Search results

corresponding legal basis contained in Article 6(1)(a) GDPR, 6(1)(d) GDPR and 6(1)(e) GDPR respectively, and would require no additional correlation. The other

There is a slightly different concept of "explicit consent" in Articles 9(1)(a), 22(2)(c) and 49(1)(a) GDPR. See the commentary on Article 9(1)(a) GDPR for

consent under Article 6(4) GDPR and further processing for a compatible purpose under Article 6(4) GDPR. See the commentary on Article 6(4) GDPR for details

alike. This consent is not valid. If a controller relies on consent under Article 6(1)(a) or Article 9(2)(a) GDPR, data subjects can withdraw their consent

safeguards (see Article 32(1)(a) GDPR); Handling of personal data breaches (see Article 34(3)(a) GDPR); Changing purposes of data processing (Article 6(4)(e) GDPR);

reliance on Article 6(1)(f) GDPR or at least exercise the right to object under Article 21 GDPR. If the legal basis is Article 6(1)(f) GDPR (i.e. 'legitimate

provided for in Article 6(1)(a) GDPR or, as the case may be, Article 9(2)(a) GDPR, and consent is withdrawn according to Article 7(3) GDPR, data must be

legitimate interest that a controller must demonstrate under Article 6(1)(f) GDPR, as any processing based on Article 6(1)(f) GDPR would otherwise be essentially

legitimate interest (Article 6(1)(f) GDPR) or (ii) the public interest (Article 6(1)(e) GDPR). Hence, data subjects may find themselves in a situation where

basis of Article 6(1)(c) GDPR (i.e. processing is necessary for compliance with a legal obligation to which the controller is subject) or Article 6(1)(e) GDPR

the GDPR (Article 3)’, 12 November 2019 (Version 2.1), p. 6 (available here). EDPB, ‘Guidelines 3/2018 on the territorial scope of the GDPR (Article 3)’

entities could claim a legitimate interest under Article 6(1)(f) GDPR for communication data for purposes that are even less serious. Such a legitimate interest

of such processing (see Article 5(1)(b) GDPR), the requirement to have a legitimate basis laid down by law (see Article 6(1) GDPR), the right to access and

Member States. Example: Article 6(1)(a) GDPR Example: Not Art. 6 Abs 1 Lit a GDPR or Article 6 GDPR or GDPR Article 6, Sec 1(a) Recitals are also not shortened

complying with a legal obligation to which the controller is subject, under Article 6(1)(c) GDPR. In line with the general objectives of the GDPR, as outlined

of data listed under Article 9(1) GDPR. There have been conflicting arguments as to whether Article 22(1) GDPR lays down a right or a general prohibition

which would be competent under Article 55(1) GDPR, as provided in Article 56 GDPR in connection with Article 60 GDPR. For more information see commentary

lead SA (“LSA”) (Article 65(1)(b) GDPR), and where a SA is not following an opinion of the EDPB (Article 6(1)(c) GDPR). Article 65(1)(a) GDPR addresses the

compliant with Articles 5 and 6 GDPR. According to Article 6 GDPR, when a controller did not rely on consent (Article 6(1)(a) GDPR), its processing should be

other two conditions of Article 6 (1) (f) of the GDPR are not met. (26) The second condition of Article 6 (1) (f) of the GDPR is that the processing of

been provided, where: (a) the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to

provisions Article 4.11: Consent (definition) Article 4.12: Violation of personal data (definition) Article 5.2: Principle of accountability Article 6.1.a: Legal

provided in article 46.1 of the aforementioned Law. 940-0419 Mar Spain Martí Director of the Spanish Agency for Data Protection C / Jorge Juan, 6 www.aepd

consented to processing of his or her data (Art 7 (1) GDPR). This is equally true under Article 7(a) of the Directive 95/46, which required that the data

processing still needs to rely on a legal basis from Article 6(1) GDPR and comply with the principles enshrined in Article 5 GDPR. Additionally, the processing

Supervision: Article 6(1)(f), legitimate interest. For the special category personal data: About diagnosis: Article 6(1)(a), cf. Article 9(2)(a), consent

The heading of Article 6(1) and the wording “has given” in Article 6(1)(a) support this interpretation. It follows logically from Article 6 and Recital 40

this case under Article 6(1)(a) or 6(1)(c)? If Article 6(1)(a) applies, do the requirements for parental consent under Article 8 GDPR also apply? Did the

category personal data and thus requires a legal ground for processing as per Article 9(2) GDPR, in addition to Article 6(1). However, the Board were split in

with Article 57(1)(a) and (h) of the RGPD. Moreover, the restricted formation notes that Article 80 of the EPMR provides for the possibility for a person

against a controller (as defined under Article 4(7) GDPR) and a processor (as defined under Article 4(8) GDPR). As noted above, Article 79 GDPR imposes

investigated are not compliant with the consent requirements under Article 6(1)(a) GDPR when placing cookies. Following its investigation of 175 websites

personal data is consent (Article 6(1)(a) GDPR) given while registering to the newsletter. Article 8(1) GDPR establishes the age at which a minor can legally give

provisions of Article 5(1)(a), 5(1)(f), and Article 6(1)(a) GDPR) and €50 (for violating Article 58(1)(a), 58(1)(e) and Article 83(5)(e) GDPR). Thus, the

The Commissioner fined a doctor € 14,000 for publishing sensitive patient data on Instagram. Patient filed a complaint with the Commissioner because her

without a basis from Article 6. Therefore, the AEPD considered that there has been an infringement of Article 6.1, entailing a fine of €2000. Article 14 refers

DPA found a violation of the principle of lawfulness, fairness and transparency established in Article 5(1)(a) GDPR. Moreover, the DPA found a violation

contrary to GDPR, specifically, articles Articles 5(1)(a) and 6(1)(a) GDPR. Though the Hospital acknowledged that the form was not adapted to the new GDPR rules

as per Article 6(1)(f) GDPR. The DPA found that the analysis of large amounts of data to create customer profiles could not be based on Article 6(1)(f).

The DPA therefore held that the controller violated Article 6(1)(a) (jo Article 4(11) and Article 7(1)). Regarding the pre-ticked boxes for third-party cookies

with Article 6(1)(f) GDPR when no valid consent has been obtained? The OVG Saarlouis also dismissed the appeal of the plaintiff arguing as follows: 1) The

below is a machine translation of the original. Please refer to the Finnis original for more details. Assistant Data Protection Officer gave Finnkino a note

the board management of the DPA to issue a referral in order to open an ex officio investigation (Article 63(1) of the Law establishing the Belgian DPA)

respective data subject, therefore infringing Article 6(1)(a) GDPR. On 23 October 2019, a complaint was lodged before a court relating to the fact that the personal

requirements of Article 33 GDPR. Based on a data subject's complaint, the Romanian DPA started investigations into a dental practice and a collaborating

the privacy policy. Thus, Article 21(1) LSSI has not been complied with, as there is no consent according to Articles 6 and 7 GDPR. Serious infringements

recordings of a witness on a website an infringement of Article 6(1)(a) GDPR? Is placing cookies without consent when visiting a webpage and not having a "refusal

subjects infringes Article 6 (1) (a) GDPR. The AEPD fined the data processor in an amount of 4,000 Euro for the violation of Article 6 (1) (a) GDPR. Since the

Mr. A.A.A., with NIF ***NIF.1, for an infringement of article 6.1.a) of the RGPD, typified in article 83.5 of the RGPD and considered very serious a prescription

websites do not have a legitimate interest to store credit card data under Article 6(1)(f) GDPR. On 6 September 2018, the CNIL issued a Recommendation on

ASSOCIATION *** ASSOCIATION. 1, with NIF G98925795, for an infringement of article 6.1.a) of the RGPD, typified in article 83.5 of the RGPD, a fine of 3,000 euros

fined a political party about €1000 (BGN 2000) for processing personal data without a legal ground as required by Article 6(1) GDPR, after hiring a handwriting

2022, A.A.A. (hereinafter, the claiming party) filed a claim with the Spanish Data Protection Agency. The claim is directed against XFERA MÓVILES, S.A. with

these messages. Is this a violation of Article 6(1)(a) GDPR? The AEPD held that this behaviour was a violation of Article 6(1)(a) GDPR and fined Vodafone €100

rely on Article 6(1)(a) GDPR. Secondly, the DPA recalled that, according to Article 6(1)(f) GDPR, processing of personal data on the basis of a legitimate

lack of valid consent under Article 6(1)(a) GDPR. Thus, it imposed VODAFONE a fine of EUR 75,000 under Article 83(5) GDPR, being indecisive whether there

for performance of a contract," and "necessary for compliance with a legal obligation," under Articles 6(1)(a), 6(1)(b), and 6(1)(c) GDPR respectively. The

and 48.1 of Law 39/2015 of 1 October, on the limitation of the infringement of article 6.1 of the RGPD typified in article 83.5 a) of the mentioned norm

