Search results

not limited by recital 63 GDPR. Article 12(5), 15(1) and 15(3) GDPR impose an obligation on a controller to provide the data subject, free of charge, with

the City of Helsinki's Social services and healthcare division. As a part of an application process to volunteer as a support person for children and youth

information about categories of recipients is sufficient. A data subject sent an access request to the Austrian Post (the controller) to obtain information

investigation. As this is an international issue with complainants residing in various Member States, the Belgian DPA provides an interlocutory decision on

assessed by national courts. Such an interpretation is capable of ensuring the protection of personal data and the right to an effective judicial remedy against

Court pointed out there is no docuiment showing that the applicant submitted an inspection request of the procedural files at stake. Then, the Court clarified

24th February 2023 (Numero protocollo: 0033835) opened an investigation concerning ChatGPT, an AI service offered by the American company OpenAI. The investigation

The data subject made an access request (DSAR) to Wise Payments Limited ("Wise"), a financial institution with which he had an account. Wise declined

interface of the website. On the 23 September 2019, the controller learned that an ethical hacker managed to get access to the test database which contained

Anna Nichols Legal Trainee at noyb.eu n/a Please be aware that noyb employees, trainees, and members often act in their function as administrators of this

95/46 which is defined as any information relating to an identified or identifiable natural person, an identified person being one who can be identified directly

Administrative Court (BVwG): "This does not include provisions totalling EUR 18m for an administrative fine imposed on Austrian Post by the Austrian Data Protection

Constitutional Court, in Judgements 292/2000 and 254/1993, confirmed it as an autonomous right, independent of the rights to intimacy [privacy], honour

determining the conclusion of an employment agreement or for the execution of that agreement. There are provisions about the validity of an employee's consent, the

translation of the documents provided by the parties. On the 4th of February, an inspection report (of 13th July, 2020) was provided to the parties in French

data, and repealing Directive 95/46/EC (General Data Protection Regulation). An English translation is available here. There are no provisions in the national

committed an infringement of Article 83(4)-(6) GDPR. On 24 March 2020, the Lithuanian Minister of Health approved the development and implementation of an IT

The APD/GBA (the Belgian DPA) found that a hospital that requested an audit by an external expert was the controller for the audit-related processing activity

Asked whether an assessment of the health status of the BF had taken place, the MP stated that when an insurance contract was taken out, an assessment of

Administration Act states: When it is stipulated in law that an administrative sanction may be imposed on an enterprise, the sanction can be imposed even if no individual

the vicarious liability of an employer for misuse of private information by an employee and for breach of confidence by an employee has not been excluded

representatives do so for it. An administrative offence, however, is an unlawful and reproachable act that constitutes an offence under a law that allows

learned this (following an access request under Article 15 GDPR), he filed a lawsuit against the defendant. He requested (i) an injunction that the defendant

was an "isolated incident", which took place relatively shortly after "a new and very complex law was introduced" and that the rules concerning an employer's

complaint about the Data Inspectorate's imposition of an infringement fee of NOK 400,000 for having monitored an employee's e-mail box without a legal basis, cf

principle i Article 108 § 1 of the Act requires be maintained where an applicant brings an action before the Market Court which, as a result rights (may) have

indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special

National Tax Number (NIF) of an alleged neighbour, in order to contact this third party for purposes of checking the boundaries of an allegedly adjacent land

for reporting on persons shifts from an interest that focuses on the crime and the perpetrator to an interest in an analysis of the prerequisites and consequences

which are not obvious to an average visitor to the evaluation portal. In particular, the defendant does not establish such an obviousness by identifying

Hellenic DPA imposed an administrative fine of €20,000 on a leasing company. They fined them €10,000 for violating Article 5(1)(c) GDPR, and an additional €10

used for the imposition of an administrative fine. AP disagrees. The two reported data breaches only prompted the AP to launch an investigation into OLVG's

as joint controllers.-The complainant provides an overview of the provisions on which, according to him, an infringement has been committed. He also requests:1

(basic customers) were used on the site as an advertising platform for paying doctors (premium customers) in an inadmissible manner, partly due to functions

service, I sent an election advertisement for the defendant, in order to to avoid using his professional messaging in his capacity as an MPP. [...] And

in the form of [...]. On [...] November 2018. The Company received an e-mail from an unknown person informing about the theft of the Company's customer

(simple administrative appeal, otherwise known as an application for judicial review). remedy). This is an 'informal' administrative remedy as opposed to

access is understood to be an independent claim. In LAG Hessen 9 Sa 1431/19, the Court stated that "Nor is the applicant's action an abuse of rights. The right

strictly necessary for the provision of an online communication service at the express request of the data subject. If an identifier had more than one purpose

dismissed. 32 a) With an undated letter from February 2017 and an attached addendum to the insurance certificate, the defendant had declared an increase in the

The parent's request was rejected and they had to provide the school with an additional form underlining the fact that their son was not Orthodox Christian

the service (for example through a website, an application, an account with identifier, the interface of an IoT device or by email), it is obvious that

the Data Protection Commissioner has requested an explanation from Verkkokauppa.com Oyj in the case with an explanation request dated 13 April 2021. The

systematic is not such as to guarantee an appropriate involvement of the DPO, nor to establish his position in as an interlocutor within the organization

Office of the Data Protection Commissioner has requested an explanation from the clinic with an explanation request dated August 25, 2020. The deadline

indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors

the CNPD received several complaints and immediately started an investigation and issued an order to suspend the sending of personal data from the census

that it should have, the plaintiff filed an appeal with the court on February 21, 2020. The plaintiff also wants an assessment of the decision in which the

The Spanish DPA fined an individual 10,000€ for publishing personal data of a third person without their consent on an online blog. A data subject filed

appear when creating an account under each of the privacy settings. In addition, an email message is sent to users when they create an account stating that: