article 57 (1) (a) GDPR and which has the powers in accordance with Article 58 GDPR. For this reason alone, there was14 KB (1,999 words) - 14:20, 18 July 2023
- APD/GBA (Belgium) - 17/2020 (category Article 15(1) GDPR)once all the persona data mentioned by virtue of Article 15(1) GDPR, in the lights of Recital (63) GDPR. Thus, the authority ruled that the lack of a complete52 KB (8,603 words) - 16:55, 12 December 2023
- EDPB - Binding Decision 2/2022 - 'Instagram' (category Article 5(1)(c) GDPR)the performance of a contract (Article 6(1)(b) GDPR) and for legitimate interest (Article 6(1)(f) GDPR). Article 6(1)(b) GDPR In its original draft decision276 KB (38,206 words) - 09:46, 20 January 2023
- LG Essen - 6 O 190/21 (category Article 33 GDPR)itself, that the information and measures mentioned in Article 33(1)(b) to Article 33(1)(d) GDPR must also be communicated to the data subject. However28 KB (4,596 words) - 18:30, 18 November 2021
- LG Krefeld - 2 O 448/20 (category Article 15(1) GDPR)regarded as an access request under Article 15(1) GDPR. According to Recital 63 GDPR, the right of access under Article 15 GDPR serves data subjects to be informed17 KB (2,758 words) - 14:10, 15 December 2021
- AEPD (Spain) - PS/00127/2020 (category Article 13 GDPR)information duty included in Article 13 GDPR. Is this a violation of Article 13 GDPR? The AEPD held that there had been a violation of Article 13. According to the35 KB (5,363 words) - 14:02, 13 December 2023
- OLG Köln - 15 U 89/19 (category Article 17(3) GDPR)with Art. 2 para. 1, Art. 1 para. 1 GG, Art. 17 para. 1 lit. d) DSGVO, because her personal data is stored according to Art. 6 para. 1 lit. f. DSGVO had143 KB (24,273 words) - 15:59, 10 March 2022
- Recitals GDPR (section Recitals from the GDPR)practice. Recital 1: The protection of natural persons in relation to the processing of personal data is a fundamental right. Article 8(1) of the Charter182 KB (24,065 words) - 13:40, 9 July 2021
- AEPD (Spain) - PS/00128/2020 (category Article 6(1)(b) GDPR)breach of Article 13 GDPR? The AEPD held that the facts complained of involving the violation by the City Council of the provisions of Article 13 of the39 KB (5,912 words) - 14:02, 13 December 2023
- BAG - 9 AZR 383/19 (category Article 38(3) GDPR)Sentence 1, Section 102 Paragraph 1 BetrVG, Section 17 Paragraph 2 Sentence 1 KSchG) on the consultation (e.g. Section 90 Paragraph 2 Sentence 1, Section40 KB (6,019 words) - 14:13, 28 November 2023
- CNPD (Luxembourg) - Délibération n° 20FR/2021 (category Article 38(1) GDPR)of articles 38.1, 38.3, 39.1 a) and 39.1 b) of the GDPR; - to issue an injunction against Company A to comply with Article 38.1 of the GDPR, within four66 KB (9,458 words) - 19:42, 4 September 2021
- HDPA (Greece) - 56/2021 (category Article 13 GDPR)processing of personal data (Article 5(1) of the GDPR), must, in accordance with Article 12(1) of the GDPR. 1 of the GDPR, must take appropriate measures54 KB (8,916 words) - 15:22, 22 February 2022
- OLG Köln - 15 U 126/19 (category Article 17(1)(d) GDPR)to injunctive relief from § 29 para. 1 sentence 1 no. 2 BDSG old version, but from § 29 para. 1 sentence 1 no. 1 BDSG old version, although the "basic121 KB (20,412 words) - 15:58, 10 March 2022
- AZOP (Croatia) - Decision 21-07-2022 (car dealership) (category Article 27(1) GDPR)is against Article 27, Paragraph 1 of the Law on the Implementation of the General Regulation on Data Protection. In accordance with Article 51, paragraph3 KB (336 words) - 15:30, 30 October 2023