MÓVILES, S.A. (MASMOVIL), with NIF A82528548, for an infringement of article 6.1.a) of the RGPD, typified in article 83.5.a) of the RGPD, a fine of 60

with the rules in Article 6 (1) of the Data Protection Regulation [1]. 1, letter a. Below is a more detailed review of the case and a justification for

accordance with Article 6 (1). 1, letter b, if the processing is necessary to comply with a legal obligation in accordance with Article 6 (1). 1, letter c,

company 's actions were a breach of Article 6(1) GDPR. Article 6(1) does not apply here because they failed to prove that they had a lawful basis for processing

infringed Articles 6.1 (a) and 5.1 (a) of the GDPR, in breach of Articles (a) and (a) of the GDPR¬, in accordance with Article 71 (1) (a) and (b) respectively

therefore breaching Article 6 GDPR, as well as Article 5(1)(b) GDPR. Thirdly, Article 30 GDPR stipulates that the controller must keep a register of processing

to note that only Article 6(1)(a) GDPR allows for such a derogation from Article 32. The other legal basis in Article 6 restricts a data subject’s „disposition

agreed to initiate a sanctioning procedure for the one claimed by the allegedinfringement of article 6.1.a), typified in article 83.5.a) of the RGPD.FIFTH:

ESPAÑA, S.A.U., with NIF A80907397, for the alleged violation of article 6.1. GDPR typified in article 83.5.a) of the aforementioned RGPD. 1. APPOINT Mr

for the alleged infringement of Article 13.1, in relation to Articles 6.1(a) and 8.1 of the RGPD and in relation to Article 7 of Organic Law 3/2018, on Data

taken place in accordance with Article 5 (1) of the Data Protection Regulation. 1, letter e, and Article 6, para. 1, cf. Article 4, point 11. The Danish Data

2. Infringement of art. 6.1. GDPR: APPLICATION /7 [Plaintiff] further bases its decision on an infringement of Article 6.1. GDPR, to know that the lawfulness

AEPD imposed a fine of € 6.000 for unlawful processing data from a public registry without a legal basis under Article 6 GDPR. A citizen filled a complaint

with Article 9(2)(a) GDPR and Article 6(1)(a) GDPR. Thus, the Danish DPA held that the processing was also not following the principles of Article 5(1)

his compliance with the principles of article 5 par. 1 of the GDPR. 5. Furthermore, Article 6 para. 1 of the GDPR provides, among other things, that the

Where a controller envisages a processing operation having several purposes and seeks to obtain the data subject's consent under Article 6(1)(a) of the

issued Canary Click with a warning and ordered them to bring URL 1 and their privacy policy in line with Article 6(1)(a) GDPR within a month. The AEPD also

data subject’s consent under Article 6(1)(a) GDPR, which in turn meets the conditions for consent laid out in Article 7 GDPR. The AEPD highlighted that this

adequacy, or in accordance with Article 46, Article 47 or Article 49 (1); the second and second subparagraphs of paragraph 1, the indication of the appropriate

Protection Directive (95/46/EC), which contained a remarkably similar provision to the new Article 6(1)(f) of GDPR. This test breaks down into three parts, making

requirements of Article 6(1)(a) in conjunction with Article 7 GDPR, which cannot be superseded by relying on Article 6(1)(b) GDPR? Is Article 5(1)(c) GDPR (data

as a legal basis under Article 6(1)(b) GDPR where only consent should be the relevant legal basis. The NO DPA also considers that data cannot be a commodity

interests under Article 6(1)(f) GDPR. On the erasure obligations under Article 17 GDPR, the CJEU held that under Article 17(1)(d) GDPR SCHUFA will be under

Directive and Articles 6(1)(a) and 7 GDPR, in the lights of Article 4(11) and Recital 32 GDPR. Following this report, the GBA issued a decision confirming

that Wind Tre had violated the following articles of the GDPR: Articles 5(1), 5(2), 6(1)(a), 7, 12(1), 12(2), 24 and 25. It subsequently fined Wind Tre 16

processing by the defendant can only be Article 6 (1) sentence 1 lit e) DSGVO (see b) or Article 6 (1) sentence 1 lit f) DSGVO (see c), the requirements

laws (like § 151 GewO) and GDPR? Is a prediction of a political affiliation a "special category of data" under Article 9(1) GDPR? The decision of the DSB

Ordinance Article 5, paragraph Article 5 (2) 1, letter c and letter f., Article 5, paragraph Article 6 (1) (a) Article 32 (1), (1), (33) 1 and 35, para. 1. Below

rely on Article 6(1)(b) GDPR in the context of its offering of the Facebook Terms of Service, and to include an infringement of Article 6(1) GDPR” (Para

violates §§ 307 para. 1, para. 2 no.1 in connection with Art. 6 para. 1 sentence 1 DSGVO. Art. 6 para. 1 sentence 1 DSGVO and against § 1 UKlaG in conjunction

as a 'legitimate interest' pursued by Meta pursuant to Article 6(1)(f) GDPR. Lastly, the CJEU noted that the fact that Article 6(1)(a) and Article 9(2)(a)

decryption, a defendant's smartcard and corresponding software are required as well as a receiver such as a receiver or a CI-Plus module together with a compatible

with the provisions of Article 6(1)(c), Article 6(1)(f) GDPR, or both provisions? 2.     Does the answer to Question 1 mean: a)      that the person whose

compliance with the principles of Article 5 GDPR and that they could be based on the legal basis of Article 6(1)(f) GDPR. The BVwG ruled that the principle

legitimate interests under Article 6(1)(f) GDPR, they must still comply with data protection principles under Article 5 GDPR. In Croatia, many employers

Bobek is also of the opinion that Article 6(1)(c) GDPR and Article 6(3) GDPR do not preclude national rules from laying down, without any limit in time

breached Article 6(1)(f) GDPR for lack of legal basis, Article 21 for lack of considering an objection, Article 13 for lack of information and Article 24 for

DPC decisions, Meta shifted its legal basis from Article 6(1)(b) GDPR (contract) to Article 6(1)(f) GDPR (legitimate interest) for most of its processing

consent, in line with Article 6(1)(a) GDPR. The Court recalled that Article 31 of the Croatian Law on the Implementation of the GDPR stipulates that the

9(1) GDPR. The preliminary questions concern the issue whether the existence of a legal obligation – Article 6(1)(c) GDPR – or a public interest – Article

controllers to have breached Article 6(1)(a) GDPR, Article 9(1) GDPR, as well as Article 12 and 13 GDPR for having unlawfully contacted a data subject after the

breaching Article 6(1) GDPR, and required the company to implement a policy for conducting credit ratings per Article 24 GDPR. A person lodged a complaint

unsolicited direct marketing messages received by subscribers. In the ICO's view, is a clear attempt to capitalise on, and profiteer from, the national health crisis

solution. The DPA held that the controller could not obtained a valid consent under Article 6(1)(a) GDPR for the use of cookies when the first solution was used

Officer) has fined Leads Works Ltd 250000 GBP (€291,237) for sending more than 2.6 million nuisance and unlawful direct marketing text messages to customers without

requirements of Article 6(1)(a) of the GDPR, read in conjunction with Article 7 thereof, which cannot be replaced by invoking Article 6(1)(b) thereof? 2

is also a claim for damages by the plaintiff pursuant to Article 82(1) GDPR, since there have been violations of Article 6(1)(a) GDPR and Article 34 GDPR

and application of Article 20.1 c) by the AEPD implies the exclusion of the weighting required by the legitimizing basis of Article 6.1.f) of the RGPD and

deliberation on Article 82 of the Loi n° 78-17 du 6 janvier 1978 relative à l'informatique, aux fichiers et aux libertés. Could the CNIL decide a prohibition

three-part test (Article 6 GDPR) - i) Legitimate interest ii) Necessity and iii) Balancing tests. The Commissioner has established that there is a legitimate

e-mail box without a legal basis, cf. the Privacy Ordinance Article 6 No. 1 letter f, for failure to assess protests, cf. , cf. Article 13. Background to

in Article 6(1)(f) GDPR. Article 5(1)(a) GDPR, as the company processed personal data without having any of the legal titles listed in Article 6(1) GDPR

connection with the violation of article/and 5.1. c); 6.1.; 13.1. (c);13.1(e) and13.2(a)AVG: r PAGE 01-00001582885-0002-0033-01- □1-� r L _JCourt of Appeal Brussels

that the infringement of Article 5.1 b) GDPR and Article 6.1 a) GDPR is proven. However, the controller expressly acknowledges a serious mistake in which

