Search results
From GDPRhub
- leeway exists only in cases of Article 64(2) GDPR but not the context of Article 70(2) GDPR. According to Article 70(3) GDPR, the EDPB is obligated to “forward27 KB (3,038 words) - 12:19, 11 October 2023
- Article 58 GDPR (category GDPR Articles) (section (d) Order to bring processing in compliance with the GDPR)access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction (Article 18 GDPR), notification (Article 19 GDPR) or data46 KB (5,825 words) - 11:12, 7 November 2023
- Article 69 GDPR (category Article 69 GDPR)proposed amendments to the GDPR (pursuant to Article 70(1)(b) GDPR). Although not explicitly mentioned in Article 69(2) GDPR, the requirement that the Board18 KB (1,327 words) - 12:36, 14 December 2023
- Article 71 GDPR (category Article 71 GDPR)practices published under Article 70(3) GDPR. Though Article 70(3) GDPR already obliges the EDPB to make these public, Article 71(2) GDPR ensures that the public15 KB (1,196 words) - 08:15, 19 October 2023
- Article 57 GDPR (category GDPR Articles) (section (a) Monitor and enforce the application of the GDPR)commentary to Article 60 GDPR, Article 61 GDPR, Article 62 GDPR, Article 63 GDPR, Article 64 GDPR, Article 65 GDPR, Article 66 GDPR and Article 56 GDPR. The SA60 KB (7,796 words) - 20:12, 1 April 2024
- Article 76 GDPR (category Article 76 GDPR)1049/2001. More specific provisions include Articles 64(5)(b), 65(5), 70(3) and 70(4) GDPR, which regulate the publication of opinions and resolutions of the15 KB (787 words) - 08:17, 19 October 2023
- decisions pursuant to Article 65 GDPR (Article 70(1)(t) GDPR). Article 68 GDPR is the first of nine Articles (Articles 68-76 GDPR) governing the EDPB set20 KB (1,632 words) - 10:01, 11 October 2023
- Article 65 GDPR (category GDPR Articles) (section (4) Supervisory authorities (SAs) prohibited to adopt any measure during the procedure)lead SA (“LSA”) (Article 65(1)(b) GDPR), and where a SA is not following an opinion of the EDPB (Article 6(1)(c) GDPR). Article 65(1)(a) GDPR addresses the33 KB (4,185 words) - 16:09, 2 November 2023
- Article 13 GDPR (category GDPR Articles) (section Automated decision-making ... referred to in Article 22(1) and (4))reliance on Article 6(1)(f) GDPR or at least exercise the right to object under Article 21 GDPR. If the legal basis is Article 6(1)(f) GDPR (i.e. 'legitimate71 KB (9,532 words) - 13:30, 6 March 2024
- between Article 21(3) GDPR and Article 17 GDPR on the right to erasure must be considered. The tight relationship between Article 21(3) and Article 17(1)(c)49 KB (5,993 words) - 06:22, 16 June 2023
- such as profiling (see also Article 4(4) GDPR); Restriction (marking for limited further processing, see also Article 4(3) GDPR), such as deactivation of125 KB (16,328 words) - 16:01, 8 March 2024
- Article 5 GDPR (category GDPR Articles)consent under Article 6(4) GDPR and further processing for a compatible purpose under Article 6(4) GDPR. See the commentary on Article 6(4) GDPR for details51 KB (6,355 words) - 08:25, 18 April 2024
- Article 72 GDPR (category Article 72 GDPR)dispute resolution under Article 65(3)(1) GDPR and for consistency decisions in the urgency procedure under Article 66(4) GDPR is necessary, as these are22 KB (2,266 words) - 08:26, 17 October 2023
- Article 99 GDPR (category Article 99 GDPR)shall apply from 25 May 2018. There is no relevant recital for Article 99 GDPR. Article 99 GDPR sets out the dates of the Regulation's entry into force and12 KB (295 words) - 08:25, 19 October 2023
- Article 23 GDPR (category GDPR Articles) (section Consultation with the DPAs (Articles 36(4) and 57(1)(c) GDPR))access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction of processing (Article 18 GDPR), notification obligation44 KB (4,896 words) - 06:25, 16 June 2023
- freedoms of individuals", as stated in Article 35(1) and further elucidated in Article 35(3) and Article 35(4) GDPR. The WP29 developed a list of criteria52 KB (7,297 words) - 08:05, 18 July 2023
- Article 29 GDPR (category GDPR Articles) (section Commonalities and differences in relation to Article 28(3)(b) GDPR)relevance of Article 29 GDPR were rooted in the fact that Article 28(3)(b) GDPR already seems to cover much of the scope of Article 29 GDPR. More specifically13 KB (674 words) - 13:15, 2 June 2023
- Article 94 GDPR (category Article 94 GDPR)under the GDPR. → You can find all related decisions in Category:Article 94 GDPR Kühling, Raab, in Kühling, Buchner, GVO BDSG, Article 94 GDPR, margin numbers13 KB (530 words) - 09:40, 3 October 2023
- Article 96 GDPR (category Article 96 GDPR)protected by Article 96 GDPR if it is found to be incompatible with other GDPR provisions. → You can find all related decisions in Category:Article 96 GDPR It follows13 KB (450 words) - 08:22, 19 October 2023
- in force for more than 4 years after the GDPR’s entrance into force. Responding to requests regarding the applicability of the GDPR in Slovenia, the IP issued10 KB (1,242 words) - 10:51, 6 February 2024
- Article 97 GDPR (category Article 97 GDPR)recitals for Article 97 GDPR. Article 97 GDPR imposes a "comprehensive reporting obligation" upon the Commission. The first paragraph of Article 97 GDPR sets out16 KB (778 words) - 08:24, 19 October 2023
- Article 32 GDPR (category GDPR Articles) (section (4) Natural persons acting under the authority of the controller or the processor)evaluating the effectiveness of security measures (Article 32(1)(d) GDPR). According to Article 4(5) GDPR, "pseudonymisation" means the processing of personal41 KB (5,197 words) - 12:17, 17 April 2024
- Article 87 GDPR (category Article 87 GDPR)process them. This was already the case under Article 8(7) of the DPD, the precursor of Article 87 GDPR. In many Member States, the processing of NIN and15 KB (660 words) - 09:37, 1 December 2023
- Article 59 GDPR (category GDPR Articles)Marsch, DS-GVO/BDSG, Article 59 GDPR, margin numbers 4 and 5 (Nomos 2022). Ziebarth, in Sydow, Marsch, DS-GVO/BDSG, Article 59 GDPR, margin number 8 (Nomos15 KB (718 words) - 15:31, 19 October 2023
- mechanism referred to in Article 63 GDPR (Article 28(8) GDPR). The Commission has made use of its power under Article 28(7) GDPR and published standard contractual72 KB (9,140 words) - 13:12, 2 June 2023
- with the support of the EDPB in accordance with Article 70(1)(b) GDPR. According to Article 45(5) GDPR, the continued monitoring referred to in paragraph43 KB (5,641 words) - 14:58, 28 April 2022
- Article 67 GDPR (category Article 67 GDPR)Category:Article 67 GDPR See EDPB, State of Play - IMI for GDPR purposes, 27 June 2018 (available here). See EDPB, 2019 Annual Report, Section 4.3.1 (available15 KB (810 words) - 16:13, 2 November 2023
- Article 8 GDPR (category GDPR Articles)directly to children. As such, Article 8 GDPR stipulates additional requirements for consent by children. Article 8 GDPR applies only if the processing19 KB (1,335 words) - 13:56, 24 October 2023
- Article 24 GDPR (category Article 24 GDPR) (section Shall implement appropriate technical and organisational measures to ensure GDPR compliance)(e.g. Article 25 (1) and (2), Article 28(1), Article 32(1) GDPR, Article 89(1) GDPR). These measures can also be regarded as measures under Article 24(1)30 KB (3,458 words) - 10:31, 25 April 2024
- Article 74 GDPR (category Article 74 GDPR)decisions in Category:Article 74 GDPR For more on this point, see Article 72 GDPR. Dix in Kühling, Buchner, DS-GVO BDSG, Article 74 GDPR, margin number 7 (C15 KB (808 words) - 09:44, 17 October 2023
- performance. Article 7 GDPR regulates the "conditions for consent". It specifies the definition of consent set out in Article 4(11) GDPR and, by integrating31 KB (3,489 words) - 16:00, 8 March 2024
- Article 48 GDPR (category GDPR Articles)subject to the GDPR or, in cases where they are not established in the EU, act within the material and territorial scope of the GDPR. Article 48 GDPR refers to14 KB (716 words) - 15:19, 28 April 2022
- Protection Regulation (GDPR), Article 75 GDPR, p. 1105 (Oxford University Press 2020). Dix, in Kühling, Buchner, DS-GVO BDSG, Article 75 GDPR, margin number 620 KB (1,347 words) - 14:21, 17 October 2023
- Article 98 GDPR (category Article 98 GDPR)accordance with Article 98'. → You can find all related decisions in Category:Article 98 GDPR The CJEU has yet to rule on Article 98 GDPR. Nonetheless, the15 KB (943 words) - 09:58, 8 November 2023
- Article 10 GDPR (category GDPR Articles)from Article 6(1) GDPR and comply with the principles enshrined in Article 5 GDPR. Additionally, the processing will still be subject to other GDPR provisions17 KB (1,768 words) - 15:41, 18 March 2024
- Article 19 GDPR (category GDPR Articles)disclosed to per Article 4(9) GDPR. Article 19 does not establish any specific time requirement for notification. However, since the purpose of Article 19 is to19 KB (1,436 words) - 12:35, 12 May 2023
- burdens. This reading of Article 31 GDPR is supported by the language of Article 83(4)(a) GDPR which categorises Article 31 GDPR as an 'obligation' of the22 KB (2,042 words) - 14:29, 20 November 2023
- Article 63 GDPR (category Article 63 GDPR)to in Article 46(2)(d) GDPR, contractual clauses referred to in Article 46(3)(a) GDPR, or binding corporate rules within the meaning of Article 47 GDPR15 KB (851 words) - 06:55, 29 April 2022
- 62(7) GDPR, the reference to the EDPB is mandatory. The authority addressed under Article 66(1)-(2) GDPR is the CSA within the meaning of Article 4(22) GDPR20 KB (1,590 words) - 16:11, 2 November 2023
- Article 93 GDPR (category Article 93 GDPR) (section (2) Examination procedure under Article 5 of Regulation (EU) No. 182/2011)unlike delegated acts made under Article 92 GDPR. Article 93(2) GDPR explicitly provides for the application of Article 5 of Regulation (EU) No 182/201117 KB (1,096 words) - 08:19, 19 October 2023
- Article 50 GDPR (category GDPR Articles)exchange of knowledge between them. This way, Article 50 GDPR expands the exhortation under Article 57(1)(g) GDPR that calls for cooperation between EU DPAs17 KB (1,142 words) - 15:41, 28 April 2022
- Article 43 GDPR (category GDPR Articles)Recital 167 GDPR and Article 291 TFEU, the aim of implementing acts is to “ensure uniform conditions for implementing” the GDPR. In its GDPR Certification22 KB (1,634 words) - 14:40, 28 July 2023
- Article 95 GDPR (category Article 95 GDPR)situation, Article 95 GDPR will not be relevant, and the GDPR applies as normal. Notably, Recital 173 GDPR, which relates to Article 95 GDPR, omits reference20 KB (1,539 words) - 08:21, 19 October 2023
- deals with processing within the scope of the GDPR. Part 2 deals with processing outside of the scope of the GDPR. Part 3 deals with processing by competent18 KB (2,488 words) - 15:22, 14 December 2021
- Article 44 GDPR (category GDPR Articles)important to note that Article 13(1)(f) GDPR, Article 14(1)(f) GDPR, Article 15(1)(c) GDPR and Article 15(2) GDPR, make specific reference to transfers of personal21 KB (1,831 words) - 08:51, 27 March 2023
- Article 25 GDPR (category GDPR Articles)Protection Regulation (GDPR): A Commentary, Article 25 GDPR, p. 577 (Oxford University Press 2020). EDPB, 'Guidelines 4/2019 on Article 25 Data Protection43 KB (4,675 words) - 06:43, 16 June 2023
- conduct under Article 83 GDPR should be excluded from penalties issued under Article 84 GDPR is debated. Whilst the wording of the GDPR is simply unclear19 KB (1,477 words) - 14:12, 7 November 2023
- Article 16 GDPR (category GDPR Articles)please refer to Article 19 GDPR. If the controller declines to rectify the data, they must provide reasons for their decision (Article 12(4) GDPR). The data23 KB (2,489 words) - 23:24, 6 March 2024
