Search results
From GDPRhub
- freedoms of individuals", as stated in Article 35(1) and further elucidated in Article 35(3) and Article 35(4) GDPR. The WP29 developed a list of criteria52 KB (7,297 words) - 08:05, 18 July 2023
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 1) (category Article 35(1) GDPR)Ordinance Article 5, paragraph Article 5 (2) 1, letter c and letter f., Article 5, paragraph Article 6 (1) (a) Article 32 (1), (1), (33) 1 and 35, para. 1. Below48 KB (7,442 words) - 10:24, 12 September 2022
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 2) (category Article 35(1) GDPR)regulation's article 5, subsection 2, cf. Article 5, subsection 1, letters c and f, and Article 5, subsection 1, letter a, cf. Article 6, subsection 1, and Article75 KB (11,733 words) - 16:33, 21 August 2022
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 3) (category Article 35(1) GDPR)regulation's article 5, subsection 2, cf. Article 5, subsection 1, letter a, Article 24, cf. Article 28, subsection 1, Article 35, subsection 1, as well as117 KB (18,075 words) - 10:19, 12 September 2022
- HDPA (Greece) - 30/2023 (category Article 35(1) GDPR)violation of article 5 par. 1 item. e' of the GDPR, b) reprimanded the OASA for the violations of the provisions of article 25 par. 1 and article 35 par. 1 of the6 KB (623 words) - 09:08, 25 October 2023
- VDAI (Lithuania) - UAB vs FITNESS (category Article 35(1) GDPR)this processing, in violation of Article 5(1)(c) GDPR; It violated Article 13(1) and (1) GDPR, and Article 5(1) GDPR by failing to adequately inform data53 KB (2,523 words) - 09:19, 17 November 2023
- HDPA (Greece) - Opinion 2/2020 (category Article 35(1) GDPR)of Article 6(1)(e) GDPR -public interest and exercise of official authority vested in it, which falls within the exception of Article 9(2)(j) GDPR. It33 KB (5,266 words) - 15:32, 6 December 2023
- DSB (Austria) - 2021-0.024.862 (category Article 35(1) GDPR)that Article 36(1) GDPR provides for a duty to consult if two conditions are met. First, a data protection impact assessment under Article 35 GDPR must38 KB (5,821 words) - 13:39, 12 May 2023
- CNPD (Portugal) - Deliberação 2022/1072 (category Article 35(1) GDPR)controller €400,000 pursuant of Article 83(4)(a) GDPR for the failure to conduct a DPIA in violation with Articles 35(1), 35(2), and 35(3)(b). The DPA stated that163 KB (27,222 words) - 16:54, 6 December 2023
- CNIL (France) - SAN-2022-020 (category Article 35(1) GDPR)obligations arising from Article 5(1)(e) of the GDPR. D. On the breach of the transparency obligation 36. Article 12(1) of the GDPR provides that "the controller59 KB (9,566 words) - 17:03, 6 December 2023
- Court of Appeal of Brussels - 2022/AR/556 (category Article 35(1) GDPR)of Articles 5.1.a, 5.1.b, 6.1.c), 6.3, 9.2.i), 12.1, 13.1.c), 13.2.a), 13.2.d), 13.2.e), 30.1.a) and 30.1.d), 35.1 and 35.7 of the GDPR 9. The applicant83 KB (13,694 words) - 09:53, 14 December 2023
- IMY (Sweden) - IMY-2023-1647 (category Article 35(1) GDPR)Childrens and Education Board 300,000 SEK (around €26,524) for breaching Article 35(1) GDPR. The Board failed to conduct a data protection impact assesment prior5 KB (641 words) - 16:51, 5 December 2023
- DPC (Ireland) - 06/SIU/2018 (category Article 35(1) GDPR)Galway County Council, the DPC found violations of Article 5(1)(a) GDPR, Article 24 GDPR and Article 35(1) GDPR. The Irish DPC started an own volition inquiry9 KB (1,227 words) - 14:49, 3 October 2023
- HDPA (Greece) - 41/2022 (category Article 35(1) GDPR)thereby violating Article 13(2) GDPR. The investigated controllers did not comply with the storage limitation principle under Article 5(1) GDPR because the data14 KB (2,046 words) - 19:00, 21 September 2022
- airport for violation of Articles 5(1)(c), 6(1)(e), 9(2)(g), 12, 13(1)(c), 13(2)(e), 35(1), 35(3) and 35(7)(b) GDPR. It also fined the medical service €207 KB (874 words) - 16:47, 6 April 2022
- APD/GBA (Belgium) - 127/2022 (category Article 35(1) GDPR)measures under Article 24 GDPR and 25 GDPR. However, the DPA considered that in this case, the violations of Article 5(1)(f) GDPR and 32 GDPR were sufficient14 KB (1,993 words) - 14:36, 14 September 2022
- Tietosuojavaltuutetun toimisto (Finland) - 7684/171/22 (category Article 35(1) GDPR)the decision where it applied Article 35 GDPR in this case. This might imply that there was a confusion with Article 35 data protection impact assessment27 KB (4,068 words) - 10:13, 7 June 2023
- Persónuvernd (Iceland) - 202112772 (category Article 35(1) GDPR)violation of Article 24(1) and (2) GDPR (responsibility of the controller), Article 25 GDPR (privacy by design and by default) or of Article 32 GDPR (obligation46 KB (7,050 words) - 09:55, 16 December 2021
- AP (The Netherlands) - Decision of 18 December 2023 (category Article 35(1) GDPR)be equivalent to a DPIA under Article 35 GDPR. For this reason, the AP held that the controller violated Article 35(1) GDPR. In this, the AP considered it55 KB (8,007 words) - 09:50, 24 January 2024
- APD/GBA (Belgium) - 165/2023 (category Article 35(1) GDPR)of: 1. Article 5.1.f) and 5.2 of the GDPR, Article 24.1 of the GDPR, Article 25.1 of the GDPR and Articles 32.1 and 32.2 GDPR; 2. Articles 35.1, 35.2, 3567 KB (9,908 words) - 11:09, 10 January 2024
- APD/GBA (Belgium) - 61/2023 (category Article 17(1)(d) GDPR)and 49 GDPR, the principle of purpose limitation (Article 5(1)(b) GDPR), proportionality and data limitation (5(1)(c) GDPR), storage limitation (5(1)(e) GDPR)10 KB (1,134 words) - 11:55, 5 July 2023
- Tietosuojavaltuutetun toimisto (Finland) - 1150/161/2021 (category Article 35(1) GDPR)infringement of Article 33(1) GDPR, a fine of €145,600 for infringement of Article 34(1) GDPR, and a fine of €316,800 for infringement of Article 5(1)(f) GDPR. In153 KB (24,570 words) - 15:11, 26 March 2024
- the meaning of Article 9 of the GDPR must indeed be based on Article 9.2 of the GDPR, read in conjunction with Article 6.1 of the GDPR. 24 This has been207 KB (31,357 words) - 14:21, 8 June 2022
- non-material damage. Article 32(1) GDPR reflects the principle of integrity and confidentiality enshrined in Article 5(1)(f) GDPR. The controller and the41 KB (5,197 words) - 12:17, 17 April 2024
- affected since, under Article 28(1) GDPR, a controller shall only use processors providing the same standards under Article 25 GDPR. Manufacturers or producers43 KB (4,675 words) - 06:43, 16 June 2023
- Article 17 GDPR (category GDPR Articles) (section (i) Erasure following objection under Article 21(1))provided for in Article 6(1)(a) GDPR or, as the case may be, Article 9(2)(a) GDPR, and consent is withdrawn according to Article 7(3) GDPR, data must be61 KB (8,488 words) - 15:47, 18 March 2024
- exercise on their behalf all rights foreseen under Articles 77 and 78 GDPR and Article 20 of L. 4624/2019. The mandate shall be given with a specific written23 KB (2,039 words) - 08:15, 25 April 2024
- from any of the GDPR’s protections. → You can find all related decisions in Category:Article 39 GDPR Just as Article 38 GDPR, Article 39 GDPR also shows similarities23 KB (2,165 words) - 15:10, 27 July 2023
- deadline of Article 36(1) GDPR, and it is still disputed whether the outcome of the procedure rather resembles that of Article 58(3)(a) GDPR or Article 58(3)(b)31 KB (3,646 words) - 08:51, 21 July 2023
- Article 15 GDPR (category GDPR Articles) (section Additional information under Article 15(1)(a) to (h))further details see Article 14(1)(d) GDPR. Similar to the ex-ante information in Article 13(1)(e) and 14(1)(e) GDPR, Article 15(1)(c) GDPR requires the controller73 KB (9,896 words) - 15:46, 18 March 2024
- 14(2)(g) GDPR; access rights under Article 15(1)(h) GDPR; or the the need to perform data protection impact assessments under Article 35(3)(a) GDPR. Profiling125 KB (16,328 words) - 16:01, 8 March 2024
- of enforcing the GDPR in Spain. Its head office is in Madrid. The requirement to have a data protection authority stems from Article 44 of the Spanish4 KB (386 words) - 15:29, 3 September 2021
- Article 24 GDPR (category Article 24 GDPR) (section (1) Appropriate technical and organisational measures)(e.g. Article 25 (1) and (2), Article 28(1), Article 32(1) GDPR, Article 89(1) GDPR). These measures can also be regarded as measures under Article 24(1)30 KB (3,458 words) - 10:31, 25 April 2024
- under Article 13 should not be too long. Article 12 GDPR may be limited by Union or national Law in accordance with Article 23 GDPR. Article 12(1) GDPR76 KB (11,304 words) - 08:37, 4 March 2024
- codes of conduct on the basis of Article 41 of Regulation 2016/679 and of a certification body on the basis of Article 43 of Regulation 2016/679; To ensure9 KB (993 words) - 07:10, 28 July 2022
- commentary to Article 60 GDPR, Article 61 GDPR, Article 62 GDPR, Article 63 GDPR, Article 64 GDPR, Article 65 GDPR, Article 66 GDPR and Article 56 GDPR. The SA60 KB (7,796 words) - 20:12, 1 April 2024
- Article 13 GDPR (category GDPR Articles) (section Automated decision-making ... referred to in Article 22(1) and (4))reliance on Article 6(1)(f) GDPR or at least exercise the right to object under Article 21 GDPR. If the legal basis is Article 6(1)(f) GDPR (i.e. 'legitimate71 KB (9,532 words) - 13:30, 6 March 2024
- access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction (Article 18 GDPR), notification (Article 19 GDPR) or data46 KB (5,825 words) - 11:12, 7 November 2023
- Article 38 GDPR (category GDPR Articles) (section (1) DPO's involvement in any data protection issues)Regulation (GDPR): A Commentary, Article 38 GDPR, p. 707 (Oxford University Press 2020). Bergt, in Kühling, Buchner, DS-GVO BDSG, Article 38 GDPR, margin number29 KB (2,951 words) - 14:19, 25 July 2023
- Article 10 GDPR (category GDPR Articles)from Article 6(1) GDPR and comply with the principles enshrined in Article 5 GDPR. Additionally, the processing will still be subject to other GDPR provisions17 KB (1,768 words) - 15:41, 18 March 2024
- explicit wording of Article 81 GDPR does not limit its application to proceedings instigated either under Article 78 GDPR or Article 79 GDPR. Secondly, the27 KB (2,619 words) - 14:52, 16 November 2023
- falls outside the scope of Article 57 GDPR should be deemed inadmissible for the purposes of Article 31 GDPR. Article 31 GDPR can be read as a supporting22 KB (2,042 words) - 14:29, 20 November 2023
- EDPB - Binding Decision 2/2022 - 'Instagram' (category Article 5(1)(c) GDPR)the performance of a contract (Article 6(1)(b) GDPR) and for legitimate interest (Article 6(1)(f) GDPR). Article 6(1)(b) GDPR In its original draft decision276 KB (38,206 words) - 09:46, 20 January 2023
- Article 98 GDPR (category Article 98 GDPR)accordance with Article 98'. → You can find all related decisions in Category:Article 98 GDPR The CJEU has yet to rule on Article 98 GDPR. Nonetheless, the15 KB (943 words) - 09:58, 8 November 2023
- Datenschutzrecht, Wolff/Brink DS-GVO Article 64 margin numbers 19-20.1 (35th Edition 1.2.2021). Caspar in Kühling, Buchner, GDPR Article 64, margin number 24 (C.H23 KB (2,079 words) - 16:07, 2 November 2023
- between Article 21(3) GDPR and Article 17 GDPR on the right to erasure must be considered. The tight relationship between Article 21(3) and Article 17(1)(c)49 KB (5,993 words) - 06:22, 16 June 2023
- proceedings under Article 79(1) GDPR where no subjective rights under the GDPR are concerned. For example, a data subject cannot use Article 79(1) GDPR to bring31 KB (3,550 words) - 11:11, 29 November 2023
- Article 18 GDPR (category GDPR Articles) (section (d) Objection to processing under Article 21(1) GDPR)the basis of (i) its legitimate interest (Article 6(1)(f) GDPR) or (ii) the public interest (Article 6(1)(e) GDPR). Hence, data subjects may find themselves32 KB (3,730 words) - 08:43, 7 March 2024
- Article 42 GDPR (category GDPR Articles) (section (1) Defining certification mechanisms, data protection seals, and marks)difference between Article 42(1) GDPR and Article 42(2) GDPR is that in the former, the applicant for certification is subject to the GDPR, while in latter27 KB (2,452 words) - 14:26, 28 July 2023
- Regulation (GDPR), Article 91 GDPR, p. 1263 (Oxford University Press 2020). Tosoni, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article25 KB (2,482 words) - 10:04, 19 March 2024
- Article 52 GDPR (category GDPR Articles) (section (1) Complete independence of supervisory authorities (SAs))this purpose (Article 52(4)(5)(6) GDPR). Elements of SAs' complete independence are also addressed in Article 53 GDPR and Article 54 GDPR. The CJEU in the47 KB (5,594 words) - 22:45, 1 April 2024
- consent under Article 6(4) GDPR and further processing for a compatible purpose under Article 6(4) GDPR. See the commentary on Article 6(4) GDPR for details51 KB (6,355 words) - 08:25, 18 April 2024
- mentioned in Article 26(1), but also encompasses other obligations of controllers under the GDPR. EDPB: This extends to various obligations under the GDPR, including37 KB (3,915 words) - 12:49, 24 May 2023
- opening clause under Article 88(1) GDPR, any rules introduced must meet the criteria imposed by Article 88(2) GDPR. Lastly, Article 88(3) GDPR imposes an obligation32 KB (3,228 words) - 13:32, 30 November 2023
- Article 99 GDPR (category Article 99 GDPR)shall apply from 25 May 2018. There is no relevant recital for Article 99 GDPR. Article 99 GDPR sets out the dates of the Regulation's entry into force and12 KB (295 words) - 08:25, 19 October 2023
- Article 37 GDPR (category GDPR Articles) (section (1) Obligation to designate a data protection officer)surveillance cameras, it was therefore in breach of Article 37(1)(b) GDPR by not having a DPO. Article 37(1) GDPR specifies three conditions in which the designation43 KB (4,904 words) - 12:59, 21 July 2023
- Article 29 GDPR (category GDPR Articles) (section Commonalities and differences in relation to Article 28(3)(b) GDPR)relevance of Article 29 GDPR were rooted in the fact that Article 28(3)(b) GDPR already seems to cover much of the scope of Article 29 GDPR. More specifically13 KB (674 words) - 13:15, 2 June 2023
- the establishment of SAs are set out in Article 51(1) and 52 GDPR, Article 54(1)(a) GDPR repeats that these should be legislated for through a Member State's34 KB (3,649 words) - 13:19, 30 October 2023
- Article 94 GDPR (category Article 94 GDPR)under the GDPR. → You can find all related decisions in Category:Article 94 GDPR Kühling, Raab, in Kühling, Buchner, GVO BDSG, Article 94 GDPR, margin numbers13 KB (530 words) - 09:40, 3 October 2023
- Article 96 GDPR (category Article 96 GDPR)protected by Article 96 GDPR if it is found to be incompatible with other GDPR provisions. → You can find all related decisions in Category:Article 96 GDPR It follows13 KB (450 words) - 08:22, 19 October 2023
- Article 87 GDPR (category Article 87 GDPR)process them. This was already the case under Article 8(7) of the DPD, the precursor of Article 87 GDPR. In many Member States, the processing of NIN and15 KB (660 words) - 09:37, 1 December 2023
- Article 97 GDPR (category Article 97 GDPR)recitals for Article 97 GDPR. Article 97 GDPR imposes a "comprehensive reporting obligation" upon the Commission. The first paragraph of Article 97 GDPR sets out16 KB (778 words) - 08:24, 19 October 2023
- filing fee is € 35. Applicants do not have to reimburse the other sides' costs. The DSB (and previously the DSK) has published more than 1.600 of their decisions11 KB (1,468 words) - 13:27, 14 May 2023
- decisions in Category:Article 74 GDPR For more on this point, see Article 72 GDPR. Dix in Kühling, Buchner, DS-GVO BDSG, Article 74 GDPR, margin number 7 (C15 KB (808 words) - 09:44, 17 October 2023
- in the EDPB's Rules of Procedure (“RoP”). Article 33(1) RoP stipulates that in “accordance with Art 76 (1) GDPR”, discussions of the Board and of expert15 KB (787 words) - 08:17, 19 October 2023
- Article 59 GDPR (category GDPR Articles)accordance with Article 58(2) [GDPR]”. These is a reference to the information that SAs must keep in internal records according to Article 57(1)(u) GDPR. The report15 KB (718 words) - 15:31, 19 October 2023
