Search results
From GDPRhub
- Article 66 GDPR (category Article 66 GDPR) (section (2) Adoption of a final decision after provisional measures)under Article 66(2) GDPR, which could not be done in the present case. When the SA that has adopted the provisional measure under Article 66(1) GDPR considers20 KB (1,590 words) - 16:11, 2 November 2023
- Article 67 GDPR (category Article 67 GDPR)Commission (covering Articles 64 to 66 GDPR). For the purposes of the pilot project, the SAs referred to in Article 51 GDPR and the EDPB shall be considered15 KB (810 words) - 16:13, 2 November 2023
- Article 62 GDPR (category Article 62 GDPR) (section (2) Right to participate in joint operations and the obligation to invite other supervisory authorities)ng, Article 62 GDPR, margin number 11 (Beck 2018, 2nd edition). Riccio, Scorza, Belisario, GDPR e normativa privacy – Commentario, Article 62 GDPR (Wolters22 KB (1,915 words) - 13:46, 15 January 2024
- standard procedure set forth by Article 66 GDPR. First, the SA does not have to prove the urgency required by Article 66(1) GDPR for "normal" urgency cases24 KB (2,181 words) - 11:46, 15 January 2024
- CJEU - C-645/19 - Facebook Ireland and others v Gegevensbeschermingsautoriteit (category Article 66(2) GDPR)the exceptions to the one stop shop mechanism applies (Article 55(2), Article 56(2), or Article 66). It interesting to note that the Court confirms that10 KB (1,311 words) - 15:26, 13 June 2023
- Datatilsynet (Norway) - 21/03530 (category Article 66(2) GDPR)by the EDPB pursuant to Article 66(2) GDPR. Temporary ban on processing (order) Pursuant to Article 66(1) GDPR and 58(2)(f) GDPR the Norwegian DPA consequently99 KB (14,431 words) - 16:20, 6 December 2023
- EDPB - Urgent Binding Decision 1/2021 - 'WhatsApp' (category Article 66(2) GDPR)EDPB. 2 COMPETENCE OF THE EDPB TO ADOPT AN URGENT BINDING DECISION UNDER ARTICLE 66(2) GDPR 2.1 Existence of a request pursuant to Article 66(2) GDPR coming188 KB (31,298 words) - 12:31, 20 January 2023
- EDPB - Urgent Binding Decision 01/2023 (category Article 66(2) GDPR)under Article 66(2) GDPR.......... 15 2.1 The SA has taken provisional measures under Article 66(1) GDPR....................................... 15 2.2 Existence346 KB (48,181 words) - 16:39, 12 December 2023
- Garante per la protezione dei dati personali (Italy) - 9853406 (category Article 66 GDPR)the mutual assistance procedure (Article 61 GDPR), The Italian DPA initiated the urgency mechanism in Article 66 GDPR to prohibit Meta’s processing of23 KB (3,429 words) - 09:41, 23 February 2023
- Article 17 GDPR (category GDPR Articles) (section (ii) Erasure following objection under Article 21(2))provided for in Article 6(1)(a) GDPR or, as the case may be, Article 9(2)(a) GDPR, and consent is withdrawn according to Article 7(3) GDPR, data must be61 KB (8,488 words) - 15:47, 18 March 2024
- consent under Article 6(4) GDPR and further processing for a compatible purpose under Article 6(4) GDPR. See the commentary on Article 6(4) GDPR for details51 KB (6,355 words) - 08:25, 18 April 2024
- Article 57 GDPR (category GDPR Articles) (section (a) Monitor and enforce the application of the GDPR)commentary to Article 60 GDPR, Article 61 GDPR, Article 62 GDPR, Article 63 GDPR, Article 64 GDPR, Article 65 GDPR, Article 66 GDPR and Article 56 GDPR. The SA60 KB (7,796 words) - 20:12, 1 April 2024
- Article 32 GDPR (category GDPR Articles) (section (2) Certain risks must always be taken into account)Regulation (GDPR): A Commentary, Article 32 GDPR, p. 636 (Oxford University Press 2020). Jandt, in Kühling, Buchner, DS-GVO BDSG, Article 32 GDPR, margin number41 KB (5,197 words) - 12:17, 17 April 2024
- access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction (Article 18 GDPR), notification (Article 19 GDPR) or data46 KB (5,825 words) - 11:12, 7 November 2023
- resolution mechanism under Article 65 GDPR in connection with Article 63 GDPR is triggered (Article 60 (4) GDPR). Article 60(2) GDPR clarifies that also in35 KB (4,017 words) - 16:04, 18 March 2024
- one of the 'other administrative or non-judicial' remedies, which Article 78(2) GDPR refers to. If the DPA decides to uphold their decision, they will10 KB (1,078 words) - 06:40, 26 March 2023
- leeway exists only in cases of Article 64(2) GDPR but not the context of Article 70(2) GDPR. According to Article 70(3) GDPR, the EDPB is obligated to “forward27 KB (3,038 words) - 12:19, 11 October 2023
- Article 63 GDPR (category Article 63 GDPR)to in Article 46(2)(d) GDPR, contractual clauses referred to in Article 46(3)(a) GDPR, or binding corporate rules within the meaning of Article 47 GDPR15 KB (851 words) - 06:55, 29 April 2022
- consistency mechanism under Article 65(2)(1) GDPR and the adoption of the EDPS’s rules of procedure under Article 72(2) GDPR. Notably, each EDPB member22 KB (2,266 words) - 08:26, 17 October 2023
- (see Article 52 GDPR) and shall be provided with various competencies (Articles 55, 56 GDPR), tasks (Article 57 GDPR) and powers (Article 58 GDPR). For125 KB (16,328 words) - 16:01, 8 March 2024
- Article 99 GDPR (category Article 99 GDPR)Journal of the European Union. 2. It shall apply from 25 May 2018. There is no relevant recital for Article 99 GDPR. Article 99 GDPR sets out the dates of the12 KB (295 words) - 08:25, 19 October 2023
- administrative fines referred to in Article 66. It may cancel, reduce or increase those fines within the limits of Article 66. The EDPS, as an independent institution8 KB (1,078 words) - 12:58, 10 May 2024
- in principle (see hereunder Article 65(2) GDPR) to adopt a decision under Article 65 GDPR is reached, since Article 64 GDPR only requires a simple majority33 KB (4,185 words) - 16:09, 2 November 2023
- Article 29 GDPR (category GDPR Articles) (section Commonalities and differences in relation to Article 28(3)(b) GDPR)relevance of Article 29 GDPR were rooted in the fact that Article 28(3)(b) GDPR already seems to cover much of the scope of Article 29 GDPR. More specifically13 KB (674 words) - 13:15, 2 June 2023
- Article 94 GDPR (category Article 94 GDPR)date of effect under Article 94 GDPR. In order to ensure a sense of continuity within the regulatory framework, Article 94(2) GDPR provides that any reference13 KB (530 words) - 09:40, 3 October 2023
- Article 96 GDPR (category Article 96 GDPR)protected by Article 96 GDPR if it is found to be incompatible with other GDPR provisions. → You can find all related decisions in Category:Article 96 GDPR It follows13 KB (450 words) - 08:22, 19 October 2023
- Article 97 GDPR (category Article 97 GDPR)years as per Article 45(3) GDPR, and subject to regular reporting, which Article 97(2) GDPR provides for. The third paragraph of Article 97 GDPR, obliges the16 KB (778 words) - 08:24, 19 October 2023
- Article 87 GDPR (category Article 87 GDPR)process them. This was already the case under Article 8(7) of the DPD, the precursor of Article 87 GDPR. In many Member States, the processing of NIN and15 KB (660 words) - 09:37, 1 December 2023
- Chair represents the Board (Article 68(2) GDPR) and is responsible for directing the work of the secretariat (Article 75(2) GDPR). Other specific responsibilities15 KB (808 words) - 09:44, 17 October 2023
- Article 76 GDPR, p. 1111-1112 (Oxford University Press 2020). Docksey, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 76 GDPR, p.15 KB (787 words) - 08:17, 19 October 2023
- Article 59 GDPR (category GDPR Articles)accordance with Article 58(2) [GDPR]”. These is a reference to the information that SAs must keep in internal records according to Article 57(1)(u) GDPR. The report15 KB (718 words) - 15:31, 19 October 2023
- mechanism), Article 64 GDPR (opinion of the board), Article 66 GDPR (urgency procedure) and Article 67 GDPR (exchange of information). Article 55 GDPR confirms55 KB (7,446 words) - 22:28, 1 April 2024
- Article 48 GDPR (category GDPR Articles)subject to the GDPR or, in cases where they are not established in the EU, act within the material and territorial scope of the GDPR. Article 48 GDPR refers to14 KB (716 words) - 15:19, 28 April 2022
- Article 10 GDPR (category GDPR Articles)from Article 6(1) GDPR and comply with the principles enshrined in Article 5 GDPR. Additionally, the processing will still be subject to other GDPR provisions17 KB (1,768 words) - 15:41, 18 March 2024
- Article 24 GDPR (category Article 24 GDPR) (section Shall implement appropriate technical and organisational measures to ensure GDPR compliance)(e.g. Article 25 (1) and (2), Article 28(1), Article 32(1) GDPR, Article 89(1) GDPR). These measures can also be regarded as measures under Article 24(1)30 KB (3,458 words) - 10:31, 25 April 2024
- mechanism referred to in Article 63 GDPR (Article 28(8) GDPR). The Commission has made use of its power under Article 28(7) GDPR and published standard contractual72 KB (9,140 words) - 13:12, 2 June 2023
- Article 8 GDPR (category GDPR Articles) (section (2) Verification of parental consent by the controller)directly to children. As such, Article 8 GDPR stipulates additional requirements for consent by children. Article 8 GDPR applies only if the processing19 KB (1,335 words) - 13:56, 24 October 2023
- Article 98 GDPR (category Article 98 GDPR)Regulation. Noting that a broader reading of Article 98 GDPR is supported by the wording of Article 2(3) GDPR, which provides that: 'For the processing of15 KB (943 words) - 09:58, 8 November 2023
- Article 93 GDPR (category Article 93 GDPR) (section (2) Examination procedure under Article 5 of Regulation (EU) No. 182/2011)unlike delegated acts made under Article 92 GDPR. Article 93(2) GDPR explicitly provides for the application of Article 5 of Regulation (EU) No 182/201117 KB (1,096 words) - 08:19, 19 October 2023
- Article 19 GDPR (category GDPR Articles)definition for "processing" in Article 4(2) GDPR). If data is been made public, the applicable provision is Article 17(2) GDPR, provided that all requirements19 KB (1,436 words) - 12:35, 12 May 2023
- Article 44 GDPR (category GDPR Articles)important to note that Article 13(1)(f) GDPR, Article 14(1)(f) GDPR, Article 15(1)(c) GDPR and Article 15(2) GDPR, make specific reference to transfers of personal21 KB (1,831 words) - 08:51, 27 March 2023
- Article 69 GDPR (category Article 69 GDPR) (section (2) The Board shall neither seek nor take instructions from any body)proposed amendments to the GDPR (pursuant to Article 70(1)(b) GDPR). Although not explicitly mentioned in Article 69(2) GDPR, the requirement that the Board18 KB (1,327 words) - 12:36, 14 December 2023
- practices published under Article 70(3) GDPR. Though Article 70(3) GDPR already obliges the EDPB to make these public, Article 71(2) GDPR ensures that the public15 KB (1,196 words) - 08:15, 19 October 2023
- Article 75 GDPR (category Article 75 GDPR) (section (2) Exclusive Performance of Tasks under the Instructions of the Chair)Protection Regulation (GDPR), Article 75 GDPR, p. 1105 (Oxford University Press 2020). Dix, in Kühling, Buchner, DS-GVO BDSG, Article 75 GDPR, margin number 620 KB (1,347 words) - 14:21, 17 October 2023
- Article 50 GDPR (category GDPR Articles)exchange of knowledge between them. This way, Article 50 GDPR expands the exhortation under Article 57(1)(g) GDPR that calls for cooperation between EU DPAs17 KB (1,142 words) - 15:41, 28 April 2022
- exercise on their behalf all rights foreseen under Articles 77 and 78 GDPR and Article 20 of L. 4624/2019. The mandate shall be given with a specific written23 KB (2,039 words) - 08:15, 25 April 2024
- laid down in Article 57 GDPR. The powers of SAs are both investigative and corrective, which are set out in Article 58 GDPR. Article 52(2) GDPR requires two47 KB (5,594 words) - 22:45, 1 April 2024
- conduct under Article 83 GDPR should be excluded from penalties issued under Article 84 GDPR is debated. Whilst the wording of the GDPR is simply unclear19 KB (1,477 words) - 14:12, 7 November 2023
- Article 7 GDPR (category GDPR Articles) (section (2) Consent request in the context of a written declaration concerning other matters)accountability in Article 5(2) GDPR, paragraph (2) specifies further requirements in the general principle of transparency under Article 5(1)(a) GDPR, paragraph31 KB (3,489 words) - 16:00, 8 March 2024
- falls outside the scope of Article 57 GDPR should be deemed inadmissible for the purposes of Article 31 GDPR. Article 31 GDPR can be read as a supporting22 KB (2,042 words) - 14:29, 20 November 2023
- Article 43 GDPR (category GDPR Articles)with the examination procedure referred to in Article 93(2). You can help us fill this section! Article 43 GDPR explains the procedure involved in establishing22 KB (1,634 words) - 14:40, 28 July 2023
- Article 95 GDPR (category Article 95 GDPR)situation, Article 95 GDPR will not be relevant, and the GDPR applies as normal. Notably, Recital 173 GDPR, which relates to Article 95 GDPR, omits reference20 KB (1,539 words) - 08:21, 19 October 2023
- Datenschutzrecht, Article 73 GDPR, margin number 3 (C.H. Beck 2019, 1st edition). Nguyen, in Gola, DS-GVO, Article 73 GDPR, margin number 2 (C.H. Beck 2018, 2nd edition);19 KB (1,530 words) - 14:23, 12 October 2023
- Article 16 GDPR (category GDPR Articles)related decisions in Category:Article 16 GDPR Meents, Hinzpeter in Taeger, Gabel, DSGVO – BDSG, Article 16 GDPR, margin number 2 (Deutscher Fachverlag, 4th23 KB (2,489 words) - 23:24, 6 March 2024
- from any of the GDPR’s protections. → You can find all related decisions in Category:Article 39 GDPR Just as Article 38 GDPR, Article 39 GDPR also shows similarities23 KB (2,165 words) - 15:10, 27 July 2023
- decisions pursuant to Article 65 GDPR (Article 70(1)(t) GDPR). Article 68 GDPR is the first of nine Articles (Articles 68-76 GDPR) governing the EDPB set20 KB (1,632 words) - 10:01, 11 October 2023
- Article 92 GDPR (category Article 92 GDPR) (section (2) Delegation of power under Article 12(8) and 43(8) GDPR)objections pursuant to Article 92(5) GDPR. Article 92(5) GDPR imposes a further condition for the delegation of power, in line with Article 290(2)(b) TFEU. A delegated19 KB (1,525 words) - 08:18, 19 October 2023
- affected since, under Article 28(1) GDPR, a controller shall only use processors providing the same standards under Article 25 GDPR. Manufacturers or producers43 KB (4,675 words) - 06:43, 16 June 2023
- Article 90 GDPR (category Article 90 GDPR) (section (2) Notification of national implementation to the Commission)accordance with Article 58(1) GDPR. Article 90 GDPR was drafted with a view to regulate potential conflicts between the application of the GDPR on the one hand18 KB (1,599 words) - 12:26, 29 April 2022
- Article 11 GDPR (category GDPR Articles) (section (1) If the data subject is not identified, the GDPR applies in part)processing (Article 32(1) GDPR) and the general principles of processing set out in Article 5 GDPR. In confirming the above interpretation, Paragraph 2 sets out20 KB (1,854 words) - 16:32, 8 March 2024
- a binding dispute resolution procedure in accordance with Article 65 GDPR. Article 64(2) GDPR allows any SA, the EDPB Chair or the Commission to request23 KB (2,079 words) - 16:07, 2 November 2023
- categories of data established in Article 9(2)(a) GDPR, Article 9(2)(c) GDPR, Article 9(2)(g) GDPR and Article 9(2)(i) GDPR directly correlate with a specific44 KB (5,905 words) - 14:00, 24 October 2023
- Regulation (GDPR): A Commentary, Article 38 GDPR, p. 707 (Oxford University Press 2020). Bergt, in Kühling, Buchner, DS-GVO BDSG, Article 38 GDPR, margin number29 KB (2,951 words) - 14:19, 25 July 2023