- categories of data established in Article 9(2)(a) GDPR, Article 9(2)(c) GDPR, Article 9(2)(g) GDPR and Article 9(2)(i) GDPR directly correlate with a specific44 KB (5,905 words) - 14:00, 24 October 2023
- Article 73 GDPR (category Article 73 GDPR)simple majority principle under Article 72(1) GDPR would have applied regardless of Article 73(1) GDPR. In addition, the GDPR explicitly legislates for a simple19 KB (1,530 words) - 14:23, 12 October 2023
- Article 92 GDPR (category Article 92 GDPR) (section (2) Delegation of power under Article 12(8) and 43(8) GDPR)objections pursuant to Article 92(5) GDPR. Article 92(5) GDPR imposes a further condition for the delegation of power, in line with Article 290(2)(b) TFEU. A19 KB (1,525 words) - 08:18, 19 October 2023
- 64(2) GDPR). The remaining paragraphs of Article 64(3)-(8) GDPR lay down substantive rules and a detailed procedure for the EDPB’s opinions. Article 64(1) GDPR23 KB (2,079 words) - 16:07, 2 November 2023
- meaning of Article 4(7) and (8) GDPR can be liable for compensation. A claim for damages first requires an infringement of the GDPR. Article 82 GDPR does not33 KB (4,215 words) - 09:57, 19 March 2024
- Regulation (GDPR): A Commentary, Article 38 GDPR, p. 707 (Oxford University Press 2020). Bergt, in Kühling, Buchner, DS-GVO BDSG, Article 38 GDPR, margin number29 KB (2,951 words) - 14:19, 25 July 2023
- Article 27 GDPR (category GDPR Articles) (section (a) Processing Which is Occasional and Does Not Include Data in the Sense of Articles 9 and 10 GDPR)with the GDPR (Article 31 GDPR). Direct liability of the representative is limited to the obligations set out in Article 30 and Article 58(1)(a) GDPR. Article25 KB (2,418 words) - 14:11, 24 May 2023
- Member State in relation to damage referred to in Article 62(4) GDPR. According to Article 62(7) GDPR, if the lead SA does not invite the SA to take part22 KB (1,915 words) - 13:46, 15 January 2024
- Article 61 GDPR (category Article 61 GDPR) (section (4) Conditions for a refusal to comply with an assistance request)standards of clarity (Article 61(3) GDPR). Requests are imperative and, subject to specific exceptions (Article 61(4) and (5) GDPR), must be fulfilled and24 KB (2,181 words) - 11:46, 15 January 2024
- Article 39 GDPR (category GDPR Articles)from any of the GDPR’s protections. → You can find all related decisions in Category:Article 39 GDPR Just as Article 38 GDPR, Article 39 GDPR also shows similarities23 KB (2,165 words) - 15:10, 27 July 2023
- right to data protection. Article 51 GDPR is closely connected to Article 4(21) (definition of SA), Article 52 (independence), Article 53 (General conditions27 KB (2,604 words) - 14:24, 16 January 2024
- Article 11 GDPR (category GDPR Articles) (section (1) If the data subject is not identified, the GDPR applies in part)Category:Article 11 GDPR Georgieva, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation (GDPR): A Commentary, Article 11 GDPR, p. 39520 KB (1,854 words) - 16:32, 8 March 2024
- Article 60 GDPR (category GDPR Articles) (section (4) Objection by supervisory authority concerned (CSA) and procedure where it is not followed)resolution mechanism under Article 65 GDPR in connection with Article 63 GDPR is triggered (Article 60 (4) GDPR). Article 60(2) GDPR clarifies that also in35 KB (4,017 words) - 16:04, 18 March 2024
- Article 77 GDPR (category GDPR Articles)compliance with the GDPR under Article 58(2)(d) GDPR or even ban it under Article 58(2)(f) GDPR. Therefore, complaints under Article 77 GDPR should extend to33 KB (3,641 words) - 09:51, 19 March 2024
- Article 90 GDPR (category Article 90 GDPR)accordance with Article 58(1) GDPR. Article 90 GDPR was drafted with a view to regulate potential conflicts between the application of the GDPR on the one hand18 KB (1,599 words) - 12:26, 29 April 2022
- Article 30 GDPR (category GDPR Articles) (section (4) Provision of the ROPA to supervisory authority)requirements of data minimization (Article 5(1)(c) GDPR) and storage limitation (Article 5(1)(e) GDPR). Under Article 30(1)(f) GDPR, where possible, the controller31 KB (3,327 words) - 15:31, 5 June 2023
- Article 46 GDPR (category GDPR Articles) (section (b) Binding corporate rules in accordance with Article 47)access (Article 15 GDPR), rectification (Article 16 GDPR), deletion (Article 17 GDPR), restriction of processing (Article 18 GDPR), objection (Article 21 GDPR)34 KB (3,646 words) - 08:53, 27 March 2023
- Press 2020). Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1090. Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1090. CJEU22 KB (2,177 words) - 10:01, 19 March 2024
- Article 42 GDPR (category GDPR Articles) (section (3-4) Certification as a voluntary act that does not reduce compliance obligations)difference between Article 42(1) GDPR and Article 42(2) GDPR is that in the former, the applicant for certification is subject to the GDPR, while in latter27 KB (2,452 words) - 14:26, 28 July 2023
- meaning Recital 86 GDPR). However, Article 34 GDPR does not provide a specific deadline of 72 hours as is the case in Article 33 GDPR. Instead, timelines37 KB (3,962 words) - 15:20, 16 June 2023
- Article 47 GDPR (category GDPR Articles)other DPAs concerned. The BCR Lead the submits, following Article 64(1) GDPR and Article 64(4) GDPR, a draft decision to the EDPB. The EDPB, in turn, issues29 KB (2,823 words) - 15:15, 28 April 2022
- clear from the wording of Article 41(1) GDPR. Article 41(1) GDPR does not define accreditation. Nonetheless, Article 41(2) GDPR provides a criterion against30 KB (2,720 words) - 14:02, 28 July 2023
- complaint under Article 77(1) GDPR on behalf of the data subject and to represent the them before all supervisory authorities (“SA”) (Article 4(21) GDPR). Secondly26 KB (2,575 words) - 15:50, 9 November 2023
- further discussed, in Article 4(1) GDPR. Any information that relates to an identified or identifiable natural person falls under the GDPR, this also includes34 KB (4,652 words) - 12:07, 12 November 2023
- Article 83 GDPR (category GDPR Articles) (section (6) Non-compliance with orders pursuant to Article 58(2) GDPR)listed in Article 83(4), (5) and (6) GDPR. This specifically refers to violations of Articles 8, 11, 25 to 39, 41(4), 42, 43 of the GDPR (paragraph 4), Articles55 KB (7,622 words) - 14:04, 7 November 2023
- on Article 36(4), it is still disputed whether the outcome of the procedure rather resembles that of Article 58(3)(a) GDPR or Article 58(3)(b) GDPR. See31 KB (3,646 words) - 08:51, 21 July 2023
- Regulation (GDPR): A Commentary, Article 53 GDPR, p. 888 (Oxford University Press 2020). Boehm, in Kühling, Buchner, DS-GVO BDSG, Article 54 GDPR, margin numbers29 KB (2,894 words) - 23:06, 1 April 2024
- Article 91 GDPR (category Article 91 GDPR) (section Rules that are comprehensive and in line with the GDPR)Regulation (GDPR), Article 91 GDPR, p. 1263 (Oxford University Press 2020). Tosoni, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article25 KB (2,482 words) - 10:04, 19 March 2024
- Article 79 GDPR (category GDPR Articles) (section Infringement of the plaintiff’s rights under the GDPR)controller (as defined under Article 4(7) GDPR) and a processor (as defined under Article 4(8) GDPR). As noted above, Article 79 GDPR imposes a two-stage cumulative31 KB (3,550 words) - 11:11, 29 November 2023
- Article 88 GDPR (category Article 88 GDPR)opening clause under Article 88(1) GDPR, any rules introduced must meet the criteria imposed by Article 88(2) GDPR. Lastly, Article 88(3) GDPR imposes an obligation32 KB (3,228 words) - 13:32, 30 November 2023
- Article 18 GDPR (category GDPR Articles) (section (d) Objection to processing under Article 21(1) GDPR)and (3) GDPR), inform him or her about the measures taken (Article 12(3) and (4) GDPR), the right to receive this service free of charge (Article 12(5) GDPR)32 KB (3,730 words) - 08:43, 7 March 2024
- with Article 13, Article 14 GDPR gives expression to the principle of transparency enshrined in Article 5(1)(a) GDPR and further defined in Article 12 GDPR47 KB (5,644 words) - 17:49, 5 March 2024
- Article 17 GDPR (category GDPR Articles) (section (i) Erasure following objection under Article 21(1))subject (Article 12(2) GDPR), respond and communicate the measures taken (Article 12(3) and (4) GDPR), the principle of freedom from costs (Article 12(5)61 KB (8,488 words) - 15:47, 18 March 2024
- explicit wording of Article 81 GDPR does not limit its application to proceedings instigated either under Article 78 GDPR or Article 79 GDPR. Secondly, the27 KB (2,619 words) - 14:52, 16 November 2023
- Article 22 GDPR (category GDPR Articles) (section (4) Qualified prohibition of using special categories of data)and interpretation as in Article 22(3) GDPR. → You can find all related decisions in Category:Article 22 GDPR Article 20 of GDPR proposal, COM(2012) 11 final31 KB (4,768 words) - 06:24, 16 June 2023
- Article 55 GDPR (category GDPR Articles)which would be competent under Article 55(1) GDPR, as provided in Article 56 GDPR in connection with Article 60 GDPR. For more information see commentary35 KB (3,971 words) - 21:34, 1 April 2024
- Article 49 GDPR (category GDPR Articles)adequacy decision pursuant to Article 45 GDPR shall be used, when it exists; second, appropriate safeguards under Article 46 GDPR, such as binding corporate29 KB (3,500 words) - 08:54, 27 March 2023
- Article 89 GDPR (category Article 89 GDPR) (section (4) Derogations do not Extend to Other Purposes that Require the Same Processing)that purpose. Article 89(4) GDPR makes it clear that the derogations to the GDPR are only available for processing specified in Article 89 GDPR, and not for29 KB (3,695 words) - 13:44, 21 March 2024
- Article 78 GDPR (category GDPR Articles) (section (4) Information on preceding EDPB opinion or decision)or infringes the GDPR or any other applicable laws, including national ones. See commentary under Article 77 GDPR. Article 78(1) GDPR establishes both30 KB (3,874 words) - 10:46, 7 December 2023
- Article 15 GDPR (category GDPR Articles) (section Additional information under Article 15(1)(a) to (h))a "filing system" within the meaning of Article 4(6) GDPR. See also Article 2(1) GDPR on the scope of the GDPR when it comes to non-automated filing systems73 KB (9,896 words) - 15:46, 18 March 2024
- Article 1 GDPR (category GDPR Articles)about the scope of the term 'personal data' under Article 4(1) GDPR. Non-EU citizens can rely on the GDPR as its application is generally independent of nationality28 KB (3,831 words) - 16:21, 14 March 2024
- Article 26 GDPR (category GDPR Articles)provisions such as Article 30(4) for the record of processing or Article 40(11) for the register of approved codes of conduct, Article 26 does not explicitly37 KB (3,915 words) - 12:49, 24 May 2023
- Article 85 GDPR (category Article 85 GDPR) (section Scope of the exceptions within the GDPR framework)into force of the GDPR. Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1073. Spiecker et al., GDPR Article-by-Article Commentary (2023)33 KB (3,748 words) - 14:25, 7 November 2023
- can carry out a notification in phases under Article 33(4) GDPR (see below). Under Article 33(3)(b) GDPR, the supervisory authority must be given the contact54 KB (6,536 words) - 08:22, 16 June 2023
- Article 37 GDPR (category GDPR Articles) (section (4) Other circumstances in which to designate a data protection officer)categories of data under Article 9 GDPR or data relating to criminal convictions and offences under Article 10 GDPR. Article 37(2) GDPR allows for the designation43 KB (4,904 words) - 12:59, 21 July 2023