- CNIL (France) - SAN-2020-014 (category Article 9 GDPR)breach of Article 32 of the GDPR has occurred. B. On the failure to notify the data breach to the CNIL 32. Pursuant to Article 33 (1) of the GDPR, in the26 KB (4,050 words) - 17:10, 6 December 2023
- CNIL (France) - SAN-2019-005 (category Article 5(1)(e) GDPR)violates Article 32 GDPR. Retaining personal data of an applicant for a lease after another applicant has been selected also violates Article 5(1)(e) GDPR41 KB (6,558 words) - 17:09, 6 December 2023
- APD/GBA (Belgium) - 37/2020 (category Article 17 GDPR)provided for in Article 56(1), read in conjunction with Article 56(2), read in conjunction with Article 56(3), read in conjunction with Article 56(4), read131 KB (22,429 words) - 16:57, 12 December 2023
- AEPD (Spain) - PS/00148/2019 (category Article 6 GDPR)offence against privacy included in Article 197(1) of the Spanish Criminal Code, with the aggravating circumstance from Article 197(5) of being data related to48 KB (7,550 words) - 14:05, 13 December 2023
- LG München - 31 O 16606/20 (category Article 5(1)(f) GDPR)subject pursuant to Article 82(1) GDPR, for a theft of their personal identity and financial data, because it violated Article 32(1) GDPR which led to a data25 KB (4,028 words) - 07:10, 8 February 2022
- NAIH (Hungary) - NAIH/2020/5553 (category Article 12(3) GDPR)under Article 15 and with the one month deadline under Article 12(3). Was Google Ireland Ltd in breach of its obligations under GDPR Article 15(1) and Article27 KB (4,279 words) - 10:12, 17 November 2023
- BVerfG - 1 BvR 276/17 (category Article 17 GDPR)violation of the general right of personality under Article 1.1, Article 2.1 of the Basic Law (Article 7, Article 8 of the Basic Law) was to be taken into account127 KB (21,367 words) - 16:00, 22 March 2022
- AKI (Estonia) - 2.1-3/20/347 (category Article 15(1) GDPR)ee Representative of the appellant Taimi Rosenberg RESOLUTION: § 45 (1) 1), § 51 (1) 3) and 7) of the Public Information Act (AVTS), administrative proceedings26 KB (4,193 words) - 10:30, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9778094 (category Article 5(1)(a) GDPR)the processing of personal data of the data subject (Article 5(1)(a) GDPR; Article 6 and Article 8 of the Italian Legislative Decree No. 101 of August66 KB (10,708 words) - 11:29, 16 August 2022
- DSB (Austria) - 2020-0.083.190 (category Article 82(6) GDPR)Sections 17, 32 para 1, 56 para 2, 57 para 1 of the Administrative Criminal Act 1991 - VStG, Federal Law Gazette No 52/1991 as amended; Article 82 para 6 of Regulation8 KB (961 words) - 13:48, 12 May 2023
- CJEU - C-205/21 - Ministerstvo na vatreshnite raboti (category Article 9 GDPR)authorities for the purposes set out in Article 1(1) shall not be processed for purposes other than those set out in Article 1(1) unless such processing is authorised110 KB (18,000 words) - 08:01, 5 June 2023
- GHSHE (Netherlands) - 200.270.589 01 and 200.270.589 02 (category Article 6(1)(c) GDPR)is covered by Article 6, clause 1 (c) of the AVG and not by Article 6, clause 6 (f) of the AVG. The BKR itself refers to Article 6, clause 1 (f) of the GCG91 KB (15,371 words) - 15:11, 5 October 2021
- LG Magdeburg - 9 O 1571/20 (category Article 6(1) GDPR)Manifestation of the general right of personality, Article 2 Paragraph 1 GG in conjunction with Article 1 Paragraph 1 GG, or from Section 823 Paragraph 2 BGB in27 KB (4,216 words) - 13:26, 8 January 2024
