Search results

under Article 66(2) GDPR, which could not be done in the present case. When the SA that has adopted the provisional measure under Article 66(1) GDPR considers

Commission (covering Articles 64 to 66 GDPR). For the purposes of the pilot project, the SAs referred to in Article 51 GDPR and the EDPB shall be considered

ng, Article 62 GDPR, margin number 11 (Beck 2018, 2nd edition). Riccio, Scorza, Belisario, GDPR e normativa privacy – Commentario, Article 62 GDPR (Wolters

standard procedure set forth by Article 66 GDPR. First, the SA does not have to prove the urgency required by Article 66(1) GDPR for "normal" urgency cases

the exceptions to the one stop shop mechanism applies (Article 55(2), Article 56(2), or Article 66). It interesting to note that the Court confirms that

by the EDPB pursuant to Article 66(2) GDPR. Temporary ban on processing (order) Pursuant to Article 66(1) GDPR and 58(2)(f) GDPR the Norwegian DPA consequently

EDPB. 2 COMPETENCE OF THE EDPB TO ADOPT AN URGENT BINDING DECISION UNDER ARTICLE 66(2) GDPR 2.1 Existence of a request pursuant to Article 66(2) GDPR coming

under Article 66(2) GDPR.......... 15 2.1 The SA has taken provisional measures under Article 66(1) GDPR....................................... 15 2.2 Existence

the mutual assistance procedure (Article 61 GDPR), The Italian DPA initiated the urgency mechanism in Article 66 GDPR to prohibit Meta’s processing of

provided for in Article 6(1)(a) GDPR or, as the case may be, Article 9(2)(a) GDPR, and consent is withdrawn according to Article 7(3) GDPR, data must be

consent under Article 6(4) GDPR and further processing for a compatible purpose under Article 6(4) GDPR. See the commentary on Article 6(4) GDPR for details

commentary to Article 60 GDPR, Article 61 GDPR, Article 62 GDPR, Article 63 GDPR, Article 64 GDPR, Article 65 GDPR, Article 66 GDPR and Article 56 GDPR. The SA

Regulation (GDPR): A Commentary, Article 32 GDPR, p. 636 (Oxford University Press 2020). Jandt, in Kühling, Buchner, DS-GVO BDSG, Article 32 GDPR, margin number

access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction (Article 18 GDPR), notification (Article 19 GDPR) or data

resolution mechanism under Article 65 GDPR in connection with Article 63 GDPR is triggered (Article 60 (4) GDPR). Article 60(2) GDPR clarifies that also in

one of the 'other administrative or non-judicial' remedies, which Article 78(2) GDPR refers to. If the DPA decides to uphold their decision, they will

leeway exists only in cases of Article 64(2) GDPR but not the context of Article 70(2) GDPR. According to Article 70(3) GDPR, the EDPB is obligated to “forward

to in Article 46(2)(d) GDPR, contractual clauses referred to in Article 46(3)(a) GDPR, or binding corporate rules within the meaning of Article 47 GDPR

consistency mechanism under Article 65(2)(1) GDPR and the adoption of the EDPS’s rules of procedure under Article 72(2) GDPR. Notably, each EDPB member

(see Article 52 GDPR) and shall be provided with various competencies (Articles 55, 56 GDPR), tasks (Article 57 GDPR) and powers (Article 58 GDPR). For

Journal of the European Union. 2. It shall apply from 25 May 2018. There is no relevant recital for Article 99 GDPR. Article 99 GDPR sets out the dates of the

administrative fines referred to in Article 66. It may cancel, reduce or increase those fines within the limits of Article 66. The EDPS, as an independent institution

in principle (see hereunder Article 65(2) GDPR) to adopt a decision under Article 65 GDPR is reached, since Article 64 GDPR only requires a simple majority

relevance of Article 29 GDPR were rooted in the fact that Article 28(3)(b) GDPR already seems to cover much of the scope of Article 29 GDPR. More specifically

date of effect under Article 94 GDPR. In order to ensure a sense of continuity within the regulatory framework, Article 94(2) GDPR provides that any reference

protected by Article 96 GDPR if it is found to be incompatible with other GDPR provisions. → You can find all related decisions in Category:Article 96 GDPR It follows

years as per Article 45(3) GDPR, and subject to regular reporting, which Article 97(2) GDPR provides for. The third paragraph of Article 97 GDPR, obliges the

process them. This was already the case under Article 8(7) of the DPD, the precursor of Article 87 GDPR. In many Member States, the processing of NIN and

Chair represents the Board (Article 68(2) GDPR) and is responsible for directing the work of the secretariat (Article 75(2) GDPR). Other specific responsibilities

Article 76 GDPR, p. 1111-1112 (Oxford University Press 2020). Docksey, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 76 GDPR, p.

accordance with Article 58(2) [GDPR]”. These is a reference to the information that SAs must keep in internal records according to Article 57(1)(u) GDPR. The report

mechanism), Article 64 GDPR (opinion of the board), Article 66 GDPR (urgency procedure) and Article 67 GDPR (exchange of information). Article 55 GDPR confirms

subject to the GDPR or, in cases where they are not established in the EU, act within the material and territorial scope of the GDPR. Article 48 GDPR refers to

from Article 6(1) GDPR and comply with the principles enshrined in Article 5 GDPR. Additionally, the processing will still be subject to other GDPR provisions

(e.g. Article 25 (1) and (2), Article 28(1), Article 32(1) GDPR, Article 89(1) GDPR). These measures can also be regarded as measures under Article 24(1)

mechanism referred to in Article 63 GDPR (Article 28(8) GDPR). The Commission has made use of its power under Article 28(7) GDPR and published standard contractual

directly to children. As such, Article 8 GDPR stipulates additional requirements for consent by children. Article 8 GDPR applies only if the processing

Regulation. Noting that a broader reading of Article 98 GDPR is supported by the wording of Article 2(3) GDPR, which provides that: 'For the processing of

unlike delegated acts made under Article 92 GDPR. Article 93(2) GDPR explicitly provides for the application of Article 5 of Regulation (EU) No 182/2011

definition for "processing" in Article 4(2) GDPR). If data is been made public, the applicable provision is Article 17(2) GDPR, provided that all requirements

important to note that Article 13(1)(f) GDPR, Article 14(1)(f) GDPR, Article 15(1)(c) GDPR and Article 15(2) GDPR, make specific reference to transfers of personal

proposed amendments to the GDPR (pursuant to Article 70(1)(b) GDPR). Although not explicitly mentioned in Article 69(2) GDPR, the requirement that the Board

practices published under Article 70(3) GDPR. Though Article 70(3) GDPR already obliges the EDPB to make these public, Article 71(2) GDPR ensures that the public

Protection Regulation (GDPR), Article 75 GDPR, p. 1105 (Oxford University Press 2020). Dix, in Kühling, Buchner, DS-GVO BDSG, Article 75 GDPR, margin number 6

exchange of knowledge between them. This way, Article 50 GDPR expands the exhortation under Article 57(1)(g) GDPR that calls for cooperation between EU DPAs

exercise on their behalf all rights foreseen under Articles 77 and 78 GDPR and Article 20 of L. 4624/2019. The mandate shall be given with a specific written

laid down in Article 57 GDPR. The powers of SAs are both investigative and corrective, which are set out in Article 58 GDPR. Article 52(2) GDPR requires two

conduct under Article 83 GDPR should be excluded from penalties issued under Article 84 GDPR is debated. Whilst the wording of the GDPR is simply unclear

accountability in Article 5(2) GDPR, paragraph (2) specifies further requirements in the general principle of transparency under Article 5(1)(a) GDPR, paragraph

falls outside the scope of Article 57 GDPR should be deemed inadmissible for the purposes of Article 31 GDPR. Article 31 GDPR can be read as a supporting

with the examination procedure referred to in Article 93(2). You can help us fill this section! Article 43 GDPR explains the procedure involved in establishing

situation, Article 95 GDPR will not be relevant, and the GDPR applies as normal. Notably, Recital 173 GDPR, which relates to Article 95 GDPR, omits reference

Datenschutzrecht, Article 73 GDPR, margin number 3 (C.H. Beck 2019, 1st edition). Nguyen, in Gola, DS-GVO, Article 73 GDPR, margin number 2 (C.H. Beck 2018, 2nd edition);

related decisions in Category:Article 16 GDPR Meents, Hinzpeter in Taeger, Gabel, DSGVO – BDSG, Article 16 GDPR, margin number 2 (Deutscher Fachverlag, 4th

from any of the GDPR’s protections. → You can find all related decisions in Category:Article 39 GDPR Just as Article 38 GDPR, Article 39 GDPR also shows similarities

decisions pursuant to Article 65 GDPR (Article 70(1)(t) GDPR). Article 68 GDPR is the first of nine Articles (Articles 68-76 GDPR) governing the EDPB set

objections pursuant to Article 92(5) GDPR. Article 92(5) GDPR imposes a further condition for the delegation of power, in line with Article 290(2)(b) TFEU. A delegated

affected since, under Article 28(1) GDPR, a controller shall only use processors providing the same standards under Article 25 GDPR. Manufacturers or producers

accordance with Article 58(1) GDPR. Article 90 GDPR was drafted with a view to regulate potential conflicts between the application of the GDPR on the one hand

processing (Article 32(1) GDPR) and the general principles of processing set out in Article 5 GDPR. In confirming the above interpretation, Paragraph 2 sets out

a binding dispute resolution procedure in accordance with Article 65 GDPR. Article 64(2) GDPR allows any SA, the EDPB Chair or the Commission to request

categories of data established in Article 9(2)(a) GDPR, Article 9(2)(c) GDPR, Article 9(2)(g) GDPR and Article 9(2)(i) GDPR directly correlate with a specific