- in Category:Article 3 GDPR EDPB, ‘Guidelines 3/2018 on the territorial scope of the GDPR (Article 3)’, 12 November 2019 (Version 2.1), p. 4 (available here)37 KB (4,635 words) - 13:29, 24 October 2023
- Article 54 GDPR (category GDPR Articles)provided for in Article 52(3) GDPR and Articles 53(3) and 53(4) GDPR. For more information on SA members and staff, please refer to Article 52(2) GDPR (SA members)34 KB (3,649 words) - 13:19, 30 October 2023
- are dealt with in Article 12(6) GDPR. It is unclear why Article 12(2) GDPR refers to Articles 15 to 22 GDPR, while Article 11(2) GDPR only refers to Articles76 KB (11,304 words) - 08:37, 4 March 2024
- Article 40 GDPR (category GDPR Articles) (section (3) Controllers and processors that are not subject to the GDPR)requirements. Although Article 40(5) GDPR mentions that the competent DPA will be determined through the application of Article 55 GDPR, the GDPR does not provide44 KB (5,008 words) - 14:50, 28 July 2023
- GDPR are Article 4(7) GDPR (definition of controller), Article 4(8) GDPR (definition of processor), Article 4(16) GDPR (definition of main establishment)55 KB (7,446 words) - 22:28, 1 April 2024
- Article 6 GDPR (category GDPR Articles) (section Tension with Article 5 and 12 GDPR in case of routine reliance on Article 6(4) GDPR)possible "legitimate interest" under Article 6(1)(f) GDPR. Equally to Article 6(1)(c) GDPR, Article 6(2) and (3) GDPR require that Union or Member State108 KB (17,005 words) - 15:39, 18 March 2024
- refusal to take action on a data subject’s request (Article 12(4)). The first sentence of Article 20(3) GDPR clarifies that the exercise of the right to data40 KB (5,349 words) - 07:05, 1 June 2023
- incompatible with the office. Article 52(4) GDPR and Article 52(6) GDPR establish the framework for SAs financial governance. Article 52(4) GDPR stipulates that SAs47 KB (5,594 words) - 22:45, 1 April 2024
- of such processing (see Article 5(1)(b) GDPR), the requirement to have a legitimate basis laid down by law (see Article 6(1) GDPR), the right to access and48 KB (5,978 words) - 15:57, 1 February 2024
- CNIL (France) - SAN-2020-012 (category Article 4(7) GDPR)the fine, the criteria specified in the same article 83. 111. Article 83 of the GDPR, as referred to in Article 20, paragraph III, of the Data Protection93 KB (14,936 words) - 17:09, 6 December 2023
- exemption is based on Article 85(2) GDPR. According to Article 26(3) of the 2018 Act, certain GDPR provisions (listed in Article 26(9)) will not apply14 KB (2,011 words) - 15:42, 25 November 2020
- BVwG - W211 2225136-1 (category Article 5 GDPR)objected to its processing pursuant to Article 21(1) of the GDPR (Article 17(1)(a), (c)(1) and (d) of the GDPR). A request for erasure would therefore39 KB (6,244 words) - 09:40, 10 September 2021
- DSB (Austria) - 2020-0.605.768 (category Article 70(1)(n) GDPR)context of Articles 40 and 41 GDPR, in particular from Article 40 Paragraph 4 in conjunction with Article 41 Paragraph 2 lit. c) GDPR, namely further that a monitoring19 KB (2,799 words) - 13:52, 12 May 2023
- EDPB - Binding Decision 3/2022 - 'Meta (Facebook)' (category Article 4 GDPR)administrative fine for the infringement of Article 6(1) or Article 6(1)(b) GDPR meet the requirements of Article 4(24) GDPR. 504. The EDPB decides that the relevant53 KB (8,413 words) - 14:10, 30 January 2023
- AEPD (Spain) - PS/00450/2019 (category Article 5(1)(f) GDPR)personal data concerning him". In this sense, Article 6.1 of the RGPD establishes that "in accordance with Article 4.11 of Regulation (EU) 2016/679, consent17 KB (2,620 words) - 14:43, 13 December 2023
- CJEU - C-683/21 - Nacionalinis visuomenės sveikatos centras (category Article 4(2) GDPR)asked whether the joint control of data in accordance with Article 4(7) and Article 26(1) GDPR must be interpreted 'exclusively' as involving deliberately9 KB (1,234 words) - 12:48, 25 January 2024
- CNIL (France) - SAN-2021-023 (category Article 56 GDPR) (section The material competence of the CNIL and the non-application of the "one-stop shop" mechanism provided for by the GDPR)"accept all" button be considered a breach of GDPR Article 4(11) and Article 7, read in conjunction with GDPR Article 5(3) -Privacy while the data controller120 KB (19,650 words) - 09:00, 6 April 2022
- UODO (Poland) - DS.523.1470.2020 (category Article 4(1) GDPR)the national law and thus falls under one of the legal grounds in Article 6(1)(c) GDPR. The President of the Personal Data Protection Office (UODO) stated9 KB (1,256 words) - 10:00, 17 November 2023
- HDPA (Greece) - 39/2020 (category Article 4(7) GDPR)under the GDPR and needs to establish a valid legal basis to process personal data. Unsolicited political communication is regulated with Article 11 L. 3471/200656 KB (7,755 words) - 15:39, 6 December 2023
- APD/GBA (Belgium) - 28/2020 (category Article 6(1)(f) GDPR)erased and thus also violates Article 17.1(c) AVG. 3.2. With regard to the infringement of Article 6.1 and Article 21.4 of the AVG 29. In its statement27 KB (4,363 words) - 16:56, 12 December 2023
- CNPD (Luxembourg) - Délibération n° 38FR/2021 (category Article 37(7) GDPR)Protection Officer (DPO) under Section 4 of Chapter 4 of the GDPR (see in particular Article 37 GDPR to Article 39 GDPR). One of these audit proceedings concerned81 KB (11,895 words) - 16:58, 6 December 2023
- OGH - 9Ob38/19g (category Article 4(11) GDPR)according to the introduction of Article 4, this only applies "where this Directive does not provide otherwise". Under Article 8(6) of the Directive, for distance200 KB (33,233 words) - 09:49, 14 December 2023
- Recitals GDPR (section Recitals from the GDPR)monitor the functioning of decisions adopted on the basis of Article 25(6) or Article 26(4) of Directive 95/46/EC. In its adequacy decisions, the Commission182 KB (24,065 words) - 13:40, 9 July 2021
- basis under Article 6 GDPR to collect and process vehicle registration numbers. The legal basis is a statutory obligation prescribed by Article 229 of the16 KB (2,404 words) - 15:46, 30 October 2023
- the following: Article 66 GDPR gives the possibility for a procedure of urgency and from this article (and Article 66 and Article 62 GDPR), the European25 KB (3,812 words) - 10:03, 20 August 2021
- Norges Høyesterett - 2021-2403-A (category Article 4(11) GDPR)other two conditions of Article 6 (1) (f) of the GDPR are not met. (26) The second condition of Article 6 (1) (f) of the GDPR is that the processing of46 KB (7,024 words) - 06:18, 6 March 2022
- OLG Köln - 15 U 89/19 (category Article 17(3) GDPR)under Article 17(3) GDPR. Two doctors sued a platform for deletion of their basic profile set up on the platform without their consent under Article 17 GDPR143 KB (24,273 words) - 15:59, 10 March 2022
- DSB (Austria) - 2021-0.586.257 (category Article 4(1) GDPR)website controller qualifies as controller (Article 4(7) GDPR) and Google LLC as processor (Article 4(8) GDPR) for data processing in connection with Google108 KB (17,097 words) - 13:52, 12 May 2023
- relation to contraventions of the UK-GDPR, section 168 DPA 2018 provides that "non-material damage" in Article 82 GDPR includes distress. In relation to breaches61 KB (8,986 words) - 08:40, 22 February 2022
- defendant within the meaning of Article 4 of the GDPR. The defendant is therefore a controller within the meaning of Art. 4 No. 7 GDPR. b. 44 The Senate is convinced51 KB (8,215 words) - 09:55, 13 May 2022
- communication service. Therefore, TikTok had to obtain valid consent (Article 4(11) GDPR) from users before using the identifiers. The DPA stated that it should73 KB (11,864 words) - 17:03, 6 December 2023
- CNPD (Luxembourg) - Délibération n° 13FR/2023 (category Article 5(1)(b) GDPR)their employees. The DPA found a violation of Article 5(1)(b) GDPR, Article 5(1)(c) GDPR and Article 13 GDPR. Following a visit to the premises of two public96 KB (13,984 words) - 16:57, 6 December 2023
- APD/GBA (Belgium) - 20/2023 (category Article 2(4) GDPR)objection for data processing under Article 21 GDPR and the principle of liability under Article 2(4) GDPR and Article 24 GDPR. The complainant, the data subject14 KB (1,883 words) - 16:59, 20 March 2023
- Court of Appeal of Brussels - 2019/AR/1600 (category Article 5(1)(c) GDPR)violation of Article 6(1) GDPR; 2. Did not provide the complainant with enough information prior to the processing, in violation of Article 13 GDPR; 3. Processed60 KB (9,144 words) - 16:17, 22 March 2022
- APD/GBA (Belgium) - 37/2020 (category Article 17 GDPR)provided for in Article 56(1), read in conjunction with Article 56(2), read in conjunction with Article 56(3), read in conjunction with Article 56(4), read in131 KB (22,429 words) - 16:57, 12 December 2023
- OLG Köln - 20 U 295/21 (category Article 4(1) GDPR)invoked the excessiveness of the request under Article 12(5) GDPR alleging that the data subject uses Article 15 GDPR only to verify the validity of the premium42 KB (6,689 words) - 08:30, 21 November 2022
- OLG Dresden - 4 U 1905/21 (category Article 12(5)(b) GDPR)that a controller is allowed to reject a request to access under Article 12(5)(b) GDPR as "excessive" if the request's sole purpose is to verify the validity40 KB (6,325 words) - 16:12, 18 May 2022
- Commissioner (Cyprus) - 11.17.001.010.045 (category Article 5(1)(c) GDPR)that the article’s publication was in violation of Article 5(1)(c) GDPR, Article 6(1)(f) GDPR, when read in line with Article 85 GDPR. Article 5(1)(c) outlines74 KB (12,375 words) - 10:07, 4 October 2023
- APD/GBA (Belgium) - 74/2020 (category Article 6(1)(f) GDPR)the basis of Article 58, paragraph 2, point b) GDPR and Article 100, §1, 5 ° WOG to be reprimanded for the infringement of Article 25 (1) GDPR; b. on the82 KB (12,100 words) - 17:01, 12 December 2023
- LG Köln - 33 O 376/22 (category Article 6(1)(b) GDPR)protection within the meaning of Article 45 of the GDPR and without appropriate safeguards within the meaning of Article 46 of the GDPR. Furthermore, the plaintiff66 KB (9,990 words) - 12:30, 29 January 2024
- AEPD (Spain) - PS/00187/2020 (category Article 5(1)(f) GDPR)by the alleged violation of Article 32 of the RGPD, Article 5.1.f) of the RGPD, Article 25 of the RGPD, typified in Article 83.5 of the RGPD. FOURTH: On51 KB (7,770 words) - 14:08, 13 December 2023
- APD/GBA (Belgium) - 82/2020 (category Article 6(1) GDPR)authentication via a third service provider cannot constitute a breach of Article 6 of the GDPR when it implies that the personal data of the data subjects are not124 KB (18,772 words) - 17:01, 12 December 2023
- LfDI (Baden-Württemberg) - 4 Sa 70/20 (category Article 4(15) GDPR)applied Article 9(2)(a) GDPR, according to which the data subject could have voluntarily disclosed their health data defined in Article 4(15) GDPR to the29 KB (4,815 words) - 08:48, 11 November 2022
- APD/GBA (Belgium) - 17/2020 (category Article 12(3) GDPR)way of a finding under article 15 of the GDR instead of the provisions of article 15 of the GDR. 36, § 4 and § 5 as well as Article 38, § 1 of the Law of52 KB (8,603 words) - 16:55, 12 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 1011/161/22 (category Article 5(1)(c) GDPR)reprimand to the controller in accordance with Article 58(2)(b) GDPR. Pursuant to Article 58(2)(d) GDPR, the DPA also ordered the controller to erase the15 KB (2,137 words) - 20:18, 27 March 2024