SOLUCIONES ENERGÉTICAS, S.A., with NIF A85818797, for a violation of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR, a fine of 50,000 euros (fifty

accountability with the principles of Article 5(1) and par.2 in conjunction with Article 6(1) GDPR. B. imposes on NEW YORK COLLEGE S.A. the effective, proportionate

defendant wrongfully relied on Article 6(1)(f) GDPR as a legal basis and acted contrary to Article 5(1)(a) GDPR and Article 5(1)(c) GDPR. After the defendant rejected

statement of the law, Article 10 defines the Authority’s competence in compliance with Article 55 GDPR.Article 55 GDPR provides for a restriction only in

The Danish DPA found that Securitas A/S had a legal basis under Article 6(1)(f) GDPR for disclosing the personal data of an employee to the Police Intelligence

infringement of article 6.1 of the GDPR, infringement typified in article 83.5 of the aforementioned Regulation 2016/679. II breached obligation Article 6.1 of the

controllers lacked a legal basis for processing in violation of Article 6(1) GDPR and failed to inform data subjects pursuant to Article 13 GDPR. In addition

violated Article 6(1) GDPR, since the newsletter was sent without a legal basis. First, the data subject had not given consent, Article 6(1)(a). Moreover

specific categories of information in Article 8 (1) and (5) of Directive 95/46 or in Article 9 (1), Article 10 (1) and Article 10 of Regulation 2016/679, the

the necessary consent was obtained, which is not acceptable under Article 6(1)(a) GDPR. The Danish DPA assumed that Leadwise placed its own and third-party

contract lacked a legal basis under Article 6(1) GDPR. In light of this, the DPA issued a fine of €70,000 to másLUZ Energía (SIE) by virtue of Article 83(5) GDPR

paragraph 1 (a) Article 6 Regulation (EU) 2016/679, as well as legitimate interests, cf. Item 6 the same articles of law, cf. paragraph 1 (f) Article 6 Regulation

and ordered them to pay a court fee of €30. Article 96(1)(1) ZVOP 2 (infringements of the provisions of Article 83(4) GDPR) (1) A fine of between EUR 100

pursuant to Article 6(1) GDPR even if the data protection authority had only based its investigation on Article 6(1)(a) GDPR. The controller operates a cross-company

based on point 1. Article 9 Act no. 90/2018 and item a of the first paragraph. Article 6 Regulation (EU) 2016/679. As is the case here, point 6 comes into

(on the basis of Articles 35, 36 and 37 of ZDR-1 in connection with point d or f of Article 6 (1) of the GDPR)? On the basis of the information you have provided

the processing is consent in accordance with Article 6 Paragraph 1 Letter a GDPR. According to point 4.4.6. According to the data protection declaration

by the Contentious Chamber. 7Ibidem. Decision 37/2024 — 6/6 er In accordance with article 108, § 1 of the LCA, an appeal against this decision may be lodged

rectification request in breach of Article 6(1)(a) GDPR. The DPA therefore issued a fine of a total amount of approx. €40,000 along with an order to apply coercive

of the data subject (Article 6.1.a or 9.2.a of the GDPR) or necessary for the execution of a contract (article 6.1.b of the GDPR); - Second: the personal

accordance with Article 5.1.a) j° Article 6.1 of the GDPR, any processing of personal data have a legal basis. Article 6.1 of the GDPR stipulates that

one of the conditions set out in Article 6(1) GDPR? On the topic of non-material damages 4) Does Article 82(1) GDPR have a specific or general preventive

processing there in accordance with Article 6(1)(1)(a) of the GDPR (cf. Frenzel in Paal/Paulick , GDPR, 3rd edition 2021 Art. 6 para. 11). This results from the

conjunction with Article 91(1)(1) ZVOP-1, for which a fine of EUR 830.00 is prescribed, taking into account Article 91(2) ZP-1 and Article 119(1) ZVOP-2 on the application

fulfilled. established in article 6.1 of the RGPD, which indicates: C / Jorge Juan, 6 www.aepd.es 28001 - Madrid sedeagpd.gob.es 5/6 << 1. The treatment will

Belgian DPA dismissed a complaint based on article 95, §1, 3 LCA because the data subject did not adequately prove a breach of the GDPR. The Belgian DPA stated

2016/679, cf. Paragraph 1 Article 4 of the Act, and thus the powers of the Data Protection Authority, cf. Paragraph 1 Article 39 of the Act, covers the

2016/679, cf. Paragraph 1 Article 4 of the Act, and thus the powers of the Data Protection Authority, cf. Paragraph 1 Article 39 of the Act, covers the

based on Article 3, Clause 2, Article 5, Clause 1 of the Data Regulation "a", "b" and point 2, Article 6, point 1, point "a", Article 7, Article 27, point

RESOLVES: FIRST: IMPOSE A.A.A., with NIF ***NIF.1, for a violation of article 6 of the GDPR, typified in article 83.5 of the GDPR, a fine of €10,000 (ten

DPA fined a company €38,800 for unlawfully disclosing personal data from a surveillance footage, thus breaching Article 5(1)(a) GDPR and Article 6. The company

basis for the above processing was Article 6(1)(b) GDPR and Article 6(1)(c) GDPR. The plaintiff was the owner of a flat in a residential complex, where the

initiate a sanctioning procedure against the claimed party, for the alleged infringement of Article 6.1 of the RGPD, typified in Article 83.5 of the GDPR. FIFTH:

Administrative court held that the consent given to a first controller under Article 6(1)(a) GDPR to transfer the data to a second controller does not extend to the

all phone calls cannot be considered necessary under Article 6(1)(e) GDPR and Article 5(1)(c) GDPR given the intrusive nature of the processing compared

share their location, in violation of Article 5 GDPR, Article 6 GDPR, Article 7 GDPR, Article 13 GDPR, and Article 25 GDPR. The DPA, however, claimed that the

that these services are based on a different legal basis Art. 6 (1) GDPR than the consent pursuant to Art. 6 (1) lit. a GDPR was based. services on were used

(Considering 40 GDPR), Article 6.1 of the GDPR is therefore applicable and not RD 1720/2007 used by the defendant. Thus, the aforementioned article 6.1 GDPR establishes

rely on Article 6(1)(e) GDPR for processing such data, in the sense that the processing was necessary for the performance of a task carried out by a public

As a result, the consent did not meet the requirements of Article 4(11) GDPR, and thus the controller could not rely on Article 6(1)(a) GDPR as a legal

Paragraph 1 lit. a. Article 6 (1) (a), Article 7 (1) and (2), Article 12 (1), Article 13 (1) (c), Article 57 (1) (a) and (h), Article 58 (1) (c) . 1 b and

regulation's article 6, subsection 1, letter a, and article 4, no. 11, cf. the regulation's article 5, subsection 2, cf. Article 5, subsection 1, letter a. On this

of section 6 of article 45 of the LOPD so that within a month from this act of notification: 2.1.- COMPLY with the provisions of article 6.1 of the LOPD

regulation's article 6, paragraph 1, letter a, and article 4, no. 11, cf. the regulation's article 5, subsection 2, cf. Article 5, subsection 1, letter a. The

***NIF.1, for a violation of Article 6.1 and another of article 13 of the RGPD, typified in Article 83.5 letters a) and b) of the RGPD, a fine of €1,500 (€1

Regulation, hereinafter: GDPR ), OJ No. L 119, 4.5.2016, p. 1; §§ 1 paragraph 1 and paragraph 2, 18 paragraph 1 as well as 24 paragraph 1 and paragraph 5 of

conformity with Article 5.1. c), Article 6.1., Article 13.1. c), Article 13.1. c), Article 13.1. e) and Article 13.2. a) of the DGPS pursuant to Article 101 of

concluding the contract. In this regard, there was no breach of Articles 6(1)(a) and 6(1)(b) GDPR. Second, the DPA determined that the documents signed by the data

party. Therefore, the controller breached Article 5(1)(a) GDPR, Article 6(1)(a) GDPR, Article 7 GDPR, and Article 130 of the Italian privacy code, since the