- Article 67 GDPR (category Article 67 GDPR)Category:Article 67 GDPR See EDPB, State of Play - IMI for GDPR purposes, 27 June 2018 (available here). See EDPB, 2019 Annual Report, Section 4.3.1 (available15 KB (810 words) - 16:13, 2 November 2023
- Article 48 GDPR (category GDPR Articles)subject to the GDPR or, in cases where they are not established in the EU, act within the material and territorial scope of the GDPR. Article 48 GDPR refers to14 KB (716 words) - 15:19, 28 April 2022
- mechanism referred to in Article 63 GDPR (Article 28(8) GDPR). The Commission has made use of its power under Article 28(7) GDPR and published standard contractual72 KB (9,140 words) - 13:12, 2 June 2023
- the information society service(s)." According to Article 4(25) GDPR, which in turn refers to Article 1(1) of Directive (EU) 2015/1535, an "information society19 KB (1,335 words) - 13:56, 24 October 2023
- Article 63 GDPR (category Article 63 GDPR)to in Article 46(2)(d) GDPR, contractual clauses referred to in Article 46(3)(a) GDPR, or binding corporate rules within the meaning of Article 47 GDPR15 KB (851 words) - 06:55, 29 April 2022
- Article 19 GDPR (category GDPR Articles)of Article 15(1)(c) GDPR, which permits in certain cases that the information provided is limited to "categories of recipient[s]": Article 15 GDPR is a19 KB (1,436 words) - 12:35, 12 May 2023
- Article 44 GDPR (category GDPR Articles)important to note that Article 13(1)(f) GDPR, Article 14(1)(f) GDPR, Article 15(1)(c) GDPR and Article 15(2) GDPR, make specific reference to transfers of personal21 KB (1,831 words) - 08:51, 27 March 2023
- unlike delegated acts made under Article 92 GDPR. Article 93(2) GDPR explicitly provides for the application of Article 5 of Regulation (EU) No 182/201117 KB (1,096 words) - 08:19, 19 October 2023
- Protection Regulation (GDPR), Article 75 GDPR, p. 1105 (Oxford University Press 2020). Dix, in Kühling, Buchner, DS-GVO BDSG, Article 75 GDPR, margin number 620 KB (1,347 words) - 14:21, 17 October 2023
- proposed amendments to the GDPR (pursuant to Article 70(1)(b) GDPR). Although not explicitly mentioned in Article 69(2) GDPR, the requirement that the Board18 KB (1,327 words) - 12:36, 14 December 2023
- Article 50 GDPR (category GDPR Articles)exchange of knowledge between them. This way, Article 50 GDPR expands the exhortation under Article 57(1)(g) GDPR that calls for cooperation between EU DPAs17 KB (1,142 words) - 15:41, 28 April 2022
- practices published under Article 70(3) GDPR. Though Article 70(3) GDPR already obliges the EDPB to make these public, Article 71(2) GDPR ensures that the public15 KB (1,196 words) - 08:15, 19 October 2023
- will not have to submit another request for erasure under Article 17(1)(b) GDPR. Article 7(4) GDPR provides some useful guidance on the factors to be taken31 KB (3,489 words) - 16:00, 8 March 2024
- establishes an EU-wide penalty regime for violations under Article 83 GDPR, Article 84(1) GDPR dispenses with complete harmonisation. It does, however, provide19 KB (1,477 words) - 14:12, 7 November 2023
- Recital 167 GDPR and Article 291 TFEU, the aim of implementing acts is to “ensure uniform conditions for implementing” the GDPR. In its GDPR Certification22 KB (1,634 words) - 14:40, 28 July 2023
- binding decision under Article 66 GDPR, at the request of the Hamburg SA which adopted provisional measures under Article 66(1) GDPR, based on its consideration20 KB (1,590 words) - 16:11, 2 November 2023
- Article 95 GDPR (category Article 95 GDPR)situation, Article 95 GDPR will not be relevant, and the GDPR applies as normal. Notably, Recital 173 GDPR, which relates to Article 95 GDPR, omits reference20 KB (1,539 words) - 08:21, 19 October 2023
- Article 16 GDPR (category GDPR Articles)However, Article 5(1)(d) GDPR gives the controller some leeway to continue processing inaccurate data - see more details under Article 5(1)(d) GDPR. Article23 KB (2,489 words) - 23:24, 6 March 2024
- simple majority principle under Article 72(1) GDPR would have applied regardless of Article 73(1) GDPR. In addition, the GDPR explicitly legislates for a simple19 KB (1,530 words) - 14:23, 12 October 2023
- decisions pursuant to Article 65 GDPR (Article 70(1)(t) GDPR). Article 68 GDPR is the first of nine Articles (Articles 68-76 GDPR) governing the EDPB set20 KB (1,632 words) - 10:01, 11 October 2023
- Article 92 GDPR (category Article 92 GDPR) (section (2) Delegation of power under Article 12(8) and 43(8) GDPR)first glance, Article 92 GDPR's wording seems to be in conflict with Article 290(1) TFEU, but in actuality it is not. Article 92(2) GDPR must be read in19 KB (1,525 words) - 08:18, 19 October 2023
- accordance with Article 58(1) GDPR. Article 90 GDPR was drafted with a view to regulate potential conflicts between the application of the GDPR on the one hand18 KB (1,599 words) - 12:26, 29 April 2022
- Article 11 GDPR (category GDPR Articles) (section (1) If the data subject is not identified, the GDPR applies in part)subjects - which would be counterproductive. Article 11 GDPR is meant to address this matter. Under Article 11(1) GDPR, when a processing operation does not or20 KB (1,854 words) - 16:32, 8 March 2024
- categories of data established in Article 9(2)(a) GDPR, Article 9(2)(c) GDPR, Article 9(2)(g) GDPR and Article 9(2)(i) GDPR directly correlate with a specific44 KB (5,905 words) - 14:00, 24 October 2023
- specific rules. Article 82 GDPR introduces a right to compensation for damage caused as a result of an infringement of the GDPR. Article 82(1) contains the33 KB (4,215 words) - 09:57, 19 March 2024
- compliance with the GDPR under Article 58(2)(d) GDPR or even ban it under Article 58(2)(f) GDPR. Therefore, complaints under Article 77 GDPR should extend to33 KB (3,641 words) - 09:51, 19 March 2024
- framework of voluntary cooperation provided for in Article 62(1) GDPR is partly supplemented by Article 62(2) GDPR, which contains several cases in which joint22 KB (1,915 words) - 13:46, 15 January 2024
- with the GDPR (Article 31 GDPR). Direct liability of the representative is limited to the obligations set out in Article 30 and Article 58(1)(a) GDPR. Article25 KB (2,418 words) - 14:11, 24 May 2023
- Article 61 GDPR (category Article 61 GDPR) (section (1) Exchange of information and mutual assistance)request (Article 61(5) GDPR), the requesting SA may adopt a provisional measure on the territory of its Member State under Article 55(1) GDPR. If the SA24 KB (2,181 words) - 11:46, 15 January 2024
- Article 51 GDPR (category GDPR Articles) (section (1) Establishment of a supervisory authority (SA))controller is subject, under Article 6(1)(c) GDPR. In line with the general objectives of the GDPR, as outlined in Article 1 GDPR Article 16 TFEU, SAs are also27 KB (2,604 words) - 14:24, 16 January 2024
- Press 2020). Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1090. Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1090. CJEU22 KB (2,177 words) - 10:01, 19 March 2024
- within the meaning of Article 72(1) GDPR. The GDPR does not contain detailed content requirements for the RoP. Article 74(2) GDPR only stipulates that the22 KB (2,266 words) - 08:26, 17 October 2023
- Article 70 GDPR (category Article 70 GDPR) (section (1) Tasks to ensure the consistent application of the Regulation)leeway exists only in cases of Article 64(2) GDPR but not the context of Article 70(2) GDPR. According to Article 70(3) GDPR, the EDPB is obligated to “forward27 KB (3,038 words) - 12:19, 11 October 2023
- resolution mechanism under Article 65 GDPR in connection with Article 63 GDPR is triggered (Article 60 (4) GDPR). Article 60(2) GDPR clarifies that also in35 KB (4,017 words) - 16:04, 18 March 2024
- TA Luxembourg - N° 46416 (category Article 96 GDPR)administration of Direct Contributions for not having made, in accordance with Article 35.1 GDPR, a data protection impact assessment. The government delegate maintains64 KB (10,128 words) - 08:51, 24 November 2021
- Article 30 GDPR (category GDPR Articles) (section (1) Record of processing activities by the controller)requirements of data minimization (Article 5(1)(c) GDPR) and storage limitation (Article 5(1)(e) GDPR). Under Article 30(1)(f) GDPR, where possible, the controller31 KB (3,327 words) - 15:31, 5 June 2023
- access (Article 15 GDPR), rectification (Article 16 GDPR), deletion (Article 17 GDPR), restriction of processing (Article 18 GDPR), objection (Article 21 GDPR)34 KB (3,646 words) - 08:53, 27 March 2023
- other DPAs concerned. The BCR Lead the submits, following Article 64(1) GDPR and Article 64(4) GDPR, a draft decision to the EDPB. The EDPB, in turn, issues29 KB (2,823 words) - 15:15, 28 April 2022
- complaint under Article 77(1) GDPR on behalf of the data subject and to represent the them before all supervisory authorities (“SA”) (Article 4(21) GDPR). Secondly26 KB (2,575 words) - 15:50, 9 November 2023
- Article 34 GDPR (category GDPR Articles) (section (1) Communication of a personal data breach to the data subject)the competent supervisory authority of such a breach. Article 34(1) GDPR differs from Article 33 GDPR. Instead of having to notify the supervisor authority37 KB (3,962 words) - 15:20, 16 June 2023
- ICO (UK) - Enforcement Notice and Warning Letter - Home Office (category Article 35 GDPR)with Article 35 UK GDPR in relation to its processing of the pilot personal data. 20 Enforcement Notice Legal Framework – Article 35 58. Article 35 UK GDPR129 KB (17,281 words) - 14:57, 10 April 2024
- clear from the wording of Article 41(1) GDPR. Article 41(1) GDPR does not define accreditation. Nonetheless, Article 41(2) GDPR provides a criterion against30 KB (2,720 words) - 14:02, 28 July 2023
- elements in Article 2(1) are fulfilled, the GDPR applies unless the processing falls under one of the exemptions named in Article 2(2)(a) to (d) GDPR. The first34 KB (4,652 words) - 12:07, 12 November 2023
- Article 85 GDPR (category Article 85 GDPR) (section (1) Reconciling data protection rules with freedom of expression)into force of the GDPR. Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1073. Spiecker et al., GDPR Article-by-Article Commentary (2023)33 KB (3,748 words) - 14:25, 7 November 2023
- Article 53 GDPR (category GDPR Articles) (section (1) Authority appointing the members of the supervisory authority (SA))the SAs' tasks, please refer to Article 57 GDPR and for their powers please refer to Article 58 GDPR. See Recital 122 GDPR. In this respect, reference should29 KB (2,894 words) - 23:06, 1 April 2024
- According to the final paragraph in Article 49(1) GDPR, when none of the derogations described above (Article 49(1)(a-g) GDPR) is applicable, transfers to third29 KB (3,500 words) - 08:54, 27 March 2023
- Article 83 GDPR (category GDPR Articles) (section (6) Non-compliance with orders pursuant to Article 58(2) GDPR)flows by the SA pursuant to Article 58(2) GDPR or failure to provide access in violation of Article 58(1) GDPR. Article 83(6) GDPR is a superfluous provision55 KB (7,622 words) - 14:04, 7 November 2023
- Article 55 GDPR (category GDPR Articles) (section (1) Territorial competence of supervisory authorities (SAs))which would be competent under Article 55(1) GDPR, as provided in Article 56 GDPR in connection with Article 60 GDPR. For more information see commentary35 KB (3,971 words) - 21:34, 1 April 2024
- additional benefit of Article 14(1)(d) GDPR may be questionable, if one agrees that Article 14(1)(c) (see commentary on Article 13(1)(c) GDPR) already requires47 KB (5,644 words) - 17:49, 5 March 2024
- categories of data listed under Article 9(1) GDPR. There have been conflicting arguments as to whether Article 22(1) GDPR lays down a right or a general31 KB (4,768 words) - 06:24, 16 June 2023
- Article 89 GDPR (category Article 89 GDPR) (section (1) Mandatory Appropriate Safeguards for Archiving Purposes in the Public Interest, Scientific or Historical Research Purposes,...)Hence, Article 89(2) and (3) GDPR also allow for specific derogation to the GDPR for these purposes, as further detailed below. Article 89(1) GDPR provides29 KB (3,695 words) - 13:44, 21 March 2024
- the application of the GDPR. You can find further details about the territorial scope in Article 3 GDPR. According to Article 1(2), the Regulation generally28 KB (3,831 words) - 16:21, 14 March 2024
- Article 78 GDPR (category GDPR Articles) (section (1) Right to an effective judicial remedy against an SA's decision)or infringes the GDPR or any other applicable laws, including national ones. See commentary under Article 77 GDPR. Article 78(1) GDPR establishes both30 KB (3,874 words) - 10:46, 7 December 2023
- lead SA (“LSA”) (Article 65(1)(b) GDPR), and where a SA is not following an opinion of the EDPB (Article 6(1)(c) GDPR). Article 65(1)(a) GDPR addresses the33 KB (4,185 words) - 16:09, 2 November 2023
- the territorial scope of the GDPR (Article 3)’, 12 November 2019 (Version 2.1), p. 16 (available here) referring to Article 1(1)(b) Directive (EU) 2015/153537 KB (4,635 words) - 13:29, 24 October 2023
- Article 23 GDPR (category GDPR Articles) (section Consultation with the DPAs (Articles 36(4) and 57(1)(c) GDPR))access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction of processing (Article 18 GDPR), notification obligation44 KB (4,896 words) - 06:25, 16 June 2023
- Article 33 GDPR (category GDPR Articles) (section (1) Controller's notification in the event of a personal data breach)agreement on joint responsibility as required under Article 26(1) of the GDPR. Article 33(1) GDPR outlines that controllers (as defined above) have an54 KB (6,536 words) - 08:22, 16 June 2023
- up. Indeed, the wording of Article 40(1) establishes that they “shall encourage” this (emphasis added). Article 40(1) GDPR clarifies that codes of conduct44 KB (5,008 words) - 14:50, 28 July 2023
- Garante per la protezione dei dati personali (Italy) - 9995680 (category Article 5(1)(a) GDPR)processing lack any applicable conditions found in Article 9(2) GDPR and was found in breach of Article 5(2) GDPR. Additionally, the Garante reiterated that the105 KB (16,849 words) - 11:58, 11 April 2024
- with the support of the EDPB in accordance with Article 70(1)(b) GDPR. According to Article 45(5) GDPR, the continued monitoring referred to in paragraph43 KB (5,641 words) - 14:58, 28 April 2022
- consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and (b) the processing is40 KB (5,349 words) - 07:05, 1 June 2023
- processing), Article 57 GDPR (tasks of SAs), Article 58 GDPR (powers of SAs), as well as Article 65 GDPR (dispute resolution by the board), Article 63 GDPR (consistency55 KB (7,446 words) - 22:28, 1 April 2024
- Article 6 GDPR (category GDPR Articles) (section Tension with Article 5 and 12 GDPR in case of routine reliance on Article 6(4) GDPR)possible "legitimate interest" under Article 6(1)(f) GDPR. Equally to Article 6(1)(c) GDPR, Article 6(2) and (3) GDPR require that Union or Member State108 KB (17,005 words) - 15:39, 18 March 2024
- Garante per la protezione dei dati personali (Italy) - 9909907 (category Article 5 GDPR)anonymized. Therefore, the DPA found a violation of Article 5(1)(a), (b), (c), and (e) and Article 12(1) GDPR. For the reasons above, the DPA imposed a fine122 KB (19,640 words) - 08:16, 3 August 2023
- of such processing (see Article 5(1)(b) GDPR), the requirement to have a legitimate basis laid down by law (see Article 6(1) GDPR), the right to access and48 KB (5,978 words) - 15:57, 1 February 2024
- BVwG - W258 2217446-1 (category Article 4(1) GDPR)personal data under Article 9(1) GDPR. Their processing would require the data subjects' explicit consent under Article 9(2)(a) GDPR and § 151(4) GewO,79 KB (12,652 words) - 09:41, 10 September 2021
- APD/GBA (Belgium) - 31/2020 (category Article 5(1)(c) GDPR)the infringement of Article 5.1 c) AVG has been proven. f)Transparent information (Article 5.1(a); Article 12.1. and Article 13.1. and 13.2. AVG) 43.The48 KB (7,926 words) - 16:56, 12 December 2023
- processing by the defendant can only be Article 6 (1) sentence 1 lit e) DSGVO (see b) or Article 6 (1) sentence 1 lit f) DSGVO (see c), the requirements51 KB (8,215 words) - 09:55, 13 May 2022