- accountability obligation enshrined in Article 5(2) GDPR. This theory is not totally convincing. In light of Article 5(2) GDPR, a reversal of burden of proof for33 KB (4,215 words) - 09:57, 19 March 2024
- compliance with the GDPR under Article 58(2)(d) GDPR or even ban it under Article 58(2)(f) GDPR. Therefore, complaints under Article 77 GDPR should extend to33 KB (3,641 words) - 09:51, 19 March 2024
- with the GDPR (Article 31 GDPR). Direct liability of the representative is limited to the obligations set out in Article 30 and Article 58(1)(a) GDPR. Article25 KB (2,418 words) - 14:11, 24 May 2023
- controller is subject, under Article 6(1)(c) GDPR. In line with the general objectives of the GDPR, as outlined in Article 1 GDPR Article 16 TFEU, SAs are also27 KB (2,604 words) - 14:24, 16 January 2024
- Press 2020). Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1090. Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1090. CJEU22 KB (2,177 words) - 10:01, 19 March 2024
- Article 30 GDPR (category GDPR Articles) (section (2) Record of processing activities by the processor)applicability of Article 49(1) GDPR, the documentation of suitable safeguards (Article 30(2)(c) GDPR). See commentary under Article 30(1)(e) GDPR. The processor's31 KB (3,327 words) - 15:31, 5 June 2023
- Article 46 GDPR (category GDPR Articles) (section (c) Standard data protection clauses adopted by the Commission under Article 93(2))access (Article 15 GDPR), rectification (Article 16 GDPR), deletion (Article 17 GDPR), restriction of processing (Article 18 GDPR), objection (Article 21 GDPR)34 KB (3,646 words) - 08:53, 27 March 2023
- and jurisdiction provisions (Articles 47(1)(b), 47(2)(d), 47(2)(e), 47(2)(g), 47(2)(i), 47(2)(l) GDPR); a duty for the EU BCR member to accept responsibility29 KB (2,823 words) - 15:15, 28 April 2022
- Article 91 GDPR (category Article 91 GDPR) (section Rules that are comprehensive and in line with the GDPR)Regulation (GDPR), Article 91 GDPR, p. 1263 (Oxford University Press 2020). Tosoni, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article25 KB (2,482 words) - 10:04, 19 March 2024
- Article 42 GDPR (category GDPR Articles) (section (2) Demonstrating safeguards through data protection certification mechanisms, seals or marks)difference between Article 42(1) GDPR and Article 42(2) GDPR is that in the former, the applicant for certification is subject to the GDPR, while in latter27 KB (2,452 words) - 14:26, 28 July 2023
- According to Article 80(2) GDPR, where legislated for by Member States, this right extends to Articles 77, 78 and 79 GDPR, but not Article 82 GDPR. This exclusion26 KB (2,575 words) - 15:50, 9 November 2023
- Article 34 GDPR (category GDPR Articles) (section (2) Minimal requirements of the controller's communication to the data subject)meaning Recital 86 GDPR). However, Article 34 GDPR does not provide a specific deadline of 72 hours as is the case in Article 33 GDPR. Instead, timelines37 KB (3,962 words) - 15:20, 16 June 2023
- Article 41 GDPR (category GDPR Articles) (section (2) Criteria for accreditation from the competent supervisory authority)clear from the wording of Article 41(1) GDPR. Article 41(1) GDPR does not define accreditation. Nonetheless, Article 41(2) GDPR provides a criterion against30 KB (2,720 words) - 14:02, 28 July 2023
- explicit wording of Article 81 GDPR does not limit its application to proceedings instigated either under Article 78 GDPR or Article 79 GDPR. Secondly, the27 KB (2,619 words) - 14:52, 16 November 2023
- elements in Article 2(1) are fulfilled, the GDPR applies unless the processing falls under one of the exemptions named in Article 2(2)(a) to (d) GDPR. The first34 KB (4,652 words) - 12:07, 12 November 2023
- processing (Article 36(3)(c) GDPR); the contact details of the Data Protection Officer (DPO) (Article 36(3)(d) GDPR); a copy of the DPIA (Article 36(3)(e)31 KB (3,646 words) - 08:51, 21 July 2023
- Article 79 GDPR (category GDPR Articles) (section Infringement of the plaintiff’s rights under the GDPR)under Article 79 GDPR – or both. This flexibility allows for parallel proceedings under both Article 77 GDPR and under Article 79 GDPR. As the GDPR foresees31 KB (3,550 words) - 11:11, 29 November 2023
- Beck, 2018, 2nd edition). We refer, in that respect, to the Commentary on Article 2(2)(c) GDPR. Spiecker et al., GDPR Article-by-Article Commentary (2023)33 KB (3,748 words) - 14:25, 7 November 2023
- Article 18 GDPR (category GDPR Articles) (section (d) Objection to processing under Article 21(1) GDPR)contrast to Article 23(1)(e) GDPR, which sets out strict requirements for the Union or Member State's law restricting GDPR rights, Article 18(2) GDPR does not32 KB (3,730 words) - 08:43, 7 March 2024
- functions, a permissive function (Article 88(1) GDPR) and a conditional function (Article 88(2) GDPR). While Article 88(2) GDPR determines the scope of the opening32 KB (3,228 words) - 13:32, 30 November 2023
- Article 53 GDPR (category GDPR Articles) (section (2) Qualification, experience and skills of the member(s))occupation. For example, Article 52(2) GDPR requires SA members to remain free from external influence and Article 52(3) GDPR entails a prohibition of29 KB (2,894 words) - 23:06, 1 April 2024
- from Articles 13(2)(b) and 14(2)(c) GDPR. However, Article 21(4) GDPR specifies that the right to object under Article 21(1) and 21(2) GDPR (i.e. the right49 KB (5,993 words) - 06:22, 16 June 2023
- information as outlined in Articles 13 and 14 of the GDPR (see above). Article 26(2) of the GDPR emphasizes the significance of these specific obligations37 KB (3,915 words) - 12:49, 24 May 2023
- Article 49 GDPR (category GDPR Articles)Regulation (GDPR): A Commentary, Article 49 GDPR, p. 846 (Oxford University Press 2020). EDPB, ‘Guidelines 2/2018 on derogations of Article 49 under Regulation29 KB (3,500 words) - 08:54, 27 March 2023
- Article 83 GDPR (category GDPR Articles) (section (6) Non-compliance with orders pursuant to Article 58(2) GDPR)flows by the SA pursuant to Article 58(2) GDPR or failure to provide access in violation of Article 58(1) GDPR. Article 83(6) GDPR is a superfluous provision55 KB (7,622 words) - 14:04, 7 November 2023
- Article 55 GDPR (category GDPR Articles) (section (2) Exclusive competence regarding processing for compliance with a legal obligation or in the public interest)which would be competent under Article 55(1) GDPR, as provided in Article 56 GDPR in connection with Article 60 GDPR. For more information see commentary35 KB (3,971 words) - 21:34, 1 April 2024
- entering the contract, Article 22(2)(a) GDPR does not mention this additional aspect. In any case, the application of Article 22(2)(a) GDPR is always subjected31 KB (4,768 words) - 06:24, 16 June 2023
- Article 89 GDPR (category Article 89 GDPR) (section (2) Derogations Possible for Scientific or Historical Research Purposes or Statistical Purposes)Hence, Article 89(2) and (3) GDPR also allow for specific derogation to the GDPR for these purposes, as further detailed below. Article 89(1) GDPR provides29 KB (3,695 words) - 13:44, 21 March 2024
- with Article 13, Article 14 GDPR gives expression to the principle of transparency enshrined in Article 5(1)(a) GDPR and further defined in Article 12 GDPR47 KB (5,644 words) - 17:49, 5 March 2024
- the application of the GDPR. You can find further details about the territorial scope in Article 3 GDPR. According to Article 1(2), the Regulation generally28 KB (3,831 words) - 16:21, 14 March 2024
- Article 78 GDPR (category GDPR Articles) (section (2) Right to judicial remedy against DPA inactivity)or infringes the GDPR or any other applicable laws, including national ones. See commentary under Article 77 GDPR. Article 78(1) GDPR establishes both30 KB (3,874 words) - 10:46, 7 December 2023
- reliance on Article 6(1)(f) GDPR or at least exercise the right to object under Article 21 GDPR. If the legal basis is Article 6(1)(f) GDPR (i.e. 'legitimate71 KB (9,532 words) - 13:30, 6 March 2024
- the GDPR (Article 3)’, 12 November 2019 (Version 2.1), p. 6 (available here). EDPB, ‘Guidelines 3/2018 on the territorial scope of the GDPR (Article 3)’37 KB (4,635 words) - 13:29, 24 October 2023
- access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction of processing (Article 18 GDPR), notification obligation44 KB (4,896 words) - 06:25, 16 June 2023
- Article 33 GDPR (category GDPR Articles) (section (2) Processor's notification in the event of a personal data breach)respect of Article 33. If a controller who is not established in the EU but falls under the scope of Article 3(2) or Article 3(3) of the GDPR experiences54 KB (6,536 words) - 08:22, 16 June 2023
- categories of data under Article 9 GDPR or data relating to criminal convictions and offences under Article 10 GDPR. Article 37(2) GDPR allows for the designation43 KB (4,904 words) - 12:59, 21 July 2023
- Article 15 GDPR (category GDPR Articles) (section Additional information under Article 15(1)(a) to (h))decision". Similar to the ex-ante information in Article 13(2)(f) and 14(2)(f) GDPR, Article 15(2) GDPR requires that in case the controller transfers data73 KB (9,896 words) - 15:46, 18 March 2024
- provided for in Article 52(3) GDPR and Articles 53(3) and 53(4) GDPR. For more information on SA members and staff, please refer to Article 52(2) GDPR (SA members)34 KB (3,649 words) - 13:19, 30 October 2023
- requirements. Although Article 40(5) GDPR mentions that the competent DPA will be determined through the application of Article 55 GDPR, the GDPR does not provide44 KB (5,008 words) - 14:50, 28 July 2023
- Article 12 GDPR (category GDPR Articles) (section (2) Facilitation of the exercise of rights and identification)are dealt with in Article 12(6) GDPR. It is unclear why Article 12(2) GDPR refers to Articles 15 to 22 GDPR, while Article 11(2) GDPR only refers to Articles76 KB (11,304 words) - 08:37, 4 March 2024
- must also be involved in the drafting of the DPIA under Article 35(2) GDPR and Article 39(1)(c) GDPR, and their advice should be recorded by the controller52 KB (7,297 words) - 08:05, 18 July 2023
- in Category:Article 45 GDPR Kuner, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation (GDPR): A Commentary, Article 45 GDPR, p. 774 (Oxford43 KB (5,641 words) - 14:58, 28 April 2022
- Article 20 GDPR (category GDPR Articles) (section (2) Right to have personal data directly transmitted to another controller)consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and (b) the processing is40 KB (5,349 words) - 07:05, 1 June 2023
- Article 6 GDPR (category GDPR Articles) (section Tension with Article 5 and 12 GDPR in case of routine reliance on Article 6(4) GDPR)possible "legitimate interest" under Article 6(1)(f) GDPR. Equally to Article 6(1)(c) GDPR, Article 6(2) and (3) GDPR require that Union or Member State108 KB (17,005 words) - 15:39, 18 March 2024
- of such processing (see Article 5(1)(b) GDPR), the requirement to have a legitimate basis laid down by law (see Article 6(1) GDPR), the right to access and48 KB (5,978 words) - 15:57, 1 February 2024
- Garante per la protezione dei dati personali (Italy) - 9524194 (category Article 58(2)(f) GDPR)accordance with the provisions of the aforementioned Article 66 of the Regulation. Pursuant to Section 66(1) of the Regulation, the supervisory authorities9 KB (1,280 words) - 15:53, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9574709 (category Article 58(2)(d) GDPR)Moreover, the information provided as per Article 13 GDPR were not compliant with the requirements of Article 12 GDPR in light of the fact that TikTok services17 KB (2,519 words) - 15:55, 6 December 2023
- the following: Article 66 GDPR gives the possibility for a procedure of urgency and from this article (and Article 66 and Article 62 GDPR), the European25 KB (3,812 words) - 10:03, 20 August 2021
- NAIH (Hungary) - NAIH/2020/66/21 (category Article 25(2) GDPR)Authority has verified the above links and NAIH / 2020/66/2., NAIH / 2020/66/3. and NAIH / 2020/66/5. in its file number notes, it found that the links were67 KB (10,492 words) - 10:11, 17 November 2023
- Court of Appeal of Brussels - 2021/AR/1044 (category Article 66 GDPR)Wednesday 10 November 2021. The reference to Article 66 GDPR by the Court seems irrelevant, since Article 66 is a derogation to the one stop shop principle5 KB (509 words) - 09:26, 10 September 2021
- CNIL (France) - SAN-2021-023 (category Article 56 GDPR) (section The material competence of the CNIL and the non-application of the "one-stop shop" mechanism provided for by the GDPR)"accept all" button be considered a breach of GDPR Article 4(11) and Article 7, read in conjunction with GDPR Article 5(3) -Privacy while the data controller120 KB (19,650 words) - 09:00, 6 April 2022
- AP (The Netherlands) - 31.05.2021 (category Article 32 GDPR)to work. 1 2See, among other things, article 4 paragraph 1 SUWI and the ZBO register of the Dutch central government. See article 2 paragraph 2 SUWI and106 KB (14,502 words) - 17:09, 12 December 2023
- CNIL (France) - SAN-2020-012 (category Article 4(7) GDPR)the fine, the criteria specified in the same article 83. 111. Article 83 of the GDPR, as referred to in Article 20, paragraph III, of the Data Protection93 KB (14,936 words) - 17:09, 6 December 2023
- HDPA (Greece) - 7/2023 (category Article 15 GDPR)for more details. Article 2: Material scope Article 2.2.c: Exclusively personal or domestic activity Article 3: Territorial scope Article 4.1: Personal data9 KB (1,251 words) - 12:15, 8 May 2023
- CNIL (France) - SAN-2023-0076 (category Article 9(2)(j) GDPR)instance, the controller sought to rely upon Article 6(1)(e) GDPR and Article 9(2)(j) GDPR. Article 6(1)(e) GDPR establishes a lawful basis for the processing19 KB (2,826 words) - 17:01, 6 December 2023
- HDPA (Greece) - 51/2021 (category Article 22 GDPR)more details. Article 2: Substantive scope Article 2.2.c: Exclusively personal or domestic activity Article 3: Territorial scope Article 4.1: Personal9 KB (1,168 words) - 15:30, 6 December 2023
- processing involved special categories of data under Article 9 GDPR and whether an exception under Article 9(2) applied; • targeted advertising by the controller57 KB (9,084 words) - 15:11, 13 July 2022
- OVG Sachsen-Anhalt - 1 M 49/23 (category Article 53(1) GDPR)this regulation in accordance with Article 57 (1) (a) GDPR and which has the powers in accordance with Article 58 GDPR. For this reason alone, there was14 KB (1,999 words) - 14:20, 18 July 2023
- HDPA (Greece) - 57/2021 (category Article 13 GDPR)pre-existing form of Article 11 of Law 3471/2006). However, with the provisions of article 16 par. 1 and 2 of law 3917/2011, par. 1 and 2 of article 11 of law 3471/200645 KB (7,165 words) - 15:22, 22 February 2022
- BAC (Bulgaria) - 2606/2021 (category Article 58(2)(d) GDPR)CPDP issued NRA an order under Article 58(2)(d) supra Article 57(1)(a) and Article 83(2)(a), (c), (d), (f) and (g) of the GDPR for undertaking suitable technical13 KB (1,761 words) - 09:58, 14 December 2023
- APD/GBA (Belgium) - 37/2020 (category Article 17 GDPR)provided for in Article 56(1), read in conjunction with Article 56(2), read in conjunction with Article 56(3), read in conjunction with Article 56(4), read131 KB (22,429 words) - 16:57, 12 December 2023
- CNIL (France) - SAN-2023-082 (category Article 5(2) GDPR)databases made available by the CNAM. 2.2.2. Nature of personal data 2.2.2.1. Pursuant to Article 5(1)(c) of the GDPR, the data processed must be relevant46 KB (7,106 words) - 17:06, 6 December 2023