Coolblue could therefore not rely on Article 6(1)(a) GDPR as a legal basis for the processing of data subject’s personal data. However, the Court stated that

in particular also not a case of Art. 6 Para. 1 S. 1 lit. f. GDPR (predominant legitimate interests of the person responsible or a third party). According

according to the circumstances of this case, a controller did not violate Articles 4(11), 6(1)(a) and 7 GDPR by using a pre-ticked box, because the purpose of

the processing is based pursuant to Article 6(1)(a); d) breach of Article 6(1)(b) of RODO in conjunction with Article 81 of PrA by its erroneous application

shall obtain in advance a consent from an individual in accordance with Article 6(1)(a) GDPR for the processing of photographs in a way that can easily identify

it had a legitimate interest pursuant to and if this is necessary and proportional. Hence, it appeared the Court referred to Article 6(1)(f) GDPR. Moreover

data for the purposes of its legitimate interests in accordance with Article 6(1)(f) GDPR. Therefore, the data subject must be considered to have objected

concerned. The DPA also found a breach of Article 5(1)(a) GDPR, Article 6(1)(a) GDPR, as well as Article 7 GDPR and Article 12(1) GDPR for not having published

data are set out in Article 6 of the GDPR . Insofar as relevant here, the processing is lawful under Article 6 (1) (a) of the GDPR if the data subject

processor as per Article 4(7) GDPR, Article 4(8) GDPR, and Article 28(3) GDPR. Therefore, the service provider acted as a data controller in its relations with

“legitimate interest” provided for in Article 6.1, f) of the GDPR. 33. In accordance with Article 6.1, f) of the GDPR and the case law of the Court of Justice

of Article 11.7a(1) of the Telecommunications Act (Tw) and Article 5 (1) (a), 6 paragraph 1, 7, 13 and 14 General Data Protection Regulation (GDPR). In

the transmission of a pet owner's data from a veterinarian to the VTX lawful under Article 6(1)(b) and (f) GDPR and Article 6(4) GDPR or does such processing

(2) GDPR (accountability) II.1.1. Article 5, paragraph 1, a) (lawfulness) j° Article 6, paragraph 1 GDPR II.1.1.1. Findings in the Inspection Report 11

paragraph 1. Article 8 of the law, cf. Article 5 of the regulation. In number 1 Paragraph 1 Article 8 of the law, cf. point a, paragraph 1 Article 5 of the

of Article 6(1)(b) GDPR, and to bring its processing into compliance with Article 6(1) GDPR. Furthermore, pursuant to Articles 58(2)(i) and 83 GDPR, and

consent [Article 6(1)(a)], due to the nature of the employer-employee relationship.' 3. Rationale 3.1 Definitions 3.1.1 According to Articles 4(1) and 4(2)

processing, the DPA found a breach of the principles set out in Articles 5(1)(a) GPDR, Article 6(1)(a) GDPR, Article 13 GDPR and Article 14 GDPR. For reasons stated

the basis of consent, cf. Article 6 (1) of the Data Protection Regulation. Article 9 (1) (a) and Article 9 (1) 2, letter a. 4.1.1. number of users With the

“legitimate interest” provided for in Article 6.1, f) of the GDPR. 25. In accordance with Article 6.1, f) of the GDPR and the case law of the Court of Justice

purposes as provided for in Article 89(1) ("storage limitation"); [...] Art. 6 para. 1 GDPR: Article 6: Lawfulness of processing 1. Processing shall be lawful

B., with NIF *** NIF.1, for a violation of Article 6.1.a) of the RGPD, typified in Article 83.5 of the RGPD, and classified as a very serious, for the

Articles 5(1)(a) and 6(1)(a) GDPR. The Italian DPA ordered the controller to erase personal data and stop the processing pursuant to Article 58(2)(d) and

that under Article 82 (1) and (2) GDPR, any person who has suffered material or non-material damage as a result of a violation of the GDPR is entitled

of article 6 of the GDPR, a second violation of article 28 of the GDPR and a third violation of article 17 of the RGPD, typified in articles 83.5 a), 83

implementation of provisions of the “e-Privacy Directive”) and article 6.1.a. GDPR. 3In accordance with Article 61 of the WOG, the Disputes Chamber hereby informs

personal data and in a violation of Article 6 GDPR, as data subjects' consent was not collected in advance. Pursuant to Article 83 GDPR, the Italian DPA fined

breaching Article 5(1)(a) GDPR, Article 6(1)(a) GDPR and Article 7 GDPR. And due to the incorrect approach to the processing operations, also of Article 25(1)

the provisions of Article 6, paragraph 1, a) of the GDPR, which allows the processing of personal data to be based, can only result from a express consent

violated Article 5(1)(a), 5(1)(c) and 6(1)(a)(f) GDPR and imposed a fine of €5,000. The motivation stated that Articles 5(1)(a), 5(1)(c) and 6(1)(a)(f) were

promotional activities in its interest. The DPA also found a violation of Article 6(1)(a) GDPR and Article 130(1) and (2) of the Italian Privacy Code (Legislative

DPA proposed a settlement to a controller asking them to modify their cookie banner in order to comply with Article 4(11), 6(1)(a) and 7 GDPR. On 19 July

their right. This amounted to a violation of Article 5 (1)(a), Article 12, Article 13, Article 14 GDPR and Article 21 GDPR. Therefore, on the basis of all

powers under Article 58(2) GDPR, the DPA reprimanded the controller for violations of Articles 5(1)(e), 6(1)(f), 12(1) and 13(1)(d) GDPR. Share your comments

management, - Article 12 (1) of the GDPR, as it did not provide transparent and understandable information, - Article 15 (1) and Article 17 (1) of the GDPR, Article

confidentiality”);” Art. 6 Para. 1 GDPR reads: “Article 6 Lawfulness of processing Processing is only lawful if at least one of the following Conditions are met: a) The data

out. Therefore, the DPA confirmed a breach of Article 5(1)(a) GDPR, Article 6(1)(a) GDPR, Article 7 GDPR and of Article 130 of the Italian Privacy Code for

comply with section 5.1(b) of the MDR, and for failure to comply with section 5.1(a) of the MDR. and 5.1(b), 6.1, 25.1 and 25.2, 32.1 and 32.4 of the MDR

basis of consent, Article 6 (1) (a) GDPR. In particular, Article 6 (1) (c) (legal obligation of the controller and Article 6 (1) (e) GDPR (public interest)

unlawful under Article 6(1) GDPR: A user's consent under Article 6(1)(a) GDPR could not be considered valid under Articles 4(11) and 7 GDPR, especially since

authorization to make a credit rating of the complainant in question could have been based on point 1. Article 9 of the Act, cf. Article 6 (a) of the Regulation

the DPA determined that the legal grounds of Article 6(1)(b), 6(1)(c), Article 6(1)(d) and Article 6(1)(e) GDPR were not applicable in this case. It also

documents on the basis of Article 6(1)(c) of the GDPR, without making it mandatory for customers to obtain a customer card as a prerequisite for the fulfilment

Article 25 (1) and (2) GDPR; b. a breach of Article 12(1) and (6) GDPR, Article 13(1) and (2) GDPR and Article 14(1) and (2) GDPR, Article 5(2) GDPR, Article

the controller violated Article 5(1)(a) and (2), Article 6(1), Article 12(1), Article 13(1)(b) and (c) GDPR. The DPA imposed a fine of €50.000. The controller

to in Article 5(1) LRN, under which the controller did not fall in. Therefore, the controller breached Article 5(1)(a) GDPR and Article 6(1) GDPR, in conjunction

processing could be based on the Article 6(1)(c) “compliance with a legal obligation” or Article 6(1)(e) GDPR “the performance of a task carried out in the public

concluded after July 1, 2016, articles L.211-1, L.212-3, L.212-1, L.241-1, R.212-1 / 1 °, L .111-1, L.111-2, L.111-3, L.221-5, L.221-6, L.221-7, L.221-13

respect the prohibition under Article 9 (1) GDPR and without relying on any specific exemptions under Article 9 (2) (4) GDPR. Feel free to add your comment

cases set forth by art. 6(1) (c)(e) GDPR. Furthermore, given that the school was not complying with a legal obligation, nor performing a task carried out in

information in accordance with Article 13 GDPR. In addition, the HDPA found that the Ministry violated the obligation of Article 35(9) GDPR in relation to the expression

should not have relied on a legitimate interest but on Article 6(1)(e), as the processing is carried out in order to comply with a task of public interest

energy suppliers cannot rely on Article 6(1)f GDPR to collect customer data in a data pool to determine if a customer considers a longterm contractual relationship