- APD/GBA (Belgium) - 21/2022 (category Article 5(1)(f) GDPR) (section Accountability (Article 24 GDPR), data protection by design and by default (Article 25 GDPR), integrity and confidentiality (Article 5(1)(f) GDPR), as well as security of processing (Article 32 GDPR))meaning that no violation of Article 5(1)(e) GDPR could be established. Integrity and confidentiality - Article 5(1)(f) GDPR As explained above, the DPA429 KB (58,279 words) - 09:12, 2 November 2022
- AP (The Netherlands) - 26.11.2020 (category Article 32(1) GDPR)pursuant to article 32(1) of the GDPR. The AP disagrees. The conclusion of the AP that OLVG does not comply with article 32(1) of the GDPR by not meeting67 KB (11,415 words) - 17:15, 12 December 2023
- VGH Baden-Württemberg - 1 S 397/19 (category Article 5(1)(d) GDPR)analogous to Article 18 (1)(a) GDPR the Court held that § 12 of the German Registration Law explicitly exludes the application of Article 18 (1)(a) GDPR. According112 KB (19,310 words) - 08:08, 23 June 2022
- DSB (Austria) - 2022-0.296.352 (category Article 46(1) GDPR)anyway. In any case, suitable guarantees were required by Article 46(1) GDPR. Per Article 46(3)(b) GDPR, those guarantees could be provided for by provisions10 KB (1,335 words) - 13:39, 12 May 2023
- Norges Høyesterett - 2021-2403-A (category Article 5(1)(a) GDPR)other two conditions of Article 6 (1) (f) of the GDPR are not met. (26) The second condition of Article 6 (1) (f) of the GDPR is that the processing of46 KB (7,024 words) - 06:18, 6 March 2022
- EDPB - Binding Decision 5/2022 - 'Whatsapp' (category Article 4 GDPR)basis of Article 6(1)(b) GDPR: “...there is a risk that the Draft Decision’s failure to establish Whatsapp IE's infringement of Article 6(1)(b) GDPR, pursuant289 KB (33,568 words) - 15:00, 1 February 2023
- HDPA (Greece) - 6/2020 (category Article 17(1) GDPR)compliance with the principles of Article 5 (1) GDPR. 4. As, in accordance with the provisions of Article 4 (c) (d).1 GDPR is personal data “any information29 KB (4,557 words) - 15:33, 6 December 2023
- LAG Hessen - 9 Sa 1431/19 (category Article 15(1) GDPR)purpose limitation in accordance with Article 5 Paragraph 1 Letter b GDPR (Paal/Pauly/Paal, 3rd edition 2021, GDPR Article 15 Rn. 24). The plaintiff has a right32 KB (5,093 words) - 16:07, 11 September 2022
- Rb. Gelderland - AWB - 18 3073 (category Article 6 GDPR)fees. 2.1 Pursuant to Section 51 of the General Data Processing Implementation Act (Uitvoeringswet Algemene Verordening Datsverwerking (AVG))1, read in10 KB (1,424 words) - 12:09, 9 May 2022
- RvS - 201902417/1/A2 (category Article 6(1)(e) GDPR)time, which is a violation of the GDPR. As to the claim for damages, the CoS notes that though Article 82(1) of the GDPR states that full compensation for37 KB (5,721 words) - 12:41, 16 September 2021
- CJEU - C-77/21 - Digi (category Article 5(1)(b) GDPR)regarding Articles 5(1)(b) GDPR and 5(1)(e) GDPR and held that national courts had to determine, using the factors of Article 6(4) GDPR, whether further processing49 KB (7,800 words) - 09:22, 5 January 2024
- processing by the defendant can only be Article 6 (1) sentence 1 lit e) DSGVO (see b) or Article 6 (1) sentence 1 lit f) DSGVO (see c), the requirements51 KB (8,215 words) - 09:55, 13 May 2022
- APD/GBA (Belgium) - 54/2021 (category Article 4 GDPR) (section The notion of processing of personal data within the meaning of Article 4 GDPR)is maintained under Article 6.1 b) to f) of the GDPR and therefore in Article 6.1.c) invoked in the species. Article 6.1 of the GDPR in fact reproduces73 KB (11,238 words) - 16:59, 12 December 2023
- VG Hannover - 10 A 502/19 (category Article 5(1)(a) GDPR)basis of Art. 51 Paragraph 1 GDPR in conjunction with Section 40 Paragraph 1 Federal Data Protection Act (BDSG), Section 22 Paragraph 1 No. 1 NDSG . In this41 KB (6,779 words) - 12:35, 24 November 2021
- DSB (Austria) - D123.921/0005-DSB/2019 (category Article 1(2) GDPR)processing, even if this is not expressly mentioned in Art. 15 (1) GDPR. - Art. 15 para. 1 lit. b GDPR The general information on the data categories processed42 KB (6,592 words) - 13:58, 12 May 2023
- AEPD (Spain) - PS/00254/2019 (category Article 33(1) GDPR)infringement of Article 32.1 of the GDPR typified as a serious infringement in Article 73 f) of the LOPDGDD and in Article 83.4 of the GDPR. For its part39 KB (6,341 words) - 14:23, 13 December 2023
- APD/GBA (Belgium) - 51/2024 (category Article 5(1)(a) GDPR)6GDPR,Article 5.1.b),Article 5.1.a)j°Article 13andArticle 27 GDPR due to the current processing activities. 23. The purpose of this decision is to inform the19 KB (2,807 words) - 11:02, 17 April 2024
- HDPA (Greece) - 11/2024 (category Article 17(1) GDPR)ACCORDANCE WITH THE LAW 1. Since, from the provisions of articles 51 and 55 of the General Data Protection Regulation 2016/679 (GDPR) and article 9 of law 4624/201936 KB (5,761 words) - 17:19, 22 April 2024
- AG Düsseldorf - 51 C 206/23 (category Article 15(1) GDPR)accordance with Article 15 Paragraph 1 and 2 GDPR and also to provide a copy of all data in accordance with Article 15 Paragraph 3 Sentence 1 GDPR. 15 It is14 KB (2,030 words) - 09:55, 14 December 2023
- EDPB - Binding Decision 3/2022 - 'Meta (Facebook)' (category Article 4 GDPR)Articles 5(1)(a), 12(1) and 13(1)(c) GDPR within three months, to refer not only to information provided on data processed pursuant to Article 6(1)(b) GDPR, but53 KB (8,413 words) - 14:10, 30 January 2023
- LG Landshut - 51 O 513/20 (category Article 6(1)(a) GDPR)permissible. The legal basis for the above processing was Article 6(1)(b) GDPR and Article 6(1)(c) GDPR. The plaintiff was the owner of a flat in a residential20 KB (3,082 words) - 06:30, 25 July 2022
- BVwG - W211 2230221-1 (category Article 15(1)(c) GDPR)Austria and Germany: 1.1.1. For a right of choice for the person responsible: According to Haidinger in Knyrim, DatKomm Art 15 GDPR margin no. 39, the word19 KB (2,825 words) - 09:42, 26 November 2021
- OLG Dresden - 4 U 1905/21 (category Article 15(1) GDPR)on April 1, 2017 in the amount of €39.96, 14 Tariff B... increase on April 1, 2020 in the amount of €74.26, 15Tarif T... increase on April 1, 2017 in the40 KB (6,325 words) - 16:12, 18 May 2022
- LG Köln - 28 O 138/22 (category Article 82 GDPR)Sections 1004 analogously, Section 823 (1) and (2) BGB in conjunction with Article 6 (1) GDPR and Article 17 GDPR. Claims under data protection law could39 KB (6,362 words) - 14:01, 22 June 2023
- APD/GBA (Belgium) - 02/2021 (category Article 6 GDPR)Motifs 3.1 Compétence de la Chambre de Résolution des Litiges (Article 2 AVG ; Article 4 WOG) 55. Conformément à l'article 2, paragraphe 1, de l'AVG,96 KB (15,396 words) - 16:50, 12 December 2023
- APD/GBA (Belgium) - 15/2021 (category Article 15(1) GDPR)(see “1.2.4- As regards the complaint according to which the defendant hadless time than the complainant to prepare his arguments ”).1.1.1. Place1.1.1.1.-85 KB (13,724 words) - 16:52, 12 December 2023