Regulation (GDPR): A Commentary, Article 38 GDPR, p. 707 (Oxford University Press 2020). Bergt, in Kühling, Buchner, DS-GVO BDSG, Article 38 GDPR, margin number

accountability obligation enshrined in Article 5(2) GDPR. This theory is not totally convincing. In light of Article 5(2) GDPR, a reversal of burden of proof for

compliance with the GDPR under Article 58(2)(d) GDPR or even ban it under Article 58(2)(f) GDPR. Therefore, complaints under Article 77 GDPR should extend to

with the GDPR (Article 31 GDPR). Direct liability of the representative is limited to the obligations set out in Article 30 and Article 58(1)(a) GDPR. Article

controller is subject, under Article 6(1)(c) GDPR. In line with the general objectives of the GDPR, as outlined in Article 1 GDPR Article 16 TFEU, SAs are also

Press 2020). Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1090. Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1090. CJEU

applicability of Article 49(1) GDPR, the documentation of suitable safeguards (Article 30(2)(c) GDPR). See commentary under Article 30(1)(e) GDPR. The processor's

access (Article 15 GDPR), rectification (Article 16 GDPR), deletion (Article 17 GDPR), restriction of processing (Article 18 GDPR), objection (Article 21 GDPR)

and jurisdiction provisions (Articles 47(1)(b), 47(2)(d), 47(2)(e), 47(2)(g), 47(2)(i), 47(2)(l) GDPR); a duty for the EU BCR member to accept responsibility

Regulation (GDPR), Article 91 GDPR, p. 1263 (Oxford University Press 2020). Tosoni, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article

difference between Article 42(1) GDPR and Article 42(2) GDPR is that in the former, the applicant for certification is subject to the GDPR, while in latter

According to Article 80(2) GDPR, where legislated for by Member States, this right extends to Articles 77, 78 and 79 GDPR, but not Article 82 GDPR. This exclusion

meaning Recital 86 GDPR). However, Article 34 GDPR does not provide a specific deadline of 72 hours as is the case in Article 33 GDPR. Instead, timelines

clear from the wording of Article 41(1) GDPR. Article 41(1) GDPR does not define accreditation. Nonetheless, Article 41(2) GDPR provides a criterion against

explicit wording of Article 81 GDPR does not limit its application to proceedings instigated either under Article 78 GDPR or Article 79 GDPR. Secondly, the

elements in Article 2(1) are fulfilled, the GDPR applies unless the processing falls under one of the exemptions named in Article 2(2)(a) to (d) GDPR. The first

processing (Article 36(3)(c) GDPR); the contact details of the Data Protection Officer (DPO) (Article 36(3)(d) GDPR); a copy of the DPIA (Article 36(3)(e)

under Article 79 GDPR – or both. This flexibility allows for parallel proceedings under both Article 77 GDPR and under Article 79 GDPR. As the GDPR foresees

Beck, 2018, 2nd edition). We refer, in that respect, to the Commentary on Article 2(2)(c) GDPR. Spiecker et al., GDPR Article-by-Article Commentary (2023)

contrast to Article 23(1)(e) GDPR, which sets out strict requirements for the Union or Member State's law restricting GDPR rights, Article 18(2) GDPR does not

functions, a permissive function (Article 88(1) GDPR) and a conditional function (Article 88(2) GDPR). While Article 88(2) GDPR determines the scope of the opening

occupation. For example, Article 52(2) GDPR requires SA members to remain free from external influence and Article 52(3) GDPR entails a prohibition of

from Articles 13(2)(b) and 14(2)(c) GDPR. However, Article 21(4) GDPR specifies that the right to object under Article 21(1) and 21(2) GDPR (i.e. the right

information as outlined in Articles 13 and 14 of the GDPR (see above). Article 26(2) of the GDPR emphasizes the significance of these specific obligations

Regulation (GDPR): A Commentary, Article 49 GDPR, p. 846 (Oxford University Press 2020). EDPB, ‘Guidelines 2/2018 on derogations of Article 49 under Regulation

flows by the SA pursuant to Article 58(2) GDPR or failure to provide access in violation of Article 58(1) GDPR. Article 83(6) GDPR is a superfluous provision

which would be competent under Article 55(1) GDPR, as provided in Article 56 GDPR in connection with Article 60 GDPR. For more information see commentary

entering the contract, Article 22(2)(a) GDPR does not mention this additional aspect. In any case, the application of Article 22(2)(a) GDPR is always subjected

Hence, Article 89(2) and (3) GDPR also allow for specific derogation to the GDPR for these purposes, as further detailed below. Article 89(1) GDPR provides

with Article 13, Article 14 GDPR gives expression to the principle of transparency enshrined in Article 5(1)(a) GDPR and further defined in Article 12 GDPR

the application of the GDPR. You can find further details about the territorial scope in Article 3 GDPR. According to Article 1(2), the Regulation generally

or infringes the GDPR or any other applicable laws, including national ones. See commentary under Article 77 GDPR. Article 78(1) GDPR establishes both

reliance on Article 6(1)(f) GDPR or at least exercise the right to object under Article 21 GDPR. If the legal basis is Article 6(1)(f) GDPR (i.e. 'legitimate

the GDPR (Article 3)’, 12 November 2019 (Version 2.1), p. 6 (available here). EDPB, ‘Guidelines 3/2018 on the territorial scope of the GDPR (Article 3)’

access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction of processing (Article 18 GDPR), notification obligation

respect of Article 33. If a controller who is not established in the EU but falls under the scope of Article 3(2) or Article 3(3) of the GDPR experiences

categories of data under Article 9 GDPR or data relating to criminal convictions and offences under Article 10 GDPR. Article 37(2) GDPR allows for the designation

decision". Similar to the ex-ante information in Article 13(2)(f) and 14(2)(f) GDPR, Article 15(2) GDPR requires that in case the controller transfers data

provided for in Article 52(3) GDPR and Articles 53(3) and 53(4) GDPR. For more information on SA members and staff, please refer to Article 52(2) GDPR (SA members)

requirements. Although Article 40(5) GDPR mentions that the competent DPA will be determined through the application of Article 55 GDPR, the GDPR does not provide

are dealt with in Article 12(6) GDPR. It is unclear why Article 12(2) GDPR refers to Articles 15 to 22 GDPR, while Article 11(2) GDPR only refers to Articles

must also be involved in the drafting of the DPIA under Article 35(2) GDPR and Article 39(1)(c) GDPR, and their advice should be recorded by the controller

in Category:Article 45 GDPR Kuner, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation (GDPR): A Commentary, Article 45 GDPR, p. 774 (Oxford

consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and (b) the processing is

possible "legitimate interest" under Article 6(1)(f) GDPR. Equally to Article 6(1)(c) GDPR, Article 6(2) and (3) GDPR require that Union or Member State

of such processing (see Article 5(1)(b) GDPR), the requirement to have a legitimate basis laid down by law (see Article 6(1) GDPR), the right to access and

accordance with the provisions of the aforementioned Article 66 of the Regulation. Pursuant to Section 66(1) of the Regulation, the supervisory authorities

Moreover, the information provided as per Article 13 GDPR were not compliant with the requirements of Article 12 GDPR in light of the fact that TikTok services

the following: Article 66 GDPR gives the possibility for a procedure of urgency and from this article (and Article 66 and Article 62 GDPR), the European

Authority has verified the above links and NAIH / 2020/66/2., NAIH / 2020/66/3. and NAIH / 2020/66/5. in its file number notes, it found that the links were

Wednesday 10 November 2021. The reference to Article 66 GDPR by the Court seems irrelevant, since Article 66 is a derogation to the one stop shop principle

"accept all" button be considered a breach of GDPR Article 4(11) and Article 7, read in conjunction with GDPR Article 5(3) -Privacy while the data controller

to work. 1 2See, among other things, article 4 paragraph 1 SUWI and the ZBO register of the Dutch central government. See article 2 paragraph 2 SUWI and

the fine, the criteria specified in the same article 83. 111. Article 83 of the GDPR, as referred to in Article 20, paragraph III, of the Data Protection

for more details. Article 2: Material scope Article 2.2.c: Exclusively personal or domestic activity Article 3: Territorial scope Article 4.1: Personal data

instance, the controller sought to rely upon Article 6(1)(e) GDPR and Article 9(2)(j) GDPR. Article 6(1)(e) GDPR establishes a lawful basis for the processing

more details. Article 2: Substantive scope Article 2.2.c: Exclusively personal or domestic activity Article 3: Territorial scope Article 4.1: Personal

processing involved special categories of data under Article 9 GDPR and whether an exception under Article 9(2) applied; • targeted advertising by the controller

this regulation in accordance with Article 57 (1) (a) GDPR and which has the powers in accordance with Article 58 GDPR. For this reason alone, there was

pre-existing form of Article 11 of Law 3471/2006). However, with the provisions of article 16 par. 1 and 2 of law 3917/2011, par. 1 and 2 of article 11 of law 3471/2006

CPDP issued NRA an order under Article 58(2)(d) supra Article 57(1)(a) and Article 83(2)(a), (c), (d), (f) and (g) of the GDPR for undertaking suitable technical

provided for in Article 56(1), read in conjunction with Article 56(2), read in conjunction with Article 56(3), read in conjunction with Article 56(4), read

databases made available by the CNAM. 2.2.2. Nature of personal data 2.2.2.1. Pursuant to Article 5(1)(c) of the GDPR, the data processed must be relevant

the public interest, per Article 6(1)(e) GDPR, and was also necessary for scientific research purposes under Article 9(2)(j) GDPR. Thirdly, that the data

GDPR and Article 66.2 WOG); and • compliance with the transparency obligations (Article 12 GDPR) and the te provide information (Article 13 GDPR). Page

data is a fundamental right. Article 8(1) of the Charter of Fundamental Rights of the European Union (the ‘Charter’) and Article 16(1) of the Treaty on the

therefore of the opinion that no breach of Article 5.2 of the GDPR, Article 24.1 of the GDPR and Article 33 of the GDPR can be established. - As regards the

and Article of 11Law No. 3471/2006, in accordance with Article 13(58i2) of the GDPR in conjunction with Article 83(1)(a) of the GDPR. 5 of the GDPR, and

1, No. 2, Art. 6 para. 1 sentence 1 lit. c, para. 3 sentence 1, Art. 86 GKG § 47 (1), § 52 (2), § 53 (2) no. 2, § 63 (3) sentence 1 no. 2, § 66 (3) sentence

defendant 2. Also here is there therefore an infringement of Article 5 at the time of the facts. 1, a) GDPR, Article 6, Article 12.1 GDPR and Article 14.1 a)

of his personal data would be based 5. 1, a) GDPR, Article 6, Article 12.1 GDPR and Article 14.1 a) GDPR. 67. Moreover, a controller, in this case defendant

right to access under Article 15 GDPR because the controller was entitled to reject the request pursuant to Article 12(5)(b) GDPR. The court reasoned that

DPA under Article 31 GDPR and Article 66 Greek Law 4624/2019, as well as the obligation to designate the DPO under Article 37 GDPR and Article 6 Greek Law

mandatory by article 13.2.a) of the GDPR. 2.2 Regarding the exercise of their rights by the persons concerned 67 53. In the context of objective 2, the head

" Regarding section k) of article 83.2 of the RGPD, the LOPDGDD, article 76, "Sanctions and corrective measures", provides: "2. In accordance with the provisions

meaning of Article 4 No. 7 GDPR. However, the defendant cannot be accused of violating an obligation to provide information under Art. 15, 12 GDPR. Paragraph

that under Article 82 (1) and (2) GDPR, any person who has suffered material or non-material damage as a result of a violation of the GDPR is entitled

was contrary to Article 5(1)(a) GDPR (principle of lawfulness), Article 5(1)(b) GDPR (principle of purpose limitation) and Article 6 GDPR (absence of valid

time tracking system, due to a lack of compatibility with Article 7(4) and Article 35(9) of GDPR. KEO PLC decided to upgrade its ERP system, whose upgrade

other two conditions of Article 6 (1) (f) of the GDPR are not met. (26) The second condition of Article 6 (1) (f) of the GDPR is that the processing of

there is no explicit consent by the customers as requested under Article 9(2)(a) GDPR and an implied consent cannot fulfill the provision’s requirement

processed on the basis of Article 6(1)(c) GDPR does not have the rights to erasure and objection contained in Article 17 and Article 21 GDPR respectively. This

in the article 57.1 and the powers granted in article 58.1 of the Regulation (EU) C/ Jorge Juan, 6 www.aepd.es 28001 – Madrid sedeagpd.gob.es 2/12 2016/679

information in accordance with Art. 15 (1) half-sentence 2 GDPR. According to Art. 4 No. 2 GDPR, processing also includes in particular the collection,

specified in Article 83 of the GDPR. 92. 92. Firstly, the restricted formation emphasises that, in this case, the criterion provided for in Article 83(2)(a) of

statement of the Debtor [Article 83 (2) (k) GDPR]; - the processing did not affect specific categories of personal data [Article 83 (2) GDPR paragraph (g)]; -

compliant with Articles 5 and 6 GDPR. According to Article 6 GDPR, when a controller did not rely on consent (Article 6(1)(a) GDPR), its processing should be

entitled to erasure under Article 17(1)(d) GDPR, as the data processing was not lawful. In any case, the requirements of Article 6 GDPR were no longer met 6

violation of the general right of personality under Article 1.1, Article 2.1 of the Basic Law (Article 7, Article 8 of the Basic Law) was to be taken into account

Pursuant to Article 83 GDPR in conjunction with Article 4 No. 7 and 8 GDPR, fines for violations of the GDPR pursuant to Article 83(4) to (6) GDPR are not

the GDPR does not apply established by the GDPR and, therefore, in accordance with the provisions of articles 55 para. 1, 2 para. 1 and 3 para. 2 GDPR

integrality of the indictments. 2.2. Identification of the controller (Article 4.7 GDPR) 71. In accordance with Article 4.7 of the GDPR, the controller should be

data carried out through Yango app was contrary to Article 44 GDPR, Article 46 GDPR and Chapter V GDPR. Moreover, it found that the conditions set for the

Federation pursuant to Article 58(2)(f) of the General Data Protection Regulation. Pursuant to Article 58(2)(j) and Article 66(1) of the General Data Protection

publicly available on the Internet. However, it follows from Article 28(1) GDPR and Article 28(3)(f) GDPR that the data processor (in this instance Kombit A/S)

under Article 36 GDPR) regarding the compliance of the envisaged processing with the GDPR. According to the Commission, the legal basis was Article 6(1)(e)

around the processing of personal data subject to Article 10 GDPR. Pursuant to Article 6(1)(f) GDPR, the Privacy Appeals Board conducted a balancing test

dossier werden toegevoegd. 2. Motivering 2.1. De bevoegdheid van de Inspectiedienst en de Geschillenkamer en de omvang van het dossier 2.1.1. Het verzoek van

employees. The DPA found a violation of Article 5(1)(b) GDPR, Article 5(1)(c) GDPR and Article 13 GDPR. Following a visit to the premises of two public bodies (the

approved appeal of Article 5(1)(a), Article 12(1), Article 13(1) and Article 13(2). The appeal for Article 5(1)(c), Article 6(1) and Article 8 GDPR was not approved

lies', the conditions in Article 66 (1) GDPR for taking urgent measures are met. Since the conditions for Article 66(1) GDPR were met, the court did not

[The equivalent GDPR Article to Article 48(3)(a) EU GDPR is Article 46(3)(a) GDPR, and Article 50(1)(d) EU GDPR is Article 49(1)(d) GDPR.] Share blogs or

to or instead of the measures referred to in Article 58(2)(a) to (h) and (j) [..)', Article 83(2) of the GDPR recognizes the power of the national supervisory

Regulation) Article 1, paragraph 2, Article 5, Article 6, paragraph 1, subparagraph f, Article 17(1)(a), (c) and (d), Article 17(3)(a), Article 21(1) Judgments

under Article 77 GDPR was very clear and limited in scope. However, the DSB went on to assert a violation of Article 12 GDPR and Article 15(1)(h) GDPR, acting

Section 1 Paragraph 1 and 2 DSG, Article 5 Letters a and c GDPR as well as Article 6 Paragraph 1 Letters c and f GDPR, as well as Article 1 Paragraph 3 Z 1 ZaDiG

the alert on the SIS system under Article 17(1)(d) GDPR. The reason for the data subject invoking the GDPR is that Article 53(1) Regulation (EU) 2018/1861

of a link to this information. This was a violation of Article 12. Based on Article 13(2)(a) GDPR and WP29 guidelines on transparency, the CNIL noted that

violating Article 5(1)(f) GDPR, Article 5(1)(a) GDPR, Article 5(2) GDPR, Article 12 GDPR, Article 13 GDPR, Article 14 GDPR, Article 24(1) GDPR, and Article

obtained from them, as required under Article 14(1)(a) AVG and Article 14(2)(c)(e) and point (f) AVG; c. article 12 j° article 14 AVG, in view of the defendant

the lack of security routines, thus breaching Article 32(1)(b) cf. Article 5 GDPR, Article 35 and Article 24(1), respectively. Teachers at two junior high

has a wider scope of applicability than Article 8 GRC (the latter only protects natural persons). As Article 16(2) TFEU leaves it to member states to grant

reasoned in accordance with Article 4(24) GDPR and, after conducting its own assessment of the factors under Article 83(2) GDPR, found that the proposed fine

the basis of article 6.1 e) GDPR read together with articles 5.2 GDPR and 24.1 GDPR. 3) Violation of Articles 12.1, 12.6, 13.1 and 13.2 GDPR: the Inspection

conferred by article 79(2) of the GDPR. This is the relevant provision for the purposes of para 3.1(20) of CPR Practice Direction 3B. Article 79(2) provides:

analyzes the criteria by Article 83.2 of the GDPR: - As to the nature and seriousness of the violation [article 83.2 a) of the GDPR], with regard to breaches

the basis of Article 58, paragraph 2, point b) GDPR and Article 100, §1, 5 ° WOG to be reprimanded for the infringement of Article 25 (1) GDPR; b. on the

Human Rights. According to settled case-law, it follows from Article 1.2 and Article 59.2 of the Basic Law that there is an obligation to use the Human

of the judgment article 6, d) and article 6, e) of the GBA law, but this should be read as article 6.1. d) and Article 6.1. e) of the GDPR. Decision on the

Buchner, GDPR BDSG, 2nd edition 2018, Art. 5 GDPR marginal 8). Even if the data is “only” incorrect, the requirements of Article 17 (1) (d) GDPR can be met