- OLG Innsbruck - 1 R 182/19b (category Article 82 GDPR)had fulfilled its obligation to provide information pursuant to Article 12(3) and Article 4(7) of the Basic Law (Voriger SuchbegriffDSGVONächster Suchbegriff)54 KB (7,916 words) - 12:06, 9 May 2022
- [The equivalent GDPR Article to Article 48(3)(a) EU GDPR is Article 46(3)(a) GDPR, and Article 50(1)(d) EU GDPR is Article 49(1)(d) GDPR.] Share blogs or73 KB (9,347 words) - 13:28, 26 July 2023
- Garante per la protezione dei dati personali (Italy) - 9570997 (category Article 5(1) GDPR)power conferred by Article 58(2)(d) and (f) and Article 83(3) and (5) GDPR, imposed to Fastweb multiple corrective measures and a fine of € 4.501.868. Share131 KB (21,014 words) - 15:55, 6 December 2023
- CPDP (Bulgaria) - PNN-01-70/2022 (category Article 24(1) GDPR)carried out in compliance with the GDPR. Therefore, the DPA determined that the controller violated Article 24(1) GDPR by using this safety mechanism. The29 KB (4,826 words) - 14:14, 6 February 2023
- DPC (Ireland) - Meta Platforms Ireland Limited (Facebook) - IN-18-5-5 (category Article 4 GDPR)accordance with Article 60(3) GDPR. Ten DPAs (AT, DE, FI, FR, IT, NL, NO, PL, PT, SE) raised objections, in accordance with Article 60(4) GDPR, to the Draft21 KB (3,005 words) - 14:16, 1 February 2023
- GHSHE (Netherlands) - 200.270.589 01 and 200.270.589 02 (category Article 6(1)(c) GDPR)year 2005-2006, 29 708, no. 19 (p. 523) Article 4:32 The obligation from this article is taken over from Article 52 of the Wfd. Under Section 14(2) of the91 KB (15,371 words) - 15:11, 5 October 2021
- CNIL (France) - SAN-2020-009 (category Article 5(1)(a) GDPR)and 13 GDPR? Is the information provided to data subjects throughout the subscription process in compliance with the provisions of Article 13 GDPR? Does48 KB (7,404 words) - 17:09, 6 December 2023
- Court of Appeal of Brussels - 2021/AR/205 (category Article 6 GDPR)defendant pursuant to Article 100(1) °WOG, since that first defendant does not appear to be a data controller in accordance with Article 4(7) AVG for the facts92 KB (14,873 words) - 09:03, 20 August 2021
- DSB (Austria) - 2022-0.332.606 (category Article 2(2)(c) GDPR)case fell under the household exception found in Article 2(2)(c) GDPR. According to this provision, the GDPR does not apply to the processing of personal data21 KB (3,166 words) - 13:43, 12 May 2023
- Korkein hallinto-oikeus (Finland) - KHO:2024:34 (category Article 17(1) GDPR)Regulation) Article 1, paragraph 2, Article 5, Article 6, paragraph 1, subparagraph f, Article 17(1)(a), (c) and (d), Article 17(3)(a), Article 21(1) Judgments60 KB (9,713 words) - 13:07, 26 March 2024
- AEPD (Spain) - PS/00240/2019 (category Article 5(1)(b) GDPR)Therefore, given that Article 6(1), Article 5(1)(a), Article 5(1)(d), Article 5(1)(c), and Article 14 GDPR were infringed in connection to Article 5(1)(b), the602 KB (102,229 words) - 14:21, 13 December 2023
- OLG Celle - 8 U 165/22 (category Article 12(5) GDPR)sense of Article 4(1) GDPR. Moreover, OLG Celle also held that a singular access request can never be excessive for the purposes of Article 12(5) GDPR as the62 KB (10,852 words) - 14:08, 7 January 2023
- DPC (Ireland) - Meta Platforms Ireland Limited (Instagram) - IN-18-5-7 (category Article 4 GDPR)accordance with Article 60(3) GDPR. Ten DPAs (AT, DE, ES, FI, FR, HU, IT, NL, NO, SE) raised objections, in accordance with Article 60(4) GDPR, to the Draft21 KB (3,069 words) - 14:17, 1 February 2023
- APD/GBA (Belgium) - 12/2019 (category Article 4(11) GDPR)the ePrivacy Directive and Articles 6(1)(a) and 7 GDPR, in the lights of Article 4(11) and Recital 32 GDPR. Following this report, the GBA issued a decision107 KB (17,697 words) - 16:52, 12 December 2023
- BVwG - W245 2239715-1 (category Article 6 GDPR)was no reason for erasure under Article 17 GDPR as the processing was still necessary and lawful under Article 6(1)(f) GDPR. In June 2020, the data subject62 KB (10,455 words) - 10:50, 7 September 2022
- ANSPDCP (Romania) - Fine against VODAFONE România S.A. 5 (category Article 32(4) GDPR)security measures: Article 32 of the GDPR and Article 3 of Law no. 506/2004. The latter is the transposition of the E-Privacy Directive's Article 4. (2) This is8 KB (976 words) - 11:53, 19 November 2021
- CNPD (Luxembourg) - Délibération n° 20FR/2021 (category Article 38(1) GDPR)the inspected with section 4 of chapter 4 of the GDPR. 3. […] the inspectorate [is active in the field of transport] […]. 4. The controlled has approximately66 KB (9,458 words) - 19:42, 4 September 2021
- CNPD (Luxembourg) - Délibération n° 24FR/2022 (category Article 12(1) GDPR)23Investigation report, page 34, point 4.4.8.1. 24Investigation report, page 34, point 4.4.8.2.1.1 25Investigation report, page 34, point 4.4.8.2.2.1 _______________82 KB (11,472 words) - 16:58, 6 December 2023
- APD/GBA (Belgium) - 54/2021 (category Article 4 GDPR) (section The notion of processing of personal data within the meaning of Article 4 GDPR)processing of personal data within the meaning of Article 4 GDPR and is it justified on the basis of Article 6 GDPR? Can the controller raise the argument that73 KB (11,238 words) - 16:59, 12 December 2023
- AEPD (Spain) - PS/00152/2020 (category Article 33 GDPR)foundation was responsible for violating Article 33 GDPR, and issued it with a warning pursuant to Article 58(2)(b) GDPR. The AEPD did not find the former Secretary27 KB (4,243 words) - 14:06, 13 December 2023
- readers (the article in question is still posted on the internet at the following link: http://politis.com.cy/article/astinomiko-kapsoni-se70chroni-tk)22 KB (3,496 words) - 12:08, 17 February 2022
- Datatilsynet (Norway) - 19/02450 (category Article 12(4) GDPR)provisions of Article 12, paragraphs 1, 2 and 4. In other cases where registered complaints applies to Article 12, paragraph 1. 9 Article 12 (4) of the Privacy46 KB (7,180 words) - 17:22, 9 March 2022
- EDPB - Binding Decision 5/2022 - 'Whatsapp' (category Article 4 GDPR)After considering the objections in light of Article 4(24) GDPR and the factors outlined in Article 83(2) GDPR the EDPB instructed the DPC to impose an administrative289 KB (33,568 words) - 15:00, 1 February 2023
- LG Münster I - ECLI:DE:LGMS:2023:0704.16O238.22.00 (category Article 6(1)(f) GDPR)Art. 4 No. 1 GDPR, is processed and stored here by the defendant as the person responsible in accordance with Art. 4 No. 7 GDPR. According to Art. 4 No.28 KB (4,215 words) - 15:09, 6 December 2023
- EDPB Plenary 6/Minutes (section Clinical Trials Regulation Q&A: Consultation from the COM under Art. 70 GDPR - discussion and adoption)SANTE) has submitted to the EDPB a request for consultation under Art. 70 GDPR concerning a document on “Questions and Answers on the interplay between18 KB (2,648 words) - 22:06, 9 June 2020
- the data subject's consent in Article 4(11), and the basic principle of legality, reasonableness and transparency in Article 5(1)(a). Furthermore, Datatilsynet65 KB (9,767 words) - 16:22, 6 December 2023
- AEPD (Spain) - EXP202205932 (category Article 6(1) GDPR)basis under Article 6(1) GDPR. In light of this, the DPA issued a fine of €70,000 to másLUZ Energía (SIE) by virtue of Article 83(5) GDPR for unlawful32 KB (4,952 words) - 13:11, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9900808 (category Article 28 GDPR)available or consulting" of "data relating to health" (Article 2-septies, paragraph 8; Article 2-ter, paragraph 4, letter b) of the Code). The Regulation also provides157 KB (25,874 words) - 14:36, 27 June 2023
- ICO - Monetary Penalty on Ticketmaster UK Limited (category Article 4(2) GDPR)83(4) and (5) GDPR) 7.36 The infringement of Article 5(1)(f) GDPR falls within Article 83(5)(a) GDPR, whereas Article 32 falls within Article 83(4)(a)130 KB (21,195 words) - 13:52, 25 April 2021
- 3.2.3. To an objection by the BF according to Art 21 GDPR According to Article 21 Paragraph 1 GDPR, every person concerned has the right to object at any30 KB (4,834 words) - 13:14, 10 November 2021
- OLG Linz - 6R49/19x (category Article 4(2) GDPR)protection, the DSGVO had come into force during the proceedings. Pursuant to Article 69 (4) of the DSG, proceedings pending before the ordinary courts under the33 KB (5,113 words) - 09:50, 14 December 2023
- EDPB - Binding Decision 2/2022 - 'Instagram' (category Article 5(1)(c) GDPR)the performance of a contract (Article 6(1)(b) GDPR) and for legitimate interest (Article 6(1)(f) GDPR). Article 6(1)(b) GDPR In its original draft decision276 KB (38,206 words) - 09:46, 20 January 2023
- CE - 433555 (category Article 15 GDPR)The Court finds this process compliant with Article 15 GDPR, on the right of access, and Article 23 GDPR on restrictions to the rights of data subject15 KB (2,307 words) - 11:13, 20 May 2021
- CJEU - T‑200/21 JS v European Data Protection Supervisor (EDPS) (category Article 17 GDPR)right to erasure (“right to be forgotten”) of Article 17 GDPR and Article 19 of Regulation 2018/1725. Under GDPR, such prolonged and unrestricted data retention61 KB (9,971 words) - 14:28, 4 January 2024
- AEPD (Spain) - EXP202203969 (category Article 6(1) GDPR)with NIF A65445033, for a violation of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR, a fine of 70,000 euros (seventy thousand euro). Likewise45 KB (7,135 words) - 13:08, 13 December 2023
- OLG Naumburg - 9 U 6/19 (category Article 9(1) GDPR)Court found that customers’ order data is health data and fall within Article 9(1) GDPR. Amazon does not collect health data stricto sensu but it can draw32 KB (5,236 words) - 16:00, 10 March 2022
- HDPA (Greece) - 31/2023 (category Article 5(1)(c) GDPR)with the principles of article 5 par. 1 GDPR. It is no coincidence that the GDPR includes accountability (see Article 5 para. 2 GDPR) in the regulation of61 KB (10,257 words) - 10:15, 1 November 2023
- EDPB - Binding Decision 1/2020 - 'Twitter' (category Article 4(24) GDPR)DE SA’s objection on Article 33(3) GDPR fails to meet the requirements set out in Article 4(24) GDPR Infringement of Article 34 GDPR on the communication183 KB (30,819 words) - 09:50, 20 January 2023
- Garante per la protezione dei dati personali (Italy) - 9445180 (category Article 5(1)(a) GDPR)future incoming communications" (note cit., p. 6). 1.4. On 10 September 2019, pursuant to Article 166, paragraph 5, of the Code, the Office notified the34 KB (5,414 words) - 15:50, 6 December 2023
- Datatilsynet (Norway) - 20/04401 (category Article 6(1) GDPR)Privacy Ordinance, Article 4, No. 2 and the Act on processing of personal data of 15 June 2018 no. 38 (Personal Data Act) § 1. Article 6 (1) of the Privacy40 KB (5,988 words) - 19:04, 5 March 2022
- AP (The Netherlands) - 31.05.2021 (category Article 32 GDPR)other things, article 4 paragraph 1 SUWI and the ZBO register of the Dutch central government. See article 2 paragraph 2 SUWI and article 4 paragraph 1 SUWI106 KB (14,502 words) - 17:09, 12 December 2023
- EDPB - Binding Decision 4/2022 - 'Meta (Instagram)' (category Article 4 GDPR)accordance with Article 60(3) GDPR. Ten DPAs (AT, DE, ES, FI, FR, HU, IT, NL, NO, SE) raised objections, in accordance with Article 60(4) GDPR, to the Draft468 KB (51,340 words) - 14:10, 30 January 2023
- SA/Wr - IV SA/Wr 671/22 (category Article 86 GDPR)information and the protection of personal data under Article 86 GDPR. However, the restriction under its Article 5(1) of the Polish Act on Access to Public Information31 KB (4,776 words) - 12:43, 8 May 2023
- Persónuvernd - 2020010601 (category Article 4(1) GDPR)of him or her, cf. 2. tölul. Article 3 Act no. 90/2018 and point 1. Article 4 of the Regulation. According to para. Article 4 Act no. 90/2018, the Act and39 KB (6,351 words) - 09:52, 6 May 2021