- Court of Appeal of Brussels - 2020/AR/329 (category Article 57(1)(f) GDPR)submits that Article 77 AVG 2, interpreted in the light of Articles 1, 51(1) and 57 AVG, recitals 7, 10 and 141 AVG, Article 8 Charter and Article 16 TFEU,48 KB (7,560 words) - 09:03, 20 August 2021
- AEPD (Spain) - EXP202202960 (category Article 13 GDPR)violation of Article 35 of the GDPR, Article 32 of the GDPR and Article 13 of the GDPR, typified in Articles 83.5 of the RGPD and Article 83.4 of the RGPD149 KB (22,597 words) - 12:34, 3 April 2024
- TA Luxembourg - 45716 (category Article 51 GDPR)5application of Article 51, paragraph (1) of the GDPR and Article 4 of the law of 1 August 2018 monitoring the application of the GDPR by data controllers25 KB (3,774 words) - 13:55, 10 May 2023
- APD/GBA (Belgium) - 136/2022 (category Article 4(1) GDPR)right of access (Article 12(4) GDPR). The DPA held that data concerning the vehicle of the complainant is personal data (Article 4(1) GDPR), since the data19 KB (2,700 words) - 08:49, 29 June 2023
- CE - N° 429571 (category Article 6(1)(a) GDPR) (section On the CNIL's competence to interpret Article 6 GDPR)data (Article 9 GDPR)? Does the data controller have a legitimate interest to process credit card data of recurring purchasers under Article 6(1)(f)? Can19 KB (2,790 words) - 09:50, 10 September 2021
- HDPA (Greece) - 20/2021 (category Article 17(1) GDPR)considers that in accordance with Article 17 in in conjunction with Article 21 para. 3 of the GCP and Article 25 para. 1 of the GCP the conditions for enforcement20 KB (2,936 words) - 14:58, 22 November 2021
- APD/GBA (Belgium) - 149/2023 (category Article 5(1)(a) GDPR)to in Article 5(1) LRN, under which the controller did not fall in. Therefore, the controller breached Article 5(1)(a) GDPR and Article 6(1) GDPR, in conjunction113 KB (17,325 words) - 08:50, 19 March 2024
- VK Baden-Württemberg - 1 VK 23/22 (category Article 44 GDPR)within the meaning of Article 4 no. 2 of the GDPR and the term "transfer" within the meaning of Article 44 et seq. of the GDPR. GDPR had to be differentiated62 KB (10,113 words) - 12:48, 17 August 2022
- CNPD (Luxembourg) - Délibération n° 13FR/2023 (category Article 5(1)(b) GDPR)their employees. The DPA found a violation of Article 5(1)(b) GDPR, Article 5(1)(c) GDPR and Article 13 GDPR. Following a visit to the premises of two public96 KB (13,984 words) - 16:57, 6 December 2023
- BVwG - W211 2227144-1 (category Article 51 GDPR)held, that the powers of the DSB under the GDPR are extensive. Neither Article 55, Article 77 or Article 51 GDPR nor the DSG limit the DSB's competence regarding38 KB (5,801 words) - 10:08, 10 September 2021
- CNIL (France) - SAN-2020-012 (category Article 26(1) GDPR)in the same article 83. 111. Article 83 of the GDPR, as referred to in Article 20, paragraph III, of the Data Protection Act, provides: 1. Each supervisory93 KB (14,936 words) - 17:09, 6 December 2023
- HDPA (Greece) - 57/2021 (category Article 13 GDPR)pre-existing form of Article 11 of Law 3471/2006). However, with the provisions of article 16 par. 1 and 2 of law 3917/2011, par. 1 and 2 of article 11 of law 3471/200645 KB (7,165 words) - 15:22, 22 February 2022
- VG Mainz - 1 K 473/19.MZ (category Article 15(1) GDPR)which personal data could be deleted, the court concludes that Article 15 (1) (e) GDPR sets an obligation to inform a data subject about the existence31 KB (4,898 words) - 11:49, 19 April 2021