The heading of Article 6(1) and the wording “has given” in Article 6(1)(a) support this interpretation. It follows logically from Article 6 and Recital

for more details. Article 2: Material scope Article 2.2.c: Exclusively personal or domestic activity Article 3: Territorial scope Article 4.1: Personal data

provided for in Article 2, h) of Directive 95/46/EC. In particular, under these new requirements, article 4, paragraph 11 of the GDPR requires that the

Therefore, given that Article 6(1), Article 5(1)(a), Article 5(1)(d), Article 5(1)(c), and Article 14 GDPR were infringed in connection to Article 5(1)(b), the

experience data under Article 17 GDPR. The credit reference agency refused, arguing a legitimate interest under Article 6(1)(f) GDPR. After the erasure request

60 of the GDPR does not apply the GDPR and, therefore, in accordance with the provisions of articles 55 para. 1, 2 para. 1 and 3 para. 2 GDPR and 13 para

right to erasure (“right to be forgotten”) of Article 17 GDPR and Article 19 of Regulation 2018/1725. Under GDPR, such prolonged and unrestricted data retention

Decision Source: standards: Article 17(1) TEU 2016/679, Article 17(1)(a) TEU 2016/679, Article 17(1)(d) TEU 2016/679, Article 16 S 1 TEU 2016/679, § 4(1)

that the letter in question referred to Article 58(1)(a) of the GDPR and Article 5:16 in conjunction with Article 5:17 of the Awb does not make this any

an infringement of Article 5 (1) a), b) and c) and (2) of the GDPR and Article 24 (1) of the GDPR; and - an infringement of article 8 of the law of 21

this regard within the meaning of Article 2 (2) point d) GDPR. Whichcertain officials of the defendant under Article 5, §2 of the Second Ordinanceare appointed

After considering the objections in light of Article 4(24) GDPR and the factors outlined in Article 83(2) GDPR the EDPB instructed the DPC to impose an administrative

databases made available by the CNAM. 2.2.2. Nature of personal data 2.2.2.1. Pursuant to Article 5(1)(c) of the GDPR, the data processed must be relevant

reasoning of the Court of Appeal. Article 15 GDPR and the GDPR as such are applicable, even if the processing occurred before the GDPR came into force in 2018.

violated Article 5(1)(e) GDPR and Article 25(2) GDPR. As a result, the DPA issued a reprimand to the controller in accordance with Article 58(2)(b) GDPR. Pursuant

(VWA ./05, see point II.2), the XXXX (VWA ./06, see point II.2) and a certificate of representation (VWA ./07, see point II.2). I.2. As a result, the BA continued

condition of necessity is maintained under Article 6.1 b) to f) of the GDPR. The article 6.1 of the GDPR replaces Article 7 of the Directive, without the relevant

(EU) 2016/679, p. 41. 2.2.2 Obligations relating to consent ('opt-in') (Articles 5, 6(1)(a) and 4(11) in conjunction with Article 7 of the Data Protection

information in accordance with Article 85(2) GDPR. The Court held that the provisions on the security of processing in Article 32 GDPR are not intended to limit

issued a reprimand (Article 58(2)(b) GDPR) to the controller for breach of those provisions and instructed (Article 58(2)(c) of the GDPR) it to satisfy the

invoked the excessiveness of the request under Article 12(5) GDPR alleging that the data subject uses Article 15 GDPR only to verify the validity of the premium

pursuant to Article 17(2) DPA Act. 9. Moreover, as regards the one-stop-shop mechanism, Article 56 GDPR states: "Without prejudice to Article 55, the supervisory

by the defendant under Article 6(1) GDPR? Did the controller infringe the data minimisation principle under Article 5(1)(c) GDPR? Did the controller commit

is based on Article 9(2)(i) of the GDPR as mentioned above. 34. However, certain data referred to in the PIA are not mentioned in Article 2 of the draft

2019, GDPR Art. 37, para. 1; Döpfler , EU-GDPR and BDSG, 2nd edition 2020, GDPR Art. 37, marginal 1; Paal / Pauly, DS-GVO BDSG, 2nd ed. 2018, GDPR Art.

individuals complies with Article 14 of the GDPR. 2 On breaches in connection with the exercise of rights 28. Under Article 12 of the GDPR: "1. The controller

offence against privacy included in Article 197(1) of the Spanish Criminal Code, with the aggravating circumstance from Article 197(5) of being data related to

argue about the value in dispute of a request for information under Article 15 GDPR. The ArbG Düsseldorf (Düsseldorf Labour Court) had set the amount in

requirements of Article 9 GDPR. In the DSB held that the processing violated Articles 5, 6 and 9 GDPR: Consent under Articles 6(1)(a), 7 and 9(2)(a) GDPR cannot

data within the meaning of Article 4(2) in the course of proceedings under both Articles 77 and 78 of the GDPR. Article 4(2) refers to disclosure as a

fine, the criteria specified in the same Article 83." 112. Under Article 83 of the GDPR, as referred to in Article 20(III) of the Data Protection Act: "1

legal basis for their processing in article 6(1)(f) GDPR. However, according to article 17(1)(c) and article 21(1) GDPR, upon receiving an erasure request

listed in Article 2(3) of that directive and Article 2(2) of that regulation, apply. 62 In particular, it should be noted that Article 9 of the GDPR and Article

a bank was subject to the GDPR in its capacity as a controller and should have answered access requests under Article 15 GDPR.   The complainants are clients

the data subjects, therefore breaching Article 6 GDPR, as well as Article 5(1)(b) GDPR. Thirdly, Article 30 GDPR stipulates that the controller must keep

security under Article 2(2)(a) GDPR. The GDPR will not apply if the activity of the controller falls outside the scope of Union Law under Article 2(2)(a). The

applied Article 9(2)(a) GDPR, according to which the data subject could have voluntarily disclosed their health data defined in Article 4(15) GDPR to the

out in Article 14(5)(a) and Article 14(5)(c) GDPR. The DPA rejected the controller's views as it argued that the exceptions in Article 14(5) GDPR should

meaning of Article 5(3) and Article 2(f) of Directive 2002/58/EC, as amended by Article 2(5) of Directive 2009/136/EC, in conjunction with Article 2(h) of Directive

street. The DPA was allowed to issue a reprimand, Art. 58(2)(b) GDPR. On the basis of Art. 58(2)(f) GDPR, the DPA was not entitled to order the removal of camera

publication of the press release of 17 June 2020 infringed Article 54(2) GDPR and Article 48(1) and Article 64(3) WOG. This press release described that the DPA

11, 148, 150, and Article 5, Chapter IV and Article 83. 4 2.8 Chapter IV, Section 2 addresses security of personal data. Article 32 GDPR provides: 1. Taking

the type of data) are: Article 9(2)(h) GDPR (necessary for the purposes of preventive or occupational medicine); Article 9(2)(i) GDPR (for reasons of public

requirements of the GDPR; Because from Recital 171 Sentence 2 GDPR, from Art. 4 No. 2 GDPR and Art. 24 Para. 1, in particular Sentence 2 GDPR, the obligation

analyse the criteria set out in Article 83.2 of the GDPR. 61. As regards the nature and seriousness of the breach (Article 83(2)(a) of the RGPD), it points

requirements of Article 6(1)(a) in conjunction with Article 7 GDPR, which cannot be superseded by relying on Article 6(1)(b) GDPR? Is Article 5(1)(c) GDPR (data

data subject argued that Article 5,13 and 14 LED (the roughly equivalent GDPR articles would be Article 5(1)(e), 13 and 15 GDPR) do not permit the police

Compétence de la Chambre de Résolution des Litiges (Article 2 AVG ; Article 4 WOG) 55. Conformément à l'article 2, paragraphe 1, de l'AVG, le règlement s'applique

relation to contraventions of the UK-GDPR, section 168 DPA 2018 provides that "non-material damage" in Article 82 GDPR includes distress. In relation to breaches

breach of Article 13 (2) of the GDPR. 43. Consequently, the restricted panel considers that the company has committed a breach of Article 13 of the GDPR. It

breach of Article 28 paragraphs 3 and 4 of the GDPR is clear. 2. On the breach of the obligation to ensure data security 49. According to Article 32 of the

the Austrian DPA pursuant to Article 55(1) GDPR. However, the DPA further considered the exception of Article 55(2) GDPR which states that local DPA's

of article 4.19 of the GDPR – (article 13.1. c) of the GDPR) and does not mention the data retention periods personal data processed (article 13.2. a)

of the GDPR? Does unintenional disclosure (via a breach) to a third party constitute unlawful further processing as per Article 2(1), 5(1)(f), 6(2) and Article

and the lack of control by Vodafone on that; - A € 2 000 000 fine for the infringement of Article 44 GDPR: due to the carrying out of international transfers

Failure to ensure data protection by default (Article 25(2) GDPR) The DPA also found a violation of Article 25(2) GDPR regarding the controllers “X” icon at the

data 9 2.1.1 Factual findings 9 2.1.2Legal assessment 9 2.2 Controller and processor(s) 10 2.2.1 Factual findings 10 2.2.2Legal assessment 12 2.3Security

based on Article 17 GDPR and/or Article 21 GDPR. In this case this does not apply. Applicant bases his request on Article 10 GDPR. The goal of article 10 was

requests for information according to Article 15(1) GDPR. The ‘Business secrecy’ exception only applied to Article 15(4) GDPR, where a data subject would request

disregarded the provisions of Article 5-1 e) of the GDPR. C. On the breach of the obligation to inform people 65. Article 13 of the GDPR requires the data controller

compelling reasons within the meaning of Article 9 of the protocol on monitoring systems. That article reads as follows: "Article 9 Articles 05 to 08 do not affect

the performance of a contract (Article 6(1)(b) GDPR) and for legitimate interest (Article 6(1)(f) GDPR). Article 6(1)(b) GDPR In its original draft decision

infringement of Article 5.1 b) in conjunction with Article 6.4. AVG, on article 5.1 a) in conjunction with article 6.1. AVG and on article 5.1 c) GDPR has been

proceedings. 3.2.2 art. 79(1) GDPR provides that any data subject has the right to an effective remedy if they consider that their rights under the GDPR have been

in accordance to Article 4(23) GDPR. According to the AEPD, there are other concerned DPAs in this case, as defined in Article 4(22) GDPR: Spain, Belgium