- CNIL (France) - 2023-097 (category Article 9(2)(j) GDPR)the public interest, per Article 6(1)(e) GDPR, and was also necessary for scientific research purposes under Article 9(2)(j) GDPR. Thirdly, that the data18 KB (2,536 words) - 17:11, 6 December 2023
- APD/GBA (Belgium) - 34/2020 (category Article 5(1)(b) GDPR)GDPR and Article 66.2 WOG); and • compliance with the transparency obligations (Article 12 GDPR) and the te provide information (Article 13 GDPR). Page82 KB (13,250 words) - 16:57, 12 December 2023
- Recitals GDPR (section Recitals from the GDPR)data is a fundamental right. Article 8(1) of the Charter of Fundamental Rights of the European Union (the ‘Charter’) and Article 16(1) of the Treaty on the182 KB (24,065 words) - 13:40, 9 July 2021
- APD/GBA (Belgium) - 18/2020 (category Article 5 GDPR)therefore of the opinion that no breach of Article 5.2 of the GDPR, Article 24.1 of the GDPR and Article 33 of the GDPR can be established. - As regards the55 KB (8,810 words) - 16:55, 12 December 2023
- HDPA (Greece) - 56/2021 (category Article 13 GDPR)and Article of 11Law No. 3471/2006, in accordance with Article 13(58i2) of the GDPR in conjunction with Article 83(1)(a) of the GDPR. 5 of the GDPR, and54 KB (8,916 words) - 15:22, 22 February 2022
- VGH München – 5 CS 19.2087 (category Article 4(1) GDPR)1, No. 2, Art. 6 para. 1 sentence 1 lit. c, para. 3 sentence 1, Art. 86 GKG § 47 (1), § 52 (2), § 53 (2) no. 2, § 63 (3) sentence 1 no. 2, § 66 (3) sentence40 KB (6,397 words) - 08:03, 21 March 2022
- APD/GBA (Belgium) - 105/2023 (category Article 5(2) GDPR)defendant 2. Also here is there therefore an infringement of Article 5 at the time of the facts. 1, a) GDPR, Article 6, Article 12.1 GDPR and Article 14.1 a)102 KB (15,787 words) - 07:39, 6 September 2023
- APD/GBA (Belgium) - 31/2022 (category Article 5(1)(a) GDPR)of his personal data would be based 5. 1, a) GDPR, Article 6, Article 12.1 GDPR and Article 14.1 a) GDPR. 67. Moreover, a controller, in this case defendant84 KB (12,933 words) - 16:46, 12 December 2023
- OLG Nürnberg - 8 U 2907/21 (category Article 12(5)(b) GDPR)right to access under Article 15 GDPR because the controller was entitled to reject the request pursuant to Article 12(5)(b) GDPR. The court reasoned that24 KB (3,847 words) - 15:19, 11 September 2022
- HDPA (Greece) - 1/2024 (category Article 31 GDPR)DPA under Article 31 GDPR and Article 66 Greek Law 4624/2019, as well as the obligation to designate the DPO under Article 37 GDPR and Article 6 Greek Law6 KB (767 words) - 10:55, 28 February 2024
- CNPD (Luxembourg) - Délibération n° 24FR/2022 (category Article 13(2)(a) GDPR)mandatory by article 13.2.a) of the GDPR. 2.2 Regarding the exercise of their rights by the persons concerned 67 53. In the context of objective 2, the head82 KB (11,472 words) - 16:58, 6 December 2023
- AEPD (Spain) - PS/00058/2020 (category Article 5(1)(f) GDPR)" Regarding section k) of article 83.2 of the RGPD, the LOPDGDD, article 76, "Sanctions and corrective measures", provides: "2. In accordance with the provisions28 KB (4,619 words) - 13:53, 13 December 2023
- LAG Berlin-Brandenburg - 10 Sa 443/21 (category Article 15 GDPR)meaning of Article 4 No. 7 GDPR. However, the defendant cannot be accused of violating an obligation to provide information under Art. 15, 12 GDPR. Paragraph28 KB (4,527 words) - 15:58, 26 April 2022
- LG Magdeburg - 9 O 1571/20 (category Article 6(1) GDPR)that under Article 82 (1) and (2) GDPR, any person who has suffered material or non-material damage as a result of a violation of the GDPR is entitled27 KB (4,216 words) - 13:26, 8 January 2024
- KamR Göteborg - 2232-21 (category Article 5(1)(a) GDPR)was contrary to Article 5(1)(a) GDPR (principle of lawfulness), Article 5(1)(b) GDPR (principle of purpose limitation) and Article 6 GDPR (absence of valid8 KB (1,119 words) - 11:52, 9 December 2021
- Commissioner (Cyprus) - 11.17.001.007.220 (category Article 7(4) GDPR)time tracking system, due to a lack of compatibility with Article 7(4) and Article 35(9) of GDPR. KEO PLC decided to upgrade its ERP system, whose upgrade56 KB (8,913 words) - 16:52, 6 December 2023
- Norges Høyesterett - 2021-2403-A (category Article 9(2)(a) GDPR)other two conditions of Article 6 (1) (f) of the GDPR are not met. (26) The second condition of Article 6 (1) (f) of the GDPR is that the processing of46 KB (7,024 words) - 06:18, 6 March 2022
- OLG Naumburg - 9 U 6/19 (category Article 9(2)(a) GDPR)there is no explicit consent by the customers as requested under Article 9(2)(a) GDPR and an implied consent cannot fulfill the provision’s requirement32 KB (5,236 words) - 16:00, 10 March 2022
- Hoge Raad - 21/00241 (category Article 6(1)(c) GDPR)processed on the basis of Article 6(1)(c) GDPR does not have the rights to erasure and objection contained in Article 17 and Article 21 GDPR respectively. This29 KB (4,605 words) - 17:00, 15 December 2021
- AEPD (Spain) - EXP202102430 (category Article 58(2)(d) GDPR)in the article 57.1 and the powers granted in article 58.1 of the Regulation (EU) C/ Jorge Juan, 6 www.aepd.es 28001 – Madrid sedeagpd.gob.es 2/12 2016/67933 KB (4,835 words) - 13:26, 13 December 2023
- LAG Hessen - 9 Sa 1431/19 (category Article 15(1) GDPR)information in accordance with Art. 15 (1) half-sentence 2 GDPR. According to Art. 4 No. 2 GDPR, processing also includes in particular the collection,32 KB (5,093 words) - 16:07, 11 September 2022
- specified in Article 83 of the GDPR. 92. 92. Firstly, the restricted formation emphasises that, in this case, the criterion provided for in Article 83(2)(a) of73 KB (11,864 words) - 17:03, 6 December 2023
- NAIH (Hungary) - NAIH-2020/2204/8 (category Article 24(2) GDPR)statement of the Debtor [Article 83 (2) (k) GDPR]; - the processing did not affect specific categories of personal data [Article 83 (2) GDPR paragraph (g)]; -60 KB (9,820 words) - 10:08, 17 November 2023
- CJEU - C-77/21 - Digi (category Article 5(2) GDPR)compliant with Articles 5 and 6 GDPR. According to Article 6 GDPR, when a controller did not rely on consent (Article 6(1)(a) GDPR), its processing should be49 KB (7,800 words) - 09:22, 5 January 2024
- entitled to erasure under Article 17(1)(d) GDPR, as the data processing was not lawful. In any case, the requirements of Article 6 GDPR were no longer met 651 KB (8,215 words) - 09:55, 13 May 2022
- BVerfG - 1 BvR 276/17 (category Article 17 GDPR)violation of the general right of personality under Article 1.1, Article 2.1 of the Basic Law (Article 7, Article 8 of the Basic Law) was to be taken into account127 KB (21,367 words) - 16:00, 22 March 2022
- LG Berlin - (526 OWi LG) 212 Js-OWi 1/20 (1/20), 526 OWiG LG 1/20 (category Article 83(4) GDPR)Pursuant to Article 83 GDPR in conjunction with Article 4 No. 7 and 8 GDPR, fines for violations of the GDPR pursuant to Article 83(4) to (6) GDPR are not36 KB (5,810 words) - 13:09, 21 January 2022
- HDPA (Greece) - 11/2024 (category Article 17 GDPR)the GDPR does not apply established by the GDPR and, therefore, in accordance with the provisions of articles 55 para. 1, 2 para. 1 and 3 para. 2 GDPR36 KB (5,761 words) - 17:19, 22 April 2024
- APD/GBA (Belgium) - 66/2021 (category Article 4(3) GDPR)integrality of the indictments. 2.2. Identification of the controller (Article 4.7 GDPR) 71. In accordance with Article 4.7 of the GDPR, the controller should be88 KB (13,010 words) - 20:12, 30 December 2021
- Tietosuojavaltuutetun toimisto (Finland) - 7732/161/23 (2) (category Article 3(2) GDPR)data carried out through Yango app was contrary to Article 44 GDPR, Article 46 GDPR and Chapter V GDPR. Moreover, it found that the conditions set for the20 KB (2,928 words) - 11:58, 11 October 2023
- Tietosuojavaltuutetun toimisto (Finland) - 7732/161/23 (category Article 58(2)(f) GDPR)Federation pursuant to Article 58(2)(f) of the General Data Protection Regulation. Pursuant to Article 58(2)(j) and Article 66(1) of the General Data Protection32 KB (4,844 words) - 11:44, 11 October 2023
- Datatilsynet (Denmark) - 2019-431-0037 (category Article 28(1) GDPR)publicly available on the Internet. However, it follows from Article 28(1) GDPR and Article 28(3)(f) GDPR that the data processor (in this instance Kombit A/S)18 KB (2,710 words) - 16:34, 6 December 2023
- AEPD (Spain) - 0098/2022 (category Article 9(2)(g) GDPR)under Article 36 GDPR) regarding the compliance of the envisaged processing with the GDPR. According to the Commission, the legal basis was Article 6(1)(e)56 KB (8,102 words) - 13:57, 1 February 2023
- Personvernnemnda (Norway) - 2021-18 (20/02059) (category Article 5(1)(d) GDPR)around the processing of personal data subject to Article 10 GDPR. Pursuant to Article 6(1)(f) GDPR, the Privacy Appeals Board conducted a balancing test36 KB (5,859 words) - 06:40, 6 July 2022
- APD/GBA (Belgium) - 82/2020 (category Article 6(1) GDPR)dossier werden toegevoegd. 2. Motivering 2.1. De bevoegdheid van de Inspectiedienst en de Geschillenkamer en de omvang van het dossier 2.1.1. Het verzoek van124 KB (18,772 words) - 17:01, 12 December 2023
- CNPD (Luxembourg) - Délibération n° 13FR/2023 (category Article 5(1)(b) GDPR)employees. The DPA found a violation of Article 5(1)(b) GDPR, Article 5(1)(c) GDPR and Article 13 GDPR. Following a visit to the premises of two public bodies (the96 KB (13,984 words) - 16:57, 6 December 2023
- APD/GBA (Belgium) - 36/2021 (category Article 5(1) GDPR)approved appeal of Article 5(1)(a), Article 12(1), Article 13(1) and Article 13(2). The appeal for Article 5(1)(c), Article 6(1) and Article 8 GDPR was not approved62 KB (9,417 words) - 16:57, 12 December 2023
- Datatilsynet (Norway) - 23-114365TVI-TOSL/08 and 23-114359TVI-TOSL/08 (category Article 66(1) GDPR)lies', the conditions in Article 66 (1) GDPR for taking urgent measures are met. Since the conditions for Article 66(1) GDPR were met, the court did not113 KB (18,098 words) - 11:57, 13 September 2023
- [The equivalent GDPR Article to Article 48(3)(a) EU GDPR is Article 46(3)(a) GDPR, and Article 50(1)(d) EU GDPR is Article 49(1)(d) GDPR.] Share blogs or73 KB (9,347 words) - 13:28, 26 July 2023
- CNPD (Portugal) - Deliberação 2022/1072 (category Article 35(2) GDPR)to or instead of the measures referred to in Article 58(2)(a) to (h) and (j) [..)', Article 83(2) of the GDPR recognizes the power of the national supervisory163 KB (27,222 words) - 16:54, 6 December 2023
- Korkein hallinto-oikeus (Finland) - KHO:2024:34 (category Article 17(1) GDPR)Regulation) Article 1, paragraph 2, Article 5, Article 6, paragraph 1, subparagraph f, Article 17(1)(a), (c) and (d), Article 17(3)(a), Article 21(1) Judgments60 KB (9,713 words) - 13:07, 26 March 2024
- BVwG - W214 2233132-1/13E (category Article 15(1)(c) GDPR)under Article 77 GDPR was very clear and limited in scope. However, the DSB went on to assert a violation of Article 12 GDPR and Article 15(1)(h) GDPR, acting47 KB (7,519 words) - 09:28, 13 February 2024
- BVwG - W274 2251055-1/5E (category Article 6(1)(f) GDPR)Section 1 Paragraph 1 and 2 DSG, Article 5 Letters a and c GDPR as well as Article 6 Paragraph 1 Letters c and f GDPR, as well as Article 1 Paragraph 3 Z 1 ZaDiG137 KB (21,991 words) - 12:01, 20 September 2023
- VG Potsdam - VG 3 K 1458/19 (category Article 17 GDPR)the alert on the SIS system under Article 17(1)(d) GDPR. The reason for the data subject invoking the GDPR is that Article 53(1) Regulation (EU) 2018/186123 KB (3,560 words) - 14:17, 21 February 2024
- CNIL (France) - SAN-2020-009 (category Article 5(1)(a) GDPR)of a link to this information. This was a violation of Article 12. Based on Article 13(2)(a) GDPR and WP29 guidelines on transparency, the CNIL noted that48 KB (7,404 words) - 17:09, 6 December 2023
- APD/GBA (Belgium) - 136/2023 (category Article 5(2) GDPR)violating Article 5(1)(f) GDPR, Article 5(1)(a) GDPR, Article 5(2) GDPR, Article 12 GDPR, Article 13 GDPR, Article 14 GDPR, Article 24(1) GDPR, and Article58 KB (9,184 words) - 16:49, 12 December 2023
- APD/GBA (Belgium) - 39/2020 (category Article 5(1)(f) GDPR)obtained from them, as required under Article 14(1)(a) AVG and Article 14(2)(c)(e) and point (f) AVG; c. article 12 j° article 14 AVG, in view of the defendant62 KB (10,509 words) - 16:58, 12 December 2023
- Datatilsynet (Norway) - 20/02147 (category Article 5 GDPR)the lack of security routines, thus breaching Article 32(1)(b) cf. Article 5 GDPR, Article 35 and Article 24(1), respectively. Teachers at two junior high24 KB (3,591 words) - 18:57, 5 March 2022
- DSB (Austria) - 2020-0.191.240 (category Article 4(1) GDPR)has a wider scope of applicability than Article 8 GRC (the latter only protects natural persons). As Article 16(2) TFEU leaves it to member states to grant66 KB (10,546 words) - 13:50, 12 May 2023
- EDPB - Binding Decision 4/2022 - 'Meta (Instagram)' (category Article 4 GDPR)reasoned in accordance with Article 4(24) GDPR and, after conducting its own assessment of the factors under Article 83(2) GDPR, found that the proposed fine468 KB (51,340 words) - 14:10, 30 January 2023
- APD/GBA (Belgium) - 24/2021 (category Article 35(2) GDPR)the basis of article 6.1 e) GDPR read together with articles 5.2 GDPR and 24.1 GDPR. 3) Violation of Articles 12.1, 12.6, 13.1 and 13.2 GDPR: the Inspection110 KB (18,238 words) - 16:56, 12 December 2023
- EWHC (UK)- QB- Soriano v Forensic News LLC (category Article 3(2) GDPR)conferred by article 79(2) of the GDPR. This is the relevant provision for the purposes of para 3.1(20) of CPR Practice Direction 3B. Article 79(2) provides:108 KB (18,178 words) - 11:57, 29 November 2021
- CNPD (Luxembourg) - Délibération n° 20FR/2021 (category Article 38(1) GDPR)analyzes the criteria by Article 83.2 of the GDPR: - As to the nature and seriousness of the violation [article 83.2 a) of the GDPR], with regard to breaches66 KB (9,458 words) - 19:42, 4 September 2021
- APD/GBA (Belgium) - 74/2020 (category Article 6(1)(f) GDPR)the basis of Article 58, paragraph 2, point b) GDPR and Article 100, §1, 5 ° WOG to be reprimanded for the infringement of Article 25 (1) GDPR; b. on the82 KB (12,100 words) - 17:01, 12 December 2023
- BVerfG - 1 BvR 16/13 (category Article 17 GDPR)Human Rights. According to settled case-law, it follows from Article 1.2 and Article 59.2 of the Basic Law that there is an obligation to use the Human133 KB (21,944 words) - 15:59, 22 March 2022
- APD/GBA (Belgium) - 71/2020 (category Article 4(1) GDPR)of the judgment article 6, d) and article 6, e) of the GBA law, but this should be read as article 6.1. d) and Article 6.1. e) of the GDPR. Decision on the79 KB (12,260 words) - 17:00, 12 December 2023
- VG Berlin - VG 3L 1028.19 (category Article 17(1)(a) GDPR)Buchner, GDPR BDSG, 2nd edition 2018, Art. 5 GDPR marginal 8). Even if the data is “only” incorrect, the requirements of Article 17 (1) (d) GDPR can be met30 KB (4,986 words) - 15:50, 17 March 2022
- The heading of Article 6(1) and the wording “has given” in Article 6(1)(a) support this interpretation. It follows logically from Article 6 and Recital65 KB (9,767 words) - 16:22, 6 December 2023
- HDPA (Greece) - 4/2023 (category Article 5(1)(a) GDPR)for more details. Article 2: Material scope Article 2.2.c: Exclusively personal or domestic activity Article 3: Territorial scope Article 4.1: Personal data10 KB (1,249 words) - 12:16, 8 May 2023
- CNIL (France) - SAN-2021-024 (section The material competence of the CNIL and the non-application of the "one-stop shop" mechanism provided for by the GDPR)provided for in Article 2, h) of Directive 95/46/EC. In particular, under these new requirements, article 4, paragraph 11 of the GDPR requires that the82 KB (13,428 words) - 17:02, 6 December 2023
- AEPD (Spain) - PS/00240/2019 (category Article 5(1)(b) GDPR)Therefore, given that Article 6(1), Article 5(1)(a), Article 5(1)(d), Article 5(1)(c), and Article 14 GDPR were infringed in connection to Article 5(1)(b), the602 KB (102,229 words) - 14:21, 13 December 2023
- BVwG - W274 2240078-1 (category Article 5 GDPR)experience data under Article 17 GDPR. The credit reference agency refused, arguing a legitimate interest under Article 6(1)(f) GDPR. After the erasure request37 KB (5,980 words) - 11:06, 21 January 2022
- HDPA (Greece) - 12/2024 (category Article 17 GDPR)60 of the GDPR does not apply the GDPR and, therefore, in accordance with the provisions of articles 55 para. 1, 2 para. 1 and 3 para. 2 GDPR and 13 para37 KB (5,933 words) - 16:53, 19 April 2024
- CJEU - T‑200/21 JS v European Data Protection Supervisor (EDPS) (category Article 17 GDPR)right to erasure (“right to be forgotten”) of Article 17 GDPR and Article 19 of Regulation 2018/1725. Under GDPR, such prolonged and unrestricted data retention61 KB (9,971 words) - 14:28, 4 January 2024
- Decision Source: standards: Article 17(1) TEU 2016/679, Article 17(1)(a) TEU 2016/679, Article 17(1)(d) TEU 2016/679, Article 16 S 1 TEU 2016/679, § 4(1)13 KB (1,972 words) - 12:25, 15 September 2021
- AP (The Netherlands) - 26.11.2020 (category Article 32(1) GDPR)that the letter in question referred to Article 58(1)(a) of the GDPR and Article 5:16 in conjunction with Article 5:17 of the Awb does not make this any67 KB (11,415 words) - 17:15, 12 December 2023
- APD/GBA (Belgium) - 138/2022 (category Article 5(2) GDPR)an infringement of Article 5 (1) a), b) and c) and (2) of the GDPR and Article 24 (1) of the GDPR; and - an infringement of article 8 of the law of 2143 KB (6,274 words) - 08:57, 29 June 2023
- APD/GBA (Belgium) - 61/2020 (category Article 5(1)(d) GDPR)this regard within the meaning of Article 2 (2) point d) GDPR. Whichcertain officials of the defendant under Article 5, §2 of the Second Ordinanceare appointed41 KB (6,354 words) - 16:59, 12 December 2023
- EDPB - Binding Decision 5/2022 - 'Whatsapp' (category Article 4 GDPR)After considering the objections in light of Article 4(24) GDPR and the factors outlined in Article 83(2) GDPR the EDPB instructed the DPC to impose an administrative289 KB (33,568 words) - 15:00, 1 February 2023
- CNIL (France) - CNIL2326891X (category Article 5(2) GDPR)databases made available by the CNAM. 2.2.2. Nature of personal data 2.2.2.1. Pursuant to Article 5(1)(c) of the GDPR, the data processed must be relevant47 KB (7,402 words) - 12:43, 21 December 2023
- BGH - VI ZR 15/23 (category Article 15(1) GDPR)reasoning of the Court of Appeal. Article 15 GDPR and the GDPR as such are applicable, even if the processing occurred before the GDPR came into force in 2018.17 KB (2,646 words) - 09:00, 28 March 2024
- Tietosuojavaltuutetun toimisto (Finland) - TSV/26/2020 (category Article 25(2) GDPR)violated Article 5(1)(e) GDPR and Article 25(2) GDPR. As a result, the DPA issued a reprimand to the controller in accordance with Article 58(2)(b) GDPR. Pursuant77 KB (12,352 words) - 07:20, 23 April 2024
- BVwG - W245 2252208-1/36E and W245 2252221-1/30E (category Article 46(2)(c) GDPR)(VWA ./05, see point II.2), the XXXX (VWA ./06, see point II.2) and a certificate of representation (VWA ./07, see point II.2). I.2. As a result, the BA continued158 KB (26,392 words) - 08:25, 7 June 2023
- APD/GBA (Belgium) - 37/2021 (category Article 5(1)(b) GDPR)condition of necessity is maintained under Article 6.1 b) to f) of the GDPR. The article 6.1 of the GDPR replaces Article 7 of the Directive, without the relevant45 KB (6,780 words) - 16:57, 12 December 2023
- APD/GBA (Belgium) - 12/2019 (category Article 4(11) GDPR)(EU) 2016/679, p. 41. 2.2.2 Obligations relating to consent ('opt-in') (Articles 5, 6(1)(a) and 4(11) in conjunction with Article 7 of the Data Protection107 KB (17,697 words) - 16:52, 12 December 2023
- Hämeenlinnan hallinto-oikeus (Finland) - 2548/2023 (category Article 85(2) GDPR)information in accordance with Article 85(2) GDPR. The Court held that the provisions on the security of processing in Article 32 GDPR are not intended to limit44 KB (6,893 words) - 10:28, 25 March 2024
- HDPA (Greece) - 28/2022 (category Article 12(3) GDPR)issued a reprimand (Article 58(2)(b) GDPR) to the controller for breach of those provisions and instructed (Article 58(2)(c) of the GDPR) it to satisfy the4 KB (397 words) - 15:02, 15 November 2022
- OLG Köln - 20 U 295/21 (category Article 4(1) GDPR)invoked the excessiveness of the request under Article 12(5) GDPR alleging that the data subject uses Article 15 GDPR only to verify the validity of the premium42 KB (6,689 words) - 08:30, 21 November 2022
- APD/GBA (Belgium) - 21/2022 (category Article 5(1)(f) GDPR) (section Accountability (Article 24 GDPR), data protection by design and by default (Article 25 GDPR), integrity and confidentiality (Article 5(1)(f) GDPR), as well as security of processing (Article 32 GDPR))pursuant to Article 17(2) DPA Act. 9. Moreover, as regards the one-stop-shop mechanism, Article 56 GDPR states: "Without prejudice to Article 55, the supervisory429 KB (58,279 words) - 09:12, 2 November 2022
- APD/GBA (Belgium) - 33/2020 (category Article 5 GDPR)by the defendant under Article 6(1) GDPR? Did the controller infringe the data minimisation principle under Article 5(1)(c) GDPR? Did the controller commit39 KB (6,551 words) - 16:56, 12 December 2023
- CNIL (France) - SAN-2020-056 (category Article 9(2)(i) GDPR)is based on Article 9(2)(i) of the GDPR as mentioned above. 34. However, certain data referred to in the PIA are not mentioned in Article 2 of the draft43 KB (6,847 words) - 17:11, 6 December 2023
- LAG Mecklenburg-Western Pomerania - 5 Sa 108/19 (category Article 37 GDPR)2019, GDPR Art. 37, para. 1; Döpfler , EU-GDPR and BDSG, 2nd edition 2020, GDPR Art. 37, marginal 1; Paal / Pauly, DS-GVO BDSG, 2nd ed. 2018, GDPR Art.48 KB (7,320 words) - 12:44, 4 October 2021
- CNIL (France) - SAN-2022-011 (category Article 12 GDPR)individuals complies with Article 14 of the GDPR. 2 On breaches in connection with the exercise of rights 28. Under Article 12 of the GDPR: "1. The controller48 KB (7,525 words) - 17:02, 6 December 2023
- AEPD (Spain) - PS/00148/2019 (category Article 6 GDPR)offence against privacy included in Article 197(1) of the Spanish Criminal Code, with the aggravating circumstance from Article 197(5) of being data related to48 KB (7,550 words) - 14:05, 13 December 2023
- argue about the value in dispute of a request for information under Article 15 GDPR. The ArbG Düsseldorf (Düsseldorf Labour Court) had set the amount in6 KB (806 words) - 14:25, 17 September 2021
- DSB (Austria) - 2020-0.743.659 (category Article 9(2) GDPR)requirements of Article 9 GDPR. In the DSB held that the processing violated Articles 5, 6 and 9 GDPR: Consent under Articles 6(1)(a), 7 and 9(2)(a) GDPR cannot50 KB (8,015 words) - 13:52, 12 May 2023
- EFTA Court - Joined Cases E-11/19 and E-12/19 (category Article 58(2)(e) GDPR)data within the meaning of Article 4(2) in the course of proceedings under both Articles 77 and 78 of the GDPR. Article 4(2) refers to disclosure as a59 KB (8,242 words) - 10:47, 17 March 2021
- CNIL (France) - SAN-2022-025 (category Article 4(11) GDPR)fine, the criteria specified in the same Article 83." 112. Under Article 83 of the GDPR, as referred to in Article 20(III) of the Data Protection Act: "182 KB (13,463 words) - 17:03, 6 December 2023
- Personvernnemnda (Norway) - 2021-17 (20/02389) (category Article 6(1)(f) GDPR)legal basis for their processing in article 6(1)(f) GDPR. However, according to article 17(1)(c) and article 21(1) GDPR, upon receiving an erasure request45 KB (7,396 words) - 18:49, 5 March 2022
- CJEU - C-205/21 - Ministerstvo na vatreshnite raboti (category Article 9 GDPR)listed in Article 2(3) of that directive and Article 2(2) of that regulation, apply. 62 In particular, it should be noted that Article 9 of the GDPR and Article110 KB (18,000 words) - 08:01, 5 June 2023
- APD/GBA (Belgium) - 17/2020 (category Article 12(3) GDPR)a bank was subject to the GDPR in its capacity as a controller and should have answered access requests under Article 15 GDPR. The complainants are clients52 KB (8,603 words) - 16:55, 12 December 2023
- CNIL (France) - SAN-2023-025 (category Article 6(1)(a) GDPR)the data subjects, therefore breaching Article 6 GDPR, as well as Article 5(1)(b) GDPR. Thirdly, Article 30 GDPR stipulates that the controller must keep53 KB (8,418 words) - 11:21, 6 February 2024
- CJEU - C-33/22 - Österreichische Datenschutzbehörde (category Article 2(2)(a) GDPR)security under Article 2(2)(a) GDPR. The GDPR will not apply if the activity of the controller falls outside the scope of Union Law under Article 2(2)(a). The8 KB (1,127 words) - 08:53, 30 January 2024
- LfDI (Baden-Württemberg) - 4 Sa 70/20 (category Article 9(2)(a) GDPR)applied Article 9(2)(a) GDPR, according to which the data subject could have voluntarily disclosed their health data defined in Article 4(15) GDPR to the29 KB (4,815 words) - 08:48, 11 November 2022
- Datatilsynet (Norway) - 21/03656 (category Article 12(2) GDPR)out in Article 14(5)(a) and Article 14(5)(c) GDPR. The DPA rejected the controller's views as it argued that the exceptions in Article 14(5) GDPR should63 KB (8,745 words) - 13:33, 27 April 2022
- BGH - I ZR 7/16 (category Article 4(11) GDPR)meaning of Article 5(3) and Article 2(f) of Directive 2002/58/EC, as amended by Article 2(5) of Directive 2009/136/EC, in conjunction with Article 2(h) of Directive52 KB (8,575 words) - 15:55, 22 March 2022
- VG Mainz - 1 K 584/19.MZ (category Article 58(2) GDPR)street. The DPA was allowed to issue a reprimand, Art. 58(2)(b) GDPR. On the basis of Art. 58(2)(f) GDPR, the DPA was not entitled to order the removal of camera58 KB (9,665 words) - 08:51, 25 November 2020
- publication of the press release of 17 June 2020 infringed Article 54(2) GDPR and Article 48(1) and Article 64(3) WOG. This press release described that the DPA206 KB (30,485 words) - 09:54, 14 December 2023
- ICO - Monetary Penalty on Ticketmaster UK Limited (category Article 4(2) GDPR)11, 148, 150, and Article 5, Chapter IV and Article 83. 4 2.8 Chapter IV, Section 2 addresses security of personal data. Article 32 GDPR provides: 1. Taking130 KB (21,195 words) - 13:52, 25 April 2021
- Garante per la protezione dei dati personali (Italy) - 9845156 (category Article 5 GDPR)the type of data) are: Article 9(2)(h) GDPR (necessary for the purposes of preventive or occupational medicine); Article 9(2)(i) GDPR (for reasons of public128 KB (20,856 words) - 12:32, 14 March 2023
- OLG Hamm - 7 U 19/23 (category Article 82 GDPR)requirements of the GDPR; Because from Recital 171 Sentence 2 GDPR, from Art. 4 No. 2 GDPR and Art. 24 Para. 1, in particular Sentence 2 GDPR, the obligation130 KB (21,874 words) - 09:43, 15 February 2024
- CNPD (Luxembourg) - Délibération n° 6FR/2023 (category Article 31 GDPR)analyse the criteria set out in Article 83.2 of the GDPR. 61. As regards the nature and seriousness of the breach (Article 83(2)(a) of the RGPD), it points55 KB (9,079 words) - 16:57, 6 December 2023
- OGH - 6Ob56/21k (request for preliminary ruling under Article 267 TFEU) (category Article 9(2) GDPR)requirements of Article 6(1)(a) in conjunction with Article 7 GDPR, which cannot be superseded by relying on Article 6(1)(b) GDPR? Is Article 5(1)(c) GDPR (data122 KB (20,253 words) - 08:17, 19 August 2021
- CJEU - C-118/22 - Direktor na Glavna direktsia "Natsionalna politsia" pri MVR - Sofia (category Article 5(1)(e) GDPR)data subject argued that Article 5,13 and 14 LED (the roughly equivalent GDPR articles would be Article 5(1)(e), 13 and 15 GDPR) do not permit the police8 KB (1,080 words) - 10:11, 15 February 2024
- APD/GBA (Belgium) - 02/2021 (category Article 6 GDPR)Compétence de la Chambre de Résolution des Litiges (Article 2 AVG ; Article 4 WOG) 55. Conformément à l'article 2, paragraphe 1, de l'AVG, le règlement s'applique96 KB (15,396 words) - 16:50, 12 December 2023
- relation to contraventions of the UK-GDPR, section 168 DPA 2018 provides that "non-material damage" in Article 82 GDPR includes distress. In relation to breaches61 KB (8,986 words) - 08:40, 22 February 2022
- CNIL (France) - SAN-2024-002 (category Article 5(1)(e) GDPR)breach of Article 13 (2) of the GDPR. 43. Consequently, the restricted panel considers that the company has committed a breach of Article 13 of the GDPR. It56 KB (8,757 words) - 14:12, 28 February 2024
- CNIL (France) - SAN-2021-020 (category Article 28(3) GDPR) (section On the failure to comply with Article 28 GDPR)breach of Article 28 paragraphs 3 and 4 of the GDPR is clear. 2. On the breach of the obligation to ensure data security 49. According to Article 32 of the56 KB (9,069 words) - 17:02, 6 December 2023
- DSB (Austria) - 2022-0.876.190 (category Article 55(2) GDPR)the Austrian DPA pursuant to Article 55(1) GDPR. However, the DPA further considered the exception of Article 55(2) GDPR which states that local DPA's12 KB (1,696 words) - 09:17, 1 February 2023
- APD/GBA (Belgium) - 149/2023 (category Article 13(2) GDPR)of article 4.19 of the GDPR – (article 13.1. c) of the GDPR) and does not mention the data retention periods personal data processed (article 13.2. a)113 KB (17,325 words) - 08:50, 19 March 2024
- CJEU - C-687/21 - MediaMarktSaturn (category Article 4 GDPR)of the GDPR? Does unintenional disclosure (via a breach) to a third party constitute unlawful further processing as per Article 2(1), 5(1)(f), 6(2) and Article11 KB (1,606 words) - 09:59, 15 February 2024
- AEPD (Spain) - PS/00059/2020 (category Article 28 GDPR)and the lack of control by Vodafone on that; - A € 2 000 000 fine for the infringement of Article 44 GDPR: due to the carrying out of international transfers287 KB (48,336 words) - 13:53, 13 December 2023
- CNIL (France) - SAN-2022-020 (category Article 3(2)(a) GDPR)Failure to ensure data protection by default (Article 25(2) GDPR) The DPA also found a violation of Article 25(2) GDPR regarding the controllers “X” icon at the59 KB (9,566 words) - 17:03, 6 December 2023
- AP (The Netherlands) - 24.02.2022 (category Article 13(1)(e) GDPR)data 9 2.1.1 Factual findings 9 2.1.2Legal assessment 9 2.2 Controller and processor(s) 10 2.2.1 Factual findings 10 2.2.2Legal assessment 12 2.3Security179 KB (22,957 words) - 17:07, 12 December 2023
- Rb. Noord-Nederland - C/18/190912/HA RK 19-19 (category Article 6(1)(f) GDPR)based on Article 17 GDPR and/or Article 21 GDPR. In this case this does not apply. Applicant bases his request on Article 10 GDPR. The goal of article 10 was12 KB (1,374 words) - 12:11, 15 September 2021
- CNIL (France) - SAN-2022-022 (category Article 12(3) GDPR)requests for information according to Article 15(1) GDPR. The ‘Business secrecy’ exception only applied to Article 15(4) GDPR, where a data subject would request59 KB (9,623 words) - 17:03, 6 December 2023
- CNIL (France) - SAN-2020-003 (category Article 5(1)(c) GDPR)disregarded the provisions of Article 5-1 e) of the GDPR. C. On the breach of the obligation to inform people 65. Article 13 of the GDPR requires the data controller61 KB (10,028 words) - 17:09, 6 December 2023
- GHSHE (Netherlands) - 200.274.447 01 (category Article 5 GDPR)compelling reasons within the meaning of Article 9 of the protocol on monitoring systems. That article reads as follows: "Article 9 Articles 05 to 08 do not affect60 KB (10,118 words) - 15:12, 5 October 2021
- EDPB - Binding Decision 2/2022 - 'Instagram' (category Article 24(2) GDPR)the performance of a contract (Article 6(1)(b) GDPR) and for legitimate interest (Article 6(1)(f) GDPR). Article 6(1)(b) GDPR In its original draft decision276 KB (38,206 words) - 09:46, 20 January 2023
- infringement of Article 5.1 b) in conjunction with Article 6.4. AVG, on article 5.1 a) in conjunction with article 6.1. AVG and on article 5.1 c) GDPR has been72 KB (11,208 words) - 16:51, 12 December 2023
- Hoge Raad - 20/02950 (category Article 10 GDPR)proceedings. 3.2.2 art. 79(1) GDPR provides that any data subject has the right to an effective remedy if they consider that their rights under the GDPR have been16 KB (2,553 words) - 11:36, 2 March 2022
- AEPD (Spain) - E/00647/2019 - CO/00198/2020 (category Article 80(2) GDPR)in accordance to Article 4(23) GDPR. According to the AEPD, there are other concerned DPAs in this case, as defined in Article 4(22) GDPR: Spain, Belgium17 KB (2,419 words) - 14:27, 24 November 2022
- APD/GBA (Belgium) - 75/2023 (category Article 12(2) GDPR)Authority. II.5.2. Established infringement of Article 5(1)(a) j° Article 6(1)(f) and Article 12(2) GDPR in conjunction with Article 17 (1) GDPR. II.5.2.1. Administrative77 KB (11,604 words) - 08:55, 29 June 2023
- NAIH (Hungary) - NAIH-2020-2546-5 (category Article 5(1)(c) GDPR)out in Article 6 (1) of the GDPR In addition, there is a circumstance within the meaning of Article 9 (2) of the GDPR. (45) Article 9 (2) of the GDPR does72 KB (11,159 words) - 10:09, 17 November 2023
- FG Berlin-Brandenburg - 16 K 5148/20 (category Article 2(1) GDPR)processing (Article 18 GDPR), right to data portability (Article 20 GDPR) and right to object (Article 21 GDPR). The right to information under Art. 15 GDPR cannot45 KB (7,420 words) - 18:15, 12 March 2024
- CNPD (Luxembourg) - Délibération n° 47FR/2021 (category Article 5(1)(c) GDPR)the number of data subjects (Article 83.2.a) of the GDPR), the As for the number of data subjects (Article 83.2.a) of the GDPR), the Panel notes that these69 KB (11,315 words) - 13:30, 19 January 2022
- Datatilsynet (Denmark) - 2021-31-5085 (category Article 12(5)(b) GDPR)within the mandatory time limit, cf. article 15 and article 12 (3) of the EU General Data Protection Regulation (GDPR). On 16 February 2021 Kromann Reumert79 KB (12,839 words) - 10:21, 5 October 2022
- ICO (UK) - The Central Young Men’s Christian Association (category Article 5(1)(f) GDPR)the UK GDPR and the DPA. They are obliged by Article 5(2) to adhere to the data processing principles set out in Article 5(1) of the UK GDPR. Article 5(2)54 KB (7,579 words) - 16:44, 7 May 2024
- APD/GBA (Belgium) - 54/2021 (category Article 4 GDPR) (section The notion of processing of personal data within the meaning of Article 4 GDPR)is maintained under Article 6.1 b) to f) of the GDPR and therefore in Article 6.1.c) invoked in the species. Article 6.1 of the GDPR in fact reproduces73 KB (11,238 words) - 16:59, 12 December 2023
- VGH Baden-Württemberg - 1 S 397/19 (category Article 18(2) GDPR)force: "According to Article 16 sentence 1 GDPR, every data subject has the right to request the controller (see Article 4(7) GDPR) to correct incorrect112 KB (19,310 words) - 08:08, 23 June 2022
- LG Feldkirch - 57 Cg 30/19b - 15 (category Article 9(1) GDPR)the GDPR, as the data falls under Article 9 GDPR and awarded € 800 in emotional damages. The Austrian Business Code cannot override Article 9 GDPR. There69 KB (11,077 words) - 16:48, 7 March 2022
- APD/GBA (Belgium) - 38/2021 (category Article 5 GDPR)consent of the 10 complainant (article 6.1 a) of the GDPR combined with article 7 of the GDPR), (2) article 6.1 c) of the GDPR in that the publication results73 KB (11,604 words) - 16:57, 12 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 310/161/23 (category Article 83(6) GDPR)accordance with Article 58, paragraph 2, subparagraph b of the General Data Protection Regulation, and an order pursuant to Article 58, paragraph 2, subparagraph71 KB (11,552 words) - 13:40, 12 January 2024
- LAG Berlin-Brandenburg - 10 Sa 2130/19 (category Article 9(2)(b) GDPR)rely on Article 9(2)(b) GDPR. The LArbG Berlin-Brandenburg also confirmed that the processing was not necessary in light of Article 9(2)(b) GDPR, and emphasised50 KB (8,194 words) - 12:05, 3 March 2022
- LAG Schleswig-Holstein - 1 Sa 148/22 (category Article 4(1) GDPR)the data subject requested his personal information (Article 15 (1) GDPR and Article 15 (3) GDPR) from the controller. On the same day, the data subject51 KB (8,324 words) - 15:52, 18 January 2024
- OLG Stuttgart - 2 U 257/19 (category Article 13 GDPR)supervisory authorities (Article 58(2) DSGVO), in particular the fines to be imposed (Article 58(2)(i) DSGVO), for which Article 83 DSGVO contains a detailed52 KB (8,574 words) - 16:03, 10 March 2022
- IP (Slovenia) - 0611-182/2021/23 (category Article 5(1)(b) GDPR)not correspond to the legal purposes from Article 77 of ZVOP-2, Paragraph 1 of Article 78 of ZVOP-2 and Article 6 of the General Regulation. With video surveillance53 KB (8,251 words) - 08:30, 27 September 2023
- AEPD (Spain) - PS/00356/2021 (category Article 5(1)(c) GDPR)claimed party, for the alleged infringement of Article 5.1.c) of the RGPD, typified in Article 83.5 of the GDPR. FIFTH: On 10/18/21, the careful collaboration18 KB (2,791 words) - 18:33, 1 February 2022
- CE - N° 444937 (category Article 28 GDPR)protection of the rights of data subjects (pursuant to Article 28 GDPR). In light of this Article, Microsoft must also provide all information required51 KB (7,830 words) - 09:50, 29 October 2020
- Council of State - 253.677 (category Article 9 GDPR)applicant. Referring to Article 28(1) of the GDPR, it stated that it was for the the contracting authority to ensure compliance with the GDPR before the conclusion85 KB (13,820 words) - 09:28, 2 March 2023
- LArbG Nürnberg - 4 Sa 201 22 (category Article 15 GDPR)ignores the wording of Article 82 GDPR. To put this into perspective: Other than Article 82 GDPR, Article 77 GDPR actually only mentions GDPR violations by processing19 KB (2,972 words) - 05:25, 9 May 2023
- CNPD (Luxembourg) - Délibération n° 38FR/2021 (category Article 38(2) GDPR)analyzes the criteria set by Article 83.2 of the GDPR: - As to the nature and seriousness of the violation [article 83.2 a) of the GDPR], with regard to breaches81 KB (11,895 words) - 16:58, 6 December 2023
- CNPD (Portugal) - Deliberação 2022/140 (category Article 13(2) GDPR)violation of Article 5(1)(f) GDPR and a fine of €100,000 for the violation of Article 37 GDPR. The DPA issued a reprimand for the violations of Article 5(1)(e)75 KB (12,306 words) - 10:02, 21 December 2022
- EDPB Plenary 3/Minutes (section Interpretation of Article 64 (2), (3) last sentence and (4) – state of play and confirmation of the Rapporteurs (Rapporteur: [REDACTED])a point of information on the development of the Brexit. Items 2.1, 2.2, 2.3, 4.1, 4.2 and 4.5 of the agenda were declared confidential according to Art13 KB (1,695 words) - 19:45, 6 June 2020
- AEPD (Spain) - PS/00001/2021 (category Article 5(2) GDPR)for the violation of Article 5(1)(f) GDPR and Article 5(2) GDPR. The AEPD considered that the fine was proportional, since the GDPR establishes that fines270 KB (43,335 words) - 12:39, 13 December 2023
- AP (The Netherlands) - 25.11.2021 (category Article 58(2)(i) GDPR)fairness principle, violating Article 5(1)(a) in conjunction with Article 6(1)(e) GDPR, and Article 6 in conjunction with Article 8 Personal Data Protection87 KB (11,601 words) - 17:08, 12 December 2023
- APD/GBA (Belgium) - 81/2020 (category Article 5(2) GDPR)period allotted to it to do so (Article 15.1 combined with Article 12.3. of GDPR as well as Article 12.2. of the GDPR (obligation to facilitate the exercise127 KB (21,484 words) - 17:01, 12 December 2023
- DVI (Latvia) - Nacionālajam veselības dienestam (category Article 24(1) GDPR)based on Article 3, paragraph 2, Article 5, paragraph 1 a), f) of GDPR subsection, Article 6(1), Article 9(2), Article 58(2)(d), GDPR Article 23 and Article22 KB (3,276 words) - 11:46, 26 July 2023
- VG Berlin - 1 K 561/21 (category Article 58(2) GDPR)constitute perosnal data under Article 4(1) GDPR, since the individuals are identifiable and also because under Article 11 GDPR, it is not mandatory that individuals57 KB (9,204 words) - 10:55, 23 November 2023
- APD/GBA (Belgium) - 62/2022 (category Article 12 GDPR)controller violated Article 6 GDPR because it had no legal basis to disclose the email addresses. It reasoned that Article 6(1)(a) GDPR was not applicable58 KB (9,477 words) - 18:41, 1 June 2022
- DVI (Latvia) - LocateFamily administrācija (category Article 5(1)(b) GDPR)based on Article 3, Clause 2, Article 5, Clause 1 of the Data Regulation "a", "b" and point 2, Article 6, point 1, point "a", Article 7, Article 27, point25 KB (3,679 words) - 11:30, 2 August 2023
- OLG München - 18 U 1697/21 Pre (category Article 6(1)(f) GDPR)defining factor for the balancing act under Article 6(1)(f) GDPR. Second, the court decided that Article 17(1)(c) GDPR obliged a controller to delete personal22 KB (3,418 words) - 10:28, 14 November 2022
- VGH München - 11 ZB 22.895 (category Article 17 GDPR)Ehmann/Selmayr, GDPR, 2nd edition 2018, Article 6 marginal number 26). of the data by the holder, which also constitutes processing (Art. 4 No. 2 GDPR), nothing22 KB (3,613 words) - 13:20, 31 August 2022
- Rb. Zeeland-West-Brabant - AWB - 21 373, 21 4309, 21 4310 (category Article 5(1)(a) GDPR)the GDPR, in view of the judgment of 2.13. the high Council. Conclusion 2.15. In view of the foregoing, the appeals are dismissed as unfounded. 2.16. The21 KB (3,294 words) - 09:23, 7 July 2022
- GHAMS - 200.292.660/01 (category Article 6(1)(f) GDPR)processing pursuant to Article 6 GDPR. Therefore, the journalistic exception laid down in Article 43 of the Dutch Implementation Act for the GDPR (UAVG) was not22 KB (3,469 words) - 10:55, 9 November 2022
- AEPD (Spain) - EXP202207199 (category Article 6 GDPR)data subject. For violating Article 6 GDPR, the DPA fined the controller €4,000 and ordered, in accordance with Article 58(2) GDPR, the removal of the device23 KB (3,550 words) - 10:03, 18 October 2023
- APD/GBA (Belgium) - 55/2021 (category Article 25(2) GDPR)data on the basis of Article 6.1.e GDPR ? - Did the administration sharing confidential data with a third party violates article 25 GDPR ? - Should the administration81 KB (13,211 words) - 16:59, 12 December 2023
- OLG Dresden - 4 U 760/19 (category Article 82(1) GDPR)between the parties). With regard to Article 99(2) GDPR, the Court already expressed doubts as to whether Article 82 GDPR is applicable to the deletion/blocking22 KB (3,547 words) - 15:53, 10 March 2022
- Datatilsynet (Norway) - 20/02165 (category Article 5 GDPR)Norwegian Health Records Act (pasientjournalloven) and Article 32(1)(b) and (d) GDPR (cf. Article 5 GDPR). The DPA fined Moss municipality NOK 500,000 (€4724 KB (3,436 words) - 07:38, 4 October 2021
- CNIL (France) - SAN-2020-013 (category Article 6 GDPR)derogant rule, based on the interpretation of Article 95 GDPR in the line of the Rec (173) GDPR and Article 1(2) and 15a of the ePrivacy Directive. The CNIL82 KB (13,424 words) - 17:10, 6 December 2023
- VGH München - 12 B 19.1648 (category Article 6(2) GDPR)BVerfGE 130, 151 [184]). (recital 46)2. § Article 14.2 and Article 15.5 sentence 4 in conjunction with In this respect, § 14.2 of the Telemedia Act does not constitute25 KB (3,847 words) - 12:32, 31 January 2022
- OVG Lüneburg - 2 ME 426/20 (category Article 9(2)(e) GDPR)from the basic prohibition of processing under Article 9(1) GDPR. The Court stated that Article 9(2)(e) GDPR shall be for the benefit of the defendants. They26 KB (4,032 words) - 11:53, 10 September 2021
- VGH München - 4 ZB 23.1056 (category Article 6(1)(e) GDPR)GG Art. 1 Paragraph 1; Article 2 paragraph 1 GDPR Art. 6 Paragraph 1 Sentence 1 Letter e; Article 18 paragraph 1 letter d; Article 21 paragraph 1 Tags: Toleration26 KB (4,050 words) - 14:05, 31 October 2023
- LG Essen - 18 O 204/21 (category Article 4(1) GDPR)data under Article 4(1) GDPR. Moreover the court found that the controller can refuse to act on the request according to Article 12(5)(b) GDPR, because the24 KB (3,694 words) - 10:56, 15 June 2022
- DSB (Austria) - 2021-0.187.619 (category Article 6(1)(f) GDPR)Legal basis: Article 2 paragraph 1, Article 3 paragraph 2 letter b, Article 6 paragraph 1 letter f, Article 17 paragraph 1 and paragraph 3, Article 51 paragraph25 KB (3,905 words) - 14:45, 11 May 2022
- NAIH (Hungary) - NAIH-6484-2-2022 (category Article 12(3) GDPR)redress. Therefore, the DPA declared an infringement of Article 12(3) GDPR and Article 12(4) GDPR. Additionally, the DPA held that the controller, whether66 KB (10,501 words) - 14:46, 12 October 2022
- BVwG - W292 2267784-1 (category Article 56(1) GDPR)Art 130 Paragraph 1 Z1 B-VG Art 133 Paragraph 4 GDPR Art4 GDPR Art51 GDPR Art56 GDPR Art60 GDPR Art65 GDPR Art77 VwGVG §28 Paragraph 1 VwGVG §31 Paragraph67 KB (10,619 words) - 10:40, 22 January 2024
- UODO (Poland) - DKN.5131.59.2022 (category Article 33(1) GDPR)should have notified the DPA under Article 33(1) GDPR and the data subjects affected by the breach under Article 34(1) GDPR. Regarding the corrective measure108 KB (17,728 words) - 07:57, 25 April 2024
- EDPS - 2020-1013 (category Article 6 GDPR)power under Article 58(2)(i) and 66 of the Regulation The complainants request that the EDPS make use of his corrective power under Article 58(2)(i) of the66 KB (10,349 words) - 08:54, 19 January 2022
- EDPB - Binding Decision 1/2020 - 'Twitter' (category Article 4(24) GDPR)infringements of Article 5(1)(f), Article 24, and Article 32 GDPR, and to the objection of the IT SA on the possible infringement of Article 5(2) GDPR, the EDPB183 KB (30,819 words) - 09:50, 20 January 2023
- APD/GBA (Belgium) - 73/2020 (category Article 5 GDPR)accordance with article 15 AVG (section 2.1) - data processing officer (section 2.2) - cookie policy (section 2.3) - health data processing (section 2.4) - camera93 KB (14,040 words) - 17:00, 12 December 2023
- APD/GBA (Belgium) - 25/2020 (category Article 5 GDPR)the basis of article 92, 3° of the WOG. 14. The inspection report shall identify potential breaches of Article 5(1). 2 of the AVG, Article 6 of the AVG84 KB (14,035 words) - 16:56, 12 December 2023
- LG Augsburg - 022 O 2669/22 (category Article 25(2) GDPR)13, 14 GDPR), also the defendant clearly and in ease language pointed to the default settings, so no breach of Article 25 GDPR or Article 32 GDPR either26 KB (4,101 words) - 10:24, 13 March 2024
- BVerwG - 6 C 7.20 (category Article 5(2) GDPR)register is data processing within the meaning of Art. 2 (1) GDPR. The exceptions of Art. 2 Para. 2 GDPR do not apply. In particular, the application of the64 KB (10,816 words) - 15:44, 22 June 2022
- APD/GBA (Belgium) - 85/2022 (category Article 5(2) GDPR)consent was given obtained (potential violation of Article 6.1 a) GDPR): ▪ Article 6.1 a) GDPR and Article 129 of the law on electronic communication (WEC)171 KB (24,826 words) - 15:55, 18 June 2022
- VG Düsseldorf - 29 K 7031/19 (category Article 77 GDPR)DPA under Article 78 of the GDPR. The court dismissed the complaint. It found that the plaintiff is precluded from having recourse to the GDPR in connection27 KB (4,391 words) - 13:32, 20 November 2021
- OVG Lüneburg - 8 ME 36/20 (category Article 6 GDPR)HKG ND, Section 85a (1) S 1 HKG ND, Section 5 (1) S 2 DSG ND, Section 46 (2) KomWG ND, Section 51 S 2 WahlG ND PROCEDURE VG Stade, 3 April 2020, Ref: 6 B27 KB (4,222 words) - 15:16, 17 March 2022