- APD/GBA (Belgium) - 25/2020 (category Article 5 GDPR)the basis of article 92, 3° of the WOG. 14. The inspection report shall identify potential breaches of Article 5(1). 2 of the AVG, Article 6 of the AVG84 KB (14,035 words) - 16:56, 12 December 2023
- OGH - 6Ob159/20f (category Article 12(1) GDPR)under Article 15 GDPR to the defendant and requested i.a. information on concrete recipients of their personal data under Article 15(1)(c) GDPR. The defendant22 KB (3,310 words) - 07:44, 5 October 2021
- DSB (Austria) - D122.844/0006-DSB/2018 (category Article 12(5) GDPR)under Article 15 GDPR and demanded free access to the historic bank transaction data. The bank argued that this would be a misuse of Article 15 GDPR and19 KB (2,936 words) - 13:55, 12 May 2023
- [The equivalent GDPR Article to Article 48(3)(a) EU GDPR is Article 46(3)(a) GDPR, and Article 50(1)(d) EU GDPR is Article 49(1)(d) GDPR.] Share blogs or73 KB (9,347 words) - 13:28, 26 July 2023
- IP (Slovenia) - 07141-9/2023/10 (category Article 17(1) GDPR)deletion request of the data in question, breaching Article 17(1) GDPR. Pursuant to Article 58(2)(d) GDPR, the DPA ordered the controller to remedy the irregularities6 KB (553 words) - 14:57, 6 December 2023
- BVwG - W245 2252208-1/36E and W245 2252221-1/30E (category Article 44 GDPR)the transmitted data (see point II.1.3 or II.1.3.1) at least in combination, personal data according to Art. 4 Z 1 DSGVO. For the lack of an appropriate158 KB (26,392 words) - 08:25, 7 June 2023
- relation to contraventions of the UK-GDPR, section 168 DPA 2018 provides that "non-material damage" in Article 82 GDPR includes distress. In relation to breaches61 KB (8,986 words) - 08:40, 22 February 2022
- BVwG - W214 2233132-1/13E (category Article 15(1)(c) GDPR)under Article 77 GDPR was very clear and limited in scope. However, the DSB went on to assert a violation of Article 12 GDPR and Article 15(1)(h) GDPR, acting47 KB (7,519 words) - 09:28, 13 February 2024
- Garante per la protezione dei dati personali (Italy) - 9524175 (category Article 5(1)(a) GDPR)Guarantor no. 1/2019 are met. Pursuant to Article 78 of the Regulation, Article 152 of the Code and Article 10 of Legislative Decree no. 150 of 1 September20 KB (3,133 words) - 15:53, 6 December 2023
- CNIL (France) - SAN-2020-009 (category Article 5(1)(a) GDPR)with the principle of fair and transparent processing contained in Article 5(1)(a) GDPR? Is the information relating to personal data processing operations48 KB (7,404 words) - 17:09, 6 December 2023
- DSB (Austria) - 2022-0.858.901 (category Article 6(1) GDPR)165/1999 as amended: Article 4, Article 5, Article 6, Article 51, Paragraph 1, Article 57, Paragraph 1, Letters a and h, Article 58, Paragraph 1, Letter b and19 KB (2,904 words) - 12:53, 17 April 2024
- APD/GBA (Belgium) - 170/2023 (category Article 24 GDPR)action under article 100, § 1, 1° of the st LCA, since no violation of the GDPR can be found in this regard. In accordance with article 108, § 1 of the LCA24 KB (3,525 words) - 15:29, 26 January 2024
- UODO (Poland) - DKE.561.17.2020 (category Article 58(1)(e) GDPR)entrepreneur. The DPA found that the controller violated Article 31 GDPR and Article 58(1)(e) GDPR and issued a warning to the entrepreneur. The entrepreneur22 KB (3,364 words) - 09:52, 17 November 2023
- BVwG - W298 2252644-1 (category Article 5 GDPR)01/01/2014 DSG Art. 1 § 1 today DSG Art. 1 § 1 valid from 01.01.2014 last changed by Federal Law Gazette I No. 51/2012 DSG Art. 1 § 1 valid from 01.01.200059 KB (9,918 words) - 11:29, 21 June 2023
- VSL - VSL00035084 (category Article 6(1)(c) GDPR)91/1, 91 / 1-1, 91/2. ZP-1 Article 2, 2/2, 136, 136/1, 136 / 1-1. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 201615 KB (2,384 words) - 14:38, 13 August 2020
- DPC (Ireland) - Meta Platforms Ireland Limited (Instagram) - IN-18-5-7 (category Article 4 GDPR)of Article 6(1)(b) GDPR, and to bring its processing into compliance with Article 6(1) GDPR. Furthermore, pursuant to Articles 58(2)(i) and 83 GDPR, and21 KB (3,069 words) - 14:17, 1 February 2023
- DSB (Austria) - 2021-0.347.702 (category Article 6(1)(f) GDPR)or by a third party. The court used Article 9(2)(f) GDPR to interpret legitimate interests under Article 6(1)(f) GDPR as including the establishment, exercise25 KB (3,875 words) - 10:36, 11 January 2024
- APD/GBA (Belgium) - 11/2024 (category Article 5(2) GDPR)established in Article 12(3) and (4) GDPR. Therefore, the Belgian DPA found the controller to have breached Article 15 GDPR in conjunction with Article 12(3) and26 KB (3,856 words) - 08:51, 19 March 2024
- Tietosuojavaltuutetun toimisto (Finland) - TSV/29/2020 (category Article 5(1)(c) GDPR)violated Article 5(1)(c) GDPR, Article 25(2) GDPR and Section 29(4) of the Finnish Data Protection Act. As a result, and in accordance with Article 58(2)(d)25 KB (3,651 words) - 09:37, 3 April 2024
- Garante per la protezione dei dati personali (Italy) - 9779057 (category Article 4(1) GDPR)the Guarantor pursuant to Article 166, paragraph 7, of the Code "(Article 16, paragraph 1, of the Guarantor Regulation no. 1/2019). The aforementioned63 KB (9,916 words) - 11:28, 16 August 2022
- APD/GBA (Belgium) - 31/2020 (category Article 5(1)(c) GDPR)the infringement of Article 5.1 c) AVG has been proven. f)Transparent information (Article 5.1(a); Article 12.1. and Article 13.1. and 13.2. AVG) 43.The48 KB (7,926 words) - 16:56, 12 December 2023
- CNIL (France) - SAN-2022-022 (category Article 17(1)(a) GDPR)requests for information according to Article 15(1) GDPR. The ‘Business secrecy’ exception only applied to Article 15(4) GDPR, where a data subject would request59 KB (9,623 words) - 17:03, 6 December 2023
- AP (The Netherlands) - 24.02.2022 (category Article 13(1)(e) GDPR)requirements of article 24 and 32, paragraph 1, AVG and further elaborated in article32, paragraph2, preamble, FISHOrdinancesBIO standards5.1.1,5.1.1.1and5.1.2.1.179 KB (22,957 words) - 17:07, 12 December 2023
- CBB - 20/935 (category Article 17 GDPR)connection with a possible exceeding of the reasonable term. Considerations 1.1 At the request of the appellant, the Foundation was registered in the trade13 KB (1,931 words) - 11:36, 10 November 2022
- CNIL (France) - SAN-2021-023 (category Article 56 GDPR) (section The material competence of the CNIL and the non-application of the "one-stop shop" mechanism provided for by the GDPR)"accept all" button be considered a breach of GDPR Article 4(11) and Article 7, read in conjunction with GDPR Article 5(3) -Privacy while the data controller120 KB (19,650 words) - 09:00, 6 April 2022
- VSL - VSL Sodba PRp 345/2019 (category Article 6(1)(c) GDPR)91/1, 91 / 1-1, 91/2. ZP-1 Article 2, 2/2, 136, 136/1, 136 / 1-1. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 201615 KB (2,332 words) - 08:39, 1 September 2020
- appeal is admissible; however, it is not justified. Legal assessment 1.1 Paragraph 1328a(1) of the ABGB states Anyone who unlawfully and culpably encroaches24 KB (3,763 words) - 09:49, 14 December 2023