- GDPRhub style guide (section GDPR)the Member States. Example: Article 6(1)(a) GDPR Example: Not Art. 6 Abs 1 Lit a GDPR or Article 6 GDPR or GDPR Article 6, Sec 1(a) Recitals are also not17 KB (2,510 words) - 13:56, 24 April 2023
- OLG Dresden - 4 U 1905/21 (category Article 15(1) GDPR)on April 1, 2017 in the amount of €39.96, 14 Tariff B... increase on April 1, 2020 in the amount of €74.26, 15Tarif T... increase on April 1, 2017 in the40 KB (6,325 words) - 16:12, 18 May 2022
- Hoge Raad - 21/00241 (category Article 6(1)(c) GDPR)accordance with the provisions of Article 6(1)(c), Article 6(1)(f) GDPR, or both provisions? 2. Does the answer to Question 1 mean: a) that the person29 KB (4,605 words) - 17:00, 15 December 2021
- APD/GBA (Belgium) - 21/2022 (category Article 5(1)(f) GDPR) (section Accountability (Article 24 GDPR), data protection by design and by default (Article 25 GDPR), integrity and confidentiality (Article 5(1)(f) GDPR), as well as security of processing (Article 32 GDPR))meaning that no violation of Article 5(1)(e) GDPR could be established. Integrity and confidentiality - Article 5(1)(f) GDPR As explained above, the DPA429 KB (58,279 words) - 09:12, 2 November 2022
- HDPA (Greece) - 35/2022 (category Article 5(1)(a) GDPR)lawfulness and transparency (Article 5(1)(a), 6 and 9 GDPR) as well as its obligations under Article 12, 14, 15 and 27 GDPR. The DPA fined the controller8 KB (1,122 words) - 12:31, 20 July 2022
- VDAI - NVSC vs UAB (category Article 5(1)(a) GDPR)Articles 5, 13, 24, 32, 35 and 58(2)(f) GDPR. UAB IT Solutions Success was fined €3,000 for violating Articles 5, 13, 24, 32 and 35 GDPR. The Lithuanian DPA11 KB (1,573 words) - 09:18, 17 November 2023
- Garante per la protezione dei dati personali (Italy) - 9556958 (category Article 5(1)(a) GDPR)per Article 25 GDPR and the liability principle of 5(2) GDPR. The DPA finally found out that the provision on impact assessment, as per Article 35 GDPR4 KB (505 words) - 15:55, 6 December 2023
- CJEU - C‑307/22 - Copies of Medical Records (category Article 15(1) GDPR)the first sentence of recital 63 GDPR. Neither the wording of Article 12(5) GDPR nor that of Article 15(1) and (3) GDPR condition the provision (to access10 KB (1,478 words) - 11:17, 2 November 2023
- Tietosuojavaltuutetun toimisto (Finland) - TSV/35/2022 (category Article 5(1)(a) GDPR)a violation of Article 5(1)(b) GDPR. As a result, the DPA issued a reprimand to the controller in accordance with Article 58(2)(b) GDPR. Generally, a controller20 KB (2,859 words) - 13:11, 13 March 2024
- Tietosuojavaltuutetun toimisto (Finland) - 531/161/20 (category Article 35 GDPR)The main legal arguments were as follows: 1. Did the data processing fall within the meaning of Article 35 GDPR, which requires the controller to carry out3 KB (263 words) - 13:05, 3 March 2024
- HDPA (Greece) - 4/2022 (category Article 5(1)(a) GDPR)under Article 35(7) GDPR, for not complying with the principle of transparency under Article 5(1) GDPR and for not anonymising the data under Article 25(1)11 KB (1,274 words) - 10:37, 23 February 2022
- HDPA (Greece) - 50/2021 (category Article 5(1)(a) GDPR)information in accordance with Article 13 GDPR. In addition, the HDPA found that the Ministry violated the obligation of Article 35(9) GDPR in relation to the expression5 KB (548 words) - 09:23, 12 October 2022
- HDPA (Greece) - 20/2020 (category Article 6(1)(e) GDPR)explanatory statement of the law, Article 10 defines the Authority’s competence in compliance with Article 55 GDPR.Article 55 GDPR provides for a restriction29 KB (4,578 words) - 15:35, 6 December 2023
- Datatilsynet (Norway) - 20/02147 (category Article 24(1) GDPR)the lack of security routines, thus breaching Article 32(1)(b) cf. Article 5 GDPR, Article 35 and Article 24(1), respectively. Teachers at two junior high24 KB (3,591 words) - 18:57, 5 March 2022
- HDPA (Greece) - 61/2022 (category Article 5(1)(a) GDPR)information provided to data subjects was less than that required by the GDPR, and the information was not provided in an intelligible and easily accessible6 KB (663 words) - 15:31, 6 December 2023
- CNPD (Portugal) - Deliberação 2021/1569 (category Article 5(1)(a) GDPR)under Article 5 (1)(c) GDPR, the principle of storage limitation under Article 5 (1)(e)GDPR, the duty to provide information under Article 13 GDPR, and11 KB (1,491 words) - 16:54, 6 December 2023
- APD/GBA (Belgium) - 34/2020 (category Article 5(1)(b) GDPR)- 12/35 3. Justification 3.1.1. Regarding the purpose limitation findings (Article 5.1 b) GDPR) and the lawfulness of processing (Article 6.1 GDPR) 12.82 KB (13,250 words) - 16:57, 12 December 2023
- AEPD (Spain) - PS/00029/2020 (category Article 5(1)(f) GDPR)personal data >>. Article 35.1 and 35.3.b) of the GPRS, on the impact assessment relating to data protection, states the following: <1. Where a type of44 KB (6,943 words) - 13:49, 13 December 2023
- Court of Appeal of Brussels - 2022/AR/292 (category Article 5(1)(f) GDPR)companies that use the TC-string? (Article 4(1) GDPR) 2) a) Is IAB a (joint) controller (Article 4(7) GDPR and Article 24(1) GDPR)? b) Does it matter whether6 KB (675 words) - 09:55, 14 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 8393/161/2019 (category Article 5(1)(c) GDPR)with Article 5 (1) (a) and Article 6 (1) (f) GDPR. Thus, the controller failed to comply with the accountability principle under Article 5 (2) GDPR. Second111 KB (17,604 words) - 13:08, 3 March 2024
- Rb. Limburg - C/03/278775 / HA RK 20-119 (category Article 35 GDPR)Pursuant to Article 21(1) of the GDPR, persons such as [the claimant] can object to the processing of their personal data on the basis of Article 6(1)(e) or16 KB (2,580 words) - 10:43, 23 September 2020
- AKI (Estonia) - 2.1-3/20/347 (category Article 15(1) GDPR)basis of § 35 (1) 9) of the PSA, but in refusing to comply with a request for information, § 35 (1) 5 ) and Point 10 of because § 35 section 1 subsection26 KB (4,193 words) - 10:30, 13 December 2023
- HDPA (Greece) - 35/2023 (category Article 5(1) GDPR)personal data by bank to the data subject's wife under Article 5 (1) (a) GDPR and Article 5 (1) (f) GDPR. An additional €50,000 was added for the violation52 KB (8,460 words) - 10:54, 10 January 2024
- Rb. Rotterdam - C/10/576074/HA RK 19-694 (category Article 15(3) GDPR)referred to as [applicant] and the State. 1 The procedure 1.1. An application dated 30 January 2019 with productions 1 to 7 was received at the Registry of15 KB (2,504 words) - 16:27, 10 March 2022
- AEPD (Spain) - E/02666/2020 (category Article 35 GDPR)fulfilled the duty of information in accordance with GDPR. The Spanish DPA considered that Article 35 GDPR applies in this case and thus a DPIA is necessary24 KB (3,690 words) - 13:39, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9861249 (category Article 5(1)(a) GDPR)data under the GDPR. The Italian DPA started an investigation concerning potential violations of Articles 5(1)(a), 6, 13, 28(1) and 35 GDPR. The Italian87 KB (14,104 words) - 15:45, 6 December 2023
- APD/GBA (Belgium) - 24/2021 (category Article 7(1) GDPR)fairness and transparency (Article 5.1 a) GDPR), purpose limitation (Article 5.1 b) GDPR) and minimum data processing (Article 5.1 c) GDPR); 4) the legal basis110 KB (18,238 words) - 16:56, 12 December 2023
- BVerfG - 1 BvR 16/13 (category Article 17 GDPR)third-party action (1.). On the complainant's side, his general right of personality (Article 2.1 in conjunction with Article 1.1 of the Basic Law) in133 KB (21,944 words) - 15:59, 22 March 2022
- AEPD (Spain) - PS/00179/2020 (category Article 32(1) GDPR)sedeagpd.gob.es Page 18 18/35 In the first place, the defendant is accused of violating article 32.1 of the GDPR, which states: "1. Taking into account the100 KB (16,401 words) - 14:07, 13 December 2023
- CNIL (France) - SAN-2023-0076 (category Article 5(1)(b) GDPR)instance, the controller sought to rely upon Article 6(1)(e) GDPR and Article 9(2)(j) GDPR. Article 6(1)(e) GDPR establishes a lawful basis for the processing19 KB (2,826 words) - 17:01, 6 December 2023
- Rb. Den Haag - C/09/581706 / HA RK 19-593 (category Article 21(1) GDPR)data concerning him / her on the basis of Article 6 (1) (f) of the GDPR . Should Article 21 (1) of the GDPR - and in particular the addition `` at any34 KB (5,811 words) - 09:44, 8 December 2020
- CNIL (France) - MED-2020-015 (category Article 5(1)(a) GDPR)with the terms of the decree of 29 May 2020, pursuant to Article 5-1-a) of the RGPD. Article 5(1)(a) of the Regulation stipulates that: personal data must33 KB (5,322 words) - 17:08, 6 December 2023
- Gerechtshof Amsterdam - 200.251.466/01 (category Article 21 GDPR)request under Article 21 GDPR can be made at any time and several times. It also found that a provisional measure can be granted under Article 21 GDPR if an urgent19 KB (3,021 words) - 15:48, 15 March 2022
- Garante per la protezione dei dati personali (Italy) - 9685922 (category Article 5(1)(f) GDPR)processing carried out is in violation of Article 5(1)(f) GDPR, Article 25(1) GDPR, Article 32 GDPR and Article 35 GDPR. Especially, the controller cannot exclude119 KB (19,123 words) - 11:29, 16 August 2022
- APD/GBA (Belgium) - 42/2020 (category Article 2(1) GDPR)appeals to that effect legitimate interest (Article 6.1 f) GDPR). 26. In accordance with Article 6.1 f) GDPR and the case law of the Court of Justice of30 KB (4,871 words) - 16:58, 12 December 2023
- Commissioner (Cyprus) - 11.17.001.007.220 (category Article 35(9) GDPR)time tracking system, due to a lack of compatibility with Article 7(4) and Article 35(9) of GDPR. KEO PLC decided to upgrade its ERP system, whose upgrade56 KB (8,913 words) - 16:52, 6 December 2023
- Datatilsynet (Denmark) - 2020-432-0034 (category Article 5(1)(f) GDPR)of Article 5 of the Data Protection Regulation. Article 6 (1) (a) and (c) and Article 6 (1) 1, letter e, and the Data Protection Act § 11, para. 1. However40 KB (6,369 words) - 16:39, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9529527 (category Article 5(1)(f) GDPR)several violations of the GDPR. Firstly, the USL had not documented its processing activities as required by Article 30 GDPR, despite the two years between55 KB (8,833 words) - 15:54, 6 December 2023
- AP (The Netherlands) - 7.04.2022 (redirect from AP (The Netherlands) - Dutch Tax and Customs Administration fined €3,700,000 for six GDPR violations) (category Article 5(1)(b) GDPR)(possible) fraud. This resulted in a breach of Article 5(1)(a) GDPR and Article 6(1) GDPR in conjunction with Article 8 of the Dutch Personal Data Protection49 KB (7,201 words) - 17:06, 12 December 2023
- BVwG - W258 2227269-1/14E (category Article 5(1)(a) GDPR)violating Article 5(1) GDPR Article 6 (1) GDPR Article 6(4) GDPR Article 9 GDPR Article 14 GDPR Article 30 GDPR Article 35 GDPR and Article 36 GDPR. The fine47 KB (7,345 words) - 09:41, 10 September 2021
- CNIL (France) - SAN-2023-076 (category Article 35 GDPR)communications under Article 14 GDPR were not legally necessary, as in the present case, Article 23 GDPR restrictions were applicable. Article 23 GDPR establishes36 KB (5,524 words) - 17:01, 6 December 2023
- IP - 0610-376/2020/35 (category Article 13(1) GDPR)pursuant to Article 54 of ZVOP-1, points (a), (d) and (f) of Article 58 (2) of the General Regulation, Articles 29 and 32 of the ZIN and Article 221 ZUP,110 KB (17,995 words) - 11:15, 22 April 2021
- Gerechtshof Amsterdam - 200.258.736/01 (category Article 15 GDPR)referred to as ABN AMRO. 1.2 1.2 [Appellants] lodged an appeal with the Court of Appeal on 1 May 2019, received at the Court Registry on 1 May 2019, against the41 KB (7,150 words) - 12:30, 4 October 2021
- Datatilsynet (Norway) - 20/02191 (category Article 5(1)(f) GDPR)processing special categories of data, cf. Article 32(1)(b) GDPR, Article 32(1)(d), Article 24 and Article 35, cf. Article 5. In May 2019, a municipality reported38 KB (5,967 words) - 11:48, 7 May 2022
- Datatilsynet (Norway) - 20/01949 (category Article 5(1)(d) GDPR)transparency, cf. Article 5(1)(a), and accuracy, cf. Article (5)(1)(d), they hadn't recorded the processing activity as required in Article 30, hadn't conducted49 KB (7,572 words) - 16:14, 6 December 2023
- Persónuvernd (Island) - 2022020363 (category Article 28(1) GDPR)and thus failed to fulfil its obligations under Article 5(1) GDPR, Article 24(1) GDPR and Article 28(1) GDPR. Second, the DPA found that, since the data processing142 KB (22,881 words) - 12:42, 16 January 2024
- CJEU - C-77/21 - Digi (category Article 5(1)(b) GDPR)regarding Articles 5(1)(b) GDPR and 5(1)(e) GDPR and held that national courts had to determine, using the factors of Article 6(4) GDPR, whether further processing49 KB (7,800 words) - 09:22, 5 January 2024
- APD/GBA (Belgium) - 82/2020 (category Article 6(1) GDPR)artikel 100, §1, 2° WOG de buitenvervolgingstelling bevelen, of de klacht seponeren overeenkomstig artikel 95, §1, 1° of artikel 100, §1, 1° WOG (naargelang124 KB (18,772 words) - 17:01, 12 December 2023
- publication of the press release of 17 June 2020 infringed Article 54(2) GDPR and Article 48(1) and Article 64(3) WOG. This press release described that the DPA206 KB (30,485 words) - 09:54, 14 December 2023
- Court of Appeal of Brussels - 2022/AR/1085 (category Article 57(1)(f) GDPR)complaint in accordance with Article 95, §1, 32 WOG, based on the following justification. r PAGE □1- □□□□ 3170578-00 □3-0012- □1- □1-� LCourt of Appeal Brus-e2022/AR/1085-30 KB (4,204 words) - 09:54, 14 December 2023
- CJEU - C-683/21 - Nacionalinis visuomenės sveikatos centras (category Article 4(2) GDPR)asked whether the joint control of data in accordance with Article 4(7) and Article 26(1) GDPR must be interpreted 'exclusively' as involving deliberately9 KB (1,234 words) - 12:48, 25 January 2024
- Rb. Noord-Holland - C/15/311101 / HA RK 20-227 (category Article 17(1) GDPR)destruction of personal data on the basis of Article 17(1) of the GDPR in conjunction with Article 7.3.9(1) of the Youth Act is granted. Locations Rechtspraak22 KB (3,333 words) - 13:22, 2 June 2021
- Tietosuojavaltuutetun toimisto (Finland) - 8314/182/20 (category Article 5 GDPR)6, Section 13, Section 18, Section 31, Section 35 Bankruptcy Act Chapter 1 Section 4, Chapter 2 Section 1 Appeal According to section 25 of the Data Protection29 KB (4,701 words) - 13:03, 3 March 2024
- LG Berlin - (526 OWi LG) 212 Js-OWi 1/20 (1/20), 526 OWiG LG 1/20 (category Article 83(4) GDPR)violating Article 5(1)(c) and Article 5(1)(e) GDPR. The DPA of Berlin fined Deutsche Wohnen SE for violating Article 5(1)(c) and Article 5(1)(e) GDPR, because36 KB (5,810 words) - 13:09, 21 January 2022
- BVerfG - 1 BvR 276/17 (category Article 17 GDPR)violation of the general right of personality under Article 1.1, Article 2.1 of the Basic Law (Article 7, Article 8 of the Basic Law) was to be taken into account127 KB (21,367 words) - 16:00, 22 March 2022
- VGH Baden-Württemberg - 1 S 397/19 (category Article 5(1)(d) GDPR)analogous to Article 18 (1)(a) GDPR the Court held that § 12 of the German Registration Law explicitly exludes the application of Article 18 (1)(a) GDPR. According112 KB (19,310 words) - 08:08, 23 June 2022
- VK Baden-Württemberg - 1 VK 23/22 (category Article 44 GDPR)within the meaning of Article 4 no. 2 of the GDPR and the term "transfer" within the meaning of Article 44 et seq. of the GDPR. GDPR had to be differentiated62 KB (10,113 words) - 12:48, 17 August 2022
- that a valid legal basis would be either Article 6(1)(c) GDPR, or Article 6(1)(d) GDPR or Article 9(2)(b) GDPR. The Data protection authority (the UOOU)25 KB (3,096 words) - 17:48, 25 November 2021
- [appellant sub 1] requested access to the processing of his personal data as referred to in article 35 of the Wbp. According to [Appellant under 1], his personal19 KB (3,135 words) - 12:38, 16 September 2021
- AKI (Estonia) - 12.10.2023 (category Article 44 GDPR)07.2097 35 lg 1 p 1235(1)12 of the AvTS § 35 lg 1 p 3, AvTS § Notice of termination of Termination of proceedings personal data protection case 1. The factual10 KB (1,381 words) - 10:27, 13 December 2023