Authority. II.5.2. Established infringement of Article 5(1)(a) j° Article 6(1)(f) and Article 12(2) GDPR in conjunction with Article 17 (1) GDPR. II.5.2.1. Administrative

out in Article 6 (1) of the GDPR In addition, there is a circumstance within the meaning of Article 9 (2) of the GDPR. (45) Article 9 (2) of the GDPR does

processing (Article 18 GDPR), right to data portability (Article 20 GDPR) and right to object (Article 21 GDPR). The right to information under Art. 15 GDPR cannot

the number of data subjects (Article 83.2.a) of the GDPR), the As for the number of data subjects (Article 83.2.a) of the GDPR), the Panel notes that these

within the mandatory time limit, cf. article 15 and article 12 (3) of the EU General Data Protection Regulation (GDPR). On 16 February 2021 Kromann Reumert

the UK GDPR and the DPA. They are obliged by Article 5(2) to adhere to the data processing principles set out in Article 5(1) of the UK GDPR. Article 5(2)

is maintained under Article 6.1 b) to f) of the GDPR and therefore in Article 6.1.c) invoked in the species. Article 6.1 of the GDPR in fact reproduces

force: "According to Article 16 sentence 1 GDPR, every data subject has the right to request the controller (see Article 4(7) GDPR) to correct incorrect

the GDPR, as the data falls under Article 9 GDPR and awarded € 800 in emotional damages. The Austrian Business Code cannot override Article 9 GDPR. There

consent of the 10 complainant (article 6.1 a) of the GDPR combined with article 7 of the GDPR), (2) article 6.1 c) of the GDPR in that the publication results

accordance with Article 58, paragraph 2, subparagraph b of the General Data Protection Regulation, and an order pursuant to Article 58, paragraph 2, subparagraph

rely on Article 9(2)(b) GDPR. The LArbG Berlin-Brandenburg also confirmed that the processing was not necessary in light of Article 9(2)(b) GDPR, and emphasised

the data subject requested his personal information (Article 15 (1) GDPR and Article 15 (3) GDPR) from the controller. On the same day, the data subject

supervisory authorities (Article 58(2) DSGVO), in particular the fines to be imposed (Article 58(2)(i) DSGVO), for which Article 83 DSGVO contains a detailed

not correspond to the legal purposes from Article 77 of ZVOP-2, Paragraph 1 of Article 78 of ZVOP-2 and Article 6 of the General Regulation. With video surveillance

claimed party, for the alleged infringement of Article 5.1.c) of the RGPD, typified in Article 83.5 of the GDPR. FIFTH: On 10/18/21, the careful collaboration

protection of the rights of data subjects (pursuant to Article 28 GDPR). In light of this Article, Microsoft must also provide all information required

applicant. Referring to Article 28(1) of the GDPR, it stated that it was for the the contracting authority to ensure compliance with the GDPR before the conclusion

ignores the wording of Article 82 GDPR. To put this into perspective: Other than Article 82 GDPR, Article 77 GDPR actually only mentions GDPR violations by processing

analyzes the criteria set by Article 83.2 of the GDPR: - As to the nature and seriousness of the violation [article 83.2 a) of the GDPR], with regard to breaches

violation of Article 5(1)(f) GDPR and a fine of €100,000 for the violation of Article 37 GDPR. The DPA issued a reprimand for the violations of Article 5(1)(e)

a point of information on the development of the Brexit. Items 2.1, 2.2, 2.3, 4.1, 4.2 and 4.5 of the agenda were declared confidential according to Art

for the violation of Article 5(1)(f) GDPR and Article 5(2) GDPR. The AEPD considered that the fine was proportional, since the GDPR establishes that fines

fairness principle, violating Article 5(1)(a) in conjunction with Article 6(1)(e) GDPR, and Article 6 in conjunction with Article 8 Personal Data Protection

period allotted to it to do so (Article 15.1 combined with Article 12.3. of GDPR as well as Article 12.2. of the GDPR (obligation to facilitate the exercise

based on Article 3, paragraph 2, Article 5, paragraph 1 a), f) of GDPR subsection, Article 6(1), Article 9(2), Article 58(2)(d), GDPR Article 23 and Article

constitute perosnal data under Article 4(1) GDPR, since the individuals are identifiable and also because under Article 11 GDPR, it is not mandatory that individuals

controller violated Article 6 GDPR because it had no legal basis to disclose the email addresses. It reasoned that Article 6(1)(a) GDPR was not applicable

based on Article 3, Clause 2, Article 5, Clause 1 of the Data Regulation "a", "b" and point 2, Article 6, point 1, point "a", Article 7, Article 27, point

defining factor for the balancing act under Article 6(1)(f) GDPR. Second, the court decided that Article 17(1)(c) GDPR obliged a controller to delete personal

Ehmann/Selmayr, GDPR, 2nd edition 2018, Article 6 marginal number 26). of the data by the holder, which also constitutes processing (Art. 4 No. 2 GDPR), nothing

the GDPR, in view of the judgment of 2.13. the high Council. Conclusion 2.15. In view of the foregoing, the appeals are dismissed as unfounded. 2.16. The

processing pursuant to Article 6 GDPR. Therefore, the journalistic exception laid down in Article 43 of the Dutch Implementation Act for the GDPR (UAVG) was not

data subject. For violating Article 6 GDPR, the DPA fined the controller €4,000 and ordered, in accordance with Article 58(2) GDPR, the removal of the device

data on the basis of Article 6.1.e GDPR ? - Did the administration sharing confidential data with a third party violates article 25 GDPR ? - Should the administration

between the parties). With regard to Article 99(2) GDPR, the Court already expressed doubts as to whether Article 82 GDPR is applicable to the deletion/blocking

Norwegian Health Records Act (pasientjournalloven) and Article 32(1)(b) and (d) GDPR (cf. Article 5 GDPR). The DPA fined Moss municipality NOK 500,000 (€47

derogant rule, based on the interpretation of Article 95 GDPR in the line of the Rec (173) GDPR and Article 1(2) and 15a of the ePrivacy Directive. The CNIL

BVerfGE 130, 151 [184]). (recital 46)2. § Article 14.2 and Article 15.5 sentence 4 in conjunction with In this respect, § 14.2 of the Telemedia Act does not constitute

from the basic prohibition of processing under Article 9(1) GDPR. The Court stated that Article 9(2)(e) GDPR shall be for the benefit of the defendants. They

GG Art. 1 Paragraph 1; Article 2 paragraph 1 GDPR Art. 6 Paragraph 1 Sentence 1 Letter e; Article 18 paragraph 1 letter d; Article 21 paragraph 1 Tags: Toleration

data under Article 4(1) GDPR. Moreover the court found that the controller can refuse to act on the request according to Article 12(5)(b) GDPR, because the

Legal basis: Article 2 paragraph 1, Article 3 paragraph 2 letter b, Article 6 paragraph 1 letter f, Article 17 paragraph 1 and paragraph 3, Article 51 paragraph

redress. Therefore, the DPA declared an infringement of Article 12(3) GDPR and Article 12(4) GDPR. Additionally, the DPA held that the controller, whether

Art 130 Paragraph 1 Z1 B-VG Art 133 Paragraph 4 GDPR Art4 GDPR Art51 GDPR Art56 GDPR Art60 GDPR Art65 GDPR Art77 VwGVG §28 Paragraph 1 VwGVG §31 Paragraph

should have notified the DPA under Article 33(1) GDPR and the data subjects affected by the breach under Article 34(1) GDPR. Regarding the corrective measure

power under Article 58(2)(i) and 66 of the Regulation The complainants request that the EDPS make use of his corrective power under Article 58(2)(i) of the

infringements of Article 5(1)(f), Article 24, and Article 32 GDPR, and to the objection of the IT SA on the possible infringement of Article 5(2) GDPR, the EDPB

accordance with article 15 AVG (section 2.1) - data processing officer (section 2.2) - cookie policy (section 2.3) - health data processing (section 2.4) - camera

the basis of article 92, 3° of the WOG. 14. The inspection report shall identify potential breaches of Article 5(1). 2 of the AVG, Article 6 of the AVG

13, 14 GDPR), also the defendant clearly and in ease language pointed to the default settings, so no breach of Article 25 GDPR or Article 32 GDPR either

register is data processing within the meaning of Art. 2 (1) GDPR. The exceptions of Art. 2 Para. 2 GDPR do not apply. In particular, the application of the

consent was given obtained (potential violation of Article 6.1 a) GDPR): ▪ Article 6.1 a) GDPR and Article 129 of the law on electronic communication (WEC)

DPA under Article 78 of the GDPR. The court dismissed the complaint. It found that the plaintiff is precluded from having recourse to the GDPR in connection

HKG ND, Section 85a (1) S 1 HKG ND, Section 5 (1) S 2 DSG ND, Section 46 (2) KomWG ND, Section 51 S 2 WahlG ND PROCEDURE VG Stade, 3 April 2020, Ref: 6 B