- DSB (Austria) - 2020-0.816.655 (category Article 12(1) GDPR)4 line 16, Art. 12 para. 1, Art. 14 para. 1 to para. 5, Art. 15, Art. 51 para. 1, Art. 57 para. 1 lit. f and Art. 77 para. 1 of Regulation (EU) 2016/67928 KB (4,230 words) - 13:53, 12 May 2023
- APD/GBA (Belgium) - 28/2020 (category Article 6(1)(f) GDPR)be erased and thus also violates Article 17.1(c) AVG. 3.2. With regard to the infringement of Article 6.1 and Article 21.4 of the AVG 29. In its statement27 KB (4,363 words) - 16:56, 12 December 2023
- UODO (Poland) - DKE.561.13.2020 (category Article 58(1)(e) GDPR)(1)-(3), Article 83 (5)(e) in connection with Article 31, Article 58 (1)(e), Article 58 (2)(i) of Regulation EU 2016/679 of the European Parliament and27 KB (4,446 words) - 09:51, 17 November 2023
- NAIH (Hungary) - NAIH/2020/3479 (category Article 5(1)(d) GDPR)proceedings Article 77 (1) and Article 22 (b) of the General Data Protection Regulation. may be submitted in the case provided for in Under Article 77 (1) of the30 KB (4,563 words) - 10:12, 17 November 2023
- UODO (Poland) - DKE.561.16.2020 (category Article 58(1)(a) GDPR)1781) in connection with Article 31, Article 58(1)(a) in connection with Article 83(1)-(3) and Article 83(5)(e) of Regulation EU 2016/679 of the European28 KB (4,490 words) - 09:51, 17 November 2023
- CNPD (Luxembourg) - Délibération n° 24FR/2022 (category Article 12(1) GDPR)relation to the requirements prescribed by Article 12.1 of the GDPR (transparency obligation) and by Article 13 of the GDPR (right to information). The Head of82 KB (11,472 words) - 16:58, 6 December 2023
- UODO (Poland) - DKE.561.2.2020 (category Article 58(1)(e) GDPR)connection with Article 31, Article 58(1)(e) in connection with Article 83(1-3) and Article 83(5)(e) of Regulation 2016/679 of the European Parliament and of the27 KB (4,390 words) - 09:50, 17 November 2023
- CNIL (France) - SAN-2020-015 (category Article 32(1) GDPR)private doctor for violating Article 32 GDPR by making his patients' health data freely accessible on the web, and Article 33 GDPR by not notifying the DPA29 KB (4,374 words) - 16:03, 19 January 2024
- LAG Berlin-Brandenburg - 10 Sa 443/21 (category Article 15 GDPR)contrary to the plaintiff's view - does not follow from Art. 82 (1) GDPR. Art. 82 (1) GDPR would probably be directly applicable in national law. The defendant28 KB (4,527 words) - 15:58, 26 April 2022
- CNPD (Luxembourg) - Délibération n° 47FR/2021 (category Article 5(1)(c) GDPR)the processing is based on Article 6(1)(a) or on Article 9, (c) where the processing is based on Article 6(1)(a) or Article 9(2)(a), the existence of the69 KB (11,315 words) - 13:30, 19 January 2022
- NSA - III OSK 1789/22 (category Article 5(1)(c) GDPR)art. 35 section 1 and 3 u.s.g. and art. 1 of the Electoral Code in connection with Art. 91 section 1 u.s.g. and from art. 87 section 1 and 2 of the Constitution74 KB (12,347 words) - 13:46, 9 October 2023
- UODO (Poland) - DKN.5131.8.2022 (category Article 5(1)(f) GDPR)the laptop theft, in breach of Article 32(1) GDPR. Moreover, the DPA found a violation of Articles 24(1) and 25(1) GDPR because the controller failed to48 KB (7,609 words) - 12:24, 23 November 2022
- APD/GBA (Belgium) - 81/2020 (category Article 5(1)(c) GDPR)subjects required by Article 12.2. of the GDPR. 8.1.3. As for the breach of the principle of minimization (article 5.1 c) of the GDPR) 8.1.3.1. In view of the127 KB (21,484 words) - 17:01, 12 December 2023