- APD/GBA (Belgium) - 22/2020 (category Article 5(1)(f) GDPR)provisions of Article 5.1 of the AVG, but concerns the entire AVG. 31. The aforementioned follows from the merger of Article 5.2 of the AVG and Article 24.1 of the35 KB (5,526 words) - 16:56, 12 December 2023
- OLG Hamm - 7 U 19/23 (category Article 82 GDPR)Art. 82 Para. 1, Para. 2, Art. 5 Para. 1 lit. a Var. 1, Article 6 paragraph 1 subparagraph. 1 lit. 1, Article 6 paragraph 1 subparagraph. 1 lit. a, Art.130 KB (21,874 words) - 09:43, 15 February 2024
- BVwG - W245 2252208-1/36E and W245 2252221-1/30E (category Article 44 GDPR)the transmitted data (see point II.1.3 or II.1.3.1) at least in combination, personal data according to Art. 4 Z 1 DSGVO. For the lack of an appropriate158 KB (26,392 words) - 08:25, 7 June 2023
- APD/GBA (Belgium) - 61/2020 (category Article 5(1)(d) GDPR)the basis of Article62, §1 WOG.4. On 23 August 2019, the Disputes Chamber will decide in accordance with Article 95, §1, 1 ° and Article98 WOG that the41 KB (6,354 words) - 16:59, 12 December 2023
- DSB (Austria) - 2020-0.550.322 (category Article 5(1)(a) GDPR)other legal basis for processing under Article 6 GDPR, the controller had violated Article 5(1)(a) and Article 6(1) GDPR. Taking into account the low income26 KB (4,098 words) - 13:51, 12 May 2023
- Recitals GDPR (section Recitals from the GDPR)practice. Recital 1: The protection of natural persons in relation to the processing of personal data is a fundamental right. Article 8(1) of the Charter182 KB (24,065 words) - 13:40, 9 July 2021
- IMY (Sweden) - DI-2020-11397 (category Article 44 GDPR)of personal data of data subjects guaranteed by Article 44 GDPR and consequently breached Article 44 GDPR. The DPA issued a fine of 300,000 SEK (approx.121 KB (13,722 words) - 15:16, 5 July 2023
- DSB (Austria) - 2020-0.743.659 (category Article 5(1)(a) GDPR)permission in Article 6 (1) (c) GDPR and argues that it is the Viennese in accordance with Article 5 (3) of the EpiG in conjunction with Article 1 (2) (e) Contact50 KB (8,015 words) - 13:52, 12 May 2023
- AEPD (Spain) - PS/00127/2020 (category Article 13 GDPR)information duty included in Article 13 GDPR. Is this a violation of Article 13 GDPR? The AEPD held that there had been a violation of Article 13. According to the35 KB (5,363 words) - 14:02, 13 December 2023
- CNPD (Luxembourg) - Délibération n° 18/FR/2022 (category Article 5(1)(b) GDPR)processing was therefore in breach of Article 5(1)(a) and Article 6(1)(c) of the GDPR. The DPA also ruled out Article 6(1)(f) on the grounds of domestic law:76 KB (11,147 words) - 16:58, 6 December 2023
- RvS - 201902417/1/A2 (category Article 6(1)(e) GDPR)time, which is a violation of the GDPR. As to the claim for damages, the CoS notes that though Article 82(1) of the GDPR states that full compensation for37 KB (5,721 words) - 12:41, 16 September 2021
- OGH - 6Ob56/21k (request for preliminary ruling under Article 267 TFEU) (category Article 5(1)(c) GDPR)requirements of Article 6(1)(a) in conjunction with Article 7 GDPR, which cannot be superseded by relying on Article 6(1)(b) GDPR? Is Article 5(1)(c) GDPR (data122 KB (20,253 words) - 08:17, 19 August 2021
- IMY (Sweden) - DI-2020-11370 (category Article 44 GDPR)be established on Article 45. Article 46.1 provides, among other things, that in the absence of a decision in accordance with Article 45.3 a personal data131 KB (14,752 words) - 08:36, 5 July 2023
- APD/GBA (Belgium) - 74/2020 (category Article 6(1)(f) GDPR)the basis of Article 58, paragraph 2, point b) GDPR and Article 100, §1, 5 ° WOG to be reprimanded for the infringement of Article 25 (1) GDPR; b. on the82 KB (12,100 words) - 17:01, 12 December 2023
- APD/GBA (Belgium) - 138/2022 (category Article 5(1)(a) GDPR)an infringement of Article 5 (1) a), b) and c) and (2) of the GDPR and Article 24 (1) of the GDPR; and - an infringement of article 8 of the law of 2143 KB (6,274 words) - 08:57, 29 June 2023
- AEPD (Spain) - EXP202204530 (category Article 6(1) GDPR)regulated in article 6 of the GDPR. The assumptions that allow the processing of personal data to be considered lawful listed in article 6.1 of the GDPR: 1. Treatment26 KB (3,971 words) - 13:26, 13 December 2023
- APD/GBA (Belgium) - 31/2022 (category Article 5(1)(a) GDPR)would be based 5. 1, a) GDPR, Article 6, Article 12.1 GDPR and Article 14.1 a) GDPR. 67. Moreover, a controller, in this case defendant 1, cannot suffice84 KB (12,933 words) - 16:46, 12 December 2023
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 4) (category Article 36(1) GDPR)processor, see Article 28(3)(a) GDPR. Document that all transfers of personal data to insecure third countries, are in line with the GDPR. Describe all25 KB (3,660 words) - 08:42, 14 September 2022
- APD/GBA (Belgium) - 48/2021 (category Article 5(1)(a) GDPR)defendant on the basis of Article 100.1, 5 ° LCA given the breach noted in Article 6 of the GDPR combined with Article 5.1.a) of GDPR; - To dismiss the remainder43 KB (6,670 words) - 16:58, 12 December 2023
- APD/GBA (Belgium) - 15/2021 (category Article 15(1) GDPR)(see “1.2.4- As regards the complaint according to which the defendant hadless time than the complainant to prepare his arguments ”).1.1.1. Place1.1.1.1.-85 KB (13,724 words) - 16:52, 12 December 2023
- OLG Nürnberg - 8 U 2907/21 (category Article 15(1) GDPR)right to access under Article 15 GDPR because the controller was entitled to reject the request pursuant to Article 12(5)(b) GDPR. The court reasoned that24 KB (3,847 words) - 15:19, 11 September 2022
- APD/GBA (Belgium) - 149/2023 (category Article 5(1)(a) GDPR)to in Article 5(1) LRN, under which the controller did not fall in. Therefore, the controller breached Article 5(1)(a) GDPR and Article 6(1) GDPR, in conjunction113 KB (17,325 words) - 08:50, 19 March 2024
- Tietosuojavaltuutetun toimisto (Finland) - 918/154/2019 (category Article 17(1) GDPR)was outdated and was no longer of importance to society. Pursuant to Article 17(1) GDPR, the data subject had requested Google LLC (the controller) to remove26 KB (4,072 words) - 12:18, 27 March 2024
- CNIL (France) - SAN-2019-005 (category Article 5(1)(e) GDPR)violates Article 32 GDPR. Retaining personal data of an applicant for a lease after another applicant has been selected also violates Article 5(1)(e) GDPR41 KB (6,558 words) - 17:09, 6 December 2023
- CNIL (France) - SAN-2020-014 (category Article 9 GDPR)breach of Article 32 of the GDPR has occurred. B. On the failure to notify the data breach to the CNIL 32. Pursuant to Article 33 (1) of the GDPR, in the26 KB (4,050 words) - 17:10, 6 December 2023
- HDPA (Greece) - 36/2023 (category Article 5(1)(a) GDPR)under Article 15 (1) GDPR and Article 15(3) GDPR. Furthermore, HDPA found that the data controller failed to fulfil its obligations under Article 5(1) and7 KB (890 words) - 15:02, 15 January 2024
- the following: Article 66 GDPR gives the possibility for a procedure of urgency and from this article (and Article 66 and Article 62 GDPR), the European25 KB (3,812 words) - 10:03, 20 August 2021
- BVwG - W211 2222613-2/12E (redirect from BVwG - W211 2222613-2/12E (request for preliminary ruling under Article 267 TFEU)) (category Article 15(3) GDPR)the personal data to be provided pursuant to Article 15(1) of the GDPR, Article 15(3) sentence 1 of the GDPR must be interpreted as meaning that, due to51 KB (8,592 words) - 07:03, 2 November 2021
- DSB (Austria) - 2020-0.816.655 (category Article 12(1) GDPR)4 line 16, Art. 12 para. 1, Art. 14 para. 1 to para. 5, Art. 15, Art. 51 para. 1, Art. 57 para. 1 lit. f and Art. 77 para. 1 of Regulation (EU) 2016/67928 KB (4,230 words) - 13:53, 12 May 2023
- AEPD (Spain) - E/00113/2019 (category Article 17(1)(b) GDPR)lack of consent, he exercised his right to erasure according to Article 17(1)(b) GDPR. The AEPD found that the complainant had provided the FEDA with his27 KB (4,497 words) - 13:38, 13 December 2023
- NAIH (Hungary) - NAIH/2020/5553 (category Article 12(3) GDPR)under Article 15 and with the one month deadline under Article 12(3). Was Google Ireland Ltd in breach of its obligations under GDPR Article 15(1) and Article27 KB (4,279 words) - 10:12, 17 November 2023
- CNPD (Luxembourg) - Délibération n° 24FR/2022 (category Article 12(1) GDPR)relation to the requirements prescribed by Article 12.1 of the GDPR (transparency obligation) and by Article 13 of the GDPR (right to information). The Head of82 KB (11,472 words) - 16:58, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9542071 (category Article 5(1)(a) GDPR)to ask to be heard by the Authority (Article 166, paragraphs 6 and 7, of the Code; as well as Article 18, paragraph 1, of Law no. 689 of 24/11/1981). In25 KB (3,961 words) - 15:54, 6 December 2023
- Court of Appeal of Brussels - 2021/AR/163 (category Article 83 GDPR)have entered into a breacha / 'article 14.1-2 combined' article 12.3, article 6, article 5.1, c) and articles 5.2 and 24.1-2 of the RGPO. It is therefore72 KB (11,389 words) - 08:59, 20 August 2021
- EFTA Court - Joined Cases E-11/19 and E-12/19 (category Article 57(3) GDPR)point (e) of Article 6(1) of the GDPR. 48 If a data subject has objected to the data processing, it follows from Article 21(1) of the GDPR that compelling59 KB (8,242 words) - 10:47, 17 March 2021
- AEPD (Spain) - PS/00240/2019 (category Article 5(1)(b) GDPR)given that Article 6(1), Article 5(1)(a), Article 5(1)(d), Article 5(1)(c), and Article 14 GDPR were infringed in connection to Article 5(1)(b), the AEPD602 KB (102,229 words) - 14:21, 13 December 2023
- LG Magdeburg - 9 O 1571/20 (category Article 6(1) GDPR)Manifestation of the general right of personality, Article 2 Paragraph 1 GG in conjunction with Article 1 Paragraph 1 GG, or from Section 823 Paragraph 2 BGB in27 KB (4,216 words) - 13:26, 8 January 2024
- HDPA (Greece) - 24/2022 (category Article 5(1)(a) GDPR)security under Article 5(1)(a) and (f) GDPR, and Article 32(1)(2) GDPR, as well as failure to satisfy the right of access. The DPA imposed a €35,000 fine on8 KB (1,087 words) - 16:32, 15 November 2022
- HDPA (Greece) - 7/2023 (category Article 15 GDPR)(definition) Article 5.1 : Principles of data processing Article 5.1.a : Principle of legality, objectivity and transparency Article 5.1.b : Principle9 KB (1,251 words) - 12:15, 8 May 2023
- Datatilsynet (Denmark) - 2021-442-12980 (category Article 32(1) GDPR)In an Article 60 GDPR procedure, the Danish DPA reprimanded Danske bank for a violation of Article 32(1) GDPR. A technical error resulted in the unauthorised10 KB (1,214 words) - 11:39, 22 March 2024
- ANSPDCP (Romania) - 04.03.2021 (category Article 5(1)(f) GDPR)infringement of Article 32 GDPR in conjunction with Article 5(1)(f) GDPR? The Romanian DPA (ANSPDCP) found that the controller violated Article 32 GDPR as they7 KB (1,035 words) - 15:19, 13 December 2023
- Court of Appeal of Brussels - 2022/AR/723 (category Article 5(1)(c) GDPR)21(2) and 21(4) GDPR. Moreover, the DPA held that the controller violated Article 5(1)(a), 5(1)(c), 5(2), 6(1), 12(2), 21(2) and 21(4) GDPR. The controller8 KB (919 words) - 09:54, 14 December 2023
- HDPA (Greece) - 51/2021 (category Article 21(1) GDPR)organization (definition) Article 5.1: Data processing principles Article 5.1.a: Principle of legality, objectivity and transparency Article 5.1. b: Principle of9 KB (1,168 words) - 15:30, 6 December 2023
- APD/GBA (Belgium) - 105/2023 (category Article 5(1)(a) GDPR)((articles 5. 1, a) GDPR , 12.1 GDPR and 14.1 a) and c) GDPR) and how the accountability obligation was fulfilled (art 5.2 GDPR and 24 GDPR). The parties102 KB (15,787 words) - 07:39, 6 September 2023
- Norges Høyesterett - 2021-2403-A (category Article 5(1)(a) GDPR)other two conditions of Article 6 (1) (f) of the GDPR are not met. (26) The second condition of Article 6 (1) (f) of the GDPR is that the processing of46 KB (7,024 words) - 06:18, 6 March 2022
- Tietosuojavaltuutetun toimisto (Finland) - 4680/182/18 (category Article 9(1) GDPR)Regulation Article 5 paragraph 1 subparagraph a Article 7 Article 9 Data Protection Act Section 6 subsection 1 paragraph 1 Insurance Contract Act Section 1 and49 KB (7,496 words) - 14:44, 24 January 2024
- Hoge Raad - ECLI:NL:PHR:2023:935 (category Article 5(1)(c) GDPR)the Strijp-S housing complex in Eindhoven. It's agreed 1 Facts 1.6 1.7 1.8 1.9 1.10 1.11 1.12 1.13 1.14 that [plaintiff] directly to PME Investment Services103 KB (17,620 words) - 10:13, 29 November 2023
- OGH - 6Ob127/20z (category Article 4(1) GDPR)held that a lawsuit under Article 79 GDPR regarding the alleged violation of Article 15 GDPR is indeed feasible. Article 79 GDPR is not limited to certain34 KB (5,408 words) - 13:57, 20 September 2021
- UODO (Poland) - ZSPR.421.2.2019 (category Article 5(1)(f) GDPR)(f), Article 5(2), Article 6(1), Article 7(1), Article 24(1), Article 25(1), Article 32(1)(b), Article 32(1)(c) and Article 32(1)(b), Article 32(1)(c) and71 KB (11,304 words) - 10:01, 17 November 2023
- OLG Naumburg - 9 U 6/19 (category Article 9(1) GDPR)Court found that customers’ order data is health data and fall within Article 9(1) GDPR. Amazon does not collect health data stricto sensu but it can draw32 KB (5,236 words) - 16:00, 10 March 2022
- CNPD (Portugal) - Deliberação 2021/533 (category Article 9 GDPR)2016 (General Data Protection Regulation - GDPR), in conjunction with Article 3, Article 4(2) and Article 6(1)(b), all of which are applicable to the processing30 KB (4,708 words) - 16:56, 6 December 2023
- EDPB - Binding Decision 5/2022 - 'Whatsapp' (category Article 4 GDPR)basis of Article 6(1)(b) GDPR: “...there is a risk that the Draft Decision’s failure to establish Whatsapp IE's infringement of Article 6(1)(b) GDPR, pursuant289 KB (33,568 words) - 15:00, 1 February 2023
- Tietosuojavaltuutetun toimisto (Finland) - TSV/26/2020 (category Article 5(1)(e) GDPR)violated Article 5(1)(e) GDPR and Article 25(2) GDPR. As a result, the DPA issued a reprimand to the controller in accordance with Article 58(2)(b) GDPR. Pursuant77 KB (12,352 words) - 07:20, 23 April 2024
- relation to contraventions of the UK-GDPR, section 168 DPA 2018 provides that "non-material damage" in Article 82 GDPR includes distress. In relation to breaches61 KB (8,986 words) - 08:40, 22 February 2022
- Court of Appeal of Brussels - 2023/AR/801 (category Article 96 GDPR)Appeal considered that Article 96 GDPR does not provide a time limit for the validity of international agreements concluded prior GDPR and that a ban on some11 KB (1,467 words) - 09:40, 6 July 2023
- CNIL (France) - SAN-2020-013 (category Article 6 GDPR)derogant rule, based on the interpretation of Article 95 GDPR in the line of the Rec (173) GDPR and Article 1(2) and 15a of the ePrivacy Directive. The CNIL82 KB (13,424 words) - 17:10, 6 December 2023
- DSB (Austria) - 2021-0.101.211 (category Article 6(1)(c) GDPR)held that “A synopsis of the provisions of Article 9(1)(i) of the GDPR in conjunction with Article 3(1)(1), (1a) and (2) of the EpiG shows that the competent37 KB (5,745 words) - 13:53, 12 May 2023
- AEPD (Spain) - PS/00128/2020 (category Article 6(1)(b) GDPR)breach of Article 13 GDPR? The AEPD held that the facts complained of involving the violation by the City Council of the provisions of Article 13 of the39 KB (5,912 words) - 14:02, 13 December 2023
- Tribunal da Relação de Coimbra - 4354/19.7T8CBR-A.C2 (category Article 4(1) GDPR)receipts is framed in the definition of personal data contained in Article 4(1) of the GDPR because they contain “information relating to an identified or30 KB (4,858 words) - 09:58, 6 October 2021
- APD/GBA (Belgium) - 72/2020 (category Article 5(1)(b) GDPR)articles 5.1.,b) juncto 24.1 and 9.2.a) juncto 7.3 of the RGPD; - that it is not necessary to pronounce one of the measures provided for in Article 100, §1 of34 KB (5,677 words) - 17:00, 12 December 2023
- determines the purposes and means of the processing". According to Article 26(1) of the GDPR, "where two or more controllers jointly determine the purposes73 KB (11,864 words) - 17:03, 6 December 2023
- CNIL (France) - SAN-2020-003 (category Article 5(1)(c) GDPR)principle, namely the breaches of articles 5-1-c), 5 -1 e), 13, 32 and 35-1 of the GDPR; no breach of Article 6 of the GDPR and of Directive 2002/58 / EC of the61 KB (10,028 words) - 17:09, 6 December 2023