According to the Bulgarian DPA, a company violated Article 6(1) GDPR by sending pre-employment arrangements to a government agency while national law only

Communications Act (ZEKom-1), the GDPR and the Data Protection Act (ZVOP-1). The principles of Article 5 of the GDPR must be followed and attention must

29 708, no. 19 (p. 523) Article 4:32 The obligation from this article is taken over from Article 52 of the Wfd. Under Section 14(2) of the Wck, participation

requirements of Article 34 (2) GDPR. If one sets too strict requirements for promptness within the framework of Article 34 Para. 1 GDPR, this would run

and of the Council ((EU) 2016/679) Article 12(1), (2) and (6), Article 15(3), Article 58(2)(b) and (i), Article 83(1), (2), (5) and (6). Data Protection Act

therefore orders a discontinuation of proceedings pursuant to Article 100, §1, 2° WOG. Article 5.2 and 31 AVG 37. The report of the Inspectorate shows several

stop shop mechanism (see Article 56 GDPR). The Spanish DPA, however, claims that only Article 22 LSSI (which also stems from Article 5(3) ePrivacy Directive)

whether this narrow scope of § 9(1) DSG is in accordance Article 85(2) GDPR, Article Article 85(2) GDPR cannot be applied directly since it has no material

in violation of Article 6 GDPR. Thirdly, it was claimed that Meta unlawfully processed special categories of personal data (Article 9 GDPR). Fourth, and

accountability pursuant to Article 5(2) UK GDPR because it failed to demonstrate compliance with Article 5(1)(a) and (c) UK GDPR principles of lawfulness

whether Art. 15 GDPR applies to the investigation files at all, since according to Art. 2 Para. 2 d GDPR, Section 2a Para. 4 AO, the GDPR does not apply

Supreme Administrative Court refers to Article 9(2)(d) GDPR, which is incorrect. It should be Article 9(2)(g) GDPR, which is about the substantial public

has engaged another real estate agent for the sale. 2 Process flow First instance 2.1 2.2 2.3 2.4 2.5 PME summoned [plaintiff] on May 9, 2018 (see also

(“the GDPR”): regulation 8(2) of the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019. Article 4(11)

account the purpose of limitation principle (Article 5(1)(b) GDPR) and data minimization (Article 5(1)(c) GDPR). For example, the Court noticed that the data

of Article 5(1)(a) and (2) GDPR, Article 6(1) GDPR with regard to the principle of legality; 2. there is an infringement of Article 5 GDPR, Article 24

the GDPR also applied to facts before the above-mentioned date. The Court noted that the entry-into-force of the GDPR according to Article 99 GDPR represents

violation of Article 12 GDPR ? Are the following practices an infringement on data subjects' information right as described in Article 12 GDPR ? Spreading

of equality pursuant to Article 7 B-VG and Article 2 StGG, the right to a trial before the lawful judge pursuant to Article 83(2) B-VG, the right to protection

(“the GDPR”): regulation 8(2) of the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019. Article 4(11)

the circumstances referred to in paragraph (2)." 5. Regulation 21A paragraphs (2), and (3) provide that: "(2) Those circumstances are where the called line

(“the GDPR”): regulation 8(2) of the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019. Article 4(11)

[Claimant 1] and [Claimant 2] , - the oral procedure, - the pleadings of [plaintiff 1] and [plaintiff 2] , - Google's pleadings. 2.2. Finally, judgment has

judicial review under Article 78 GDPR. The disputed infringement occurred before the GDPR came into legal force according to Article 99 GDPR. Therefore, the

further ado. 15       It follows from Article 6 Paragraph 1 Letter e GDPR and Article 9 Paragraph 2 Letter D GDPR that the processing of personal data can

and Article 5, Chapter IV and Article 83. The relevant obligations 2.5. Chapter 1 GDPR sets out the general provisions. Article 5 of Chapter I GDPR sets

is only authorised where it is freely given, specific and informed (Article 4(11) GDPR). As there is no evidence of individuals consenting to third party

following preliminary questions to the CJEU: (1) Is Article 83(4) to Article 83(6) GDPR of the GDPR to be interpreted as incorporating into national law

were in violation of Article 5(1)(e) GDPR and Article 32 GDPR, but the DPA dismissed its previous finding of the Article 5(1)(b) GDPR violation. The DPA

confidentiality of data pursuant to Article 5(1)(f) GDPR and violated the principle of privacy by default and by design (Article 24 GDPR). The controller was aware

paragraph (2).” 5. Section 122(5) of the Data Protection Act 2018 (“DPA18”) defines direct marketing as “the communication (by whatever means) of 2, advertising

paragraph (2).” 5. Section 122(5) of the DPA 2018 defines “direct marketing” as “the communication (by whatever means) of any advertising material which 2 is directed

provided for in Article 16 of the Rules. 2. On the failure to comply with data erasure requests 39. According to article 17 of the GDPR "the data subject

content: [article quoted] [article quoted] [article quoted] [article quoted] [article quoted] [article quoted] [article quoted] [article quoted] [article quoted]

particular regard to Article 5(2) of the GDPR which established the principle of accountability in respect of a data controller. Article 5(1) provides, in

before May 25, 2018. 2.2. Consent and the lawfulness of the processing (Article 4, point 11, Article 6 (1) in conjunction with Article 7 GDPR) 121. With regard

the links on the grounds of Article 17(1)(a) GDPR and Article 17(1)(c) GDPR or whether the exception of Article 17(3)(a) GDPR about the freedom of expression

of: 1. Article 5 (1) (a) and (2) and Article 6 (1) GDPR; 2. Article 5, Article 24 (1) and 25 (1) and (2) GDPR; 3. Article 12 paragraph 1, paragraph 2, paragraph

personal data in that assessment pursuant to Article 15(1) GDPR. However, Article 23(1)(i) GDPR and Article 41 UAVG provide the possibility of a restriction

court considered that it would be compatible with Article 6(1)(c) GDPR and Chapter 2, 1 § of the GDPR Implementation Act if the company followed the provision

among other things, on Article 15 GDPR. The court of first instance decided to reject the claim and argued that Article 15 GDPR only provides data subjects

violation of Article 6(1) GDPR; 2. Did not provide the complainant with enough information prior to the processing, in violation of Article 13 GDPR; 3. Processed

function is given in Article 24(4) Gemeindeordnung (GO), a national law that specifies Article 6(1)(e) GDPR in accordance with Article 6(2) GDPR for processing

of Article 6(1)(e) are met. II.2. Article 5 of the GDPR, Article 24(1) of the GDPR and Article 25(1) and (2) of the AVG II.2.1. Article 5 (2) GDPR, Article

under the GDPR. 14. By Article 57(1) of the GDPR, it is the Commissioner'task to monitor and enforce the application of the GDPR. 15. By Article 58(2)(d)of

violation of Article 6 GDPR and Article 5(1)(a) GDPR (lawfulness) as it lacked a legal basis for processing. The Municipality sought to rely on Article 6(1)(e)

his rights. The DPA reprimands Google LLC under Article 58(2)(b) of the GDPR for breach of Article 12(2). Postal address: Box 8114 104 20 Stockholm Website:

("the GDPR"): regulation 8(2) of the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019. Article 4(11)

internal compliance and accountability according to Article 5(1) GDPR, Article 5(2) GDPR and Article 6(1) GDPR. Since the company had totally ignored the its

referred to Article 5(1)(a) (principle of lawfulness, fairness and transparency), Article 12(1), Article 7, Article 13 and Article 14 GDPR, the corresponding

of Directive 2002/58 and Article 1 paragraph 2 and points 3, 10 and 51 of the GDPR) and in the domestic context also Article 10, paragraph 3 of the Charter

finding likely violations of Article 5(1)(c), 8, 9, 13 and 35 GDPR. The AEPD found a likely violation of Article 35 GDPR. Article 35 GPDR requires that a data

Violation of article 35 of the GDPR................................................ ...................36 8.2. Violation of article 9 of the GDPR.........

By Article 58(2)(d) of the GDPR the Commissioner has the power to notify controllers of alleged infringements of GDPR. By Article 58(2)(i) she has the

paragraph 3 of the aforementioned article, copies of the identity documents and copies of the documents, 2.5.2. According to article 21 paragraph 1 of the Trade

of the obligation to inform individuals pursuant to Article 13 of the GDPR 38. Article 13 of the GDPR requires the data controller to provide, at the time

LOPD in accordance with the provisions of article2 LOPD -current article 2.2.a) LO 3/2018 that refers to article 2.2 of the General Regulation (EU) -.(ii)

line with Article 17(1)(d) GDPR, the controller was obliged to delete data processed unlawfully, unless the exception of Article 17(3) GDPR (fulfillment

according to Article 4 No. 2 GDPR, also includes their unlawful collection. However, according to Article 17 Paragraph 3 Letter e of the GDPR, there is an

provisions of Article 3o , Article 4(2) and Article 6(1)(b), all of the GDPR Implementing Law. 57. Under the terms of Article 55(1) of the GDPR, supervisory

exemptions from the applicability of the GDPR for journalistic activity, based on Article 85(2) GDPR. According to Article 2(1) of the Polish Data Protection Act

employer violated their Article 15 GDPR obligations as a data controller. The plaintiff requested information under Article 15 GDPR from its former employer

Articles 32 to 36 GDPR, including those regarding the notification of personal data breaches. In particular, pursuant to Article 33(2) GDPR in the event of