- publication of the press release of 17 June 2020 infringed Article 54(2) GDPR and Article 48(1) and Article 64(3) WOG. This press release described that the DPA206 KB (30,485 words) - 09:54, 14 December 2023
- BVwG - W245 2252208-1/36E and W245 2252221-1/30E (category Article 44 GDPR)even pseudonymised data (Art. 4 Para. 5 GDPR) from the term personal data are recorded in accordance with Art. 4 Para. 1 GDPR. It is undeniable that the MB158 KB (26,392 words) - 08:25, 7 June 2023
- AEPD (Spain) - PS/00430/2018 (category Article 4(7) GDPR)( *** POSITION 1) for an infraction of Article 6.1.f) of the GDPR, in accordance with Article 83.5 of the GDPR ”. In the face of it, no allegations have40 KB (6,508 words) - 14:39, 13 December 2023
- AKI (Estonia) - 2.1.-1/22/1396 (category Article 5 GDPR)basis in line with Article 13(1)(d) GDPR. The DPA stated that it would impose a fine on the controller, pursuant to Article 58(2)(i) GDPR, if latter does34 KB (5,305 words) - 08:40, 29 June 2023
- Rb. Den Haag - EJ VERZ 21-85504 (category Article 5(1)(a) GDPR)necessary and proportional. Hence, it appeared the Court referred to Article 6(1)(f) GDPR. Moreover, it must also be clear, for both the employee and the client37 KB (5,874 words) - 17:20, 23 February 2022
- CJEU - C-118/22 - Direktor na Glavna direktsia "Natsionalna politsia" pri MVR - Sofia (category Article 5(1)(e) GDPR)data subject argued that Article 5,13 and 14 LED (the roughly equivalent GDPR articles would be Article 5(1)(e), 13 and 15 GDPR) do not permit the police8 KB (1,080 words) - 10:11, 15 February 2024
- VG Regensburg - RN 9 K 19.1061 (category Article 2 GDPR)under Article 77(1) GDPR and subsequently the right of judicial remedy against the supervisory authority under Article 78(1) GDPR. Article 79 (1) GDPR provides94 KB (15,537 words) - 09:09, 25 August 2020
- APD/GBA (Belgium) - 21/2022 (category Article 5(1)(f) GDPR) (section Accountability (Article 24 GDPR), data protection by design and by default (Article 25 GDPR), integrity and confidentiality (Article 5(1)(f) GDPR), as well as security of processing (Article 32 GDPR))default (Art. 25 GDPR), integrity and confidentiality (Art. 5.1.f GDPR), as well as security ofprocessing(Art. 32GDPR)......101 B.4.4. - Additional alleged429 KB (58,279 words) - 09:12, 2 November 2022
- FG München - Auskunftsanspruch nach Art. 15 DSGVO (category Article 15(3) GDPR)"lifting". (4.2) Exclusions (4.2.1) GDPR and AO restrictions 145 According to Art. 15 Para. 1 GDPR, the person concerned (Art. 4 No. 1 GDPR) has a right97 KB (16,519 words) - 09:57, 22 February 2023
- CNIL (France) - SAN-2022-025 (category Article 4(11) GDPR)none of the exceptions in Article 82 of the Data Protection Act were applicable, and Apple had to obtain consent (Article 4(11) GDPR) before using the identifiers82 KB (13,463 words) - 17:03, 6 December 2023
- AEPD (Spain) - PS/00059/2020 (category Article 28 GDPR)the definitions of the legal concepts that the RGPD indicates in article 4: Article 4 GDPR. Definitions For the purposes of this Regulation, the following287 KB (48,336 words) - 13:53, 13 December 2023
- AEPD (Spain) - PS/00070/2020 (category Article 5(1)(a) GDPR)publication of the judgment breach the GDPR? The AEPD held that the respondent’s actions violated the GDPR Article 5(1)(a) requirement that processing must43 KB (7,001 words) - 13:56, 13 December 2023
- AEPD (Spain) - PS/00003/2020 (category Article 5(1)(c) GDPR)of public space respect Article 5 (1) (c) GDPR? The AEPD held that the installation of a video surveillance system under Article 22 LOPDGDD must always50 KB (7,524 words) - 13:44, 13 December 2023
- CNIL (France) - SAN-2020-056 (category Article 15(4) GDPR)down in Article 28 of the GDPR. The Commission wonders about such a qualification in the light of the definition of a subcontractor given in Article 4.8 of43 KB (6,847 words) - 17:11, 6 December 2023
- ICO (UK) - Enforcement Notice and Warning Letter - Home Office (category Article 5(2) GDPR)accountability pursuant to Article 5(2) UK GDPR because it failed to demonstrate compliance with Article 5(1)(a) and (c) UK GDPR principles of lawfulness129 KB (17,281 words) - 14:57, 10 April 2024
- OLG Frankfurt am Main - 6 U 17 / 19 (category Article 6(1)(e) GDPR)6(2) and 6(3) GDPR allow the Member States to introduce more specific provisions to adapt the application of the rules of Article 6(1)(e) GDPR, the Hessian17 KB (2,633 words) - 10:14, 10 September 2021
- LAG Mecklenburg-Western Pomerania - 5 Sa 108/19 (category Article 37 GDPR)2019, GDPR Art. 37, para. 1; Döpfler , EU-GDPR and BDSG, 2nd edition 2020, GDPR Art. 37, marginal 1; Paal / Pauly, DS-GVO BDSG, 2nd ed. 2018, GDPR Art.48 KB (7,320 words) - 12:44, 4 October 2021
- CNIL (France) - SAN-2019-001 (category Article 4(11) GDPR)comprehensible character, within the meaning of Article 12 of the GDPR, of the information provided for in Article 13 of the Regulation must be assessed. The90 KB (14,556 words) - 17:08, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9845156 (category Article 5 GDPR)the type of data) are: Article 9(2)(h) GDPR (necessary for the purposes of preventive or occupational medicine); Article 9(2)(i) GDPR (for reasons of public128 KB (20,856 words) - 12:32, 14 March 2023
- CNIL (France) - SAN-2023-025 (category Article 6(1)(a) GDPR)the data subjects, therefore breaching Article 6 GDPR, as well as Article 5(1)(b) GDPR. Thirdly, Article 30 GDPR stipulates that the controller must keep53 KB (8,418 words) - 11:21, 6 February 2024
- LG Landshut - 51 O 513/20 (category Article 4(7) GDPR)under Article Article 82 (1) GDPR. The second defendant, as data protection officer, is not a "controller" within the meaning of Article 4(7) GDPR. Only20 KB (3,082 words) - 06:30, 25 July 2022
- EWHC (UK) - Johnson v Eastlight Community Homes Ltd (category Article 82 GDPR)principles to the GDPR; (b) The effect (if any) of the remaining claims Article 5(1)(f) GDPR (the data security principle), the Article 8 claim and46 KB (7,676 words) - 10:45, 7 December 2021
- APD/GBA (Belgium) - 04/2021 (category Article 5(1) GDPR)the GDPR. According to the defendant, this partner is thus not processor within the meaning of Article 4 (8) GDPR. Consequently, Article 28 (3) GDPR does113 KB (18,732 words) - 16:50, 12 December 2023
- WSA Rzeszów - II SA/Rz 1539/21 (category Article 6(1)(e) GDPR)name is personal data under Article 4(1) GDPR. Additionally, the Head of the Municipality maintained that according to Article 11 of the Polish Labour Code40 KB (6,464 words) - 20:55, 1 March 2022
- APD/GBA (Belgium) - 02/2021 (category Article 6 GDPR)Compétence de la Chambre de Résolution des Litiges (Article 2 AVG ; Article 4 WOG) 55. Conformément à l'article 2, paragraphe 1, de l'AVG, le règlement s'applique96 KB (15,396 words) - 16:50, 12 December 2023
- Garante per la protezione dei dati personali (Italy) - 9909907 (category Article 5 GDPR)anonymized. Therefore, the DPA found a violation of Article 5(1)(a), (b), (c), and (e) and Article 12(1) GDPR. For the reasons above, the DPA imposed a fine122 KB (19,640 words) - 08:16, 3 August 2023
- NSA - III OSK 25287/21 (category Article 6(1)(c) GDPR)free movement of such data, and repealing Directive 95/46/W (GDPR), as well as article 70 sec. 1 and 2 of the Act on the Protection of Personal Data -59 KB (9,782 words) - 15:11, 7 December 2022
- AEPD (Spain) - EXP202201721 (category Article 83(4)(a) GDPR)violated Article 6 and Article 32 GDPR. The DPA seems to consider the authentication procedure itself as "processing" and therefore Article 32 GDPR applies79 KB (12,408 words) - 13:24, 13 December 2023
- DSB (Austria) - 2022-0.021.739 (category Article 5(1)(c) GDPR)information. According to Article 4, Paragraph 2 of the GDPR, the term “processing” includes any “According to Article 4, Paragraph 2, of the GDPR, the term of processing47 KB (7,599 words) - 15:38, 11 October 2023
- AEPD (Spain) - PS/00201/2019 (category Article 4(1) GDPR)data had taken place, meaning GDPR obligations did not apply. Are these magnetic cards personal data within Article 4(1) GDPR? If so, did the MCP infringe54 KB (9,019 words) - 14:10, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9529527 (category Article 83(4)(a) GDPR)several violations of the GDPR. Firstly, the USL had not documented its processing activities as required by Article 30 GDPR, despite the two years between55 KB (8,833 words) - 15:54, 6 December 2023
- CNIL (France) - SAN-2021-020 (category Article 28(4) GDPR) (section On the failure to comply with Article 28 GDPR)breach of Article 28 paragraphs 3 and 4 of the GDPR is clear. 2. On the breach of the obligation to ensure data security 49. According to Article 32 of the56 KB (9,069 words) - 17:02, 6 December 2023
- OGH - 6Ob56/21k (request for preliminary ruling under Article 267 TFEU) (category Article 5(1)(c) GDPR)requirements of Article 6(1)(a) in conjunction with Article 7 GDPR, which cannot be superseded by relying on Article 6(1)(b) GDPR? Is Article 5(1)(c) GDPR (data122 KB (20,253 words) - 08:17, 19 August 2021
- Tietosuojavaltuutetun toimisto (Finland) - TSV/26/2020 (category Article 5(1)(e) GDPR)violated Article 5(1)(e) GDPR and Article 25(2) GDPR. As a result, the DPA issued a reprimand to the controller in accordance with Article 58(2)(b) GDPR. Pursuant77 KB (12,352 words) - 07:20, 23 April 2024
- APD/GBA (Belgium) - 149/2023 (category Article 5(1)(a) GDPR)meaning of article 4.19 of the GDPR – (article 13.1. c) of the GDPR) and does not mention the data retention periods personal data processed (article 13.2.113 KB (17,325 words) - 08:50, 19 March 2024
- UODO (Poland) - DKN.5131.29.2022 (category Article 28(1) GDPR)fulfill the requirements of Article 28 GDPR. The DPA concluded that the controller failed to comply with Article 28(1)(3) and (9) GDPR by not concluding a written48 KB (7,612 words) - 09:46, 25 April 2024
- Tietosuojavaltuutetun toimisto (Finland) - 3831/161/21 (category Article 5(1)(e) GDPR)Finnish DPA found a retail chain to have breached Article 5(1)(e) GDPR, Article 25(1) GDPR and Article 25(2) GDPR for its lengthy storage of purchase behaviour61 KB (9,477 words) - 13:38, 12 January 2024
- LArbG Baden-Württemberg - 2 Sa 16/21 (category Article 12(1) GDPR)employer violated their Article 15 GDPR obligations as a data controller. The plaintiff requested information under Article 15 GDPR from its former employer49 KB (8,074 words) - 08:33, 6 October 2022
- OVG Lüneburg - 8 ME 36/20 (category Article 6 GDPR)and the right to freedom of information. The court also refers to Article 6(1)(e) GDPR, stressing that this provision does not in itself authorise data27 KB (4,222 words) - 15:16, 17 March 2022
- APD/GBA (Belgium) - 32/2022 (category Article 5(1)(c) GDPR)information", Article 15(1)(g) GDPR. Furthermore, the controller had violated Article 21(4) GDPR by not providing the information listed in Article 14 GDPR in its31 KB (4,547 words) - 15:54, 3 May 2022
- CNPD (Luxembourg) - Délibération n° 6FR/2023 (category Article 31 GDPR)controller for the purposes of Article 4(7) GDPR, and Company A was the processor for the purposes of Article 4(8) GDPR. The DPA found that both Companies55 KB (9,079 words) - 16:57, 6 December 2023
- BGH - VI ZB 39/18 (category Article 6(4) GDPR)account, inter alia, the criteria referred to in Article 6(4)(a) to (e) of the DPO (Article 6(4) DPO). Article 6 (4) of the DPA therefore permits further processing53 KB (8,894 words) - 15:56, 22 March 2022