- BAG - 9 AZR 383/19 (category Article 38(3) GDPR)Sentence 1, Section 102 Paragraph 1 BetrVG, Section 17 Paragraph 2 Sentence 1 KSchG) on the consultation (e.g. Section 90 Paragraph 2 Sentence 1, Section40 KB (6,019 words) - 14:13, 28 November 2023
- AP (The Netherlands) - 31.05.2021 (category Article 32 GDPR)too sick to work. 1 2See, among other things, article 4 paragraph 1 SUWI and the ZBO register of the Dutch central government. See article 2 paragraph 2 SUWI106 KB (14,502 words) - 17:09, 12 December 2023
- DSB (Austria) - D124.1177/0006-DSB/2019 (category Article 5(1)(e) GDPR) (section Article 17(1)(d) GDPR)cites Articles 5(1)(b) and (e), 9(2)(j), 89(1) GDPR and Section 7(1)(1) and (2)(1) GDPR. In particular, it follows from Article 9(2)(j) GDPR that the processing31 KB (4,648 words) - 13:56, 12 May 2023
- IP - 07121-1/2020/387 (category Article 9 GDPR)issued an opinion as foreseen under Article 58(3) GDPR on the issue of the health data sharing under Article 9 GDPR in the employer - employee context.12 KB (1,812 words) - 15:11, 17 March 2022
- APD/GBA (Belgium) - 38/2021 (category Article 5 GDPR)lawfulness: (1) the consent of the 10 complainant (article 6.1 a) of the GDPR combined with article 7 of the GDPR), (2) article 6.1 c) of the GDPR in that the73 KB (11,604 words) - 16:57, 12 December 2023
- CNIL (France) - SAN-2022-025 (category Article 4(11) GDPR)specified in the same Article 83." 112. Under Article 83 of the GDPR, as referred to in Article 20(III) of the Data Protection Act: "1. Each supervisory authority82 KB (13,463 words) - 17:03, 6 December 2023
- APD/GBA (Belgium) - 53/2020 (category Article 5(1)(a) GDPR)comply with section 5.1(b) of the MDR, and for failure to comply with section 5.1(a) of the MDR. and 5.1(b), 6.1, 25.1 and 25.2, 32.1 and 32.4 of the MDR35 KB (5,853 words) - 16:58, 12 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 1011/161/22 (category Article 5(1)(c) GDPR)reprimand to the controller in accordance with Article 58(2)(b) GDPR. Pursuant to Article 58(2)(d) GDPR, the DPA also ordered the controller to erase the15 KB (2,137 words) - 20:18, 27 March 2024
- Klarna violate Article 15 of the GDPR? The DPA considered that Klarna failed to process the request within the timeframe required by Article 12(3) and without18 KB (2,003 words) - 15:22, 6 December 2023
- Personvernnemnda (Norway) - 2021-18 (20/02059) (category Article 5(1)(d) GDPR)specific categories of information in Article 8 (1) and (5) of Directive 95/46 or in Article 9 (1), Article 10 (1) and Article 10 of Regulation 2016/679, the36 KB (5,859 words) - 06:40, 6 July 2022
- Supreme Court - C.20.0323.N (category Article 5(1)(c) GDPR)minimisation under Article 5(1)(c) GDPR, and contrary to the obligation to obtain the freely given consent of the data subject under Article 6(1)(a) GDPR, when refusal43 KB (6,749 words) - 07:07, 28 October 2021
- Court of Appeal of Brussels - 2019/AR/1600 (category Article 5(1)(c) GDPR)connection with the violation of article/and 5.1. c); 6.1.; 13.1. (c);13.1(e) and13.2(a)AVG: r PAGE 01-00001582885-0002-0033-01- □1-� r L _JCourt of Appeal Brussels60 KB (9,144 words) - 16:17, 22 March 2022
- HDPA (Greece) - 11/2024 (category Article 17(1) GDPR)and 60 of the GDPR does not apply established by the GDPR and, therefore, in accordance with the provisions of articles 55 para. 1, 2 para. 1 and 3 para.36 KB (5,761 words) - 17:19, 22 April 2024
- Court of Appeal of Brussels - 2022/AR/549 (category Article 17(3)(e) GDPR)lawfulness, the Litigation Chamber concludes that Article 5.1.a. of the GDPR in conjunction with Article 6 of the GDPR have not been complied with with regard to37 KB (5,765 words) - 09:53, 14 December 2023
- APD/GBA (Belgium) - 37/2020 (category Article 17 GDPR)provided for in Article 56(1), read in conjunction with Article 56(2), read in conjunction with Article 56(3), read in conjunction with Article 56(4), read131 KB (22,429 words) - 16:57, 12 December 2023
- NIQB - Williams, Re Application for Judicial Review (2022) NIQB 12 (category Article 5(1)(a) GDPR)United Kingdom Relevant Law: Article 5(1)(a) GDPR Article 6(1)(f) GDPR Article 9(2) GDPR Article 35(3) GDPR Article 35(7) GDPR Section 8 Data Protection Act3 KB (214 words) - 12:26, 2 March 2022
- Tietosuojavaltuutetun toimisto (Finland) - 128/182/19 (category Article 9(1) GDPR)considered appropriate in accordance with Article 31(1)(b) GDPR and Article 32(2) GDPR. Pursuant to Article 58(2)(d) GDPR, the DPA ordered the controller to identify17 KB (2,339 words) - 13:39, 12 January 2024
- IMY (Sweden) - DI-2020-11373 (category Article 44 GDPR)million) kroner for violation of Article 44 of the data protection regulation. 1 Description of the supervisory matter 1.1 The processing The Swedish Privacy113 KB (12,773 words) - 15:20, 6 December 2023
- AEPD (Spain) - TD/00185/2019 (category Article 17 GDPR)competent to decide, in accordance with the provisions of Article 56(2) in relation to Article 57(1)(f), both of Regulation (EU) 2016/679 of the European Parliament17 KB (2,620 words) - 14:51, 13 December 2023
- APD/GBA (Belgium) - 35/2024 (category Article 4(1) GDPR)accordance with Article 5.1.a) j° Article 6.1 of the GDPR, any processing of personal data have a legal basis. Article 6.1 of the GDPR stipulates that27 KB (4,006 words) - 10:14, 17 March 2024
- Garante per la protezione dei dati personali (Italy) - 9669974 (category Article 5(1)(c) GDPR)indiscriminate monitoring of employees in violation of Articles 5 (1)(a) and (c), 6, 9,13, 88, and 35 GDPR. An employee of the Municipality of Bolzano alleged that5 KB (550 words) - 15:26, 27 July 2021
- Hoge Raad - 22/03293 (category Article 15 GDPR)Article 35 UAVG implements Article 79 GDPR, and provides: "1. If the decision on a request as referred to in Article 34 has been taken by a body other than8 KB (1,136 words) - 11:34, 4 October 2023
- LfDI (Lower Saxony) - Volkswagen (category Article 35 GDPR)would have been required under Article 28 GDPR. Furthermore, no data protection impact assessment according to Article 35 GDPR was carried out, with which6 KB (739 words) - 09:00, 17 August 2022
- Garante per la protezione dei dati personali (Italy) - 9936136 (category Article 5(1)(e) GDPR)be provided in accordance with Article 12 GDPR and contain all the elements set out in Article 13 GDPR and Article 14 GDPR. Fourthly, on the data storage6 KB (646 words) - 16:59, 6 November 2023
- LG Köln - 28 O 138/22 (category Article 82 GDPR)Sections 1004 analogously, Section 823 (1) and (2) BGB in conjunction with Article 6 (1) GDPR and Article 17 GDPR. Claims under data protection law could39 KB (6,362 words) - 14:01, 22 June 2023
- AEPD (Spain) - EXP202100603 (category Article 6(1) GDPR)controller stated that participants were asked for consent, pursuant to article 6(1)(a) GDPR, and that they were given an alternative accreditation option. The5 KB (584 words) - 09:01, 16 May 2023
- ICO (UK) - Chief Constable West Midlands Police (category Article 38(1) GDPR)34(3), 38(1)(3), 40 and 57(1)(2) of UK GDPR. ICO also recommended that WMP should take certain steps to ensure its compliance with the UK GDPR. Share your18 KB (2,470 words) - 08:01, 10 May 2024
- APD/GBA (Belgium) - 115/2023 (category Article 35 GDPR)from Article 35 GDPR, which is an article directed at controllers and uses it as a basis for evaluating the admissibility of complaints. Article 35 GDPR20 KB (2,909 words) - 06:45, 14 September 2023
- IP - 07121-1/2020/195 (category Article 35 GDPR)protection impact assessment prior to the use of the drones, as provided in Article 35 GDPR. In addition, the IP clarified that the Civil Aviation Agency of the9 KB (839 words) - 14:07, 24 February 2022
- CE - N° 441065 (category Article 4(1) GDPR)installed by a city (Article 9(2)(g) GDPR), no provision on the necessity of the processing with regard to a health policy (Article 9(2)(g) GDPR), and the city5 KB (565 words) - 12:48, 16 September 2021
- Court of Appeal of Brussels - 2020/AR/1333 (category Article 5(1)(a) GDPR)5- □ 1-i; -J L ..J Brussels-2020 Court of Appeal / AR / 1333 p. 3 breach of articles 5.1.a} and 5.1.b), 6.1, 25.1 and 25.2, 32.1 and 32.4 of the GDPR read51 KB (7,792 words) - 11:43, 24 January 2022
- APD/GBA (Belgium) - 17/2020 (category Article 15(1) GDPR)once all the persona data mentioned by virtue of Article 15(1) GDPR, in the lights of Recital (63) GDPR. Thus, the authority ruled that the lack of a complete52 KB (8,603 words) - 16:55, 12 December 2023
- Garante per la protezione dei dati personali (Italy) - 9856694 (category Article 5(1)(a) GDPR)applicable to the controller, including Articles 5(1)(a) and 6 GDPR. As a matter of fact, Articles 5(1)(a) and 6 GDPR set general principles and conditions of processing49 KB (7,758 words) - 15:44, 6 December 2023
- APD/GBA (Belgium) - 04/2021 (category Article 5(1) GDPR)of the GDPR: art. 5.1 a, 12.1, 13, 14, 6, 7, 5.1.c in conjunction with 25, 5.2, 28.3, 31, 37 and 38 AVG. 63. With regard to Article 5 (1) (a) GDPR, the defendant113 KB (18,732 words) - 16:50, 12 December 2023
- CJEU - C-280/22 - Kinderrechtencoalitie Vlaanderen and Liga voor Mensenrechten v Belgian State (category Article 1 GDPR)Articles 1, 2, 3, 4, 5, 6, 9, 25, 32, 35 and 36 of the GDPR, Articles 1, 2, 3, 4, 8, 9, 10, 27 and 28 of Directive (EU) 2016/680, Articles 1, 2, 3, 4,7 KB (740 words) - 11:43, 7 September 2022
- ICO (UK) - Processing of special category biometric data 04102022 (category Article 5(1)(a) GDPR)processed, despite being prohibited by Article 9(1). This is an infringement of Article (9)(1). • Article 35 of the UK GDPR which states that “where a type of10 KB (1,376 words) - 21:05, 7 July 2023
- AEPD (Spain) - 0098/2022 (category Article 6(1)(e) GDPR)assessment and an additional DPIA under Article 35 GDPR, in order to guarantee the adherence to the principles of Article 5 GDPR. First, the Spanish DPA stated56 KB (8,102 words) - 13:57, 1 February 2023
- AP (The Netherlands) - 14.01.2022 (category Article 5(1)(c) GDPR)2019 Pursuant to article 58, second paragraph, opening words and article 83, fifth paragraph, of the GDPR, read in in connection with article 14, third paragraph50 KB (7,656 words) - 17:05, 12 December 2023
- HDPA (Greece) - 13/2024 (category Article 5(1)(a) GDPR)processing under Article 9 GDPR. Second, the HDPA also found a violation of the principle of lawfulness under Article 5(1a) of the GDPR. It found that the12 KB (1,511 words) - 16:01, 10 April 2024
- NSA - III OSK 1789/22 (category Article 5(1)(c) GDPR)inconsistent with Art. 35 section 1 u.s.g. - § 32 of the annex to the resolution, as inconsistent with Art. 35 section 1 and art. 40 section 2 point 1 of the Act on74 KB (12,347 words) - 13:46, 9 October 2023
- CNIL (France) - SAN-2020-012 (category Article 26(1) GDPR)in the same article 83. 111. Article 83 of the GDPR, as referred to in Article 20, paragraph III, of the Data Protection Act, provides: 1. Each supervisory93 KB (14,936 words) - 17:09, 6 December 2023
- CE - N° 434376 (category Article 35 GDPR)associations on the basis of Article L. 761-1 of the Code of Administrative Justice can only be rejected. D E C I D E : -------------- Article 1: The interventions29 KB (4,372 words) - 16:07, 22 March 2022
- KamR Stockholm - Case No. 5888-20 (category Article 9(1) GDPR)data has infringed Article 5, Article 9, Article 35 and Article 36 of the Data Protection Regulation. These articles are covered by article 83.4 and 83.5 and62 KB (7,607 words) - 08:56, 7 October 2021
- Rb. Amsterdam - C/13/693399 / HA RK 20-337 (category Article 6(1)(e) GDPR)object to the processing of his personal data under Article 6(1)(e) GDPR and Article 6(1)(f) GDPR. The court stated that if a data subject objects to data42 KB (6,332 words) - 15:00, 14 July 2021
- Datainspektionen - DI-2019-7782 (category Article 5(1)(a) GDPR)DI-2019-7782 4 (22) infringements of Article 5 (1) (a), Article 6 (1), Article 9 (2), Article 13, Article 35 and Article 36 of the Data Protection Ordinance52 KB (8,101 words) - 11:43, 7 April 2022
- Persónuvernd (Iceland) - 2022050940 (category Article 5(1) GDPR)demonstrate its respect of Article 5(1)(a) and (c) GDPR and should have conducted an impact assessment under Article 35 GDPR and ordered it to comply with31 KB (4,851 words) - 05:33, 9 May 2023
- Tietosuojavaltuutetun toimisto (Finland) - 8211/161/19 (category Article 5(1)(d) GDPR)this from happening, in violation with Article 24(1), Article 24(2), and Article 25(1) GDPR. According to Article 24(4) of the Finish Data Protection Act42 KB (6,579 words) - 08:46, 27 January 2022
- BVwG - W211 2210458-1/10 (category Article 2(1) GDPR)according to To 1): € 1.200,00 To 2): € 300,00 To 3): € 300,00 . . . In total: € 1.800 To 1): 3 days To 2): 1 day To 3): 1 day ... In total: 5 days Ad 1): Art.92 KB (15,435 words) - 16:00, 22 March 2022
- Tietosuojavaltuutetun toimisto (Finland) - 4356/532/19 (category Article 5(1)(a) GDPR)on final judgments did not comply with Article 25(1) GDPR. Pursuant to Article 58(2)(b) and Article 58(2)(d) GDPR, the DPA reprimanded the controller for43 KB (6,671 words) - 08:49, 27 January 2022
- Tietosuojavaltuutetun toimisto (Finland) - 834/532/18 (category Article 5(1)(a) GDPR)on final judgments did not comply with Article 25(1) GDPR. Pursuant to Article 58(2)(b) and Article 58(2)(d) GDPR, the DPA reprimanded the controller for43 KB (6,677 words) - 08:47, 27 January 2022
- Datainspektionen - DI-2019-7024 (category Article 5(1)(f) GDPR)persons. This includes in accordance with Article 35 (3) b that an impact assessment pursuant to Article 35 (1) shall be required in particular in cases70 KB (11,103 words) - 11:43, 7 April 2022
- Datatilsynet (Norway) - 20/01865 (category Article 4(1) GDPR)under Article 4(1) GDPR. These statistics even included health data which qualify as a special category of personal data under Article 9(1) GDPR. The Datatilsynet19 KB (2,942 words) - 09:03, 14 September 2023
- RvS - 202001436/1/A2 (category Article 15(3) GDPR)contained in Article 12(2)(g) and Article 28(1)(c) of the Wrb thus fall within the limit of the right to subsidised legal aid laid down in Article 47 of the21 KB (3,368 words) - 20:43, 26 July 2020
- DPC (Ireland) - IN-21-3-1 (category Article 4 GDPR)controller had infringed Article 6(1) GDPR, in addition to violating the principle of data minimisation in Article 5(1)(c) GDPR. Concerning the second issue20 KB (3,069 words) - 18:48, 24 January 2023
- UOOU (Czech Republic) - N/A (category Article 35 GDPR)ordered to remain in isolation during the pandemic. In April 2021, more than 1 year after the beginning of the Covid-19 pandemic, the Police of the Czech10 KB (1,336 words) - 15:41, 3 May 2023
- AEPD (Spain) - TD/00071/2020 (category Article 17 GDPR)in accordance with the provisions of section 2 of article 56 inin relation to paragraph 1 f) of article 57, both of Regulation (EU) 2016/679 of theEuropean19 KB (2,948 words) - 14:50, 13 December 2023
- APD/GBA (Belgium) - 15/2023 (category Article 5(1) GDPR)regard resources. II.1. Article 5 (1) (a) and (2) of the GDPR and Article 6 (1) of the GDPR II.1.1. Article 5 (1) a) and Article 6 (1) GDPR with regard to legality105 KB (15,883 words) - 15:05, 8 March 2023
- its Article 35, that the concept of personal data and the possibilities for processing and protection will be defined by the law. The same article reaffirms3 KB (332 words) - 13:31, 3 May 2023
- OGH - 6Ob35/21x (category Article 4(1) GDPR)constitute personal data under Article 4(1) GDPR? If so, do they qualify as special categories of personal data under Article 9 GDPR? Is the defendant obliged27 KB (4,090 words) - 09:54, 10 September 2021
- CNPD (Luxembourg) - Délibération n° 13FR/2023 (category Article 5(1)(b) GDPR)their employees. The DPA found a violation of Article 5(1)(b) GDPR, Article 5(1)(c) GDPR and Article 13 GDPR. Following a visit to the premises of two public96 KB (13,984 words) - 16:57, 6 December 2023
- Rb. Midden-Nederland - C/16/481957/KG ZA 19-357 (category Article 35 GDPR)hereinafter referred to separately [defendant sub 1] and SIN-NL and jointly [defendants c.s.]. 1 The procedure 1.1. The course of the procedure is clear: -the24 KB (3,863 words) - 16:19, 10 March 2022