§§ 2 ff. HmbKrebsRG Article 9 (1) GDPR, Article 6 (1) GDPR, Article 5 (1) in conjunction with Articles 12, 13 and/or Article 14 GDPR and/or Article 5 (1)

own data (cf. recital 7, sentence 2 to the GDPR). To this end, Article 8 (2) sentence 2 CFR and Article 15 (1) GDPR granted the data subject a right to

legislation (30) Based on Article 2 (1) of the GDPR, the GDPR must be applied to the data processing in this case. (31) Recital (47) GDPR: The data controller

court upheld Article 6(1)(e) GDPR as the legal basis for the processing of personal data. Furthermore, according to the court, Article 9(2)(j) GDPR states that

right of opposition of persons pursuant to Article 21 of the GDPR 60. According to Article 21.2 of the GDPR: “when the personal data are processed for

data as part of the credit check is based on Article 6 Paragraph 1b GDPR and Article 6 Paragraph 1f GDPR. We basically have a legitimate interest in carrying

conditions provided for in Article 6.1.e) are met by the species. Under Article 6.3.b) and recital 45 of the GDPR, processing based on Article 6.1.e) must meet two

communication. 2 • ICO. Information Commissioner's Office (4) A subscriber shall not permit his line to be used in contravention of paragraph (2)." 5. Section

this regard [GDPR Article 14 (2) b) ]. (iv) The prospectus did not provide any information regarding data subject rights [GDPR Article 14 (2) c)]. In the

("the GDPR"): regulation 8(2) of the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019. Article 4(11)

requirements of Article 28(3) GDPR. The processor did not dispute this violation. However, it claimed that it was not solely responsible as Article 28(3) GDPR imposes

6(1)(b), 5(1)(b) and 5(1)(c) GDPR? The Spanish DPA (AEPD) deemed itself competent under Article 58(2) GDPR in conjunction with Article 47 of the Spanish Data

that there was no breach of Article 32 GDPR. Thus, the CNIL imposed a €310,000 fine on the controller for breaching Article 6 GDPR. To grasp the notion of

the meaning of Article 9 of the GDPR must indeed be based on Article 9.2 of the GDPR, read in conjunction with Article 6.1 of the GDPR. 24 This has been

violating Article 5(1)(f) GDPR, Article 32(1) GDPR, Article 32(2) GDPR, Article 32(4) GDPR, as well as Article 5(2) GDPR, Article 24(1) GDPR and Article 24(2)

12(5)(1) GDPR apply. However, it leaves open whether the material scope of application of the GDPR is opened or not opened due to Article 2(2)(a) GDPR. In any

the controller was in breach of Article 33(1) GDPR, Article 33(3) GDPR, Articles 34(1) and 34(2) GDPR, and Article 5(2) GDPR, Firstly, the Polish DPA held

the GDPR and the DPA. They are obliged by Article 5(2) to adhere to the data processing principles set out in Article 5(1) of the GDPR. Article 5(2) makes

from the scope of Article 16 GDPR, in my opinion, already follows from the word "inaccurate" in the first sentence of Article 16 GDPR and does not need

provisions of the GDPR under national law implementing Article 85 GDPR. Processing can be based on legitimate interests under Article 6(1)(f) GDPR. In 2019, the

democratic society as required under Article 23(1)(j) GDPR. Moreover, the exception provided for under Article 6(4) GDPR which allows processing for different

Art. 3 para. 1 BGB § 307 para. 1, para. 2, para. 3 TMG § 3 para. 2 p. 1, § 13 As. 4 p. 1 GDPR Art. 99 para. 2 Guiding principles: (1) The operator of a

obliged to comply with the GDPR provisions as a processor, while the controller could invoke the exemption of Article 2(2)(c) GDPR. The court then refers to

minimization (Article 5(1)(c) GDPR). The investigation also revealed other breaches with respect to the principle of storage limitation (Article 5(1)(e) GDPR). Indeed

12 and 13 of the GDPR constitute breaches of key principles of the GDPR likely to be subject to, under Article 83 of the GDPR. GDPR, an administrative

obligations under Article 21 of the GDPR. Fourthly, EDF breached its obligation to guarantee data security as prescribed in Article 32 of the GDPR. In particular

the meaning of the provisions of article 3-2)-b) of the GDPR and therefore falls within the territorial scope of the GDPR and the provisions of the Data

has in relation to the general public, the same effect as an erasure (Article 17 GDPR). It would be excessive and contrary to the mission of the media to

processing requirement of the Section 2D of the Data Protection Act 1988. 2. Based on the Court’s analysis of Article 29 of the Data Protection Directive

violated Article 34(2) GDPR, because he only informed the data subject of the alleged data loss. However, the information obligations of Article 34 GDPR provide

of: 1. Article 5.1.f) and 5.2 of the GDPR, Article 24.1 of the GDPR, Article 25.1 of the GDPR and Articles 32.1 and 32.2 GDPR; 2. Articles 35.1, 35.2, 35

the GDPR pursuant to Article 2(2)(d). Article 79 GDPR does not explicitly limit judicial remedies to the rights enshrined in Chapter III of the GDPR. Following

12(2) and 21(2), (4) GDPR. Consequently, the DPA held that the controller violated Article 5(1)(a), (c), (2), 6(1), 12(2) and 21(2), (4) GDPR and, therefore

case law of the highest courts on Article 6(1)(e) of the GDPR, Article 9(2)(g) of the GDPR and Article 22 of the GDPR in connection with profiling. It was

unlawful. The processing violated Article 7(2) GDPR, Article 7(4) GDPR and Article 6(1)(a) GDPR. The controller was fined 2,000,000 HUF (approx. €5,080). In

breach of the principle of accountability under Article 5(2) GDPR and Article 33(5) GDPR. Article 5(2) GDPR establishes the principle of accountability which

the basis of consent by the data subject under Article 6(1)(a) GDPR. Hence, pursuant to Article 6(1)(f) GDPR, the court further examined whether processing

(EU) No Article 5 (1) (a) and (b), Article 6 (1), Article 6 (4) Article 12 (1), Article 13, Article 21 (1) and (2), Article 24 (1), Article 25 Article 1 (1)

the GDPR and DPA 2018. They are obliged by Article 5(2) of the GDPR to adhere to the data processing principle set out in Article 5(1). 8. Article 5(1)(f)

By Article 58(2)(d) of the GDPR, the Commissioner has the power to notify controllers of alleged infringementof GDPR. By Article 58(2)(i) he has the power

violation of Article 35 of the GDPR, Article 32 of the GDPR and Article 13 of the GDPR, typified in Articles 83.5 of the RGPD and Article 83.4 of the RGPD

names did not require the consent of the users pursuant to Article 6(1)(a) GDPR and Article 7 GDPR, therefore there was no violation of these provisions. If

of Article 12 GDPR, Article 13 GDPR, Article 14 GDPR, Article 15 GDPR, Article 28 GDPR, Article 32 GDPR and Article 33 GDPR, as well as of Article L. 34-5

the GDPR: i. Articles 5.1.a) and 5.2, as well as Article 6.1 GDPR; ii. Articles 12.1 and 12.2, Article 15.1, Article 5.2, Article 24.1, and Article 25.1

violation of Article 5.1.c) of the GDPR, Article 6 of the GDPR, Article 9 of the GDPR, Article 12 of the GDPR, Article 35 of the RGPD, Article 13 of the RGPD

breach of Article 12(1) and (6) GDPR, Article 13(1) and (2) GDPR and Article 14(1) and (2) GDPR, Article 5(2) GDPR, Article 24(1) GDPR and Article 25(1) of

claim under Article 80(1) GDPR and Article 80(2) GDPR. Also, the court clarified, making reference to CJEU case C-319/20, that Article 80(2) GDPR does not

freedom (Article 2.2 sentence 2 of the Basic Law) and her general right of personality (Article 2.1 of the Basic Law in conjunction with Article 1.1 of the

relief does not result from § 1004 Section 1 Clause 2, § 823 Section 1 BGB, Article 1 Section 1, Article 2 Section 1 GG because of a violation of the plaintiff's

violation of Article 12(3) GDPR and Article 15 GDPR due to a failure to respond to an access request that was submitted around a month after the GDPR became

referred to in Article 9 (1) or of personal data relating to convictions in criminal cases and infringements referred to in Article 10. 2.2 The responsibility

I GDPR, para. 18- processed without a legal basis, Art. 6, 7 GDPR, and sufficient information within the meaning of Art. 13, 14 GDPR, Art. 4 No. 2 GDPR

and the sanction in No. 3.2 of the Terms of Use which is linked to it do not violate § 307 (1) sentence 2 or (2) BGB. Clause 3.2 of the Terms of Use links

letter k) of article 83.2 of the GDPR, the LOPDGDD, in its article Article 76, "Sanctions and corrective measures", establishes that: "2. In accordance

arising from Article 25 of the GDPR. 5. The breach relating to the obligation to ensure the security of personal data 97. Article 32 of the GDPR provides that:

there was a breach of Article 14 GDPR. Finally, regarding the security of processing, the CNIL indicated that under Article 32 GDPR, the controller must

from the GDPR under Article 2(2) of the GDPR. 165. Article 2(2) of the GDPR outlines certain types of processing of personal data to which the GDPR does not

elements provided for in Article 83.2 of the GDPR:  As to the nature and seriousness of the violation (article 83.2.a) of the GDPR), the Restricted Training