breaches to the DPA, cf. Article 33(1)? The DPA held that Innovation Norway did not have a legal basis as per Article 6(1)(f) GDPR to conduct the credit ratings

responsible is subject. In contrast to Article 6 (1) (b) GDPR, Article 6 (1) (c) GDPR with “legal obligation” does not mean a contractual obligation based on

fact that the processing of the controller relied on Article (6)(1)(b) GDPR and Article 6(1)(c) GDPR as legal basis affects the holding of the DPA since

because the controller relied solely on Article 6(1)(b) GDPR. Whatsapp IE has consequently infringed Article 6(1) GDPR by unlawfully processing personal data”

for the performance of a contract (Article 6(1)(b) GDPR) and for legitimate interest (Article 6(1)(f) GDPR). Article 6(1)(b) GDPR In its original draft

violated the GDPR and the consent given through such a banner cannot be considered a valid consent under Article 6(1)(a) GDPR and Article 4(11) GDPR. Further

processing entailed a legitimate interest for fraud prevention under Article 6(1)(f) GDPR. Did the company’s policy breach Article 6 or any other articles

the legal grounds in Article 6(1)(c) GDPR. The President of the Personal Data Protection Office (UODO) stated that he cannot make a decision regarding the

rely on Article 6(1)(c) GDPR as a legal basis. This made the processing also unlawful under Article 5(1)(a) GDPR. The HDPA fined the municipality €1,000 for

Section 3(2) of the Data Protection Act (DPA) and Article 4(1) GDPR. Pursuant to the FOIA and the GDPR, the ICO balanced the right to information and the

had no legal basis as per Article 6(1)(f) GDPR and that they had failed to inform the employee sufficiently as per Article 13 GDPR. Consequently, they were

virtue of Article 17(3)(b) GDPR. Indeed, it further is justified that the task carried out in the public interest under Article 6(1)(e) GDPR does not constitute

of Articles 5, par. 1, letter a) and c); 6, par. 1, letter c) and e), par. 2 and par. 3, letter b) and Article 2-ter, paragraphs 1 and 3, caused by the

to process it under Article 6(1)(f), or a public interest to process it under Article 6(1)(e). The AEPD also held that Mrs AAA had exercised her right to

Violation of Article 6(1)(f) GDPR The LfDI found a violation of Article 6(1) GDPR. When weighing the interests in the context of Article 6(1)(f) GDPR, it must

the meaning of Article 6(1)(f) GDPR. The processing must also be necessary for this purpose. The controller considered that it was “simply a question of whether

as per Article 6(1)(f) GDPR. The DPA further held that the company failed to: provide the data subjects with required information, as per Article 13 terminate

terminated, must be assessed in the light of Article 6 GDPR and not Article 10 GDPR. Article 6(1)(f) GDPR provides a sufficient basis for processing. The housing

been grounded on compliance with a legal obligation to which the controller is subject, under Article 6 (1) (c) GDPR. In this case, the compliants' personal

threat of a potential data misuse suffice to claim damages under Article 82 GDPR? The court held that neither §26(1) BDSG nor Article 6(1)f GDPR legitimize

purchase contract (Article 6(1)(b) GDPR). Therefore, the processing is compatible with the GDPR. In the Netherlands, as of 1 July 2018 a passenger who wishes

be processed in accordance with Article 6 (2) of the Data Protection Regulation. 1 (a) to (f). Pursuant to Article 6 (1) of the Data Protection Regulation

data subject lodged a complaint against Google. The DPA noted that the lawful basis was Article 6(1)(f) GDPR and referred to the Article 29 Group's guidelines

rely on Article 6(1)(b) GDPR in the context of its offering of the Instagram Terms of Use, and to include an infringement of Article 6(1) GDPR” (Para 137)

Articles 6(1)(c) or 6(1)(e). Therefore, the DPA issued a sanction of €2000 against the Municipality for violating Articles 6(1)(c), (e), 6(2), and 6(3)(b)

par. 1, letter a) and c); 6, par. 1, letter c) and e), par. 2 and par. 3, letter b); 9, par. 1, 2, 4, of the Regulation; Articles 2-ter, par. 1 and 3

violated Articles 5(1)(a) and 6(1)(b) GDPR. In addition, the AEPD decided to impose a fine of 1.000 € in accordance with Article 83(5)(a) GDPR by taking into

prevail (Art. 6 Para. 1 lit. f GDPR). In this context, Art. 6 Para. 1 lit. c GDPR in conjunction with the PMG and Art. 6 Para. 1 lit. f GDPR relevant: The

follows: Article 5(1)(c) , Article 5(1)(e) and Article 6(1)(f) of the GDPR The DPC found that Airbnb did not validly rely on Article 6(1)(f) of the GDPR as the

any legal basis as required by Article 6(1) GDPR. The Bulgarian DPA examined a complaint lodged by a citizen, V.V., against a company providing utility services

information of a debtor in compliance with art. 5 and 6 of the GDPR? The DPA held that Regione Campania violated art 5(1)(a)(c), art. 6(1)(c)(e), art. 6(2) and

public areas without consent, breaching Article 6(1) GDPR. The data subject’s neighbor installed cameras on a shared landing without consulting the homeowner’s

her life. Her objection to processing follows from Article 21(1) GDPR. ING argues that Article 21(1) GDPR cannot be relied on in this case because it applies

based on a legal basis as provided in Article 6.1. GDPR. The Disputes Chamber will determine that the defendants rightly invoke Article 6.1. f) GDPR 7, since

DPA had issued a reprimand for each of the above discussed shortcomings. As a response to the DPA's decision, the controller adopted a number of supplementary

access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction (Article 18 GDPR), notification (Article 19 GDPR) or data

held that a law firm had a legal basis for presenting a data subject's personal data as evidence in court proceedings under Article 6(1)(f) GDPR as the legitimate

pre-contractual, in accordance with article 6.1b) RGPD or pursuant to article 6.1 a) RGPD. It also states that the breach would be attributable to SYC GESTON, which

for violation of article 6.1 and 32.1 of the RGPD, typified in the article 83.5.a) and article 83.4.a) of the aforementioned RGPD, with a penalty of €50

consent was given obtained (potential violation of Article 6.1 a) GDPR): ▪ Article 6.1 a) GDPR and Article 129 of the law on electronic communication (WEC)

complaints and is Article 6 (1) of the Privacy Regulation letter f. The question is whether the company had a legal basis in Article 6 no. 1 letter f when

the Municipality lawful in accordance with Articles 5(1)(c), 6(1)(c), (e), 6(2), and 6(3)(b) GDPR? The DPA held that the disclosure of the personal data

called "Lernsieg" to evaluate teachers is lawful on the basis of Art. 6 para. 1 lit. f GDPR, i.e. that the interests of the general public and in particular

the municipality’s website under Article 6(1)(e) GDPR. It also found that the purpose of this function was to offer a better service to citizens and that

under Article 6(1) [first subparagraph] (f) thereof? In the first place, the Court clarified that the uploading of pieces, previously downloaded, of a media

suspicion of medical fault. The DPA found a violation of Article 5 GDPR, Article 6(1) GDPR and Article 9 GDPR. Article 5 GDPR establishes the principles of data

violation of Article 5(1)(a) GDPR, Article 6(1) GDPR, Article 12(3) GDPR, Article 12(4) GDPR and Article 15 GDPR. As such, the DPA issued a fine of €1,000 in

compliant with data protection rules, on the basis of Article 6(2) read in conjunction with Article 6(1)(e) GDPR. Then, the Datatilsynet focused on two specific

this case this basis can (only) be Article 6 paragraph 1 under f GDPR. According to Rabobank, Article 6 paragraph 1 under c is (also) the basis for registration

lawfulness of processing principle, as per Article 6(1) GDPR. The decision is the consequence of a complaint submitted by a Spanish citizen stating he has contracted

regard resources. II.1. Article 5 (1) (a) and (2) of the GDPR and Article 6 (1) of the GDPR II.1.1. Article 5 (1) a) and Article 6 (1) GDPR with regard to legality

processing of that data being lawful, under Article 6(1)(c) of that regulation, only if it is necessary for compliance with a legal obligation to which the Data

its legal basis under Article 6(1)(f) The Disputes Chamber proceeds to dismiss the complaint in accordance with article 95 , § 1, 3° WOG, giving three

consent on which the processing is based in accordance with Article 6 (1) (a) or Article 9 (2) (a) and if there is no other legal basis for the processing;