- ANSPDCP (Romania) - Compania Națională Poșta Română SA (category Article 32(1)(b) GDPR)provisions of Article 32(1)(b) GDPR and Article 32(2) GDPR. The DPA fined the processor €2,000 for this data breach. Under the Article 58(2)(d) GDPR it was decided8 KB (948 words) - 16:44, 15 November 2022
- AEPD (Spain) - PS/00052/2021 (category Article 35 GDPR)particulars of article 35, paragraph 1, and article 35, paragraph 3, letters a) to c), the list to be adopted at national level under Article 35(4) and the79 KB (12,680 words) - 17:31, 8 February 2022
- Tietosuojavaltuutetun toimisto (Finland) - 6722/154/2018 (category Article 17(1)(c) GDPR)subject's request to remove the search result link as per Article 58(2)(c) GDPR? Article 87 GDPR gives Member States the right to specify conditions for19 KB (3,000 words) - 13:07, 3 March 2024
- APD/GBA (Belgium) - 36/2021 (category Article 5(1) GDPR)approved appeal of Article 5(1)(a), Article 12(1), Article 13(1) and Article 13(2). The appeal for Article 5(1)(c), Article 6(1) and Article 8 GDPR was not approved62 KB (9,417 words) - 16:57, 12 December 2023
- AEPD (Spain) - EXP202202960 (category Article 35 GDPR)violation of Article 35 of the GDPR, Article 32 of the GDPR and Article 13 of the GDPR, typified in Articles 83.5 of the RGPD and Article 83.4 of the RGPD149 KB (22,597 words) - 12:34, 3 April 2024
- VG Mainz - 1 K 584/19.MZ (category Article 9(1) GDPR)which is protected by Article 1 (1) of the Basic Law, while the plaintiff can primarily invoke his right of ownership under Article 14 (1) of the Basic Law58 KB (9,665 words) - 08:51, 25 November 2020
- Court of Appeal of Brussels - 2019/AR/1006 (category Article 16 GDPR)accordance with Article 4(1) GDPR, according to the DPA. The Court of Appeal of Brussels held that, in accordance with Article 16 GDPR, the data subject59 KB (9,290 words) - 09:10, 5 May 2024
- Rb. Midden-Nederland - C/16/530061 / KG ZA 21-617 (category Article 6(1)(f) GDPR)as BREIN and Ziggo. 1 The procedure 1.1. The course of the procedure is apparent from: † the summons of March 18, 2022 with exhibits 1 through 14 † the productions38 KB (6,263 words) - 16:40, 15 June 2022
- ICO - Monetary Penalty on Ticketmaster UK Limited (category Article 5(1)(f) GDPR)obligations under Article 5(1)(f) and Article 32 of GDPR. Article 5 (1) : Ticketmaster has failed to comply with the requirements of GDPR including to process130 KB (21,195 words) - 13:52, 25 April 2021
- [The equivalent GDPR Article to Article 48(3)(a) EU GDPR is Article 46(3)(a) GDPR, and Article 50(1)(d) EU GDPR is Article 49(1)(d) GDPR.] Share blogs or73 KB (9,347 words) - 13:28, 26 July 2023
- Korkein hallinto-oikeus (Finland) - KHO:2024:34 (category Article 17(1) GDPR)Regulation) Article 1, paragraph 2, Article 5, Article 6, paragraph 1, subparagraph f, Article 17(1)(a), (c) and (d), Article 17(3)(a), Article 21(1) Judgments60 KB (9,713 words) - 13:07, 26 March 2024
- AZOP (Croatia) - Decision 29-06-2022 (bank) (category Article 5 GDPR)the principles of lawfulness and fairness of Article 5 GDPR and without a legal basis under Article 6 GDPR. A bank (the controller) organized prize games20 KB (3,166 words) - 15:36, 30 October 2023
- Garante per la protezione dei dati personali (Italy) - 9845156 (category Article 35 GDPR)exemptions set out in Article 14(5) GDPR apply in this case, the DPA found a violation of the principle of transparency in Article 5(1)(a) GDPR and the obligations128 KB (20,856 words) - 12:32, 14 March 2023
- under Article 6(1)(f) GDPR is not a valid legal basis for the processing of cookies. The Italian DPA also held that the controller violated Article 122 of57 KB (9,084 words) - 15:11, 13 July 2022
- BVwG - W211 2227144-1 (category Article 2 GDPR)held, that the powers of the DSB under the GDPR are extensive. Neither Article 55, Article 77 or Article 51 GDPR nor the DSG limit the DSB's competence regarding38 KB (5,801 words) - 10:08, 10 September 2021
- Garante per la protezione dei dati personali (Italy) - 9963509 (category Article 9(1) GDPR)obligations related to the processing operations pursuant to Article 5(1)(a) GDPR and Article 14(5)(b) GDPR. In that case, the DPA recommended that the information51 KB (7,841 words) - 08:22, 21 December 2023
- Rb. Amsterdam - C/13/694440 / KG ZA 20-1118 (category Article 6(1)(c) GDPR)the provisions of Article 6(1)(c) of the GDPR, or Article 6(1)(f) of the GDPR, or both provisions? 2. Does the answer to question 1 mean that a. the person19 KB (3,086 words) - 09:21, 7 April 2021
- CNIL (France) - SAN-2020-009 (category Article 5(1)(a) GDPR)with the principle of fair and transparent processing contained in Article 5(1)(a) GDPR? Is the information relating to personal data processing operations48 KB (7,404 words) - 17:09, 6 December 2023
- APD/GBA (Belgium) - 129/2023 (category Article 5(1)(f) GDPR)dismissed the complaint on the grounds of (1) "lack of sufficient personal impact" for the purposes of Article 35 GDPR, and (2) "insufficient documentary evidence"20 KB (2,838 words) - 06:45, 20 September 2023
- GHSHE (Netherlands) - 200.270.589 01 and 200.270.589 02 (category Article 6(1)(c) GDPR)is covered by Article 6, clause 1 (c) of the AVG and not by Article 6, clause 6 (f) of the AVG. The BKR itself refers to Article 6, clause 1 (f) of the GCG91 KB (15,371 words) - 15:11, 5 October 2021
- OLG München - 3 U 2906/20 (category Article 4(1) GDPR)according to Article 15 GDPR, which has been directly applicable since May 25, 2018 (Article 99 (2) GDPR). According to Art. 15 Para. 1 GDPR, the person21 KB (3,450 words) - 10:33, 8 February 2022
- Datatilsynet (Norway)- 20/02254 (category Article 57(1)(a) GDPR)the Personal Data Act § 23 and the Privacy Ordinance Article 58 no. 1. Pursuant to Article 58 no. 1 letter a, the Authority has the competence to: "Instruct24 KB (3,498 words) - 16:14, 6 December 2023
- VG Potsdam - VG 3 K 1458/19 (category Article 17 GDPR)alert on the SIS system under Article 17(1)(d) GDPR. The reason for the data subject invoking the GDPR is that Article 53(1) Regulation (EU) 2018/1861 which23 KB (3,560 words) - 14:17, 21 February 2024
- Court of Appeal of Brussels - 2021/AR/205 (category Article 6 GDPR)Dispute Resolution Chamber validly found a breach of Article 21.1 AVG and Article 12.3 AVG - If Article 21.1 AVG imposes an obligation on the controller to make92 KB (14,873 words) - 09:03, 20 August 2021
- CNIL (France) - SAN-2023-018 (category Article 37(1)(a) GDPR)data protection officer pursuant to Article 37(1)(a) of the GDPR 13. In law, Article 37, paragraph 1, a) of the GDPR provides that “The controller and the22 KB (3,384 words) - 13:25, 24 January 2024
- LAG Düsseldorf - 12 Sa 186/19 (category Article 9 GDPR)to a claim under Article 82 (1) GDPR, which he could also base on Article 823 (1) BGB in conjunction with Article 2 (1) and Article 1 (1) GG. The defendant120 KB (20,753 words) - 17:06, 7 March 2022
- Rb. Oost-Brabant - C/01/356292 / KG ZA 20-141 (category Article 6(1)(e) GDPR)that the GDPR applies to the request for removal. The request shall be based on Article 21 in conjunction with Article 79 of the GDPR and Article 35(2) of18 KB (2,804 words) - 16:26, 10 March 2022
- GHDHA - 200.291.947/01 (category Article 6(1)(f) GDPR)Appeal considered Article 35(2) of the Implementing Act of the GDPR (UAVG), which follows from the right to object, Article 21 GDPR. Article 35(2) UAVG stipulates41 KB (6,941 words) - 10:56, 17 November 2021
- AEPD (Spain) - EXP202213792 (category Article 5(1)(c) GDPR)finding likely violations of Article 5(1)(c), 8, 9, 13 and 35 GDPR. The AEPD found a likely violation of Article 35 GDPR. Article 35 GPDR requires that a data178 KB (27,656 words) - 12:28, 7 May 2024
- Rb. Oost-Brabant - C/01/371762 / EX RK 21-90 (interim decision) (category Article 13 GDPR)obligations that follow from Article 12, 13, 14 and 26 GDPR, although this competence does not directly follow from Article 35 of the General Data Protection39 KB (6,439 words) - 06:19, 23 August 2022
- VG Stuttgard - 4 K 836/21 (category Article 2 GDPR)according to Article 16 GDPR, because the certificate is not contained in a filing system or automated storage and therefore, pursuant to Article 2 GDPR, outside17 KB (2,592 words) - 14:22, 5 October 2022
- decision stated: - Pursuant to Article 100, §1, 9 WOG, to order processing in accordance with with Articles 5.1.f, 5.2, 24 and 32 GDPR, in which in particular24 KB (3,393 words) - 09:25, 10 September 2021
- Datatilsynet (Norway) - 20/01790 (category Article 5(1)(a) GDPR)disclosing personal data from a surveillance footage, thus breaching Article 5(1)(a) GDPR and Article 6. The company appealed to the Norwegian Privacy Appeals Board49 KB (7,646 words) - 07:56, 7 March 2022
- Rb. Midden-Nederland - C/16/531572 / KG ZA 21-672 (category Article 4(1) GDPR)consulted before processing, pursuant to Article 36 GDPR. Fourth, the Court noted that, pursuant to Article 10 GDPR and Article 31 Implementation Act, the IP addresses59 KB (9,649 words) - 08:09, 20 October 2022
- Datatilsynet (Denmark) - 2019-31-2071 (category Article 15(1) GDPR)Protection Act) § 22. The provisions of Articles 13(1) to (3), Article 14(1), Article 15 and Article 34 of the Data Protection Regulation shall not apply26 KB (3,820 words) - 16:22, 6 December 2023
- UODO (Poland) - DKN.5101.25.2020 (category Article 5(1)(f) GDPR)with Art. 5 sec. 1 lit. f, art. 24 sec. 1, art. 25 sec. 1, art. 32 sec. 1 lit. d, art. 32 sec. 2, art. 33 paragraph. 1 and art. 34 sec. 1 of the Regulation63 KB (10,088 words) - 09:52, 17 November 2023
- Garante per la protezione dei dati personali (Italy) - 9828901 (category Article 5(1)(a) GDPR)behalf of the controller, violating Article 27(4) GDPR. The DPA confirmed that the controller violated Article 35 GDPR for not having carried out a DPIA91 KB (14,709 words) - 13:02, 14 December 2022
- Garante per la protezione dei dati personali (Italy) - 9675440 (category Article 5(1)(c) GDPR)regulation of the Guarantor n. 1/2000; RAPPORTEUR prof. Pasquale Stanzione; WHEREAS 1. The inspection activity towards the company. 1.1. As part of a control activity180 KB (29,599 words) - 13:51, 28 July 2021
- CNIL (France) - SAN-2022-022 (category Article 17(1)(a) GDPR)requests for information according to Article 15(1) GDPR. The ‘Business secrecy’ exception only applied to Article 15(4) GDPR, where a data subject would request59 KB (9,623 words) - 17:03, 6 December 2023
- AEPD (Spain) - TD/00005/2020 (category Article 17 GDPR)the Spanish Agency of Data Protection, as laid down in Article 56(2) inin relation to Article 57(1)(f), both of Regulation (EU) 2016/679 of European Parliament23 KB (3,780 words) - 14:49, 13 December 2023
- AEPD (Spain) - PS/00050/2021 (category Article 35 GDPR)the treatment could be article 6.1 b) or the 6.1 c), has chosen to request the consent of its employees as indicated in article 6.1 a) and 9.2 a) of the81 KB (13,036 words) - 14:28, 24 November 2022
- RvS - 201902604/1/A3 (category Article 15 GDPR)Considerations Legal framework 1. The relevant laws and regulations are set out in an appendix. This forms part of the ruling. Introduction 1.1. [appellant] is involved20 KB (3,234 words) - 12:01, 24 March 2022
- NAIH (Hungary) - NAIH-5114-35/2022 (category Article 5(1)(e) GDPR)interest. Based on Article 2 (1) of the GDPR, the GDPR must be applied to the data management in this case. GDPR Article 4, point 1: "personal data": for146 KB (22,679 words) - 15:52, 3 May 2023
- GHSHE (Netherlands) - 200.274.447 01 (category Article 5 GDPR)concerns the following in this appeal. 3.1.1. [the employee] , born on [date of birth] 1964, was employed on 1 September 1986 joined Trigion's legal predecessor60 KB (10,118 words) - 15:12, 5 October 2021
- Garante per la protezione dei dati personali (Italy) - 9703988 (category Article 5(1)(c) GDPR)violation of Article 35 GDPR. Thus, the DPA fined the university a total of €200,000 for the violation of Articles. 5(1)(a), (c) and (e), 6, 9, 13, 25, 35, 44 and222 KB (35,993 words) - 09:52, 20 October 2021
- Persónuvernd (Iceland) - 2020061979 (category Article 38 GDPR)5. Paragraph 1 Article 41, paragraphs 1 and 3 Article 46 Act no. 90/2018, cf. point e, paragraph 1 Article 58, paragraphs 1 and 5 Article 83 of regulation33 KB (5,086 words) - 13:03, 7 September 2022
- Garante per la protezione dei dati personali (Italy) - 9920977 (category Article 35 GDPR)with Article 110(1) of the Italian Privacy Code. The Garante further approved the safeguards foreseen by the hospital in line with Article 89 GDPR. However92 KB (14,476 words) - 08:25, 19 September 2023
- Garante per la protezione dei dati personali (Italy) - 9791886 (category Article 35 GDPR)consultation. of the Guarantor pursuant to article 36 of the Regulation "(article 110 of the Code, article 9, paragraph 2, letter j) and par. 4 of the97 KB (15,437 words) - 11:27, 16 August 2022
- Rb. Amsterdam - C/13/687315 / HA RK 20-207 (category Article 4(1) GDPR)the scope of Article 22 and therefore Article 15(1)(h) applies. They also claimed to have a right to data portability under Article 20(1) GDPR and that information82 KB (14,053 words) - 16:25, 25 March 2021
- DSB (Austria) - DSB-D213.1759 (category Article 5(1)(c) GDPR)hereinafter: GDPR), OJ L 119, 4 May 2016, p. 1.: Article 4, Article 5 Paragraph 1 Letter c, Article 6, Article 12 Paragraph 3, Article 51 Paragraph 1, Article72 KB (11,993 words) - 14:21, 10 April 2024
- HDPA (Greece) - 39/2020 (category Article 4(7) GDPR)show_context_help(h) { newWindow = window.open(h,"Help", "menubar=1,toolbar=1,scrollbars=1,resizable=1,width=700, height=500"); } </SCRIPT><NOSCRIPT></NOSCRIPT><STYLE56 KB (7,755 words) - 15:39, 6 December 2023
- EDPB - Binding Decision 1/2020 - 'Twitter' (category Article 5(1)(f) GDPR)infringements of Article 5(1)(f), Article 24, and Article 32 GDPR, and to the objection of the IT SA on the possible infringement of Article 5(2) GDPR, the EDPB183 KB (30,819 words) - 09:50, 20 January 2023
- Garante per la protezione dei dati personali (Italy) - 9451734 (category Article 5(1)(c) GDPR)par. 1, letter a) and c); 6, par. 1, letter c) and e), par. 2 and par. 3, letter b); 9, par. 1, 2, 4, of the Regulation; Articles 2-ter, par. 1 and 324 KB (3,697 words) - 15:52, 6 December 2023
- GHAL - 200.256.387 (category Article 6(1)(c) GDPR)basis under Article 6(1)(c) GDPR, the Court found that the data subject cannot exercise his right to object pursuant to Article 21(1) GDPR. Secondly, the27 KB (4,289 words) - 07:57, 7 March 2022
- APD/GBA (Belgium) - 28/2020 (category Article 6(1)(f) GDPR)be erased and thus also violates Article 17.1(c) AVG. 3.2. With regard to the infringement of Article 6.1 and Article 21.4 of the AVG 29. In its statement27 KB (4,363 words) - 16:56, 12 December 2023
- LG Essen - 6 O 190/21 (category Article 33 GDPR)itself, that the information and measures mentioned in Article 33(1)(b) to Article 33(1)(d) GDPR must also be communicated to the data subject. However28 KB (4,596 words) - 18:30, 18 November 2021
- AKI (Estonia) - 2.1.-3/20/4479 (category Article 5(1)(c) GDPR)representation does not replace Article 9 (2) (a) and (c) consent of the data subject in accordance with Article 7. Article 7 (1) of the ECHR provides that28 KB (4,474 words) - 10:31, 13 December 2023
- NAIH (Hungary) - NAIH-2020-2546-5 (category Article 5(1)(c) GDPR)health data, recorded in copies Article 6 (1) of the GDPR and, in the case of health data, Article 9 of the GDPR. Article 1 (1); (3) did not provide clear72 KB (11,159 words) - 10:09, 17 November 2023
- Datatilsynet (Denmark) - 2023-432-0025 (category Article 5(1)(f) GDPR)processing personal data in violation of Article 5(2) GDPR, Article 5(1)(f) GDPR, Article 24(1) GDPR and Article 32(1) GDPR. The DPA also requested the controller31 KB (4,795 words) - 15:40, 12 December 2023
- CNIL (France) - SAN-2023-016 (category Article 5(1)(b) GDPR)breached Article 5(1)(b) GDPR. Therefore, the DPA handed down a 'call to order' against the joint controllers for breaching Article 5(1)(b) GDPR, and no27 KB (4,166 words) - 17:06, 6 December 2023