14 GDPR, in Article 15 GDPR to Article 22 GDPR, and in Article 34 GDPR. The information has to be provided in a concise, transparent, intelligible manner

is done using a water meter and its readout. Article 12(5) GDPR in conjunction with Article 18(1)(d) GDPR does not prevent the charging of an administrative

imposition of measures, according to article 58.2 d) of the GDPR. Along with it and In accordance with article 58.2 of the GDPR, it was also indicated that the

sanction for both Article 5(1)(f) and 32 GDPR in this case would constitute a double violation of the GDPR, when in fact Article 5(1)(f) GDPR is merely a concretion

regarding the controllership, the CNIL noted that Article 4(7) GDPR applied due to the reference made by Article 2 of the ePrivacy directive. The CNIL considered

(2) (f) and Article 14 (2) (g), Article 14 (1) andArticle 15 (1) (h) and Article 21 (1)infringement of Article 18 (1) (a) and (d).order the restriction

the aforementioned article . 2. On the conditions for obtaining consent 60. In law, the "ePrivacy" directive provides in its article 2, f), that the consent

violation of Article 7(1) GDPR. D. On the breach of the obligations of information and transparency 81. Article 12, paragraph 1, of the GDPR provides that:

regarding Article 6(1) GDPR and consent requirements regulated previously to GDPR. The fact that the infringements related to Article 25 GDPR did not include

with GDPR provisions, this includes obtaining proof of consent in line with Article 7(1) GDPR. Especially in the context of Article 9(2)(a) GDPR, the explicit

responsibility – article 5.2. of the GDPR) and to implement all the measures necessary for this purpose (Article 24 of the GDPR). 26. Pursuant to Article 5.1.a)

arising from Article 5.2 and Article 24 GDPR whereby it is up to the defendant to demonstrate that it also acts in accordance with Article 5.1.f GDPR namely:

compare § 31(2) BDSG). The court further assessed the requirements of Article 82 GDPR in length. It established that the Article 82(1) GDPR requires the

required under Article 13 GDPR, as well as the fact of data transfer abroad, were completely missing. The DPA stated that Article 13 GDPR only provides

is: 1. a breach of Article 5 of the GDPR, Article 24(1) of the GDPR and Article 25(1) paragraph 2 of the GDPR; and 2. a breach of Article 12 paragraph 1 and

the GDPR under Article 2(2)(a) GDPR. Furthermore, the court extensively discussed the material scope of application according to Article 2(1) GDPR. At

subject falls outside of the scope of Article 20 GDPR. The data that falls under Article 20 is less than under Article 15 GDPR. The court also considered that

fairness (article 5.1. a) and the information obligations of Article 13.2 (a) and (e) of the GDPR). 54. Under Articles 5.2 and 24 of the GDPR, the controller

2022, Article 82 GDPR, paragraph 20; Nemitz, in: Ehmann/Selmayr, GDPR, 2nd edition 2018, Article 82, paragraph 20; Gola/Piltz, in: Gola/Heckmann, GDPR/ BDSG

regarding Article 6(1) GDPR and consent requirements regulated previously to GDPR. The fact that the infringements related to Article 25 GDPR did not include

result of the violations of article 5.1 a), article 5.2, article 6.1, article 12.1, article 13.1 c) and d) and article 13.2 b) GDPR. 21. On 17 June 2020, the

access under Article 15 GDPR and for violating the principles of data minimisation (Article 5(1)(c) GDPR), confidentiality (Article 5(1)(f) GDPR) and the controller’s

court decisions. The DPA found a breach of Article 33 GDPR and Article 34(1) and (2) GDPR resulting in a fine of €2,324. Share your comments here! Share blogs

involve a breach of the provisions of Article 6 of the GDPR, in relation to Article 22 of the LOPDGDD. Article 6 of the GDPR has four paragraphs, which in turn

also submits that were the criteria in Article 3(2)(b) to be met, both Article 2(2)(a) GDPR/ Article 3(2A) UK GDPR operate to take this case beyond the material

violation of the Article 12 of the GDPR, in conjunction with Article 17 of the GDPR. V Classification of the infringement of article 12 of the GDPR The aforementioned

which led to a (sensitive) data breach, in violation of Article 32(1) and Article 32(2) GDPR In Oktober 2019, a malicious third party gained unauthorized

plaintiff derives his legitimacy from Section 2 Paragraph 2 Sentence 1 No. 11 UKlaG or from Article 80 Paragraph 2 GDPR and only has to show that it concerns data

highly intrusive and therefore could not be based on Article 6(1)(f) GDPR. Secondly, Article 5(1)(c) GDPR indicates that personal data should be adequate,

Violation of article 24.2 of the Constitution, presumption of innocence. First, it invokes Articles 24.2, 103.1 and 2 of the EC, and Article 6 of the Convention

the GDPR. Would judge otherwiseindeed contradict :o the wording of Article L2.2 in conjunction with Article 2.f) of the ePrivacy Directive,o Article 8 of

alleged violation of Article 5.1.f) of the RGPD and Article 32 of the GDPR, typified in Article 83.5 of the GDPR and Article 83.4 of the GDPR. C/ Jorge Juan

interests of the data subject. 174 (4.2.2.) Article 9 (2) (h) GDPR confirms the provision of Article 9 (2) (b) GDPR in relation to the health sector (Weichert

"arguable that the case falls within Article 3(2)(b) GDPR." It gave the example of "a more compelling case under Article 3(2) [GDPR constitutes] someone who uses

without their consent, the controller violated Article 13 GDPR, Article 6 GDPR, Article 9 GDPR and Article 15 GDPR. The data subject thus filed a complaint with

controller. Pursuant to Article 5(2) GDPR, it was the controller's responsibility to make sure that measures were adopted to ensure GDPR compliance, which was

legitimate interest. Based on Article 2 (1) of the GDPR, the GDPR must be applied to the data management in this case. GDPR Article 4, point 1: "personal data":

storage (Article 5.1.b, 5.1.c, 5.1.d and 5.1.e of the GDPR); - Violation of the principle of legality (article 5.1.a of the GDPR); - Violation of Article 10

4 DSG §1 DSG §24 GDPR Art12 GDPR Art14 GDPR Art32 GDPR Art5 GDPR Art57 GDPR Art58 GDPR Art6 GDPR Art77 GDPR Art83 VwGVG §28 paragraph 2 saying W214 2225733-1/17E

rectification.(article 16 of the GDPR), the right to be forgotten (article 17 of the GDPR), and the right to limit the use ofdata processed unlawfully (article 18

para. 1 VwGO § 123 (1) sentence 2, § 146, § 152, § 154 (2) ZPO § 920 Basic Law Article 5(1) GKG § 47, § 52 (2), § 53 (2) No. 1 Keywords: Press law information

administrative penalty fee: 1) Article 5, Paragraph 1, subparagraphs d and a; 2) Article 13; 3) paragraph 3 of Article 12; and 4) Article 15(1). Viking Line Oy

meaning of Article 4(1) GDPR. Nevertheless, in this case the controller had the right to disregard the request in light of Article 12(5)(b) GDPR, as the latter

of €10,000 under Article 82(1) GDPR for a violation of Articles 15 GDPR and 12(3) GDPR. The LAG held that a mere violation of the GDPR does not give rise

claim was Article 16 GDPR, as § 12 Bundesmeldegesetz (BMG - Federal Registration Act) clarifies. Then, it held that the legal requirements of Article 16 GDPR

according to Article 58(2)(d) GDPR. First, the AEPD established that the GDPR was applicable under Article 3(1) GPDR or, if not, at least Article 3(2)(a) GDPR

his claim on Article 78(1) of the GDPR in conjunction with Article 57 of the GDPR. Article 57 of the GDPR. The scope of Article 57 of the GDPR is indeed open

the relevant provisions of the GDPR are Article 14, read in conjunction with Article 12(1). 28. Article 14 of the GDPR concerns transparency in the context

virtue of article 4.7 of the GDPR. The GDPR provides, in its article 56.1, for cases of cross-border processing, provided for in its article 4.23), in

legal basis under Article 6(1) GDPR and in violation of transparency obligations in the privacy policy under Article 5(1)(a) and 13 GDPR. The DPA in the

required by Article 13 GDPR. Furthermore, the AEPD, highlighted that the RFEF did not provide the information required by Article 13(3) GDPR about further

within the meaning of Article 58(2)(c) of the GDPR. c of the GDPR. Recital52 Rights within the meaning of Article 58(2)(c) of the GDPR are, first and foremost

accordance with the law (Article 2 of the Act on land and mortgage registers and mortgage and Article 20 (1) point 1 and Article 24 section 2 of the Geodetic and

damages either under Article 82 (1) GDPR or on any other basis for the claim. 32aa. The scope of application of Article 82 Para. 1 GDPR is open in terms of

for a violation of article 58.2 c) of the GDPR, in accordance with article 83.6 of the GDPR, classified as very serious in article 72.1.m) of the LOPDGDD

Therefore, consent was not valid as a legitimate basis from Article 6(1) GDPR, in relation to Article 7 GDPR, and thus processing was unlawful. On these grounds

violation of Article 7(4) GDPR. Based on these considerations, the AEPD issued a €2,000,000 fine against Caixabank for infringing Article 6 GDPR in relation

The Regional Court of Berlin held that a right to information under Article 15 GDPR cannot be enforced by way of an interim injunction, since there is no

tried to base the processing on contract (Article 6(1)(b) GDPR) or legitimate interest (Article 6(1)(f) GDPR), the requirement of necessity was not met

currently pending. Pursuant to Article 58(2)(i) GDPR and Article 83(4)(a) GDPR, the DPA imposed an administrative fine of €220,337 (NOK 2 500 000) against Argon