- CPDP (Bulgaria) - PNN-01-487/2021 (category Article 6(1)(a) GDPR)According to the Bulgarian DPA, a company violated Article 6(1) GDPR by sending pre-employment arrangements to a government agency while national law only27 KB (4,439 words) - 09:03, 9 February 2023
- Communications Act (ZEKom-1), the GDPR and the Data Protection Act (ZVOP-1). The principles of Article 5 of the GDPR must be followed and attention must29 KB (4,524 words) - 14:47, 17 March 2022
- GHSHE (Netherlands) - 200.270.589 01 and 200.270.589 02 (category Article 6(1)(c) GDPR)29 708, no. 19 (p. 523) Article 4:32 The obligation from this article is taken over from Article 52 of the Wfd. Under Section 14(2) of the Wck, participation91 KB (15,371 words) - 15:11, 5 October 2021
- LG München I - 5 O 5853/22 (category Article 5(1)(f) GDPR)requirements of Article 34 (2) GDPR. If one sets too strict requirements for promptness within the framework of Article 34 Para. 1 GDPR, this would run31 KB (5,017 words) - 15:08, 20 October 2023
- Tietosuojavaltuutetun toimisto (Finland) - 8422/161/21 (category Article 12(2) GDPR)and of the Council ((EU) 2016/679) Article 12(1), (2) and (6), Article 15(3), Article 58(2)(b) and (i), Article 83(1), (2), (5) and (6). Data Protection Act74 KB (11,917 words) - 06:52, 27 September 2023
- APD/GBA (Belgium) - 141/2021 (category Article 38(6) GDPR)therefore orders a discontinuation of proceedings pursuant to Article 100, §1, 2° WOG. Article 5.2 and 31 AVG 37. The report of the Inspectorate shows several90 KB (14,937 words) - 12:35, 3 August 2022
- AEPD (Spain) - EXP202301323 (category Article 7(3) GDPR)stop shop mechanism (see Article 56 GDPR). The Spanish DPA, however, claims that only Article 22 LSSI (which also stems from Article 5(3) ePrivacy Directive)31 KB (4,748 words) - 15:41, 27 March 2024
- BVwG - W214 2232551-1 (category Article 85(2) GDPR)whether this narrow scope of § 9(1) DSG is in accordance Article 85(2) GDPR, Article Article 85(2) GDPR cannot be applied directly since it has no material77 KB (12,559 words) - 13:20, 2 February 2022
- Rb. Amsterdam - C/13/683377 / HA ZA 20-468 (category Article 9(2)(a) GDPR)in violation of Article 6 GDPR. Thirdly, it was claimed that Meta unlawfully processed special categories of personal data (Article 9 GDPR). Fourth, and243 KB (40,160 words) - 11:54, 5 April 2023
- ICO (UK) - Enforcement Notice and Warning Letter - Home Office (category Article 5(2) GDPR)accountability pursuant to Article 5(2) UK GDPR because it failed to demonstrate compliance with Article 5(1)(a) and (c) UK GDPR principles of lawfulness129 KB (17,281 words) - 14:57, 10 April 2024
- FG München - Auskunftsanspruch nach Art. 15 DSGVO (category Article 15(3) GDPR)whether Art. 15 GDPR applies to the investigation files at all, since according to Art. 2 Para. 2 d GDPR, Section 2a Para. 4 AO, the GDPR does not apply97 KB (16,519 words) - 09:57, 22 February 2023
- VwGH - Ro 2021/04/0010-11 (category Article 9(2)(g) GDPR)Supreme Administrative Court refers to Article 9(2)(d) GDPR, which is incorrect. It should be Article 9(2)(g) GDPR, which is about the substantial public144 KB (21,026 words) - 14:50, 27 March 2024
- Hoge Raad - ECLI:NL:PHR:2023:935 (category Article 5(1)(c) GDPR)has engaged another real estate agent for the sale. 2 Process flow First instance 2.1 2.2 2.3 2.4 2.5 PME summoned [plaintiff] on May 9, 2018 (see also103 KB (17,620 words) - 10:13, 29 November 2023
- (“the GDPR”): regulation 8(2) of the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019. Article 4(11)32 KB (5,066 words) - 09:04, 14 February 2022
- Rb. Den Haag - C/09/550982/HA ZA 18/388 (category Article 5(1)(b) GDPR)account the purpose of limitation principle (Article 5(1)(b) GDPR) and data minimization (Article 5(1)(c) GDPR). For example, the Court noticed that the data128 KB (21,722 words) - 16:14, 10 March 2022
- APD/GBA (Belgium) - 149/2022 (category Article 5(2) GDPR)of Article 5(1)(a) and (2) GDPR, Article 6(1) GDPR with regard to the principle of legality; 2. there is an infringement of Article 5 GDPR, Article 2489 KB (13,017 words) - 15:07, 2 November 2022
- VG Ansbach - 14 K 19.01274 (category Article 77 GDPR)the GDPR also applied to facts before the above-mentioned date. The Court noted that the entry-into-force of the GDPR according to Article 99 GDPR represents33 KB (5,554 words) - 11:06, 19 November 2021
- CNIL (France) - SAN-2020-008 (category Article 13(2)(a) GDPR)violation of Article 12 GDPR ? Are the following practices an infringement on data subjects' information right as described in Article 12 GDPR ? Spreading104 KB (16,646 words) - 17:09, 6 December 2023
- VfGH - G 287/2022-16, G 288/2022-14 (category Article 85 GDPR)of equality pursuant to Article 7 B-VG and Article 2 StGG, the right to a trial before the lawful judge pursuant to Article 83(2) B-VG, the right to protection202 KB (29,013 words) - 13:35, 12 January 2023
- ICO (UK) - Tempcover Ltd (category Article 4(11) GDPR)(“the GDPR”): regulation 8(2) of the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019. Article 4(11)40 KB (5,684 words) - 18:42, 16 February 2022
- ICO (UK) - Brazier Consulting Services Ltd (category Article 4(11) GDPR)the circumstances referred to in paragraph (2)." 5. Regulation 21A paragraphs (2), and (3) provide that: "(2) Those circumstances are where the called line43 KB (5,548 words) - 10:45, 28 July 2021
- (“the GDPR”): regulation 8(2) of the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019. Article 4(11)39 KB (5,404 words) - 11:56, 21 September 2021
- Rb. Noord-Nederland - C/18/194754 / HA RK 19-64 and C/18/197707 / HA RK 20-22 (category Article 17(1)(c) GDPR)[Claimant 1] and [Claimant 2] , - the oral procedure, - the pleadings of [plaintiff 1] and [plaintiff 2] , - Google's pleadings. 2.2. Finally, judgment has33 KB (5,593 words) - 08:22, 24 November 2020
- VG Ansbach - AN 14 K 19.01274 (category Article 77 GDPR)judicial review under Article 78 GDPR. The disputed infringement occurred before the GDPR came into legal force according to Article 99 GDPR. Therefore, the35 KB (5,807 words) - 14:24, 12 October 2022
- VwGH - Ro 2021/04/0010 (category Article 9(2)(g) GDPR)further ado. 15 It follows from Article 6 Paragraph 1 Letter e GDPR and Article 9 Paragraph 2 Letter D GDPR that the processing of personal data can190 KB (30,999 words) - 10:00, 21 February 2024
- ICO - Monetary Penalty on Marriott International Inc. (category Article 5(1)(f) GDPR)and Article 5, Chapter IV and Article 83. The relevant obligations 2.5. Chapter 1 GDPR sets out the general provisions. Article 5 of Chapter I GDPR sets241 KB (31,368 words) - 09:59, 9 May 2022
- is only authorised where it is freely given, specific and informed (Article 4(11) GDPR). As there is no evidence of individuals consenting to third party42 KB (5,271 words) - 13:44, 23 June 2021
- KG Berlin - 3 Ws 250/21 - 161 AR 64/21 (category Article 83 GDPR)following preliminary questions to the CJEU: (1) Is Article 83(4) to Article 83(6) GDPR of the GDPR to be interpreted as incorporating into national law38 KB (5,956 words) - 11:41, 21 January 2022
- NAIH (Hungary) - NAIH – 6427-1/2023 (category Article 5(1)(b) GDPR)were in violation of Article 5(1)(e) GDPR and Article 32 GDPR, but the DPA dismissed its previous finding of the Article 5(1)(b) GDPR violation. The DPA87 KB (14,360 words) - 08:30, 27 September 2023
- LG Bonn - 13 O 126/22 (category Article 82 GDPR)confidentiality of data pursuant to Article 5(1)(f) GDPR and violated the principle of privacy by default and by design (Article 24 GDPR). The controller was aware37 KB (5,954 words) - 13:58, 22 June 2023
- ICO (UK) - Royal Mail Group Limited (category Article 4(11) GDPR)paragraph (2).” 5. Section 122(5) of the Data Protection Act 2018 (“DPA18”) defines direct marketing as “the communication (by whatever means) of 2, advertising41 KB (5,879 words) - 12:39, 23 March 2022
- ICO (UK) - We Buy Any Car Limited (category Article 4(11) GDPR)paragraph (2).” 5. Section 122(5) of the DPA 2018 defines “direct marketing” as “the communication (by whatever means) of any advertising material which 2 is directed41 KB (5,743 words) - 11:44, 21 September 2021
- CNIL (France) - SAN-2021-014 (category Article 16 GDPR)provided for in Article 16 of the Rules. 2. On the failure to comply with data erasure requests 39. According to article 17 of the GDPR "the data subject37 KB (6,021 words) - 07:23, 23 September 2021
- Rb. Noord-Nederland - C/ 18/189406/HA ZA 19-6 (category Article 32(2) GDPR)content: [article quoted] [article quoted] [article quoted] [article quoted] [article quoted] [article quoted] [article quoted] [article quoted] [article quoted]105 KB (18,002 words) - 16:24, 10 March 2022
- Court of Appeal - (2021) IECA 53 (category Article 4(11) GDPR)particular regard to Article 5(2) of the GDPR which established the principle of accountability in respect of a data controller. Article 5(1) provides, in136 KB (23,256 words) - 13:47, 29 April 2021
- APD/GBA (Belgium) - 04/2021 (category Article 5(1) GDPR)before May 25, 2018. 2.2. Consent and the lawfulness of the processing (Article 4, point 11, Article 6 (1) in conjunction with Article 7 GDPR) 121. With regard113 KB (18,732 words) - 16:50, 12 December 2023
- Rb. Amsterdam - C/13/663563 / HA RK 19-97 (category Article 6(1)(f) GDPR)the links on the grounds of Article 17(1)(a) GDPR and Article 17(1)(c) GDPR or whether the exception of Article 17(3)(a) GDPR about the freedom of expression37 KB (6,086 words) - 16:12, 10 March 2022
- APD/GBA (Belgium) - 57/2023 (category Article 12(2) GDPR)of: 1. Article 5 (1) (a) and (2) and Article 6 (1) GDPR; 2. Article 5, Article 24 (1) and 25 (1) and (2) GDPR; 3. Article 12 paragraph 1, paragraph 2, paragraph99 KB (15,129 words) - 09:21, 31 May 2023
- PHR - 22/01253 (category Article 15 GDPR)personal data in that assessment pursuant to Article 15(1) GDPR. However, Article 23(1)(i) GDPR and Article 41 UAVG provide the possibility of a restriction241 KB (42,617 words) - 14:14, 13 September 2022
- AD - AD 2021 nr 23 (category Article 6(1)(c) GDPR) (section Was the Tobacco agreement compatible with the GDPR?)court considered that it would be compatible with Article 6(1)(c) GDPR and Chapter 2, 1 § of the GDPR Implementation Act if the company followed the provision42 KB (6,521 words) - 08:48, 8 September 2021
- OLG Karlsruhe - 12 U 305/21 (category Article 12 GDPR)among other things, on Article 15 GDPR. The court of first instance decided to reject the claim and argued that Article 15 GDPR only provides data subjects38 KB (6,239 words) - 10:47, 15 February 2023
- Court of Appeal of Brussels - 2019/AR/1600 (category Article 13(2)(a) GDPR)violation of Article 6(1) GDPR; 2. Did not provide the complainant with enough information prior to the processing, in violation of Article 13 GDPR; 3. Processed60 KB (9,144 words) - 16:17, 22 March 2022
- VGH München - 4 CS 21.2254 (category Article 4 GDPR)function is given in Article 24(4) Gemeindeordnung (GO), a national law that specifies Article 6(1)(e) GDPR in accordance with Article 6(2) GDPR for processing43 KB (7,102 words) - 16:14, 23 March 2022
- APD/GBA (Belgium) - 15/2023 (category Article 5(2) GDPR)of Article 6(1)(e) are met. II.2. Article 5 of the GDPR, Article 24(1) of the GDPR and Article 25(1) and (2) of the AVG II.2.1. Article 5 (2) GDPR, Article105 KB (15,883 words) - 15:05, 8 March 2023
- ICO (UK) - HIV Scotland (category Article 32(2) GDPR)under the GDPR. 14. By Article 57(1) of the GDPR, it is the Commissioner'task to monitor and enforce the application of the GDPR. 15. By Article 58(2)(d)of55 KB (6,916 words) - 07:27, 26 October 2021
- AP (The Netherlands) - z2023-00037 (category Article 5(1)(a) GDPR)violation of Article 6 GDPR and Article 5(1)(a) GDPR (lawfulness) as it lacked a legal basis for processing. The Municipality sought to rely on Article 6(1)(e)42 KB (6,980 words) - 15:30, 21 November 2023
- IMY (Sweden) - DI-2022-2351/2372/2373/2374/2375 (category Article 12(2) GDPR)his rights. The DPA reprimands Google LLC under Article 58(2)(b) of the GDPR for breach of Article 12(2). Postal address: Box 8114 104 20 Stockholm Website:43 KB (6,954 words) - 10:19, 25 August 2022
- ICO (UK) - LTH Holdings Limited (category Article 4(11) GDPR)("the GDPR"): regulation 8(2) of the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019. Article 4(11)54 KB (6,922 words) - 11:45, 16 June 2021
- HDPA (Greece) - 44/2019 (category Article 5(2) GDPR)internal compliance and accountability according to Article 5(1) GDPR, Article 5(2) GDPR and Article 6(1) GDPR. Since the company had totally ignored the its127 KB (21,184 words) - 15:39, 6 December 2023
- AEPD (Spain) - PS/00070/2019 (category Article 5(2) GDPR)referred to Article 5(1)(a) (principle of lawfulness, fairness and transparency), Article 12(1), Article 7, Article 13 and Article 14 GDPR, the corresponding422 KB (70,184 words) - 13:56, 13 December 2023
- NS - 30 Cdo 3909/2023-174 (category Article 85 GDPR)of Directive 2002/58 and Article 1 paragraph 2 and points 3, 10 and 51 of the GDPR) and in the domestic context also Article 10, paragraph 3 of the Charter103 KB (16,947 words) - 08:34, 24 April 2024
- AEPD (Spain) - EXP202213792 (category Article 5(1)(c) GDPR)finding likely violations of Article 5(1)(c), 8, 9, 13 and 35 GDPR. The AEPD found a likely violation of Article 35 GDPR. Article 35 GPDR requires that a data178 KB (27,656 words) - 12:28, 7 May 2024
- AEPD (Spain) - EXP202213323 (category Article 5(1)(c) GDPR)Violation of article 35 of the GDPR................................................ ...................36 8.2. Violation of article 9 of the GDPR.........176 KB (27,432 words) - 07:43, 10 May 2024
- ICO (UK) - Mermaids (category Article 32(2) GDPR)By Article 58(2)(d) of the GDPR the Commissioner has the power to notify controllers of alleged infringements of GDPR. By Article 58(2)(i) she has the58 KB (7,695 words) - 09:00, 28 July 2021
- paragraph 3 of the aforementioned article, copies of the identity documents and copies of the documents, 2.5.2. According to article 21 paragraph 1 of the Trade46 KB (7,547 words) - 10:47, 24 March 2021
- CNIL (France) - SAN-2021-022 (category Article 13(2) GDPR)of the obligation to inform individuals pursuant to Article 13 of the GDPR 38. Article 13 of the GDPR requires the data controller to provide, at the time49 KB (7,295 words) - 10:16, 10 July 2022
- LOPD in accordance with the provisions of article2 LOPD -current article 2.2.a) LO 3/2018 that refers to article 2.2 of the General Regulation (EU) -.(ii)48 KB (7,584 words) - 12:55, 16 September 2021
- Datatilsynet (Norway) - 20/01772 (category Article 9(2)(d) GDPR)line with Article 17(1)(d) GDPR, the controller was obliged to delete data processed unlawfully, unless the exception of Article 17(3) GDPR (fulfillment53 KB (7,945 words) - 10:46, 24 January 2023
- BAG - 2 AZR 296/22 (category Article 17(1)(d) GDPR)according to Article 4 No. 2 GDPR, also includes their unlawful collection. However, according to Article 17 Paragraph 3 Letter e of the GDPR, there is an49 KB (8,060 words) - 13:00, 5 September 2023
- CNPD (Portugal) - Deliberaçao 2024/137 (category Article 13(2)(c) GDPR)provisions of Article 3o , Article 4(2) and Article 6(1)(b), all of the GDPR Implementing Law. 57. Under the terms of Article 55(1) of the GDPR, supervisory49 KB (7,923 words) - 14:36, 3 April 2024
- NSA - III OSK 6781/21 (category Article 17 GDPR)exemptions from the applicability of the GDPR for journalistic activity, based on Article 85(2) GDPR. According to Article 2(1) of the Polish Data Protection Act49 KB (7,938 words) - 15:32, 28 March 2023
- LArbG Baden-Württemberg - 2 Sa 16/21 (category Article 12(1) GDPR)employer violated their Article 15 GDPR obligations as a data controller. The plaintiff requested information under Article 15 GDPR from its former employer49 KB (8,074 words) - 08:33, 6 October 2022
- Garante per la protezione dei dati personali (Italy) - 9991064 (category Article 28(2) GDPR)Articles 32 to 36 GDPR, including those regarding the notification of personal data breaches. In particular, pursuant to Article 33(2) GDPR in the event of52 KB (8,196 words) - 15:46, 27 March 2024
- VG Hamburg - 21 K 1802/21 (category Article 9(2)(g) GDPR)§§ 2 ff. HmbKrebsRG Article 9 (1) GDPR, Article 6 (1) GDPR, Article 5 (1) in conjunction with Articles 12, 13 and/or Article 14 GDPR and/or Article 5 (1)115 KB (18,479 words) - 16:31, 25 January 2023
- FG Berlin-Brandenburg - 16 K 2059/21 (category Article 14(5)(b) GDPR)own data (cf. recital 7, sentence 2 to the GDPR). To this end, Article 8 (2) sentence 2 CFR and Article 15 (1) GDPR granted the data subject a right to117 KB (19,778 words) - 14:27, 13 April 2022
- NAIH (Hungary) - NAIH-3734-15/2023 (category Article 38(2) GDPR)legislation (30) Based on Article 2 (1) of the GDPR, the GDPR must be applied to the data processing in this case. (31) Recital (47) GDPR: The data controller48 KB (7,721 words) - 11:09, 10 January 2024
- VG Neustadt an der Weinstraße - 3 L 763/22.NW (category Article 6(1)(e) GDPR)court upheld Article 6(1)(e) GDPR as the legal basis for the processing of personal data. Furthermore, according to the court, Article 9(2)(j) GDPR states that54 KB (8,511 words) - 09:03, 16 December 2022
- CNIL (France) - SAN-2022-017 (category Article 21(2) GDPR)right of opposition of persons pursuant to Article 21 of the GDPR 60. According to Article 21.2 of the GDPR: “when the personal data are processed for59 KB (8,323 words) - 11:51, 31 August 2022
- OGH - 6Ob48/21h (category Article 80 GDPR)data as part of the credit check is based on Article 6 Paragraph 1b GDPR and Article 6 Paragraph 1f GDPR. We basically have a legitimate interest in carrying50 KB (8,140 words) - 12:09, 1 October 2021
- APD/GBA (Belgium) - 72/2021 (category Article 6(1)(e) GDPR)conditions provided for in Article 6.1.e) are met by the species. Under Article 6.3.b) and recital 45 of the GDPR, processing based on Article 6.1.e) must meet two57 KB (8,330 words) - 11:53, 30 June 2021
- ICO (UK) - AMEX (category Article 4(11) GDPR)communication. 2 • ICO. Information Commissioner's Office (4) A subscriber shall not permit his line to be used in contravention of paragraph (2)." 5. Section72 KB (8,623 words) - 10:38, 26 May 2021
- NAIH (Hungary) - NAIH-373-31/2023 (category Article 5(2) GDPR)this regard [GDPR Article 14 (2) b) ]. (iv) The prospectus did not provide any information regarding data subject rights [GDPR Article 14 (2) c)]. In the140 KB (23,189 words) - 08:25, 20 February 2024
- ICO (UK) - The Money Hive Limited (category Article 4(11) GDPR)("the GDPR"): regulation 8(2) of the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019. Article 4(11)63 KB (8,280 words) - 14:53, 2 March 2022
- CNIL (France) - SAN-2022-009 (category Article 28 GDPR)requirements of Article 28(3) GDPR. The processor did not dispute this violation. However, it claimed that it was not solely responsible as Article 28(3) GDPR imposes52 KB (8,268 words) - 13:02, 27 April 2022
- AEPD (Spain) - PS/00197/2020 (category Article 58(2) GDPR)6(1)(b), 5(1)(b) and 5(1)(c) GDPR? The Spanish DPA (AEPD) deemed itself competent under Article 58(2) GDPR in conjunction with Article 47 of the Spanish Data129 KB (21,793 words) - 14:09, 13 December 2023
- CNIL (France) - SAN-2024-003 (category Article 4(11) GDPR)that there was no breach of Article 32 GDPR. Thus, the CNIL imposed a €310,000 fine on the controller for breaching Article 6 GDPR. To grasp the notion of52 KB (8,208 words) - 10:44, 13 March 2024
- the meaning of Article 9 of the GDPR must indeed be based on Article 9.2 of the GDPR, read in conjunction with Article 6.1 of the GDPR. 24 This has been207 KB (31,357 words) - 14:21, 8 June 2022
- Datatilsynet (Norway) - 23/00708 (category Article 5(2) GDPR)violating Article 5(1)(f) GDPR, Article 32(1) GDPR, Article 32(2) GDPR, Article 32(4) GDPR, as well as Article 5(2) GDPR, Article 24(1) GDPR and Article 24(2)59 KB (8,718 words) - 14:50, 20 December 2023
- OVG Münster - 16 A 1582/21 (category Article 12(5) GDPR) (section Processing of Personal Data Partly by Automated Means, Article 2(1) GDPR)12(5)(1) GDPR apply. However, it leaves open whether the material scope of application of the GDPR is opened or not opened due to Article 2(2)(a) GDPR. In any123 KB (20,784 words) - 10:11, 26 November 2021
- UODO (Poland) - DKN.5131.43.2022 (category Article 5(2) GDPR)the controller was in breach of Article 33(1) GDPR, Article 33(3) GDPR, Articles 34(1) and 34(2) GDPR, and Article 5(2) GDPR, Firstly, the Polish DPA held57 KB (9,261 words) - 08:13, 25 October 2023
- ICO (UK) - Monetary Penalty Notice to Easylife Limited (category Article 5(1)(a) GDPR)the GDPR and the DPA. They are obliged by Article 5(2) to adhere to the data processing principles set out in Article 5(1) of the GDPR. Article 5(2) makes77 KB (9,347 words) - 07:39, 13 October 2022
- OLG Celle - 13 U 84/19 (category Article 82(2) GDPR)from the scope of Article 16 GDPR, in my opinion, already follows from the word "inaccurate" in the first sentence of Article 16 GDPR and does not need53 KB (8,795 words) - 11:53, 2 March 2022
- OGH - 6Ob129/21w (category Article 4(1) GDPR)provisions of the GDPR under national law implementing Article 85 GDPR. Processing can be based on legitimate interests under Article 6(1)(f) GDPR. In 2019, the60 KB (9,555 words) - 14:13, 2 March 2022
- BGH - VI ZB 39/18 (category Article 6(1)(c) GDPR)democratic society as required under Article 23(1)(j) GDPR. Moreover, the exception provided for under Article 6(4) GDPR which allows processing for different53 KB (8,894 words) - 15:56, 22 March 2022
- OLG München - 18 U 5493/19 Pre (category Article 99(2) GDPR)Art. 3 para. 1 BGB § 307 para. 1, para. 2, para. 3 TMG § 3 para. 2 p. 1, § 13 As. 4 p. 1 GDPR Art. 99 para. 2 Guiding principles: (1) The operator of a58 KB (9,657 words) - 14:01, 20 September 2021
- OGH - 6Ob56/21k (category Article 2(2)(c) GDPR)obliged to comply with the GDPR provisions as a processor, while the controller could invoke the exemption of Article 2(2)(c) GDPR. The court then refers to127 KB (21,056 words) - 08:17, 19 August 2021
- CNIL (France) - SAN-2021-019 (category Article 5(2) GDPR)minimization (Article 5(1)(c) GDPR). The investigation also revealed other breaches with respect to the principle of storage limitation (Article 5(1)(e) GDPR). Indeed57 KB (9,375 words) - 14:23, 15 November 2021
- CNIL (France) - SAN-2023-023 (category Article 5(1)(e) GDPR)12 and 13 of the GDPR constitute breaches of key principles of the GDPR likely to be subject to, under Article 83 of the GDPR. GDPR, an administrative60 KB (9,512 words) - 10:08, 31 January 2024
- CNIL (France) - Deliberation of the restricted training n°SAN-2022-021 of November 24, 2022 concerning the company ELECTRICITÉ DE FRANCE (category Article 5 GDPR)obligations under Article 21 of the GDPR. Fourthly, EDF breached its obligation to guarantee data security as prescribed in Article 32 of the GDPR. In particular52 KB (8,315 words) - 21:54, 6 March 2024
- CNIL (France) - SAN-2021-012 (category Article 14 GDPR)the meaning of the provisions of article 3-2)-b) of the GDPR and therefore falls within the territorial scope of the GDPR and the provisions of the Data55 KB (8,897 words) - 13:56, 21 November 2023
- VSRS - II Ips 23/2020 (category Article 17 GDPR)has in relation to the general public, the same effect as an erasure (Article 17 GDPR). It would be excessive and contrary to the mission of the media to55 KB (9,115 words) - 09:22, 7 June 2022
- processing requirement of the Section 2D of the Data Protection Act 1988. 2. Based on the Court’s analysis of Article 29 of the Data Protection Directive64 KB (9,589 words) - 16:15, 1 June 2022
- LG Essen - 6 O 190/21 (category Article 33 GDPR)violated Article 34(2) GDPR, because he only informed the data subject of the alleged data loss. However, the information obligations of Article 34 GDPR provide28 KB (4,596 words) - 18:30, 18 November 2021
- APD/GBA (Belgium) - 165/2023 (category Article 5(2) GDPR)of: 1. Article 5.1.f) and 5.2 of the GDPR, Article 24.1 of the GDPR, Article 25.1 of the GDPR and Articles 32.1 and 32.2 GDPR; 2. Articles 35.1, 35.2, 3567 KB (9,908 words) - 11:09, 10 January 2024
- VGH München - 5 BV 20.2104 (category Article 2(2)(d) GDPR)the GDPR pursuant to Article 2(2)(d). Article 79 GDPR does not explicitly limit judicial remedies to the rights enshrined in Chapter III of the GDPR. Following61 KB (10,218 words) - 12:31, 13 June 2023
- APD/GBA (Belgium) - 71/2022 (category Article 5(2) GDPR)12(2) and 21(2), (4) GDPR. Consequently, the DPA held that the controller violated Article 5(1)(a), (c), (2), 6(1), 12(2) and 21(2), (4) GDPR and, therefore69 KB (10,468 words) - 07:37, 9 June 2022
- BVwG - W256 2235360-1 (category Article 4 GDPR)case law of the highest courts on Article 6(1)(e) of the GDPR, Article 9(2)(g) of the GDPR and Article 22 of the GDPR in connection with profiling. It was67 KB (10,431 words) - 08:39, 21 February 2024
- NAIH (Hungary) - NAIH-7058-5/2022 (category Article 7(2) GDPR)unlawful. The processing violated Article 7(2) GDPR, Article 7(4) GDPR and Article 6(1)(a) GDPR. The controller was fined 2,000,000 HUF (approx. €5,080). In66 KB (10,499 words) - 08:55, 10 February 2023
- APD/GBA (Belgium) - 110/2023 (category Article 5(2) GDPR)breach of the principle of accountability under Article 5(2) GDPR and Article 33(5) GDPR. Article 5(2) GDPR establishes the principle of accountability which66 KB (9,820 words) - 10:13, 13 September 2023
- BVwG - W256 2234976-1 and W256 2234976-2 (category Article 4(2) GDPR)the basis of consent by the data subject under Article 6(1)(a) GDPR. Hence, pursuant to Article 6(1)(f) GDPR, the court further examined whether processing65 KB (10,586 words) - 15:06, 18 January 2024
- NAIH (Hungary) - NAIH-85-3/2022 (category Article 5(2) GDPR) (section Fine and order to comply with GDPR)(EU) No Article 5 (1) (a) and (b), Article 6 (1), Article 6 (4) Article 12 (1), Article 13, Article 21 (1) and (2), Article 24 (1), Article 25 Article 1 (1)147 KB (23,028 words) - 13:36, 28 February 2023
- ICO (UK) - Cabinet Office (category Article 5(1)(f) GDPR)the GDPR and DPA 2018. They are obliged by Article 5(2) of the GDPR to adhere to the data processing principle set out in Article 5(1). 8. Article 5(1)(f)79 KB (10,566 words) - 10:48, 7 December 2021
- ICO (UK) - Tuckers Solicitors LLP (category Article 5(1)(f) GDPR)By Article 58(2)(d) of the GDPR, the Commissioner has the power to notify controllers of alleged infringementof GDPR. By Article 58(2)(i) he has the power87 KB (10,588 words) - 14:32, 16 March 2022
- AEPD (Spain) - EXP202202960 (category Article 13 GDPR)violation of Article 35 of the GDPR, Article 32 of the GDPR and Article 13 of the GDPR, typified in Articles 83.5 of the RGPD and Article 83.4 of the RGPD149 KB (22,597 words) - 12:34, 3 April 2024
- OLG München - 18 U 2822/19 Pre (category Article 4 GDPR)names did not require the consent of the users pursuant to Article 6(1)(a) GDPR and Article 7 GDPR, therefore there was no violation of these provisions. If59 KB (9,846 words) - 14:03, 20 September 2021
- CNIL (France) - SAN-2023-015 (category Article 7(1) GDPR)of Article 12 GDPR, Article 13 GDPR, Article 14 GDPR, Article 15 GDPR, Article 28 GDPR, Article 32 GDPR and Article 33 GDPR, as well as of Article L. 34-567 KB (10,546 words) - 13:55, 25 October 2023
- APD/GBA (Belgium) - 07/2024 (category Article 5(1)(c) GDPR)the GDPR: i. Articles 5.1.a) and 5.2, as well as Article 6.1 GDPR; ii. Articles 12.1 and 12.2, Article 15.1, Article 5.2, Article 24.1, and Article 25.1350 KB (51,369 words) - 09:25, 31 January 2024
- violation of Article 5.1.c) of the GDPR, Article 6 of the GDPR, Article 9 of the GDPR, Article 12 of the GDPR, Article 35 of the RGPD, Article 13 of the RGPD337 KB (50,591 words) - 15:29, 5 August 2021
- APD/GBA (Belgium) - 162/2022 (category Article 5(2) GDPR)breach of Article 12(1) and (6) GDPR, Article 13(1) and (2) GDPR and Article 14(1) and (2) GDPR, Article 5(2) GDPR, Article 24(1) GDPR and Article 25(1) of71 KB (10,426 words) - 08:21, 23 November 2022
- LG Frankfurt am Main - 2-24 O 156/21 (category Article 80(2) GDPR)claim under Article 80(1) GDPR and Article 80(2) GDPR. Also, the court clarified, making reference to CJEU case C-319/20, that Article 80(2) GDPR does not70 KB (11,309 words) - 14:37, 21 December 2023
- VGH Baden-Württemberg - 1 S 1739/20 (category Article 5 GDPR)freedom (Article 2.2 sentence 2 of the Basic Law) and her general right of personality (Article 2.1 of the Basic Law in conjunction with Article 1.1 of the66 KB (10,911 words) - 08:49, 21 June 2022
- BGH - I ZR 2/21 (category Article 85(2) GDPR)relief does not result from § 1004 Section 1 Clause 2, § 823 Section 1 BGB, Article 1 Section 1, Article 2 Section 1 GG because of a violation of the plaintiff's66 KB (11,440 words) - 15:55, 30 March 2022
- Datatilsynet (Norway) - 0/02422 (category Article 58(2)(i) GDPR)violation of Article 12(3) GDPR and Article 15 GDPR due to a failure to respond to an access request that was submitted around a month after the GDPR became162 KB (24,007 words) - 19:41, 15 February 2023
- Datainspektionen - DI-2019-7024 (category Article 5(1)(f) GDPR)referred to in Article 9 (1) or of personal data relating to convictions in criminal cases and infringements referred to in Article 10. 2.2 The responsibility70 KB (11,103 words) - 11:43, 7 April 2022
- LG Deggendorf - 33 O 461/22 (category Article 82 GDPR)I GDPR, para. 18- processed without a legal basis, Art. 6, 7 GDPR, and sufficient information within the meaning of Art. 13, 14 GDPR, Art. 4 No. 2 GDPR66 KB (11,183 words) - 09:28, 12 July 2023
- LG Frankfurt am Main - 2-03 O 48/19 (category Article 16 GDPR)and the sanction in No. 3.2 of the Terms of Use which is linked to it do not violate § 307 (1) sentence 2 or (2) BGB. Clause 3.2 of the Terms of Use links66 KB (10,899 words) - 08:33, 8 September 2021
- AEPD (Spain) - PS/00413/2021 (category Article 5(1)(c) GDPR)letter k) of article 83.2 of the GDPR, the LOPDGDD, in its article Article 76, "Sanctions and corrective measures", establishes that: "2. In accordance69 KB (11,301 words) - 10:49, 23 March 2023
- CNIL (France) - SAN-2021-021 (category Article 12 GDPR)arising from Article 25 of the GDPR. 5. The breach relating to the obligation to ensure the security of personal data 97. Article 32 of the GDPR provides that:69 KB (11,291 words) - 15:15, 19 January 2022
- CNIL (France) - SAN-2024-004 (category Article 4(11) GDPR)there was a breach of Article 14 GDPR. Finally, regarding the security of processing, the CNIL indicated that under Article 32 GDPR, the controller must69 KB (10,971 words) - 11:00, 17 April 2024
- DPC (Ireland) - IN-19-7-6 (category Article 17 GDPR)from the GDPR under Article 2(2) of the GDPR. 165. Article 2(2) of the GDPR outlines certain types of processing of personal data to which the GDPR does not513 KB (85,155 words) - 13:25, 8 July 2023
- CNPD (Luxembourg) - Délibération n° 35FR/2021 (category Article 5(1)(c) GDPR)elements provided for in Article 83.2 of the GDPR: As to the nature and seriousness of the violation (article 83.2.a) of the GDPR), the Restricted Training81 KB (11,748 words) - 10:59, 17 November 2021
- NAIH (Hungary) - NAIH-3195-11/2022 (category Article 5(1)(a) GDPR)14 GDPR, in Article 15 GDPR to Article 22 GDPR, and in Article 34 GDPR. The information has to be provided in a concise, transparent, intelligible manner78 KB (12,303 words) - 08:48, 23 February 2023