95/46 / EC Article 6 (1) of the General Data Protection Regulation (GDPR) and Article 9 (1). 2. The Authority shall determine that the Customer1 and the Customer2

fulfilled. The school breaches Article 6(1)(b) in combination with Article 6(4) and Article 6(1) Articles 24 and 25 GDPR Furthermore, as the school continued

claiming that there was a legal basis for processing the data under Article 6(1)(c) GDPR. The Latvian DPA also held that Article 6(1)(e) GDPR could not be relied

the controller sought to rely upon Article 6(1)(e) GDPR and Article 9(2)(j) GDPR. Article 6(1)(e) GDPR establishes a lawful basis for the processing of

requirements of Art. 6 Paragraph 1 Sentence 1 Letter e GDPR and the requirements of Article 6 Paragraph 1 Sentence 1 Letter f GDPR do not apply in favor

violation of Article 5 (1) (a) and (2) and Article 6 (1) GDPR; and that 2. there is a violation of article 12, paragraph 1, paragraph 2 and paragraph 3, article

processing (Article 6.1.a. AVG), nor that there would be an agreement between the parties on which the personal data processing would be based (Article 6.1.b. AVG)

of Article 6(1)(b) GDPR, and to bring its processing into compliance with Article 6(1) GDPR. Furthermore, pursuant to Articles 58(2)(i) and 83 GDPR, and

execution of a task carried out in the public interest, per Article 6(1)(e) GDPR, and was also necessary for scientific research purposes under Article 9(2)(j)

interests under Article 6(1)(f) GDPR. The data subject was heard on this statement and filed a submission, arguing that Article 6(1)(f) GDPR does not apply

complainant to a credit rating without a legal basis under Article 6(1)(f) GDPR and for not adhering to the accountability principle as per Article 5(2). The

Flissenter a violation of the GDPR? Can credit information about a company be considered personal data for the purposes of Article 4(1)(GDPR)? The Datatilsynet

the rules in the Data Protection Regulation [1], cf. Article 6 (1). Article 17 (1) (e) and Article 17 (1) 3, letter b. However, the Danish Data Protection

by the SA pursuant to Article 58(2) GDPR or failure to provide access in violation of Article 58(1) GDPR. Article 83(6) GDPR is a superfluous provision

to ask to be heard by the Authority (Article 166, paragraphs 6 and 7, of the Code; as well as Article 18, paragraph 1, of Law no. 689 of 24/11/1981). With

limitation under Article 5(1)(a) of the GDPR. 1(b) and the obligation (principle) of accountability under Article 5(1)(b). 2 of the GDPR, that is to say

Ordinance Article 6 No. 3, cf. the Education Act Chapter 9 A (§§ 9 A-1 to 9 A -5). The requirement for a supplementary legal basis in Article 6 no. 3, which

without a valid consent and without a specific, legitimate and explicit purpose. Therefore, it was contrary to Article 5(1)(b) GDPR and Article 6 GDPR. In

Camera" (which processes image and voice) according to Article 5(1)(a) GDPR and Article 6(1) GDPR? The ANSPDCP found that the staff of the General Directorate

meant to refer to Article 6(1)(f) GDPR instead (like a similar case by the Cyprian DPA). Since the DPA only referred to Article 6(1) GDPR, and did not specify

is necessary in accordance with Article 6 (2) of the GDPRthe legal basis within the meaning of Article 6 (1) point e) GDPR. 2056. The question is also whether

investigations as referred to in Article 5.6.1 Code of Conduct, may be included in an Events Records kept by Security Matters or a department designated for this

in a specific case receive information about a data subject according to Article 6, under 6.1. Furthermore, it appears from Article 11, under 11.1, that

personal data on a legitimate interest (Article 6(1) GDPR). Share your comments here! Share blogs or news articles here! The decision below is a machine translation

to a negative reaction when applying for jobs (as a teacher). His interest in removal is thus given. Google may therefore (see Article 21 (1) GDPR) only

public space. The DPA found a violation of Article 6(1) GDPR and ordered the controller, pursuant to Article 58(2)(d) GDPR, to adjust the location of the

letter i, cf. Article 83. Both infringements of Article 6 and Article 13 may be sanctioned with a fee, cf. Article 85, paragraph 5, letter a and letter b

of Article 6 (1) point a) GDPR; this is also not claimed by the defendants. No other condition for the lawfulness of the processing in Article 6 (1) GDPR

However, the AEPD held that there had been a violation of Article 5(1)(c) GDPR. Even if the Ministry had a legal basis for the treatment, the minimization

processing was therefore in breach of Article 5(1)(a) and Article 6(1)(c) of the GDPR. The DPA also ruled out Article 6(1)(f) on the grounds of domestic law:

management according to Article 5 (1) point a), the principle of purpose limitation according to Article 5 (1) point b), Article 6 (1) and, in connection with

on Article 6(1)(c) GDPR. In particular, the appellant argued that pursuant to Article 6(3) GDPR, a public interest task under Article 6(1)(c) GDPR must

device (which processes image and voice) according to Article 5(1)(a) GDPR and Article 6(1) GDPR? The ANSPDCP found that the staff of the General Directorate

law--> |GDPR_Article_1=Article 12(5) GDPR |GDPR_Article_Link_1=Article 12 GDPR#5 |GDPR_Article_2=Article 15 GDPR |GDPR_Article_Link_2=Article 15 GDPR |GDPR_Article_3=Article

law--> |GDPR_Article_1=Article 12(5) GDPR |GDPR_Article_Link_1=Article 12 GDPR#5 |GDPR_Article_2=Article 15 GDPR |GDPR_Article_Link_2=Article 15 GDPR |GDPR_Article_3=Article

accordance with Article 3 and 5 of the Finnish Act on the Protection of Privacy in Working Life and Article 5(1)(a) and (c), 6(1) and 9(1) GDPR? The Finnish

marketing on Article 6(1)(f) GDPR, and the other on Article 6(1)(b) GDPR. For both processing activities, we have found the requirements in the Article 15(3)

information provided ex-ante under Article 13 and 14 GDPR and information provided ex-post under Article 15 GDPR. Article 12(1) highlights that the above requirements

protection regulation article 6 no. 1 letter f, for failure to assess protests, cf. article 21, and for failure to information, cf. Article 13. 2. X AS is ordered

(f), Article 5(2), Article 6(1), Article 7(1), Article 24(1), Article 25(1), Article 32(1)(b), Article 32(1)(c) and Article 32(1)(b), Article 32(1)(c) and

processing, as provided in Article 6(1)GDPR. Share your comments here! Share blogs or news articles here! The decision below is a machine translation of the

principles of article 5 par. 1 GDPR. It's not a coincidence that the GDPR includes accountability (already mentioned above article 5 par. 2 GDPR) in the regulation

initiate a sanctioning procedure against the claimed party, for the alleged infringement of Article 6.1 of the RGPD, typified in Article 83.5 of the GDPR. FIFTH:

violating Article 13(1) GDPR and Article 13(2) GDPR. Accordingly, the AZOP decided to impose an administrative fine on each company in line with Article 83(2)

Creditinfo a violation of the GDPR? The Persónuvernd held that the processing was lawful for several reasons. Regarding the GDPR, it held that Article 6(1)(f)

Regarding 1) - Article 5(1)(a) and (c) and Article 6(1) of the Data Protection Basic Regulation - DSGVO, OJ No L 119, 4.5.2016, p. 1. Re 2) (a) Section

regulated in article 6 of the GDPR. The assumptions that allow the processing of personal data to be considered lawful listed in article 6.1 of the GDPR: 1. Treatment

NIF B66161126, by an infringement of Article 6.1. of the RGPD, as defined in Article 83.5.a) of the said RGPD, a fine of 60,000 euros (sixty thousand euros)

validly continue the processing under Article 6.1(f) AVG. 49. The defendant thus violates Article 6.1 and Article 21.4 of the AVG. 50. Infringements of

of the loans with ABN Amro. 1.11. As of 1 July 2017 [plaintiff] has a new position, with [name B.V. 2]. 1.12. By judgment of 6 November 2019, the court ruled

disclosure lacked legal basis, and was in violation of Article 6(1) and Article 5(1)(a) of the GDPR. The recordings had already been handed over to the police

processing under Article 6(1)(c) GDPR. On October 14, 2019, a kindergarten contacted a health center and asked for assistance in relation to a child in the

infringement of Article 6(1) GDPR. Furthermore, he argued the infringement of Article 26 GDPR (joint responsibility) and Article 44 GDPR (third country