- OVG Münster - 16 A 1582/21 (category Article 12(5) GDPR) (section Processing of Personal Data Partly by Automated Means, Article 2(1) GDPR)12(5)(1) GDPR as an independent claim. The broad concept of personal data underlying the GDPR (Article 4(1) GDPR), the wording and purpose of Article 15(3)(1)123 KB (20,784 words) - 10:11, 26 November 2021
- Circuit Court - 2019/04546 (category Article 5(1)(a) GDPR)extremes. 11.4 In addition, processing of personal data is only lawful where it is demonstrated to have a ‘legal basis’. Article 6 of the GDPR sets out what60 KB (9,004 words) - 09:39, 15 February 2024
- AP (The Netherlands) - 24.02.2022 (category Article 13(1)(e) GDPR)violation of article 32, paragraph 1, GDPR and article 13, paragraph 1, sub, GDPR BZ should end these violations as soon as possible. article58, paragraph2179 KB (22,957 words) - 17:07, 12 December 2023
- BVerfG - 1 BvR 276/17 (category Article 17 GDPR)violation of the general right of personality under Article 1.1, Article 2.1 of the Basic Law (Article 7, Article 8 of the Basic Law) was to be taken into account127 KB (21,367 words) - 16:00, 22 March 2022
- ICO (UK) - Brazier Consulting Services Ltd (category Article 4(11) GDPR)("the GDPR"): regulation 8(2) of the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019. Article 4( 11)43 KB (5,548 words) - 10:45, 28 July 2021
- AEPD (Spain) - PS/00010/2020 (category Article 6(1)(a) GDPR)AEPD held that the telecoms company 's actions were a breach of Article 6(1) GDPR. Article 6(1) does not apply here because they failed to prove that they22 KB (3,523 words) - 13:45, 13 December 2023
- UODO (Poland) - DKN.5112.13.2020 (category Article 5(1)(a) GDPR)in line with the principle of lawfulness in Article 5(1)(a) GDPR, as none of the conditions of Article 6 GDPR were satisfied. The data disclosed in the land60 KB (9,755 words) - 09:58, 17 November 2023
- CNIL (France) - SAN-2022-022 (category Article 12(3) GDPR)requests for information according to Article 15(1) GDPR. The ‘Business secrecy’ exception only applied to Article 15(4) GDPR, where a data subject would request59 KB (9,623 words) - 17:03, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9779057 (category Article 4(1) GDPR)without references to names. Moreover, (2) it included health data (Article 4(15) GDPR) as the newsletters were send to patients of the respected medical63 KB (9,916 words) - 11:28, 16 August 2022
- VGH Baden-Württemberg - 1 S 397/19 (category Article 5(1)(d) GDPR)force: "According to Article 16 sentence 1 GDPR, every data subject has the right to request the controller (see Article 4(7) GDPR) to correct incorrect112 KB (19,310 words) - 08:08, 23 June 2022
- CNIL (France) - SAN-2024-002 (category Article 5(1)(e) GDPR)purpose constituted a breach of Article 5(1)(e) GDPR. Secondly, the CNIL indicated that the controller breached Article 13 GDPR by failing to include the right56 KB (8,757 words) - 14:12, 28 February 2024
- APD/GBA (Belgium) - 39/2020 (category Article 5(1)(f) GDPR)obtained from them, as required under Article 14(1)(a) AVG and Article 14(2)(c)(e) and point (f) AVG; c. article 12 j° article 14 AVG, in view of the defendant62 KB (10,509 words) - 16:58, 12 December 2023
- APDCAT (Catalonia) - IAI 43/2022 (category Article 5(1)(a) GDPR)foreseen in Article 6(3) GDPR and its counterpart of the national law, Article 8 of Ley Orgánica 3/2018. On the other hand, Article 86 of the GDPR foresees34 KB (5,182 words) - 13:13, 14 December 2022
- CNIL (France) - SAN-2020-003 (category Article 5(1)(c) GDPR)disregarded the provisions of Article 5-1 e) of the GDPR. C. On the breach of the obligation to inform people 65. Article 13 of the GDPR requires the data controller61 KB (10,028 words) - 17:09, 6 December 2023
- CJEU - C-687/21 - MediaMarktSaturn (category Article 4 GDPR)inappropriate under Article 24 and 32 GDPR. In the context of damages, a combined reading of Article 5, 24, 32 and Recital 74 GDPR, evidenced to the court11 KB (1,606 words) - 09:59, 15 February 2024
- OGH - 6Ob87/21v (category Article 5(1)(c) GDPR)found no violation of Article 5(1)(c)(e) GDPR and a prevailing legitimate interest of the defendant according to Article 6(f) GDPR. It must be noted that38 KB (6,129 words) - 10:12, 10 September 2021
- Garante per la protezione dei dati personali (Italy) - 9920977 (category Article 13 GDPR)conformity with the data subject’s rights of information under Article 13 GDPR and Article 14 GDPR, the hospital should firstly make clear what the legal basis92 KB (14,476 words) - 08:25, 19 September 2023
- APD/GBA (Belgium) - 18/2020 (category Article 5 GDPR)therefore of the opinion that no breach of Article 5.2 of the GDPR, Article 24.1 of the GDPR and Article 33 of the GDPR can be established. - As regards the55 KB (8,810 words) - 16:55, 12 December 2023
- AEPD (Spain) - EXP202105333 (category Article 6(1) GDPR)of the Article 6.1 of the GDPR, typified in Article 83.5 a) of the GDPR, the sanction that would correspond would be a fine for an amount of 70,000 euros49 KB (7,973 words) - 13:25, 13 December 2023
- OLG Stuttgart - 9 U 34/21 (category Article 82 GDPR)data breach (Article 32 GDPR). Does the plaintiff have a right to compensation according to Article 82(1) GDPR and does Article 82(3) GDPR stipulate a reversal60 KB (10,254 words) - 11:22, 22 December 2021
- is only authorised where it is freely given, specific and informed (Article 4(11) GDPR). As there is no evidence of individuals consenting to third party42 KB (5,271 words) - 13:44, 23 June 2021
- APD/GBA (Belgium) - 07/2021 (category Article 5(1) GDPR)infringement of Article 5.1 b) in conjunction with Article 6.4. AVG, on article 5.1 a) in conjunction with article 6.1. AVG and on article 5.1 c) GDPR has been72 KB (11,208 words) - 16:51, 12 December 2023
- Court of Appeal of Brussels - 2020/AR/1160 (Second Interim Decision) (category Article 6(4) GDPR)consent by the data subject in accordance with Article 6 juncto Article 7 of the Regulation? 4° Must Article 17.2 of the General Data Protection Regulation67 KB (10,544 words) - 09:24, 10 September 2021
- AEPD (Spain) - PS/00114/2019 (category Article 6(1) GDPR)the RGPD must be observed. In turn, pursuant to article 83. 2.k GDPR, the circumstances described in article 76 LOPDGDD may also be taken into consideration60 KB (10,197 words) - 14:01, 13 December 2023
- CNIL (France) - SAN-2022-020 (category Article 3(2)(a) GDPR)Failure to ensure data protection by default (Article 25(2) GDPR) The DPA also found a violation of Article 25(2) GDPR regarding the controllers “X” icon at the59 KB (9,566 words) - 17:03, 6 December 2023
- Administrative Court - 14/2020 (category Article 6(1)(f) GDPR)personal data, within the meaning of Article 4(2) of Regulation. Louis Companies is responsible for processing (Article 4(7) of the Regulation). Data subjects15 KB (2,128 words) - 10:02, 15 February 2024
- APD/GBA (Belgium) - 75/2023 (category Article 6(1)(f) GDPR)paying profiles. II.4. Article 12(1),(2) and (3), Article 17, Article 19, Article 24(1) and Article 25(1) AVG 63. Article 12 (1) GDPR stipulates that the77 KB (11,604 words) - 08:55, 29 June 2023
- AEPD (Spain) - PS/00001/2021 (category Article 5(1)(f) GDPR)enshrined in Article 25 GDPR. Additionally, the AEPD concluded that the controller had violated Article 5(1)(f) GDPR, noting that although the GDPR does not270 KB (43,335 words) - 12:39, 13 December 2023
- NAIH (Hungary) - NAIH-2020-2546-5 (category Article 5(1)(c) GDPR)out in Article 6 (1) of the GDPR In addition, there is a circumstance within the meaning of Article 9 (2) of the GDPR. (45) Article 9 (2) of the GDPR does72 KB (11,159 words) - 10:09, 17 November 2023
- CNPD (Luxembourg) - Délibération n° 47FR/2021 (category Article 5(1)(c) GDPR)the processing is based on Article 6(1)(a) or on Article 9, (c) where the processing is based on Article 6(1)(a) or Article 9(2)(a), the existence of the69 KB (11,315 words) - 13:30, 19 January 2022
- APD/GBA (Belgium) - 38/2021 (category Article 5 GDPR)consent of the 10 complainant (article 6.1 a) of the GDPR combined with article 7 of the GDPR), (2) article 6.1 c) of the GDPR in that the publication results73 KB (11,604 words) - 16:57, 12 December 2023
- AEPD (Spain) - EXP202204881 (category Article 6(1) GDPR)of the Article 6.1 of the GDPR, typified in Article 83.5 a) of the GDPR, the sanction that would correspond would be a fine for an amount of 70,000 euros55 KB (9,017 words) - 10:46, 13 December 2023
- ICO - Monetary Penalty on Marriott International Inc. (category Article 5(1)(f) GDPR)within the meaning of section 3(4) DPA and Article 4(2) GDPR. 1.6. Marriott has not admitted liability for breach of the GDPR. However, for the reasons set241 KB (31,368 words) - 09:59, 9 May 2022
- APD/GBA (Belgium) - 81/2020 (category Article 5(1)(c) GDPR)they are processed (article 5.1 e) of the GDPR). 8.1.4. As for breaches of Articles 5.2. and 24 of the GDPR 88. Article 24.1 of the GDPR which covers Chapter127 KB (21,484 words) - 17:01, 12 December 2023
- APD/GBA (Belgium) - 71/2020 (category Article 4(1) GDPR)point 4.7. of the judgment article 6, d) and article 6, e) of the GBA law, but this should be read as article 6.1. d) and Article 6.1. e) of the GDPR. Decision79 KB (12,260 words) - 17:00, 12 December 2023
- Garante per la protezione dei dati personali (Italy) - 9795350 (category Article 5(1)(a) GDPR)required by Article 12 GDPR. The DPA clarified that the right of information and the right of access are distinct. An access request under Article 15 GDPR is not90 KB (14,651 words) - 08:07, 5 September 2022
- AP (The Netherlands) - 25.11.2021 (category Article 5(1)(a) GDPR)fairness principle, violating Article 5(1)(a) in conjunction with Article 6(1)(e) GDPR, and Article 6 in conjunction with Article 8 Personal Data Protection87 KB (11,601 words) - 17:08, 12 December 2023
- CNPD (Portugal) - Deliberação 2022/140 (category Article 5(1)(e) GDPR)violation of Article 5(1)(f) GDPR and a fine of €100,000 for the violation of Article 37 GDPR. The DPA issued a reprimand for the violations of Article 5(1)(e)75 KB (12,306 words) - 10:02, 21 December 2022
- Persónuvernd - 2020010577 (category Article 6(1)(a) GDPR)whether the processing is automatic or not, cf. Number 4 Article 3 of the Act and point 2. Article 4 of the Regulation. This case concerns the collection17 KB (2,716 words) - 16:21, 13 April 2021
- AEPD (Spain) - PS/00280/2022 (category Article 5(1)(f) GDPR)LPACAP), for the alleged infringement of article 5.1.f) of the RGPD and article 32 of the RGPD, typified in article 83.5 of the RGPD. EIGHTH: Notification30 KB (4,551 words) - 11:51, 9 February 2023
- APD/GBA (Belgium) - 117/2022 (category Article 6(1) GDPR)justification (Article 21.2 AVG and Article 21.3 AVG). The controller has within the period of one month after receipt of the complainant's request (Article 12.317 KB (2,319 words) - 11:23, 5 August 2022
- APD/GBA (Belgium) - 34/2020 (category Article 5(1)(b) GDPR)assessment against the GDPR A. Identification of the controllers involved (Article 4.7 GDPR) 24. In accordance with Article 4.7 GDPR, it must be the controller82 KB (13,250 words) - 16:57, 12 December 2023
- EDPB - Urgent Binding Decision 01/2023 (category Article 6(1)(f) GDPR)advertising purposes on the basis of Article 6(1)(b) GDPR and Article 6(1)(f) GDPR, pursuant to Article 58(2)(f) GDPR, to be effective one week after notification346 KB (48,181 words) - 16:39, 12 December 2023