- CNIL (France) - SAN-2020-015 (category Article 32(1) GDPR)private doctor for violating Article 32 GDPR by making his patients' health data freely accessible on the web, and Article 33 GDPR by not notifying the DPA29 KB (4,374 words) - 16:03, 19 January 2024
- LAG Berlin-Brandenburg - 10 Sa 443/21 (category Article 15 GDPR)contrary to the plaintiff's view - does not follow from Art. 82 (1) GDPR. Art. 82 (1) GDPR would probably be directly applicable in national law. The defendant28 KB (4,527 words) - 15:58, 26 April 2022
- OGH - 6Ob19/23x (category Article 15(1)(c) GDPR)meet the requirement of accuracy or comprehensibility of Article 12, paragraph 1, sentence 1 GDPR. [6]33 KB (4,912 words) - 13:56, 10 May 2023
- Personvernnemnda (Norway) - 2021-05 (20/02912) (category Article 17(1)(c) GDPR)to the Privacy Ordinance, Article 6, No. 1, letter f, as the relevant valid basis for processing, as well as Article 21, No. 1 on the data subject's right26 KB (4,299 words) - 18:49, 5 March 2022
- Garante per la protezione dei dati personali (Italy) - 9875254 (category Article 35 GDPR)scientific research purposes pursuant to Article 9(2)(j) GDPR, provided that appropriate safeguards under Article 89(1) GDPR are in place. These safeguards (e92 KB (14,614 words) - 06:12, 26 April 2023
- Garante per la protezione dei dati personali (Italy) - 9685994 (category Article 5(1)(c) GDPR)it had found violations of Articles 5(1)(a)(c)(e), 13, 22(3), 25, 30(1)(c)(f)(g), 32, 35, 37(7), and 88 of the GDPR. In defensive briefs, UK Roofoods contended235 KB (38,572 words) - 10:19, 20 July 2022
- Garante per la protezione dei dati personali (Italy) - 9977020 (category Article 5(1)(a) GDPR)constitute a valid legal basis in line with Article 6(1)(e) GDPR, Article 6(2) and (3) GDPR nor with Article 9(2)(g) GDPR. Making reference to case law of the315 KB (49,768 words) - 14:24, 8 February 2024
- GHAL - 200.307.462 (category Article 10 GDPR)assessment pursuant to Article 35 of the GDPR and, depending on the outcome, also have to consult the AP beforehand (Article 36 of the GDPR). In addition, as28 KB (4,573 words) - 10:04, 14 December 2023
- AEPD (Spain) - EXP202205791 (category Article 17 GDPR)with the provisions of section 2 of article 56 in relation to section 1 f) of article 57, both of the RGPD; and in article 47 of the LOPDGDD. C/ Jorge Juan29 KB (4,648 words) - 12:38, 13 December 2023
- CNPD (Luxembourg) - Délibération n° 20FR/2021 (category Article 38(1) GDPR)of articles 38.1, 38.3, 39.1 a) and 39.1 b) of the GDPR; - to issue an injunction against Company A to comply with Article 38.1 of the GDPR, within four66 KB (9,458 words) - 19:42, 4 September 2021
- APD/GBA (Belgium) - 81/2020 (category Article 5(1)(c) GDPR)subjects required by Article 12.2. of the GDPR. 8.1.3. As for the breach of the principle of minimization (article 5.1 c) of the GDPR) 8.1.3.1. In view of the127 KB (21,484 words) - 17:01, 12 December 2023
- Garante per la protezione dei dati personali (Italy) - 9356568 (category Article 36 GDPR)as: 1.1) the voluntary nature of the installation of the app; 1.2) the pursuit of some specific purposes; 1.3) the use of pseudonymised data. 1.1. On the71 KB (11,426 words) - 15:49, 6 December 2023
- AEPD (Spain) - EXP202201746 (category Article 5(1)(f) GDPR)infringement of Article 32 GDPR. Therefore, the Spanish DPA issued a warning sanction for each violation of Article 5(1)(f) and Article 32 GDPR. AEPD highlighted62 KB (9,703 words) - 13:05, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 310/161/23 (category Article 83(6) GDPR)obligation according to Article 25(1) of the General Data Protection Regulation, because the controller had failed to implement Article 5(1)(a) of the General71 KB (11,552 words) - 13:40, 12 January 2024
- APD/GBA (Belgium) - 77/2023 (category Article 5(1)(a) GDPR)storage (Article 5.1.b, 5.1.c, 5.1.d and 5.1.e of the GDPR); - Violation of the principle of legality (article 5.1.a of the GDPR); - Violation of Article 10150 KB (22,339 words) - 09:50, 21 June 2023
- Rb. Noord-Nederland - C/ 18/189406/HA ZA 19-6 (category Article 5(1)(f) GDPR)loss of control of personal data and a breach of Article 5(1)(f) GDPR, Article 6 GDPR and Article 32(2) GDPR. The first complainant is a company that is engaged105 KB (18,002 words) - 16:24, 10 March 2022
- AEPD (Spain) - EXP202213323 (category Article 5(1)(c) GDPR)...36 8.1. Violation of article 35 of the GDPR................................................ ...................36 8.2. Violation of article 9 of the176 KB (27,432 words) - 07:43, 10 May 2024
- LG Leipzig - 03 O 1268/21 (category Article 82(1) GDPR)right of access pursuant to Article 15 GDPR, in particular to provide a copy of the personal data pursuant to Article 15(3) GDPR, as well as their right to19 KB (3,155 words) - 10:17, 21 April 2022
- IMY (Sweden) - DI-2020-11368 (category Article 44 GDPR)may not be based on Article 45. Article 46.1 provides, among other things, that in the absence of a decision in accordance with Article 45.3 a personal data115 KB (12,842 words) - 08:38, 5 July 2023
- Rb. Den Haag - C-09-608582-HA RK 21-101 (category Article 6(1)(f) GDPR)paragraphs 1 and 2 GDPR). In this context, Defam is the controller (Article 4(7) of the GDPR). Article 6(1) of the GDPR provides that processing of personal data31 KB (4,916 words) - 10:19, 25 January 2022
- IP - 07121-1/2020/199 (category Article 6(1)(e) GDPR)surveillance to be found in Article 6 (1) of the General Regulation. The legal bases provided for in the General Regulation in Article 6 (1) are: the data subject15 KB (1,752 words) - 14:07, 24 February 2022
- Rb. Midden-Nederland - C/16/502323 / HA RK 20-122 (category Article 15 GDPR)L. Groeneveld. 1 The procedure 1.1. [petitioner] filed a petition with the court on 13 May 2020. The petition is based on Article 35 paragraph 2 of the21 KB (2,968 words) - 10:13, 6 May 2021
- VG Schwerin - 1 A 1254/20 SN (category Article 57(1)(f) GDPR)his claim on Article 78(1) of the GDPR in conjunction with Article 57 of the GDPR. Article 57 of the GDPR. The scope of Article 57 of the GDPR is indeed open37 KB (6,156 words) - 10:12, 26 May 2021
- HmbBfDI (Hamburg) - Vermerk: Abdingbarkeit von TOMs (category Article 6(1)(a) GDPR)even though Article 32 GDPR stipulates such a technical measure for certain emails. It is important to note that only Article 6(1)(a) GDPR allows for such30 KB (4,562 words) - 15:27, 6 December 2023
- Rb. Amsterdam - C/13/692003/HA RK 20-302 (category Article 15(1) GDPR)processing of their personal data pursuant to Article 12 (1) of the GDPR. 4.7. Pursuant to Article 15 (1) of the GDPR, the person whose personal data is being30 KB (4,797 words) - 10:03, 19 May 2021
- CNPD (Luxembourg) - Délibération n° 38FR/2021 (category Article 38(1) GDPR)controller was in breach of Article 38(1) GDPR at the time of the investigation. Regarding the breach of Article 39(1)(b) GDPR, the CNPD concurred with the81 KB (11,895 words) - 16:58, 6 December 2023
- Datatilsynet (Denmark) - 2019-31-1424 (category Article 15 GDPR)assessments. 4.2.1. Exemption under Article 15 (1) of the Data Protection Regulation. 4 The right to access is limited, among other things. Article 15 (1) of the33 KB (5,189 words) - 16:23, 6 December 2023
- Personvernnemnda (Norway) - 2020-14 (19/00110) (category Article 6(1)(f) GDPR)refers to the Privacy Ordinance Article 6 No. 1 letter f as the relevant valid basis for processing, as well as Article 21 No. 1 on the data subject's right32 KB (5,120 words) - 18:48, 5 March 2022
- AP (The Netherlands) - z2018-02009 (category Article 32 GDPR)(hereinafter: the GDPR) applies on 25 May 2018 become. The GDPR imposes the same obligation in Article 32, paragraph 1, as it applied under Article 13 6. The UWV33 KB (5,112 words) - 17:10, 12 December 2023
- Rb. Den Haag - C/09/550982/HA ZA 18/388 (category Article 5(1)(b) GDPR)for Intervention Teams (Article 65 paragraph 1 of the SUWI Act in conjunction with Article 1.1 bb and Article 5.a.1 paragraph 1 of the SUWI Decree). 4.10128 KB (21,722 words) - 16:14, 10 March 2022
- IP (Slovenia) - 0603-98/2022/6 (category Article 6(1) GDPR)ZVOP 1 in relation to point 1 of the first paragraph of Article 91 of ZVOP 1 and when applying the second paragraph of Article 26 of ZP 1, the first paragraph25 KB (4,035 words) - 13:16, 26 July 2023
- VG Osnabrück - 1 B 72/21 (category Article 6(1)(c) GDPR)meaning of Article 6 Paragraph 3 in conjunction with Paragraph 1 Letter c) or Letter e) GDPR, whereby according to Article 85 Paragraph 1, 2 GDPR the protection34 KB (5,527 words) - 13:49, 12 April 2022
- IMY (Sweden) - DI-2021-1905 (category Article 5(1)(f) GDPR)Swedish DPA fined Trygg-Hansa SEK 35 million (around €3 million) for breaching Article 5(1) GDPR and Article 32 GDPR. In April 2022, Moderna Försäkringar60 KB (7,023 words) - 08:49, 15 September 2023
- ICO - FS50865947 (category Article 5(1)(a) GDPR)its disclosure under Article 6(1)(f) GDPR and therefore 'processing' the personal data by disclosing the name would breach Article 5(1)(a). Following this5 KB (621 words) - 10:14, 24 August 2020
- of the GDPR, Article 6 of the GDPR, Article 9 of the GDPR, Article 12 of the GDPR, Article 35 of the RGPD, Article 13 of the RGPD, Article 25 of the RGPD337 KB (50,591 words) - 15:29, 5 August 2021
- GHDHA - 200.290.360-01 (category Article 23(1)(i) GDPR)legislative measure that serves one of the objectives listed in Article 23, namely Article 23(1)(i) GDPR. After all, the Court of first instance notes, “compliance35 KB (5,770 words) - 07:13, 4 April 2022
- IP - 07121-1/2021/597 (category Article 2(2) GDPR)of Slovenia, No. 94/07, official consolidated text, hereinafter ZVOP-1) and 2 Article of the Information Commissioner Act (Official Gazette of the Republic6 KB (911 words) - 16:58, 13 April 2021
- The heading of Article 6(1) and the wording “has given” in Article 6(1)(a) support this interpretation. It follows logically from Article 6 and Recital65 KB (9,767 words) - 16:22, 6 December 2023
- AEPD (Spain) - EXP202104693 (category Article 6(1) GDPR)based on article 6.1 c) of the GDPR, it is that is, compliance with a legal obligation, referring to article 22.2 of the LOPD and article 11.1.h of Organic143 KB (23,267 words) - 08:54, 16 May 2023
- VGH München – 11 ZB 19.991 (category Article 5(1)(b) GDPR)§ 166 para. 1 p. 1 ZPO § 114 para. 1 p. 1, § 121 para. 1 StVZO § 31a paragraph 1 p. 1, paragraph 3 Regulation (EU) 2016/679 Art. 5 para. 1 lit. d, Art31 KB (5,184 words) - 17:19, 15 April 2023
- Korkein hallinto-oikeus (Finland) - KHO:2023:56 (category Article 5(1)(c) GDPR)Regulation) Article 5, paragraph 1, subparagraph c, Article 25, Article 58, paragraph 2, subparagraph d, and Article 87, Section 29, subsection 1 of the Data45 KB (5,016 words) - 14:14, 21 March 2024
- OLG Stuttgart - 2 U 257/19 (category Article 13 GDPR)Guiding Principles 1 Section 13 (1) sentence 1 TMG is superseded by the provisions of the basic data protection regulation. 2 Article 80 DPA does not contain52 KB (8,574 words) - 16:03, 10 March 2022
- DSB (Austria) - D550.038/0003-DSB/2018 (category Article 5(1)(a) GDPR)provision(s): Regarding 1) - Article 5(1)(a) and (c) and Article 6(1) of the Data Protection Basic Regulation - DSGVO, OJ No L 119, 4.5.2016, p. 1. Re 2) (a) Section31 KB (5,161 words) - 14:02, 12 May 2023
- CJEU - T‑200/21 JS v European Data Protection Supervisor (EDPS) (category Article 17 GDPR)the processing of personal data of Article 23(1) of Regulation 2018/1725, the EDPS recalled that, under Article 5(1)(b) of Regulation 2018/1725, processing61 KB (9,971 words) - 14:28, 4 January 2024
- (Article 57, 1., a) GDPR), and the performance of all other related tasks with the protection of personal data (Article 57, 1., v) GDPR). 10 49. In that respect35 KB (5,303 words) - 17:01, 12 December 2023
- RvS - 201901006/1/A2 (category Article 79 GDPR)that this would also be contrary to the AVG. Article 82 of the AVG 12. Article 82 of the AVG reads as follows: 1. Any person who has suffered material or non-material34 KB (5,179 words) - 07:10, 7 April 2020
- GHAMS - 200.295.747/01 (category Article 15(1)(h) GDPR)in Article 15(1)(h) only relates to the form of automated decision making referred to in Article 22(1) to (4). This implied that under Article 15(1)(h)80 KB (13,304 words) - 13:05, 12 April 2023
- NAIH (Hungary) - NAIH-4137- 8/2022 (category Article 5(1)(a) GDPR)data are part of a filing system, in line with Article 2(1) GDPR. Article 4(6) GDPR defines a filing system as "any structured set of personal data, which75 KB (11,860 words) - 13:16, 19 October 2022
- paragraph of Article 2, ZKme-1 (point a) of the third paragraph of Article 5, the first paragraph of Article 139, the second paragraph of Article 143 of the30 KB (4,951 words) - 10:08, 8 March 2023
- Garante per la protezione dei dati personali (Italy) - 9988614 (category Article 9 GDPR)provided to the interested parties based on Article 13 GDPR and to non-contactable persons based on Article 14 GDPR. The information notice includes the right115 KB (18,087 words) - 14:11, 17 April 2024
- VG Ansbach - 14 K 19.01274 (category Article 77 GDPR)the GDPR also applied to facts before the above-mentioned date. The Court noted that the entry-into-force of the GDPR according to Article 99 GDPR represents33 KB (5,554 words) - 11:06, 19 November 2021
- NSS - 10 As 190/2020 - 39 (category Article 32 GDPR)body within the meaning of Article 83(7) GDPR. In interpreting what amounts to a public authority or body under Article 83(7) GDPR, the NSS held that such34 KB (5,374 words) - 04:32, 28 April 2022
- Rb. Midden-Nederland - UTR 20/1703 (category Article 15(1) GDPR)access to his personal data pursuant to Article 35 of the Personal Data Protection Act, the predecessor of the GDPR. The controller provided an overview of21 KB (3,360 words) - 15:38, 3 June 2022
- AKI (Estonia) - 2.1.-1/22/1396 (category Article 5(1)(f) GDPR)basis in line with Article 13(1)(d) GDPR. The DPA stated that it would impose a fine on the controller, pursuant to Article 58(2)(i) GDPR, if latter does34 KB (5,305 words) - 08:40, 29 June 2023
- GHAL - 200.278.124/01 (category Article 5(1)(c) GDPR)in Article 17 GDPR (cf. Article 17 (3) b GDPR). In that case, the data subject does not have the right to object as referred to in Article 21 GDPR, because35 KB (5,805 words) - 10:04, 14 December 2023
- AKI (Estonia) - EDPBI:EE:OSS:D:2022:362 (category Article 17 GDPR)In an Article 60 GDPR decision, the Estonian DPA reprimanded a controller for a violation of Article 17 GDPR. The controller did not erase all personal12 KB (1,460 words) - 10:11, 11 January 2023
- AEPD (Spain) - PS/00099/2022 (category Article 5(1)(f) GDPR)controller with €10,000 for the violation of Article 5(1)(f) GDPR and €25,000 for the violation of Article 32 GDPR. There is a pattern in the Spanish DPA resolutions38 KB (5,920 words) - 12:43, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 3843/163/20 (category Article 5(1)(a) GDPR)the DPA held that the controller had violated Article 5(1)(a) GDPR, Article 5(1)(c) GDPR, Article 6 GDPR and Section 3 of the Finnish Act on the Protection39 KB (6,038 words) - 17:39, 29 April 2024
- BVwG - W176 2265088-1 (category Article 5(1)(a) GDPR)before the BVwG, claiming that a mere violation of Article 12 GDPR, Article 13 GDPR or Article 14 GDPR cannot imply unlawful processing activities and that11 KB (1,495 words) - 15:09, 25 October 2023
- AKI (Estonia) - 2.1.-1/22/2643 (category Article 4(1) GDPR)accordance with Article 4(1) GDPR. Personal data may only be processed if there is a valid legal basis referred to in Article 6(1) GDPR. As a general rule12 KB (1,754 words) - 10:51, 3 January 2023
- VSRS - II Ips 23/2020 (category Article 17 GDPR)the European Union, Article 8 of the European Convention on Human Rights (right to respect for private and family life) and Article 35 of the Constitution55 KB (9,115 words) - 09:22, 7 June 2022
- Rb. Amsterdam - KG ZA 23-440 (category Article 21(1) GDPR)ING against the processing of his personal data on the basis of Article 21 paragraph 1 GDPR due to his specific situation. Now that ING has rejected that12 KB (1,771 words) - 13:53, 18 July 2023