6(1) GDPR? The Spanish DPA (AEPD) referred to the principle of lawfulness, fairness and transparency (Article 5(1)(a)), as well as Article 6(1) on the obligation

offense for violation of the Article 6.1 of the RGPD. Article 6, Legality of treatment, of the RGPD establishes that: "1. The treatment will only be lawful

constitute a violation of Article 6(1) GDPR? AEPD considered that the documentation provided offers evidence that Vodafone violated Article 6(1) of the GDPR

DPA found the social and health authority of a city to have breached Article 6(1) GDPR and Article 10 GDPR by requesting data subjects to provide it with

of the judgment article 6, d) and article 6, e) of the GBA law, but this should be read as article 6.1. d) and Article 6.1. e) of the GDPR. Decision on the

an infringement of Article 5 (1) a), b) and c) and (2) of the GDPR and Article 24 (1) of the GDPR; and - an infringement of article 8 of the law of 21

and the construction of a new house at [address 1]. 2.3 The deed of loan stipulates, among other things, the following: "Article 7 1. The debtor declares

requirements of Article 9 GDPR. In the DSB held that the processing violated Articles 5, 6 and 9 GDPR: Consent under Articles 6(1)(a), 7 and 9(2)(a) GDPR cannot

Protection, gives a warning for the violation by the General School Complex in D. of the provisions of Article 5(1)(a) and Article 6(1)(c) of Regulation

is a requirement on the basis of article 6.1 e) GDPR read together with articles 5.2 GDPR and 24.1 GDPR. 3) Violation of Articles 12.1, 12.6, 13.1 and

basis for the use of XXX cameras could be derived from IKÜ Article 6(1)(f). According to Article 6(1)(f) of IKÜM, the processing of personal data is legal if

employees and stressed that a valid legal basis would be either Article 6(1)(c) GDPR, or Article 6(1)(d) GDPR or Article 9(2)(b) GDPR. The Data protection authority

S.L., with NIF B67421867, for a infringement of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR, with a a fine of 30,000 euros (thirty thousand

condition of necessity is maintained under Article 6.1 b) to f) of the GDPR. The article 6.1 of the GDPR replaces Article 7 of the Directive, without the relevant

The Spanish DPA (AEPD) terminated a sanctioning procedure against VODAFONE ESPAÑA S.A.U. for infringing Article 6(1) GDPR. Vodafone, recognising its responsibility

II Article 6.1 of the GDPR establishes the following: "1. Processing will only be lawful if at least one of the following conditions is met: nes: a) the

against Vodafone España, S.A.U. and impose a fine of € 100.000 for the alleged infringement of Article 6(1) GDPR. The complainant filed a complaint against Vodafone

TELEFÓNICA MÓVILES ESPAÑA, S.A.U., with NIF A78923125, for a violation of Article 6.1 of the RGPD, typified in Article 83.5 of the RGPD, a fine of 75,000 euros

(Art 5 Para 1 lit c GDPR) and Storage limitation (Art 5 Para 1 lit e GDPR). [...] The pursued legitimate interests (if Art 6 para 1 lit f GDPR as Legal basis

For the intentional infringement of Article 25(1) GDPR and Article 5(1)(a), (c), and (e) GDPR, the authority imposed a pecuniary penalty of €14,385,000,

his/her consent. The DPA first outlined Article 6(1)(a) and (b) GDPR, Articles 4(11) GDPR on consent, as well as Article 6 of the Spanish Data Protection Law

regulated in article 6 of the GDPR. The assumptions that allow the processing of personal data to be considered lawful listed in article 6.1 of the GDPR: 1. Treatment

portability; c) when the treatment is based on article 6, paragraph 1, letter a), or the Article 9, paragraph 2, letter a), the existence of the right to withdraw

principles are found under Article 5(1)(a) and Article 5(2) GDPR respectively]. The Spanish DPA even made reference to Recital 40 GDPR on the legality of processing

21(2) and 21(4) GDPR. Moreover, the DPA held that the controller violated Article 5(1)(a), 5(1)(c), 5(2), 6(1), 12(2), 21(2) and 21(4) GDPR. The controller

violation of article 6.1. f) of the RGPD, in relation with article 20.1 c) of the LOPDGDD, typified in article 83.5.a) of the cited GDPR That by writing

Helsinki upheld a Finnish DPA decision, which found that the social and health authority of a city to had breached Article 6 GDPR and Article 10 GDPR by requesting

violating Article 6(1) GDPR, by creating a contract containing the complainant's personal data without a legal basis. A data subject filed a complaint

unlawfully, as it breached Articles 5 and 6(1) GDPR. For this violation, the DPA used its powers under Article 82(5)(a) and fined the association with €500

filed a complaint with the AZOP. The AZOP found that in the hotel's terms and conditions, no mention was made of a legal basis under Article 6(1) GDPR that

in good time, which is a violation of the GDPR. As to the claim for damages, the CoS notes that though Article 82(1) of the GDPR states that full compensation

para. 1 p. 1 ZPO § 114 para. 1 p. 1, § 121 para. 1 StVZO § 31a paragraph 1 p. 1, paragraph 3 Regulation (EU) 2016/679 Art. 5 para. 1 lit. d, Art. 6 para

refers to the Privacy Ordinance Article 6 No. 1 letter f as the relevant valid basis for processing, as well as Article 21 No. 1 on the data subject's right

(the defendant) for the infringement of Article 6(1) of the GDPR, as the defendant agreed to an early and guilty voluntary payment of the corresponding

monitoring its employees. Still, a fine of €380,000 was imposed for the violation of Articles 6(1); 13(1) and (2); and 25(1) and (2) GDPR. Share your comments here

interests according to Article 6(1)(f) GDPR and that Ziggo had to comply with Article 6(4)(d) GDPR. The Court found that DFW had a legitimate interest and

consent a violation of Article 6 (1) GDPR? The AEPD found that publishing the image of the data subject without his consent was a violation of Article 6 (1)

the infringement of article 6.1 of the GDPR, typified in article 83.5 a) of the GDPR, the sanction that would correspond would be a fine for an amount of

of personal data in this case is Article 6 no. 1 letter f (necessary to safeguard a legitimate interest). Article 6 (1) (f) authorizes the processing of

without a valid legitimate basis a violation of GDPR? The Spanish DPA considered that the processing of personal data was in breach of Article 6(1) GDPR, as

there is legitimacy for it derived from the article 6.1. c) and 6.1.e) and at individual level 6.1.f) of the GDPR for the serious accusations that poured into

DPA went on and held that “A synopsis of the provisions of Article 9(1)(i) of the GDPR in conjunction with Article 3(1)(1), (1a) and (2) of the EpiG shows

is covered by Article 6, clause 1 (c) of the AVG and not by Article 6, clause 6 (f) of the AVG. The BKR itself refers to Article 6, clause 1 (f) of the GCG

controller violated Article 6(1)(f) GDPR when accessing the employee's email account and emails. Further, the Datatilsynet breached Article 21 GDPR since the controller

sanction procedure against Vodafone España, S.A.U. for infringing Article 6(1) GDPR, as the defendant agreed to a voluntary payment of the corresponding part

requirement (Article 6.1 GDPR); the legality- transparency- and the principle of fairness (art. 5.1 a) GDPR); the purpose limitation principle (Article 5.1 b) GDPR)

established in article 6 of theRegulation (EU) 2016/679. "IIIThe documentation in the file provides evidence that theclaimed, violated article 6.1 of the RGPD

have breached the lawfulness of processing principle as per article 6(1) GDPR, as well as article 20 of the Spanish Law on Personal Data Protection and Guarantee

processing is based on consent under Article 6(1)(a) GDPR, the consent must meet the requirements of, among others, Article 7 GDPR. The DPA observed deficiencies