- CNIL (France) - SAN-2021-024 (section The material competence of the CNIL and the non-application of the "one-stop shop" mechanism provided for by the GDPR)According to Article 94 of the GDPR "references to the repealed directive must be understood as references to the [GDPR]". 84. Under Article 4, paragraph82 KB (13,428 words) - 17:02, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9971433 (category Article 5(1)(a) GDPR)party. Therefore, the controller breached Article 5(1)(a) GDPR, Article 6(1)(a) GDPR, Article 7 GDPR, and Article 130 of the Italian privacy code, since the51 KB (7,993 words) - 12:39, 6 February 2024
- IP (Slovenia) - 0611-182/2021/23 (category Article 5(1)(b) GDPR)video surveillance, could be based on Article 6(1)(f) GDPR, and complied with Articles 3, 24 and 74 ZVOP-1 and Article 38 of the Slovenian Constitution. During53 KB (8,251 words) - 08:30, 27 September 2023
- BVerfG - 1 BvR 16/13 (category Article 17 GDPR)completely determined by it. This already follows from Article 1.3, Article 20.3 and Article 93.1 No. 4a of the Basic Law. According to these, the commitment133 KB (21,944 words) - 15:59, 22 March 2022
- Rb. Rotterdam - C/10/611345 / KG ZA 21-29 (category Article 6(4) GDPR)should prevail? 4.3. In addition to article 6: 162 DCC, the General Data Protection Regulation of 27 April 2016 (EU 2016/679, hereinafter: GDPR) applies. The23 KB (3,229 words) - 08:07, 10 May 2021
- AEPD (Spain) - EXP202203914 (category Article 6(1) GDPR)infringement of article 6.1 of the GDPR, typified in article 83.5 a) of the GDPR, the sanction that would correspond would be a fine for an amount of 70,000 euros37 KB (5,914 words) - 10:42, 13 December 2023
- Persónuvernd (Iceland) - Case no. 2021030666 (category Article 5 GDPR)assessed whether the case fell within the scope of the GDPR. It mentioned that according to Article 4(2) GDPR "processing" means " means any operation or set19 KB (2,935 words) - 12:16, 11 January 2023
- Tietosuojavaltuutetun toimisto (Finland) - 310/161/23 (category Article 83(6) GDPR)paragraphs 4, 5 and 6 in accordance with this article is effective, proportionate and dissuasive in each individual case. 72. According to Article 83(2) of71 KB (11,552 words) - 13:40, 12 January 2024
- APD/GBA (Belgium) - 31/2022 (category Article 5(1)(a) GDPR)of his personal data would be based 5. 1, a) GDPR, Article 6, Article 12.1 GDPR and Article 14.1 a) GDPR. 67. Moreover, a controller, in this case defendant84 KB (12,933 words) - 16:46, 12 December 2023
- CNIL (France) - SAN-2020-013 (category Article 6 GDPR)derogant rule, based on the interpretation of Article 95 GDPR in the line of the Rec (173) GDPR and Article 1(2) and 15a of the ePrivacy Directive. The CNIL82 KB (13,424 words) - 17:10, 6 December 2023
- Persónuvernd (Iceland) - 2021101915 (category Article 5 GDPR)the above, cf. Paragraph 1 Article 39 of the law. According to paragraph 2 Article 4 of the law, cf. point c, paragraph 2 Article 2 of the regulation, the21 KB (3,374 words) - 13:28, 8 March 2023
- RvS - 201902604/1/A3 (category Article 15 GDPR)data of [the appellant]. 4.3. In view of the provisions of 4.2. alone, the new overview does not meet the requirements of Article 35, second paragraph, of20 KB (3,234 words) - 12:01, 24 March 2022
- APD/GBA (Belgium) - 25/2020 (category Article 5 GDPR)the basis of article 92, 3° of the WOG. 14. The inspection report shall identify potential breaches of Article 5(1). 2 of the AVG, Article 6 of the AVG84 KB (14,035 words) - 16:56, 12 December 2023
- AG Hamburg-Bergedorf - 410d C 197/20 (category Article 6(1) GDPR)advertising violated Article 6(1) GDPR. However, this violation alone was not sufficient to justify a claim for damages. Pursuant to Article 82(1) GDPR, a claim for19 KB (3,009 words) - 12:26, 2 February 2022
- APD/GBA (Belgium) - 73/2020 (category Article 5 GDPR)plain. The word "concise" in Article 12(1) GDPR, however, does not mean incomplete, all mandatory information from Article 13 GDPR must still be included. The93 KB (14,040 words) - 17:00, 12 December 2023
- Persónuvernd - 2020010616 (category Article 5(1)(c) GDPR)processing principles under Article 5 GDPR? Did an exception to the prohibition of processing of health data under Article 9(2) GDPR apply? The Icelandic DPA23 KB (3,612 words) - 13:17, 17 July 2020
- Rb. Overijssel - ZWO 22/775 (category Article 4(1) GDPR)did not prove that the MAC addresses constituted personal data (cf Article 4(1) GDPR), because it did not sufficiently prove that the controller would be26 KB (4,142 words) - 15:30, 27 March 2024
- LG Essen - 18 O 204/21 (category Article 4(1) GDPR)data under Article 4(1) GDPR. Moreover the court found that the controller can refuse to act on the request according to Article 12(5)(b) GDPR, because the24 KB (3,694 words) - 10:56, 15 June 2022
- CNPD (Portugal) - Deliberação 2022/1072 (category Article 83(4)(a) GDPR)paragraph 3, all of article 35, and paragraph a) of paragraph 4 of article 83, all GDPR, with a fine of up to €20,000,000 or up to 4% of annual turnover163 KB (27,222 words) - 16:54, 6 December 2023
- APD/GBA (Belgium) - 71/2022 (category Article 21(4) GDPR)infringement of Article 38.3 of the GDPR, but no infringement on Article 38. 1, 38.2 and 38.6 of the GDPR and no infringement of Article 39 of the GDPR. 5. On February69 KB (10,468 words) - 07:37, 9 June 2022
- Garante per la protezione dei dati personali (Italy) - 9988710 (category Article 5(1)(f) GDPR)found the following infringements. Enel Energia violated Article 5(1)(f) GDPR and Article 32 GDPR where it failed to carry out an adequate assessment of208 KB (33,932 words) - 11:40, 17 April 2024
- Persónuvernd - 2020010548 (category Article 2(2)(c) GDPR)2016/679, cf. Paragraph 1 Article 4 of the Act, and thereby the authority of the Data Protection Authority, cf. Paragraph 1 Article 39 of the Act, covers the23 KB (3,745 words) - 09:50, 6 May 2021
- Persónuvernd (Iceland) - nr. 2020082238 (category Article 5(1)(a) GDPR)whether the processing is automatic or not, cf. Number 4 Article 3 of the Act and point 2. Article 4 of the Regulation. As stated earlier, the resolution26 KB (3,942 words) - 10:18, 5 October 2021
- CNIL (France) - SAN-2023-023 (category Article 5(1)(e) GDPR)12 and 13 of the GDPR constitute breaches of key principles of the GDPR likely to be subject to, under Article 83 of the GDPR. GDPR, an administrative60 KB (9,512 words) - 10:08, 31 January 2024
- ICO (UK) - Cabinet Office (category Article 5(1)(f) GDPR)data associated with this incident (Article 4(7) of the GDPR). 5. "Personal data" is defined by Article 4(1) of the GDPR to mean: "any information relating79 KB (10,566 words) - 10:48, 7 December 2021
- APD/GBA (Belgium) - 141/2021 (category Article 38(6) GDPR)meaning of Article 4. The Dispute Resolution Chamber notes that consulting personal data does constitute processing within the meaning of Article 4(2) of the90 KB (14,937 words) - 12:35, 3 August 2022
- EDPB - Urgent Binding Decision 1/2021 - 'WhatsApp' (category Article 5(1)(a) GDPR)violates Article 5(1), Article 6(1) and Article 12(1) GDPR. Therefore the DE-HH SA adopted, on 10 May 2021, provisional measures under Article 66(1) GDPR, based188 KB (31,298 words) - 12:31, 20 January 2023
- Hoge Raad - ECLI:NL:PHR:2023:935 (category Article 5(1)(c) GDPR)Hague October 4, 2022, ECLI:NL:GHDHA:2022:2100, para. 3.1-3.13. 4 Conclusion 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 Exhibit 4 to the introductory103 KB (17,620 words) - 10:13, 29 November 2023
- APD/GBA (Belgium) - 85/2022 (category Article 4(11) GDPR)(potential violation of Articles4.11, 6.1 a) and 7.1 GDPR): ▪ The GDPR requires a “statement or unequivocal active act” (Article 4.11 GDPR), which means that all171 KB (24,826 words) - 15:55, 18 June 2022
- BVwG - W274 2243175-1 (category Article 2(2)(c) GDPR)Section 4 (1) GDPR declares that the GDPR is applicable in addition to the GDPR, without referring to the exceptions in Article 2 (2), (3) and (4) of the27 KB (4,375 words) - 12:17, 21 January 2022
- APD/GBA (Belgium) - 105/2023 (category Article 5(1)(a) GDPR)therefore an infringement of Article 5 at the time of the facts. 1, a) GDPR, Article 6, Article 12.1 GDPR and Article 14.1 a) GDPR. 90. In addition, a controller102 KB (15,787 words) - 07:39, 6 September 2023
- CE - 466115 (category Article 5 GDPR)association, a disregard of article 5 of the GDPR. 7. It follows that the arguments based on disregard for this article of the GDPR can only be dismissed. On28 KB (4,287 words) - 09:20, 23 February 2024
- AEPD (Spain) - PS/00259/2020 (category Article 6(1)(f) GDPR)This is inferred from Article 6.1.f) of the RGPD in connection with Article 21.3 and Recitals 47, 69 and 70 of the GDPR, Article 21 of the RGPD regulates158 KB (25,857 words) - 13:56, 14 July 2021
- VG Düsseldorf - 29 K 7031/19 (category Article 77 GDPR)DPA under Article 78 of the GDPR. The court dismissed the complaint. It found that the plaintiff is precluded from having recourse to the GDPR in connection27 KB (4,391 words) - 13:32, 20 November 2021
- OLG Brandenburg - 4 U 111/21 (category Article 6(1)(f) GDPR)compliance with the minimum wage of its employees acts in accordance with Article 6(1)(f) GDPR if it observes the limits of necessity and data economy. The plaintiff32 KB (5,078 words) - 12:59, 6 April 2022
- VG Berlin - VG 3L 1028.19 (category Article 17(1)(a) GDPR)the requirements of Article 17 GDPR fulfilled and would the defendant require to delete the school record? Article 17 (1) (a) GDPR grants a right to delete30 KB (4,986 words) - 15:50, 17 March 2022
- CE - N° 434684 (category Article 7 GDPR)equipment? - Question 4: Are Articles 2(f) and 5(3) of Directive 2002/58EC, read in conjunction with Article 4(11), Article 95 and Recital 4 of Regulation (EU)32 KB (5,281 words) - 09:50, 10 September 2021
- Rb. Noord-Nederland - C/ 18/189406/HA ZA 19-6 (category Article 5(1)(f) GDPR)loss of control of personal data and a breach of Article 5(1)(f) GDPR, Article 6 GDPR and Article 32(2) GDPR. The first complainant is a company that is engaged105 KB (18,002 words) - 16:24, 10 March 2022
- CNIL (France) - Deliberation SAN-2022-024 of December 20, 2022 (category Article 4(11) GDPR)understood within the meaning of consent as defined in Article 4(11) GDPR. As explained by recital 42 GDPR, "[c]onsent should not be regarded as freely given73 KB (11,822 words) - 11:58, 11 January 2023
- Rb. Amsterdam - 20/4850 (category Article 6(1)(f) GDPR)any other legal ground, in breach of Article 5(1)(b) and Article 6(1) read in conjunction with Article 5(1)(a) GDPR. The DPA fined the controller €525,00030 KB (4,796 words) - 07:05, 4 October 2022
- CNIL (France) - SAN-2020-008 (category Article 5(1)(e) GDPR)violation of Article 12 GDPR ? Are the following practices an infringement on data subjects' information right as described in Article 12 GDPR ? Spreading104 KB (16,646 words) - 17:09, 6 December 2023
- CNPD (Luxembourg) - Délibération n° 35FR/2021 (category Article 5(1)(c) GDPR)consent provided for in Article 4.10) of the GDPR, as well as the conditions applicable to consent provided for in Article 7 of the GDPR. 25 Guidelines 5/202081 KB (11,748 words) - 10:59, 17 November 2021
- LG München I - 5 O 5853/22 (category Article 5(1)(f) GDPR)organizational measures pursuant to Article 32 GDPR. The court held that the controller violated Article 32(1) GDPR, which requires appropriate technical31 KB (5,017 words) - 15:08, 20 October 2023
- AEPD (Spain) - PS/00356/2020 (category Article 6(1) GDPR)sanctioning procedure against VODAFONE ESPAÑA S.A.U. for infringing Article 6(1) GDPR. Vodafone, recognising its responsibility, made an early payment of26 KB (3,848 words) - 14:31, 13 December 2023
- BfDI (Germany) - 24-191 II (category Article 15 GDPR)all of his data under Article 15 GDPR. He also requested to have his data transmitted in a portable format under Article 20 GDPR. The controller responded24 KB (3,831 words) - 16:21, 23 March 2022