- AP (The Netherlands) - 24.02.2022 (category Article 13(1)(e) GDPR)requirements of article 24 and 32, paragraph 1, AVG and further elaborated in article32, paragraph2, preamble, FISHOrdinancesBIO standards5.1.1,5.1.1.1and5.1.2.1.179 KB (22,957 words) - 17:07, 12 December 2023
- VG Ansbach - AN 14 K 19.01274 (category Article 78(1) GDPR)judicial review under Article 78 GDPR. The disputed infringement occurred before the GDPR came into legal force according to Article 99 GDPR. Therefore, the35 KB (5,807 words) - 14:24, 12 October 2022
- AEPD (Spain) - EXP202201681 (category Article 13 GDPR)provided in article 5.1.f) and 32.1 of the GDPR (LCEur 2016, 605). It should be noted that the GDPR, without prejudice to the provisions of its article 83, contemplates195 KB (30,495 words) - 12:40, 13 December 2023
- AP (The Netherlands) - 26.11.2020 (category Article 32(1) GDPR)pursuant to article 32(1) of the GDPR. The AP disagrees. The conclusion of the AP that OLVG does not comply with article 32(1) of the GDPR by not meeting67 KB (11,415 words) - 17:15, 12 December 2023
- CNIL (France) - SAN-2021-003 (category Article 4(1) GDPR)broad definitions of processing and personal data laid down by Article 4(1) and (2) GDPR. The DPA then quotes ECJ, 11 December 2014, Ryneš, case C-212/1339 KB (6,015 words) - 17:11, 6 December 2023
- BVwG - W256 2214855-1/6E (category Article 6(1)(f) GDPR)of Section 1 or Article 2 1st main item. As can be seen from Section 1 of the DPA (in accordance with Art. 1 (EU) 2016/679), OJ L 2016/119, 1 (hereinafter:27 KB (4,149 words) - 16:02, 22 March 2022
- Rb. Midden-Nederland - ECLI:NL:RBMNE:2023:6043 (category Article 12(3) GDPR)response to an access request. The controller was in violation of Article 12(3) GDPR, as they had failed to respond to the data subject's access request11 KB (1,582 words) - 10:36, 6 December 2023
- Datatilsynet (Denmark) - 2021-423-0236 (category Article 32(1) GDPR)The Danish DPA found that the Høje-Taastrup Municipality violated Article 32(1) GDPR because it did not have guidelines or objective criteria in place13 KB (1,970 words) - 16:12, 22 March 2022
- Rb. Amsterdam - C/13/722086 / KG ZA 22-759 AB/MB (category Article 21(1) GDPR)request from the data subject according to Article 21 GDPR. The court stated that under Article 21(1) GDPR, a data subject has the right to object to processing12 KB (1,749 words) - 08:32, 31 October 2022
- BGH - VI ZR 692/20 (category Article 6(1)(f) GDPR)erasure pursuant to Article 17(1) GDPR were not fulfilled. First, the processing was not unlawful pursuant to Article 17(1)(d) GDPR. As the processing was40 KB (6,622 words) - 13:32, 21 April 2022
- Rb. Zeeland-West-Brabant - AWB- 20 9345 (category Article 15 GDPR)looked at the provisions of the General Administrative Law Act (AwB). Article 1:3(1) of the AwB defines what an administrative decision is under Dutch administrative15 KB (1,886 words) - 15:03, 21 July 2021
- APD/GBA (Belgium) - 50/2024 (category Article 17(3)(e) GDPR)ensure the confidentiality and integrity of the personal data, under Article 5(1)(f) GDPR. Thus, the APD decided to dismiss the complaint. Share your comments14 KB (1,990 words) - 14:50, 10 April 2024
- EDPB - Binding Decision 4/2022 - 'Meta (Instagram)' (category Article 4 GDPR)rely on Article 6(1)(b) GDPR in the context of its offering of the Instagram Terms of Use, and to include an infringement of Article 6(1) GDPR” (Para 137)468 KB (51,340 words) - 14:10, 30 January 2023
- EDPB Plenary 6/Minutes (section Art. 64 GDPR Opinion on Contractual Clauses for processors [REDACTED] under Art. 28.8 GDPR - discussion and confirmation of the drafting team)on the Brexit, i.e. point 2.1.A after the request of two members of the EDPB. Items 2.1, 2.1.A (NEW), 3.2.1, 3.2.1.1, 3.2.1.2, 3.3.2, 3.3.3 and 3.3.4 of18 KB (2,648 words) - 22:06, 9 June 2020
- APD/GBA (Belgium) - 18/2023 (category Article 5(1)(a) GDPR)constitute a violation of Article 5.1.a and Article 6.1 of the GDPR. - pursuant to Article 58.2.c) of the GDPR and Article 95, §1, 5° of the LCA, to order29 KB (4,332 words) - 13:51, 21 March 2023
- NAIH (Hungary) - NAIH-642-4/2022 (category Article 5(1)(c) GDPR)€7,80) for the breach of Articles 5(1)(b)(c) GDPR, 6(1) GDPR, 12(1) GDPR, 7(2) GDPR, 9(1) GDPR, 13 GDPR and 14 GDPR. Independent of any instructions from73 KB (11,498 words) - 15:22, 29 August 2023
- Persónuvernd (Iceland) - 2020010642 (category Article 5(1)(a) GDPR)carried out in the public interest (Article 9(5) of the Icelandic Data Protection Act no. 90/2018 , and Article 6(1)(e) GDPR). The Municipality further argued28 KB (4,334 words) - 07:57, 5 October 2021
- AEPD (Spain) - PS/00223/2021 (category Article 17 GDPR)factor of article 80.1.a) of the LGT, by motivating him in a generic way. 3. Disagreement with the application of the aggravating factor of article 80.1.c) of30 KB (4,594 words) - 07:25, 22 June 2022
- UODO (Poland) - ZSPR.440.331.2019.PR.PAM (category Article 15(1) GDPR)with complete information pursuant to Article 15(1) GDPR. Therefore, using its power laid down in Article 58(2)(c) GDPR, the DPA ordered the controller to28 KB (4,389 words) - 16:10, 21 December 2021
- Council of State - 253.677 (category Article 9 GDPR)was not signed in accordance with the provisions of Article 43(1). It also follows from Article 76(1)(4) of the Royal Decree of April 18, 2017 that failure85 KB (13,820 words) - 09:28, 2 March 2023
- OLG Köln - 15 U 89/19 (category Article 17(3) GDPR)with Art. 2 para. 1, Art. 1 para. 1 GG, Art. 17 para. 1 lit. d) DSGVO, because her personal data is stored according to Art. 6 para. 1 lit. f. DSGVO had143 KB (24,273 words) - 15:59, 10 March 2022
- Court of Appeal of Brussels - 2020/AR/1111 (category Article 3(1) GDPR)ofcontroller (article 4.7 of the GDPR), the scope of the GDPR (article3.1 of the GDPR), the right to erasure (article 17 of the GDPR) and its powers (article 58.2of37 KB (5,919 words) - 08:54, 20 August 2021
- VG Regensburg - RN 9 K 19.1061 (category Article 77(1) GDPR)under Article 77(1) GDPR and subsequently the right of judicial remedy against the supervisory authority under Article 78(1) GDPR. Article 79 (1) GDPR provides94 KB (15,537 words) - 09:09, 25 August 2020
- APD/GBA (Belgium) - 145/2023 (category Article 4(1) GDPR)Service and transferred to the Disputes Chamber pursuant to article 62, § 1 j° article 92, 1° WOG. 10. On 7 February 2020, the Disputes Chamber invites39 KB (6,247 words) - 09:14, 15 November 2023
- LSG Hamburg - L 3 R 7/21 (category Article 16 GDPR)completeness in Article 16 GDPR is to be understood relatively and not absolutely. Personal data is therefore only incomplete in the sense of Article 16 GDPR if it15 KB (2,275 words) - 17:21, 25 January 2022
- VSRS - VSRS Sodba IV Ips 2/2021 (category Article 83 GDPR)(such as Article 85 GDPR). Under Article 57(1)(a) GDPR, the Slovenian DPA is under the obligation to monitor and enforce the application of the GDPR; under30 KB (4,982 words) - 14:27, 17 September 2021
- AEPD (Spain) - PS/00040/2020 (category Article 15 GDPR)from the Law: "Article 36. Taxpayers 1. They are taxpayers, as taxpayers, natural or legal persons, and the entities referred to in article 35.4 of Law 58/200338 KB (6,303 words) - 13:50, 13 December 2023
- AEPD (Spain) - TD/00277/2020 (category Article 17 GDPR)motor index of search the following urls: 1. *** URL.1 2. *** URL.2 3. *** URL.3 SECOND: In accordance with article 65.4 of the LOPDGDD, which has provided40 KB (6,518 words) - 13:29, 13 December 2023
- VG Mainz - 1 K 473/19.MZ (category Article 15(1) GDPR)which personal data could be deleted, the court concludes that Article 15 (1) (e) GDPR sets an obligation to inform a data subject about the existence31 KB (4,898 words) - 11:49, 19 April 2021
- APD/GBA (Belgium) - 141/2021 (category Article 38(6) GDPR)there is no violation of articles 5.1(c), 5.1(d), 5.1(e) and 5.1(f). Articles 5.1(c), (d) and (f), 5.2, 12, 16, 24, 25, 30.1, 31, 32, 38.3 and 38.6 of the AVG90 KB (14,937 words) - 12:35, 3 August 2022
- Datainspektionen - DI-2018-9274 (category Article 5(1)(b) GDPR)pursuant to Article 6 (1) (f) (Article 13 (1) (c)), the company or third parties legitimate interests which make the treatment necessary (Article 13 (1) (d))96 KB (12,267 words) - 11:43, 7 April 2022
- Rb. Rotterdam - C/10/583910/KG ZA 19-1062 (category Article 9(1) GDPR)invoked Recital 1 GDPR and Recital 4 GDPR and the definition of processing under Article 4(2) GDPR. Then, it noted that according to Article 9 GDPR and Recital31 KB (5,039 words) - 16:28, 10 March 2022
- DSB (Austria) - 2022-0.930.971 (category Article 89 GDPR)in accordance with Article 32 Paragraph 1 GDPR by the applicant in an appropriate manner in accordance with Article 32 Paragraph 1 GDPR to be secured, e31 KB (4,726 words) - 08:13, 16 November 2023
- It ordered the Finnish Police to bring processing into compliance with the GDPR and to notify identifiable data subjects of this breach. On March 31, 202128 KB (4,390 words) - 07:25, 14 October 2021
- VG Hannover - 10 A 502/19 (category Article 5(1)(a) GDPR)which the person responsible is subject. In contrast to Article 6 (1) (b) GDPR, Article 6 (1) (c) GDPR with “legal obligation” does not mean a contractual41 KB (6,779 words) - 12:35, 24 November 2021
- APD/GBA (Belgium) - 37/2021 (category Article 5(1)(b) GDPR)condition of necessity is maintained under Article 6.1 b) to f) of the GDPR. The article 6.1 of the GDPR replaces Article 7 of the Directive, without the relevant45 KB (6,780 words) - 16:57, 12 December 2023
- VGH München – 5 CS 19.2087 (category Article 4(1) GDPR)under Article 5.1 sentence 1 of the Basic Law. The claim to access to information is based on § 2.1 sentence 1 no. 1 VIG and not on Article 5.1 sentence40 KB (6,397 words) - 08:03, 21 March 2022
- CNPD (Portugal) - Deliberaçao 2024/137 (category Article 5(1)(a) GDPR)provisions of Article 3o , Article 4(2) and Article 6(1)(b), all of the GDPR Implementing Law. 57. Under the terms of Article 55(1) of the GDPR, supervisory49 KB (7,923 words) - 14:36, 3 April 2024
- OGH - 6Ob56/21k (category Article 2(2)(c) GDPR)such a context, the judging Senate recently stated (6 Ob 35 / 21x): "1. According to Art.82 (1) GDPR, every person who has suffered material or immaterial127 KB (21,056 words) - 08:17, 19 August 2021
- Datatilsynet (Norway) - 20/02376 (category Article 24(1) GDPR)of personal data follow from Article 5 (1) of the Privacy Regulation. We refer to Article 5 (1) (a), (b), (c) and (f): 3 1. Personal data shall a) is processed38 KB (5,620 words) - 07:40, 4 October 2021
- AEPD (Spain) - PS/00001/2021 (category Article 5(1)(f) GDPR)enshrined in Article 25 GDPR. Additionally, the AEPD concluded that the controller had violated Article 5(1)(f) GDPR, noting that although the GDPR does not270 KB (43,335 words) - 12:39, 13 December 2023
- BVwG - W298 2269087-1 (category Article 83 GDPR)follows: Article 83 paragraph 1, 2 and 5 lit. a GDPR:Article 83, paragraph ,, 2 and 5 lit. a, GDPR: "Article 83 General conditions for imposing fines 1. Each52 KB (8,464 words) - 11:50, 26 July 2023
- OLG Köln - 20 U 295/21 (category Article 4(1) GDPR)found that the right to a copy under Article 15(3) GDPR is independent from the right to access under Article 15(1) GDPR and is to be construed extensively42 KB (6,689 words) - 08:30, 21 November 2022
- PHR - 22/01253 (category Article 15 GDPR)personal data in that assessment pursuant to Article 15(1) GDPR. However, Article 23(1)(i) GDPR and Article 41 UAVG provide the possibility of a restriction241 KB (42,617 words) - 14:14, 13 September 2022
- Personvernnemnda (Norway) - 2021-09 & PVN-2021-15 (20/01790) (category Article 5(1)(a) GDPR)infringement in question was correctly defined as a breach of Article 5(1)(a) GDPR and Article 6(1)(f). However, the PVN did not agree that the infringement40 KB (6,549 words) - 18:49, 5 March 2022
- CNIL (France) - SAN-2020-008 (category Article 5(1)(e) GDPR)violation of Article 12 GDPR ? Are the following practices an infringement on data subjects' information right as described in Article 12 GDPR ? Spreading104 KB (16,646 words) - 17:09, 6 December 2023
- APD/GBA (Belgium) - 12/2019 (category Article 6(1)(a) GDPR)implementing the ePrivacy Directive and Articles 6(1)(a) and 7 GDPR, in the lights of Article 4(11) and Recital 32 GDPR. Following this report, the GBA issued a107 KB (17,697 words) - 16:52, 12 December 2023
- OGH - 6Ob35/21x (request for preliminary ruling under Article 267 TFEU) (category Article 82 GDPR)under Article 82(1) of the GDPR; they can only "lead to [...] non-material damage". [21] (7) Compensation for non-material damage under Art 82(1) GDPR therefore23 KB (3,551 words) - 09:54, 10 September 2021
- RvS - 201901832/1/A3 (category Article 4(7) GDPR)referred to in Article 2.3.2 or by virtue of Article 2.3.8, 5.2.2, 5.2.3, 5.2.4 or 5.2.5 and necessary for the implementation of Article 2.1.4, 2.1.5, 2.3.219 KB (3,012 words) - 15:09, 17 March 2022
- Rb. Midden-Nederland - C/16/526196/ HA RK / 21-01 (category Article 6 GDPR)under article 6 GDPR. However, the Court concluded that an immediate notification sent to the data subject was not necessary under article 34 GDPR. In particular34 KB (5,483 words) - 11:58, 5 December 2022
- AEPD (Spain) - PS/00059/2020 (category Article 28 GDPR)having knowledge of the following: 1.1 In general, marketing actions can be classified attending to several criteria. 1.1.1. Campaigns managed directly by287 KB (48,336 words) - 13:53, 13 December 2023
- CNIL (France) - SAN-2020-056 (category Article 5(1)(d) GDPR)the data 35. The Commission recalls that ensuring the accuracy and updating of the data is a legal obligation under Article 5.1(d) of the GDPR. 36. In this43 KB (6,847 words) - 17:11, 6 December 2023
- Datatilsynet (Denmark) - 2023-432-0016 (category Article 5(1) GDPR)fairness and transparency under Article 5(1)(a) GDPR, as well as the principle of data minimisation pursuant to Article 5(1)(c) GDPR, since they did not process46 KB (7,192 words) - 12:37, 19 December 2023
- CNPD (Luxembourg) - Délibération n° 21FR/2021 (category Article 5(1)(c) GDPR)company was not compliant with Article 13 GDPR. The CNPD held that the controller infringed Article 5(1)(c) GDPR and Article 13 GDPR and decided to: - impose52 KB (7,520 words) - 13:13, 20 July 2021
- CNIL (France) - SAN-2023-082 (category Article 5(2) GDPR)obligations in accordance with Article 26 of the GDPR. 1.3. Processing of personal data included in the scope of this methodology 1.3.1. Only processing of personal46 KB (7,106 words) - 17:06, 6 December 2023
- HDPA (Greece) - 12/2022 (category Article 5(1)(a) GDPR)lawfulness, fairness and transparency under Article 5(1)(a) GDPR, and the principle of accountability under Article 5(2) GDPR. Additionally, the HDPA held that the46 KB (7,390 words) - 08:07, 1 April 2022
- Garante per la protezione dei dati personali (Italy) - 9677521 (category Article 5(1)(a) GDPR)the Guarantor pursuant to Article 166, paragraph 7, of the Code "(Article 16, paragraph 1, of the Guarantor Regulation no. 1/2019). The aforementioned56 KB (8,926 words) - 14:57, 14 July 2021
- OLG Frankfurt am Main - 13 U 206/20 (category Article 17(1) GDPR)by the plaintiff pursuant to Article 82(1) GDPR, since there have been violations of Article 6(1)(a) GDPR and Article 34 GDPR. The defendant also breached44 KB (7,334 words) - 09:02, 17 March 2022
- Personvernnemnda (Norway) - 2021-17 (20/02389) (category Article 6(1)(f) GDPR)legal basis for their processing in article 6(1)(f) GDPR. However, according to article 17(1)(c) and article 21(1) GDPR, upon receiving an erasure request45 KB (7,396 words) - 18:49, 5 March 2022
- APD/GBA (Belgium) - 115/2022 (category Article 5(1)(c) GDPR)Litigation under Article 62, § 1 of the LCA. 8. On October 13, 2020, the Litigation Chamber decides, pursuant to Article 95, § 1, 1° and article 98 of the LCA42 KB (6,237 words) - 11:23, 5 August 2022
- CNIL (France) - SAN-2022-011 (category Article 12 GDPR)breach of the obligation to inform pursuant to Article 14 of the GDPR 20. According to Article 14 of the GDPR: 1. Where personal data has not been collected48 KB (7,525 words) - 17:02, 6 December 2023