Letter a) and c) of article 5.1 of the GDPR advocates: C/ Jorge Juan, 6 www.aepd.es 28001 – Madrid sedeagpd.gob.es 14/28 "1. Personal data will be: a) treated

controller had violated Article 6(1) GDPR since the legitimate interest assessment on which the processing was based (Article 6(1)(f) GDPR) was understood as

based on a lawful basis under Article 6 GDPR. Thus, the DPA assessed whether the processing could have been based on Articles 6(1)(a), (b) and (f) GDPR. It

contested CCTV system was compatible with the requirement of Article 6(1)(f) GDPR according to which, a data processing is lawful when it is strictly necessary

fairness principle, violating Article 5(1)(a) in conjunction with Article 6(1)(e) GDPR, and Article 6 in conjunction with Article 8 Personal Data Protection

provisions of article 6.1.e) of the GDPR. However, in the case of special categories of data, the case contemplated in letter g) of article 9.2. does not

under Article 5.1 sentence 1 of the Basic Law. The claim to access to information is based on § 2.1 sentence 1 no. 1 VIG and not on Article 5.1 sentence

infringement of the Article 6.1 of the GDPR, typified in Article 83.5 a) of the GDPR, the sanction that would correspond would be a fine for an amount of

provides a full copy. It states in it that there is legitimacy for it derived from the ar- Section 6.1. c) and 6.1.e) and at the individual level 6.1.f) of

violation of the Privacy Regulation Article 6 (1) and Article 5 (1) (a). Information on the right of appeal appears in section 6 of the decision. 2. Details of

the infringement in question was correctly defined as a breach of Article 5(1)(a) GDPR and Article 6(1)(f). However, the PVN did not agree that the infringement

the other grounds from Article 6(1) of the GDPR do not apply. For example, according to [applicant], Article 6(1)(c) of the GDPR does not apply because

surveillance had a legal basis in Article 6(1)(e) GDPR. The plaintiffs appealed to the Court of Appeals Amsterdam Court, seeking an ordinary ruling (not a preliminary

processing is not based on Article 6(1)(a) or (b) of the GDPR. 60. The right of access could theoretically concern the consultation by a user of the keys and

Protection agreed to initiate a sanctioning procedure to the claimed, by the alleged violation of Article 6 of the RGPD, typified in Article 83.5 b) of the RGPD

accordance with Article 6(3)(a), (1)(a) - (f) GDPR. An answer to a question can be regarded as personal data, as defined in Article 4(1) GDPR, cf. Directive

RESOLVES APPEAR: to Dª. A.A.A. (*** COMPANY.1), with NIF: *** NIF.1, owner of the website, *** URL.1, for the violation of article 22.2 of the LSSI, with

infringement of article 6.1 of the RGPD, typified in article 83.5 of the RGPD, and for the purposes of prescription, by article 72.1 b) of the LOPDGDD, with a fine

Google as a controller had a legal basis for their processing in article 6(1)(f) GDPR. However, according to article 17(1)(c) and article 21(1) GDPR, upon

700) for subjecting the complainant to a credit rating without a legal basis under Article 6(1)(f) and 5(1)(a) GDPR. The DPA also requires that the company

violates Article 5(1), Article 6(1) and Article 12(1) GDPR. Therefore the DE-HH SA adopted, on 10 May 2021, provisional measures under Article 66(1) GDPR, based

Spanish DPA imposed a penalty of €50000 on EDP ENERGY S.A.U. for infringing Article 6(1) GDPR by processing personal data without a legal basis. The Spanish

With regard to the abovementioned, the DPA found a violation of Article 5(1)(a), 6(1)(a) and 7 GDPR. Data retention period The DPA took account of the

unconsented portability of a telephone line be considered a violation of article 6 of the GDPR? AEPD considered that despite the existence of a human mistake (the

constitute a breach under the GDPR? The AEPD held that Vodafone violated Article 6(1) GDPR, as they had processed the claimant’s data without a lawful basis

provided for in Article 15 GDPR and Article 13 LOPDGDD was exercised. Secondly, the DPA noted that a valid legal basis under Article 6(1) GDPR is required

unlawful in accordance with Article 6(1)(a) GDPR. The DPA also noted that none of the other lawful bases in Article 6(1) GDPR could apply in this situation

described violates article 6.1. of the RGPD and is subsumable in the sanctioning type of the article 83.5.a, of the RGPD. IV Article 72.1.b) of the LOPDGDD

fulfilled: established in article 6.1 of the RGPD, which indicates: C/ Jorge Juan, 6 www.aepd.es 28001 – Madrid sedeagpd.gob.es 5/6 "1. The treatment will only

of Article 5, Article 6, and Article 25 GDPR. It ordered the controller to comply with the data subject's erasure request pursuant to Article 17(1)(d)

without their consent was a violation of Article 6 GDPR. Because of that, they fined Hazte Oir €5000, with a possibility of a reduced fine of €3000 if the

that the article’s publication was in violation of Article 5(1)(c) GDPR, Article 6(1)(f) GDPR, when read in line with Article 85 GDPR. Article 5(1)(c) outlines

PROCEDURE for NBQ TECHNOLOGY, S.A.U. with NIF A-65559296, for the alleged violation of article 6.1. GDPR typified in article 83.5.a) of the aforementioned RGPD

infringement of the Article 6.1 of the GDPR, typified in Article 83.5 a) of the GDPR, the sanction that would correspond would be a fine for an amount of

Therefore, Mr D lodged a second complaint alleging the ongoing violation of Article 6 GDPR. The AEPD finds the violation of Article 6 quite apparent and focuses

lawful under Article 6(1)(b) GDPR (i.e. necessary for the performance of the employment contract) or Article 6(1)(c) GDPR (i.e. if there is a legal obligation

Articles 6(1)(b), 5(1)(b) and 5(1)(c) GDPR? The Spanish DPA (AEPD) deemed itself competent under Article 58(2) GDPR in conjunction with Article 47 of the

data from a complaint - infringes Article 6(1) GDPR, by unlawfully processing the complainant's personal data, in relation to Article 5(1)(f) GDPR, which

imposed a fine of € 75000 on Telefónica Móviles España, S.A.U. for infringing the principle of lawful processing (Article 6 GDPR) by charging a data subject

proportionality of the measure under Article 6(4) GDPR, in accordance with the objectives referred to in Article 23(1) GDPR. It recalled that these objectives

violation of Article 5(1)(d) of the GPRS, in relation to Article 4(1) of the LOPDGDD, which governs the principle of accuracy of personal data. IV Article 72.1

controller stated that participants were asked for consent, pursuant to article 6(1)(a) GDPR, and that they were given an alternative accreditation option. The

in any way be regarded as a valid legal basis. The Spanish DPA found a violation of Article 6(1) GDPR for illegal processing of personal data by the controller

SEGUROS Y REASEGUROS, S.A., with NIF A28141935, for a violation of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR, with a fine of 30,000 euros

of Article 6(1)(e) and 6(1) GDPR - The lack of information on the identity of the controller and the DPO amounts to a violation of Article 13(1)(a) and

year, for an alleged infringement of Article 6.1 of the RGPD, typified in Article 83.5 a) of the RGPD, proposing a fine of 75,000 euros. Xfera Móviles made

other legal basis for processing under Article 6 GDPR, the controller had violated Article 5(1)(a) and Article 6(1) GDPR. Taking into account the low income

SANCTIONING PROCEDURE against Doña A.A.A., with NIF *** NIF. 1, for the alleged violation of article 6.1, typified in article 83.5 of the same legal text SECOND:

based on consent (Article 6(1)(a) GDPR), nor contract (Article 6(1)(b) GDPR), nor legitimate interest of the controller (Article 6(1)(f) GDPR). With specific

and was not provided in a timely manner, the processing operations do not appear to be grounded in consent (Article 6(1)(a) GDPR). The purpose appears to

non-material damage. Article 32(1) GDPR reflects the principle of integrity and confidentiality enshrined in Article 5(1)(f) GDPR. The controller and the

subject only made a "request for a copy" not a "request under Article 15 GDPR". The controller clearly violated Article 5(1)(a) and 12(1) GDPR. The addressee

the processing (Article 21(1) GDPR). Finally, the DPA fined the controller €12,000 for a violation of Article 6(1) GDPR due to the lack of a valid legal basis

higher. The AEPD imposed a fine of €60000 for the violating Article 5(1)(d) GDPR and €30000 for violating Article 5(1)(f) GDPR. In imposing the fine, the

established in article 6 of the Regulation (EU) 2016/679. ” IV The documentation in the file offers evidence that the claimed, violated article 6.1 of the RGPD

(c) where the processing is based on Article 6(1)(a) or Article 6(1)(b) or Article 6(1)(c) of the GDPR Article 9(2)(a), the existence of the right to withdraw

DE ESPAÑA, SAU., With NIF A82018474, for a violation of Article 6.1. of the RGPD, typified in article 83.5.a) of the RGPD, with an administrative fine

violation of article 6.1 of the GDPR, which states that: "one. The treatment will only be lawful if it complies with at least one of the following terms: a) the

of Articles 5.1.a, 5.1.b, 6.1.c), 6.3, 9.2.i), 12.1, 13.1.c), 13.2.a), 13.2.d), 13.2.e), 30.1.a) and 30.1.d), 35.1 and 35.7 of the GDPR 9. The applicant