- VG Cottbus - VG 4 K 1191/19 (category Article 4(2) GDPR)is done using a water meter and its readout. Article 12(5) GDPR in conjunction with Article 18(1)(d) GDPR does not prevent the charging of an administrative75 KB (12,396 words) - 12:11, 30 March 2022
- AEPD (Spain) - EXP202201681 (category Article 13 GDPR)imposition of measures, according to article 58.2 d) of the GDPR. Along with it and In accordance with article 58.2 of the GDPR, it was also indicated that the195 KB (30,495 words) - 12:40, 13 December 2023
- AEPD (Spain) - EXP202305587 (category Article 5(1)(f) GDPR)sanction for both Article 5(1)(f) and 32 GDPR in this case would constitute a double violation of the GDPR, when in fact Article 5(1)(f) GDPR is merely a concretion285 KB (44,507 words) - 11:21, 30 April 2024
- CNIL (France) - SAN-2023-024 (category Article 6(1) GDPR)regarding the controllership, the CNIL noted that Article 4(7) GDPR applied due to the reference made by Article 2 of the ePrivacy directive. The CNIL considered76 KB (12,140 words) - 13:55, 28 February 2024
- NAIH (Hungary) - NAIH/2020/1154/9 (category Article 6(1)(f) GDPR)(2) (f) and Article 14 (2) (g), Article 14 (1) andArticle 15 (1) (h) and Article 21 (1)infringement of Article 18 (1) (a) and (d).order the restriction192 KB (30,170 words) - 10:11, 17 November 2023
- CNIL (France) - Deliberation SAN-2022-024 of December 20, 2022 (category Article 4(11) GDPR)the aforementioned article . 2. On the conditions for obtaining consent 60. In law, the "ePrivacy" directive provides in its article 2, f), that the consent73 KB (11,822 words) - 11:58, 11 January 2023
- CNIL (France) - SAN-2023-009 (category Article 7(1) GDPR)violation of Article 7(1) GDPR. D. On the breach of the obligations of information and transparency 81. Article 12, paragraph 1, of the GDPR provides that:78 KB (12,701 words) - 10:11, 28 June 2023
- regarding Article 6(1) GDPR and consent requirements regulated previously to GDPR. The fact that the infringements related to Article 25 GDPR did not include440 KB (73,154 words) - 09:44, 12 May 2021
- UODO (Poland) - DKN.5112.5.2021 (category Article 5(2) GDPR)with GDPR provisions, this includes obtaining proof of consent in line with Article 7(1) GDPR. Especially in the context of Article 9(2)(a) GDPR, the explicit82 KB (13,363 words) - 14:11, 18 January 2023
- APD/GBA (Belgium) - 46/2022 (category Article 5(1)(a) GDPR)responsibility – article 5.2. of the GDPR) and to implement all the measures necessary for this purpose (Article 24 of the GDPR). 26. Pursuant to Article 5.1.a)86 KB (12,864 words) - 06:37, 23 February 2023
- APD/GBA (Belgium) - 101/2022 (category Article 5(2) GDPR)arising from Article 5.2 and Article 24 GDPR whereby it is up to the defendant to demonstrate that it also acts in accordance with Article 5.1.f GDPR namely:88 KB (13,264 words) - 09:09, 29 June 2022
- OLG Koblenz - 5 U 2141/21 (category Article 82 GDPR)compare § 31(2) BDSG). The court further assessed the requirements of Article 82 GDPR in length. It established that the Article 82(1) GDPR requires the81 KB (13,639 words) - 18:14, 7 June 2022
- NAIH (Hungary) - NAIH-2501-10/2022 (category Article 5(1)(a) GDPR)required under Article 13 GDPR, as well as the fact of data transfer abroad, were completely missing. The DPA stated that Article 13 GDPR only provides90 KB (14,299 words) - 13:52, 2 February 2023
- APD/GBA (Belgium) - 188/2022 (category Article 5(2) GDPR)is: 1. a breach of Article 5 of the GDPR, Article 24(1) of the GDPR and Article 25(1) paragraph 2 of the GDPR; and 2. a breach of Article 12 paragraph 1 and95 KB (14,325 words) - 14:27, 25 January 2023
- FG München - 15 K 118/20 (category Article 4(7) GDPR)the GDPR under Article 2(2)(a) GDPR. Furthermore, the court extensively discussed the material scope of application according to Article 2(1) GDPR. At85 KB (14,338 words) - 22:04, 9 February 2022
- Rb. Amsterdam - C/13/687315 / HA RK 20-207 (category Article 4(1) GDPR)subject falls outside of the scope of Article 20 GDPR. The data that falls under Article 20 is less than under Article 15 GDPR. The court also considered that82 KB (14,053 words) - 16:25, 25 March 2021
- APD/GBA (Belgium) - 11/2022 (category Article 4(1) GDPR)fairness (article 5.1. a) and the information obligations of Article 13.2 (a) and (e) of the GDPR). 54. Under Articles 5.2 and 24 of the GDPR, the controller92 KB (13,989 words) - 14:56, 3 February 2022
- OLG Hamm - 11 U 88/22 (category Article 82 GDPR)2022, Article 82 GDPR, paragraph 20; Nemitz, in: Ehmann/Selmayr, GDPR, 2nd edition 2018, Article 82, paragraph 20; Gola/Piltz, in: Gola/Heckmann, GDPR/ BDSG85 KB (14,523 words) - 05:28, 26 April 2023
- regarding Article 6(1) GDPR and consent requirements regulated previously to GDPR. The fact that the infringements related to Article 25 GDPR did not include457 KB (75,575 words) - 09:36, 12 May 2021
- APD/GBA (Belgium) - 57/2021 (category Article 5(2) GDPR)result of the violations of article 5.1 a), article 5.2, article 6.1, article 12.1, article 13.1 c) and d) and article 13.2 b) GDPR. 21. On 17 June 2020, the99 KB (15,064 words) - 14:05, 2 June 2021
- VwGH - 2021/04/0030-4 (category Article 5 GDPR)access under Article 15 GDPR and for violating the principles of data minimisation (Article 5(1)(c) GDPR), confidentiality (Article 5(1)(f) GDPR) and the controller’s92 KB (15,327 words) - 08:27, 10 May 2024
- UODO (Poland) - DKN.5131.42.2022 (category Article 34(2) GDPR)court decisions. The DPA found a breach of Article 33 GDPR and Article 34(1) and (2) GDPR resulting in a fine of €2,324. Share your comments here! Share blogs95 KB (15,337 words) - 16:38, 19 March 2024
- AEPD (Spain) - PS/00267/2021 (category Article 83(2)(e) GDPR)involve a breach of the provisions of Article 6 of the GDPR, in relation to Article 22 of the LOPDGDD. Article 6 of the GDPR has four paragraphs, which in turn193 KB (32,580 words) - 11:16, 15 June 2022
- First-tier Tribunal - Clearview AI Inc. v ICO (category Article 3(2)(b) GDPR)also submits that were the criteria in Article 3(2)(b) to be met, both Article 2(2)(a) GDPR/ Article 3(2A) UK GDPR operate to take this case beyond the material99 KB (16,103 words) - 08:41, 25 October 2023
- AEPD (Spain) - PS/00006/2022 (category Article 12 GDPR)violation of the Article 12 of the GDPR, in conjunction with Article 17 of the GDPR. V Classification of the infringement of article 12 of the GDPR The aforementioned54 KB (8,870 words) - 10:43, 13 December 2023
- AP (The Netherlands) - 23.09.2021 (category Article 32(2) GDPR)which led to a (sensitive) data breach, in violation of Article 32(1) and Article 32(2) GDPR In Oktober 2019, a malicious third party gained unauthorized66 KB (8,861 words) - 17:08, 12 December 2023
- OLG Köln - 6 U 58/23 (category Article 44 GDPR)plaintiff derives his legitimacy from Section 2 Paragraph 2 Sentence 1 No. 11 UKlaG or from Article 80 Paragraph 2 GDPR and only has to show that it concerns data118 KB (19,824 words) - 10:49, 6 February 2024
- CNIL (France) - SAN-2023-021 (category Article 5(1)(c) GDPR)highly intrusive and therefore could not be based on Article 6(1)(f) GDPR. Secondly, Article 5(1)(c) GDPR indicates that personal data should be adequate,115 KB (18,607 words) - 11:00, 6 February 2024
- AEPD (Spain) - PS/00477/2019 (category Article 6 GDPR)Violation of article 24.2 of the Constitution, presumption of innocence. First, it invokes Articles 24.2, 103.1 and 2 of the EC, and Article 6 of the Convention566 KB (93,179 words) - 13:43, 13 December 2023
- Court of Appeal of Brussels - 2020/AR/1160 (Second Interim Decision) (category Article 94(2) GDPR)the GDPR. Would judge otherwiseindeed contradict :o the wording of Article L2.2 in conjunction with Article 2.f) of the ePrivacy Directive,o Article 8 of67 KB (10,544 words) - 09:24, 10 September 2021
- AEPD (Spain) - EXP202205206 (category Article 5(1)(f) GDPR)alleged violation of Article 5.1.f) of the RGPD and Article 32 of the GDPR, typified in Article 83.5 of the GDPR and Article 83.4 of the GDPR. C/ Jorge Juan263 KB (41,516 words) - 09:29, 24 April 2024
- LAG Düsseldorf - 12 Sa 186/19 (category Article 9 GDPR)interests of the data subject. 174 (4.2.2.) Article 9 (2) (h) GDPR confirms the provision of Article 9 (2) (b) GDPR in relation to the health sector (Weichert120 KB (20,753 words) - 17:06, 7 March 2022
- "arguable that the case falls within Article 3(2)(b) GDPR." It gave the example of "a more compelling case under Article 3(2) [GDPR constitutes] someone who uses122 KB (20,830 words) - 10:42, 12 January 2022
- BVwG - W274 2243598-1 (category Article 85(2) GDPR)without their consent, the controller violated Article 13 GDPR, Article 6 GDPR, Article 9 GDPR and Article 15 GDPR. The data subject thus filed a complaint with122 KB (20,266 words) - 16:25, 31 October 2023
- Garante per la protezione dei dati personali (Italy) - 9856345 (category Article 5(2) GDPR)controller. Pursuant to Article 5(2) GDPR, it was the controller's responsibility to make sure that measures were adopted to ensure GDPR compliance, which was133 KB (21,637 words) - 07:03, 7 March 2023
- NAIH (Hungary) - NAIH-5114-35/2022 (category Article 58(2)(f) GDPR)legitimate interest. Based on Article 2 (1) of the GDPR, the GDPR must be applied to the data management in this case. GDPR Article 4, point 1: "personal data":146 KB (22,679 words) - 15:52, 3 May 2023
- APD/GBA (Belgium) - 77/2023 (category Article 5(1)(a) GDPR)storage (Article 5.1.b, 5.1.c, 5.1.d and 5.1.e of the GDPR); - Violation of the principle of legality (article 5.1.a of the GDPR); - Violation of Article 10150 KB (22,339 words) - 09:50, 21 June 2023
- BVwG - W214 2225733-1 (category Article 5 GDPR)4 DSG §1 DSG §24 GDPR Art12 GDPR Art14 GDPR Art32 GDPR Art5 GDPR Art57 GDPR Art58 GDPR Art6 GDPR Art77 GDPR Art83 VwGVG §28 paragraph 2 saying W214 2225733-1/17E140 KB (23,138 words) - 15:13, 19 August 2022
- APD/GBA (Belgium) - 15/2021 (category Article 5(2) GDPR)rectification.(article 16 of the GDPR), the right to be forgotten (article 17 of the GDPR), and the right to limit the use ofdata processed unlawfully (article 1885 KB (13,724 words) - 16:52, 12 December 2023
- VGH München - 7 CE 20.1822 (category Article 4(1) GDPR)para. 1 VwGO § 123 (1) sentence 2, § 146, § 152, § 154 (2) ZPO § 920 Basic Law Article 5(1) GKG § 47, § 52 (2), § 53 (2) No. 1 Keywords: Press law information25 KB (3,916 words) - 12:37, 31 January 2022
- Tietosuojavaltuutetun toimisto (Finland) - 8492/163/20 (category Article 58(2)(d) GDPR)administrative penalty fee: 1) Article 5, Paragraph 1, subparagraphs d and a; 2) Article 13; 3) paragraph 3 of Article 12; and 4) Article 15(1). Viking Line Oy149 KB (24,224 words) - 12:20, 2 January 2023
- OLG Hamm - 20 U 146/22 (category Article 12(5)(b) GDPR)meaning of Article 4(1) GDPR. Nevertheless, in this case the controller had the right to disregard the request in light of Article 12(5)(b) GDPR, as the latter30 KB (4,784 words) - 08:39, 8 August 2023
- ArbG Duisburg - 5 Ca 877/23 (category Article 12 GDPR)of €10,000 under Article 82(1) GDPR for a violation of Articles 15 GDPR and 12(3) GDPR. The LAG held that a mere violation of the GDPR does not give rise27 KB (4,303 words) - 15:09, 6 December 2023
- VG Köln - 25 K 2138/19 (category Article 16 GDPR)claim was Article 16 GDPR, as § 12 Bundesmeldegesetz (BMG - Federal Registration Act) clarifies. Then, it held that the legal requirements of Article 16 GDPR39 KB (6,235 words) - 11:14, 15 June 2022
- AEPD (Spain) - PS/00140/2020 (category Article 58(2)(d) GDPR)according to Article 58(2)(d) GDPR. First, the AEPD established that the GDPR was applicable under Article 3(1) GPDR or, if not, at least Article 3(2)(a) GDPR390 KB (63,154 words) - 07:08, 9 June 2022
- VG Schwerin - 1 A 1254/20 SN (category Article 78(2) GDPR)his claim on Article 78(1) of the GDPR in conjunction with Article 57 of the GDPR. Article 57 of the GDPR. The scope of Article 57 of the GDPR is indeed open37 KB (6,156 words) - 10:12, 26 May 2021
- DPC (Ireland) - WhatsApp Ireland Limited - IN-18-12-2 (category Article 13(2)(a) GDPR) (section Articles 13(1) and 13(2) GDPR)the relevant provisions of the GDPR are Article 14, read in conjunction with Article 12(1). 28. Article 14 of the GDPR concerns transparency in the context830 KB (115,261 words) - 15:37, 22 February 2022
- AEPD (Spain) - PS/00331/2022 (category Article 25 GDPR)virtue of article 4.7 of the GDPR. The GDPR provides, in its article 56.1, for cases of cross-border processing, provided for in its article 4.23), in240 KB (38,122 words) - 13:54, 28 February 2024
- UOOU (Czech Republic) - UOOU-01025/20-121 (category Article 5 GDPR)legal basis under Article 6(1) GDPR and in violation of transparency obligations in the privacy policy under Article 5(1)(a) and 13 GDPR. The DPA in the246 KB (39,598 words) - 09:26, 24 April 2024
- AEPD (Spain) - PS/00368/2021 (category Article 6(1) GDPR)required by Article 13 GDPR. Furthermore, the AEPD, highlighted that the RFEF did not provide the information required by Article 13(3) GDPR about further246 KB (41,139 words) - 14:25, 24 November 2022
- VG Schwerin - 1 A 1343/19 SN (category Article 58(2) GDPR) (section Expert Opinion as Personal Data Within the Meaning of Article 4(1) GDPR)within the meaning of Article 58(2)(c) of the GDPR. c of the GDPR. Recital52 Rights within the meaning of Article 58(2)(c) of the GDPR are, first and foremost61 KB (10,071 words) - 14:28, 14 July 2021
- UODO (Poland) - DKN. 5131.27.2022 (category Article 33(1) GDPR)accordance with the law (Article 2 of the Act on land and mortgage registers and mortgage and Article 20 (1) point 1 and Article 24 section 2 of the Geodetic and80 KB (13,127 words) - 07:57, 14 September 2022
- OLG Köln - 15 U 108/23 (category Article 82 GDPR)damages either under Article 82 (1) GDPR or on any other basis for the claim. 32aa. The scope of application of Article 82 Para. 1 GDPR is open in terms of81 KB (13,415 words) - 09:47, 15 February 2024
- AEPD (Spain) - PS/00281/2022 (category Article 58(2)(c) GDPR)for a violation of article 58.2 c) of the GDPR, in accordance with article 83.6 of the GDPR, classified as very serious in article 72.1.m) of the LOPDGDD313 KB (53,033 words) - 10:20, 7 June 2023
- AEPD (Spain) - PS/00500/2020 (category Article 4(4) GDPR)Therefore, consent was not valid as a legitimate basis from Article 6(1) GDPR, in relation to Article 7 GDPR, and thus processing was unlawful. On these grounds408 KB (64,616 words) - 14:28, 24 November 2022
- AEPD (Spain) - PS/00226/2020 (category Article 6 GDPR)violation of Article 7(4) GDPR. Based on these considerations, the AEPD issued a €2,000,000 fine against Caixabank for infringing Article 6 GDPR in relation373 KB (61,959 words) - 14:17, 9 March 2022
- LG Berlin - 31 O 714/21 (category Article 15 GDPR)The Regional Court of Berlin held that a right to information under Article 15 GDPR cannot be enforced by way of an interim injunction, since there is no94 KB (15,693 words) - 13:55, 6 April 2022
- LAG Düsseldorf - 12 Sa 18/23 (category Article 82 GDPR)tried to base the processing on contract (Article 6(1)(b) GDPR) or legitimate interest (Article 6(1)(f) GDPR), the requirement of necessity was not met102 KB (17,108 words) - 09:44, 15 February 2024
- Datatilsynet (Norway) - 21/03126 (category Article 58(2)(i) GDPR)currently pending. Pursuant to Article 58(2)(i) GDPR and Article 83(4)(a) GDPR, the DPA imposed an administrative fine of €220,337 (NOK 2 500 000) against Argon133 KB (19,309 words) - 05:16, 24 March 2023