- CNIL (France) - SAN-2023-009 (category Article 7(1) GDPR)retains a personal character, within the meaning of Article 4, 1) of the GDPR. 42. It follows that the GDPR is applicable and that, in view of what has been78 KB (12,701 words) - 10:11, 28 June 2023
- APD/GBA (Belgium) - 24/2021 (category Article 6 GDPR)and transparency (Article 5.1 a) GDPR), purpose limitation (Article 5.1 b) GDPR) and minimum data processing (Article 5.1 c) GDPR); 4) the legal basis for110 KB (18,238 words) - 16:56, 12 December 2023
- DSB (Austria) - 2021-0.285.169 (category Article 4(1) GDPR) (section GDPR Does Not Apply Due to Exception of Article 2(2)(c) GDPR)meaning of Article 4(15) GDPR. The DSB founds that the GDPR does not apply due to the household exception provided for in Article 2(2)(c) GDPR. Pursuant31 KB (4,887 words) - 14:21, 21 July 2021
- VG Potsdam - 11 K 4526/16 (category Article 4(1) GDPR)provided for in Article 15(1) GDPR, which was kept by the Higher Administrative Court. The Court denied the request. Does Article 15 GDPR apply to hand written33 KB (5,306 words) - 15:12, 22 March 2022
- CJEU - C-205/21 - Ministerstvo na vatreshnite raboti (category Article 9 GDPR)provided for in Article 9 of the GDPR or Article 51 of the ZZLD. 30 Under Article 27 of the ZMVR, data recorded by the police pursuant to Article 68 of that110 KB (18,000 words) - 08:01, 5 June 2023
- IP - 0610-376/2020/35 (category Article 13(1) GDPR)should comply with the criteria set out in Article 6. (4) General Regulations. The application of Article 6 (4) of the General Regulation to a change in110 KB (17,995 words) - 11:15, 22 April 2021
- ICO (UK) - Tempcover Ltd (category Article 4(11) GDPR)(“the GDPR”): regulation 8(2) of the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019. Article 4(11) of40 KB (5,684 words) - 18:42, 16 February 2022
- paragraph of Article 2, ZKme-1 (point a) of the third paragraph of Article 5, the first paragraph of Article 139, the second paragraph of Article 143 of the30 KB (4,951 words) - 10:08, 8 March 2023
- AEPD (Spain) - PS/00070/2019 (category Article 4(11) GDPR)referred to Article 5(1)(a) (principle of lawfulness, fairness and transparency), Article 12(1), Article 7, Article 13 and Article 14 GDPR, the corresponding422 KB (70,184 words) - 13:56, 13 December 2023
- Council of State - 253.677 (category Article 9 GDPR)was not signed in accordance with the provisions of Article 43(1). It also follows from Article 76(1)(4) of the Royal Decree of April 18, 2017 that failure85 KB (13,820 words) - 09:28, 2 March 2023
- APD/GBA (Belgium) - 11/2022 (category Article 4(1) GDPR)interpreted Article 5.3 of the Directive Privacy and electronic communications using the GDPR, specifically on the basis of Article 4.11, Article 6.1.a GDPR (consent92 KB (13,989 words) - 14:56, 3 February 2022
- VG Wiesbaden - 6 L 738/21.WI (category Article 4(7) GDPR)so Article 48 GDPR does not apply. Moreover, the Court considered that none of the conditions referred to in Article 49(1) and Article 49(2) GDPR is fulfilled35 KB (5,925 words) - 09:07, 22 December 2021
- FG München - 15 K 118/20 (category Article 4(7) GDPR)personal data under Article 15(1) GDPR is limited by the law. Limitations result from Article 13(4) GDPR and Article 23(1)(e) GDPR in conjunction with85 KB (14,338 words) - 22:04, 9 February 2022
- ICO (UK) - We Buy Any Car Limited (category Article 4(11) GDPR)(“the GDPR”): Regulation 8(2) of the Data Protection, P rivacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019. Ar ticle 4(11)41 KB (5,743 words) - 11:44, 21 September 2021
- VG Hamburg - 17 K 3920/19 (category Article 6(1)(c) GDPR)by his employer as a public institution is lawful according to Article 6(1)(c), (e) GDPR and the applicable Hamburg transparency law. The Court argued that37 KB (5,831 words) - 15:07, 22 March 2022
- NAIH (Hungary) - NAIH – 6427-1/2023 (category Article 5(1)(b) GDPR)were in violation of Article 5(1)(e) GDPR and Article 32 GDPR, but the DPA dismissed its previous finding of the Article 5(1)(b) GDPR violation. The DPA87 KB (14,360 words) - 08:30, 27 September 2023
- AEPD (Spain) - PS/00348/2020 (category Article 5(1)(a) GDPR)claimant’s signature constitute a breach under the GDPR? The AEPD held that Vodafone violated Article 6(1) GDPR, as they had processed the claimant’s data without38 KB (5,648 words) - 14:31, 13 December 2023
- the meaning of Article 9 of the GDPR must indeed be based on Article 9.2 of the GDPR, read in conjunction with Article 6.1 of the GDPR. 24 This has been207 KB (31,357 words) - 14:21, 8 June 2022
- EWHC (UK)- QB- Soriano v Forensic News LLC (category Article 3(1) GDPR)conferred by article 79(2) of the GDPR. This is the relevant provision for the purposes of para 3.1(20) of CPR Practice Direction 3B. Article 79(2) provides:108 KB (18,178 words) - 11:57, 29 November 2021
- OLG Hamm - 11 U 88/22 (category Article 82 GDPR)2022, Article 82 GDPR, paragraph 20; Nemitz, in: Ehmann/Selmayr, GDPR, 2nd edition 2018, Article 82, paragraph 20; Gola/Piltz, in: Gola/Heckmann, GDPR/ BDSG85 KB (14,523 words) - 05:28, 26 April 2023
- (“the GDPR”): regulation 8(2) of the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019. Article 4(11) of39 KB (5,404 words) - 11:56, 21 September 2021
- Datatilsynet (Denmark) - 2021-7329-0052 (category Article 26 GDPR)accordance with Article 4(7) GDPR for any Processing of Personal Information in Business Tool Data under GDPR not subject to Sections 5.a.i and 5.a.ii.” 4 Meta Ireland’s104 KB (14,260 words) - 13:54, 9 June 2023
- VG Wiesbaden - 6 K 549/21.WI (category Article 6(1)(f) GDPR)to Art. 17 GDPR. There are none of the reasons set out in Article 17 (1) a to f GDPR. A right to erasure according to Art. 17 Para. 1 d GDPR is ruled out32 KB (5,175 words) - 08:40, 12 January 2022
- GHAL - 200.278.124/01 (category Article 5(1)(c) GDPR)in Article 17 GDPR (cf. Article 17 (3) b GDPR). In that case, the data subject does not have the right to object as referred to in Article 21 GDPR, because35 KB (5,805 words) - 10:04, 14 December 2023
- VG Ansbach - AN 14 K 20.00083 (category Article 6(1)(b) GDPR)areas pursuant to Article 58(2)(f) GDPR. The court held that the video surveillance was not lawful pursuant to Article 6(1)(a) GDPR as the data subjects36 KB (5,858 words) - 13:51, 16 May 2022
- CNIL (France) - SAN-2021-014 (category Article 16 GDPR)provided for in Article 30 of the Rules. 4. On the breach of the obligation to cooperate with the services of the CNIL 60. Article 31 of the GDPR provides that37 KB (6,021 words) - 07:23, 23 September 2021
- HDPA (Greece) - 44/2019 (category Article 5(1) GDPR)internal compliance and accountability according to Article 5(1) GDPR, Article 5(2) GDPR and Article 6(1) GDPR. Since the company had totally ignored the its127 KB (21,184 words) - 15:39, 6 December 2023
- APD/GBA (Belgium) - 172/2022 (category Article 12(4) GDPR)personal data within the meaning of Article 4.1) of the GDPR. 14 12 GDPR, Art. 4, 1). ; Opinion 4/2007 of the “article 29” working group on data protection43 KB (6,300 words) - 11:35, 20 December 2022
- BVwG - W101 2218962-1 (category Article 4(1) GDPR)date 07/28/2022 standard B-VG Art133 Para.4 DSG §24 paragraph 1 DSG §24 paragraph 5 GDPR Art12 GDPR Art15 GDPR Art4 VwGVG §28 paragraph 2 WTBG 2017 §80 saying42 KB (6,586 words) - 09:33, 17 September 2022
- APD/GBA (Belgium) - 158/2022 (category Article 12(4) GDPR)(pursuant to Article 95(1)(4) LCA and Article 58(2)(a) GDPR) for the controller because it seemed to fail to comply with Articles 6 and 24 GDPR. The DPA warned42 KB (6,128 words) - 12:47, 16 November 2022
- Clearview AI, according to Chapter 4 Section 2 of the Criminal Data Act with the restrictions that follow from Chapter 4 § 5 of the same law. The information43 KB (4,945 words) - 15:22, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9909235 (category Article 5(1)(a) GDPR)accounts of three of its former employees in violation of Article 5(1) GDPR and Article 13 GDPR. GEICO S.p.A., the controller, was the employer of the three90 KB (14,258 words) - 14:14, 3 January 2024
- Garante per la protezione dei dati personali (Italy) - 9791886 (category Article 35 GDPR)the Guarantor pursuant to article 36 of the Regulation "(article 110 of the Code, article 9, paragraph 2, letter j) and par. 4 of the Regulation). In the97 KB (15,437 words) - 11:27, 16 August 2022
- Datatilsynet (Norway) - 0/02422 (category Article 5(1)(e) GDPR)October 2022. 18See Art. 60(6) GDPR. 3 4. Legal Background 4.1. Scope of Application of the GDPR Under Article 2(1) GDPR, the Regulation: “[…] applies to162 KB (24,007 words) - 19:41, 15 February 2023
- Rb. Zeeland-West-Brabant - C/02/358389/HA RK 19-110 (category Article 6(1)(c) GDPR)the data subject’s consent under Article 6(1)(a) GDPR but on compliance with legal obligations under Article 6(1)(c) GDPR and that the data subject did not39 KB (6,517 words) - 14:54, 17 March 2022
- IMY (Sweden) - DI-2020-10549 (category Article 5(1)(c) GDPR)for GDPR violations before. Thus, the DPA issued a reprimand to the controller for breaching Article 5(1)(c) GDPR, Article 12(2) GDPR and 12(6) GDPR. Share56 KB (6,423 words) - 08:14, 30 April 2024
- LG Köln - 28 O 138/22 (category Article 82 GDPR)analogously, Section 823 (1) and (2) BGB in conjunction with Article 6 (1) GDPR and Article 17 GDPR. Claims under data protection law could be asserted by way39 KB (6,362 words) - 14:01, 22 June 2023
- ICO (UK) - LTH Holdings Limited (category Article 4(11) GDPR)to receive calls. The ICO highlighted that consent, as defined by Article 4(11) GDPR, must be "freely given", meaning an organisation must be able to demonstrate54 KB (6,922 words) - 11:45, 16 June 2021
- BlnBDI (Berlin) - 521.14877.15 (category Article 7 GDPR)the GDPR includes both a reference to the definition of consent (article 4 of the GDPR) as well as to the conditions of it (article 7 of the GDPR) 34.46 KB (6,937 words) - 15:56, 26 September 2023
- ICO (UK) - HIV Scotland (category Article 5(1)(f) GDPR)under the GDPR. 14. By Article 57(1) of the GDPR, it is the Commissioner'task to monitor and enforce the application of the GDPR. 15. By Article 58(2)(d)of55 KB (6,916 words) - 07:27, 26 October 2021
- FG Berlin-Brandenburg - 16 K 5148/20 (category Article 4(1) GDPR)processing (Article 18 GDPR), right to data portability (Article 20 GDPR) and right to object (Article 21 GDPR). The right to information under Art. 15 GDPR cannot45 KB (7,420 words) - 18:15, 12 March 2024
- NAIH (Hungary) - NAIH-373-31/2023 (category Article 5(1)(b) GDPR)according to Article 4, point 11, as well as the Restrictions according to Article 7 GDPR. (149) According to Article 5 (1) point b) of the GDPR, personal140 KB (23,189 words) - 08:25, 20 February 2024
- Garante per la protezione dei dati personali (Italy) - 9751137 (category Article 5(1)(a) GDPR)fairness and transparency under Article 5(1)(a) GDPR, as well as the data subject’s right to information under Articles 12 and 13 GDPR, and issued a fine of €1041 KB (6,671 words) - 16:56, 23 March 2022
- ICO (UK) - The Central Young Men’s Christian Association (category Article 5(1)(f) GDPR)the UK GDPR and the DPA. They are obliged by Article 5(2) to adhere to the data processing principles set out in Article 5(1) of the UK GDPR. Article 5(2)54 KB (7,579 words) - 16:44, 7 May 2024
- ICO (UK) - Mermaids (category Article 5(1)(f) GDPR)for by Article 51 of the GDPR. 13. By Article 57(1) of the GDPR, it is the Commissioner's task to monitor and enforce the application of the GDPR. 14. By58 KB (7,695 words) - 09:00, 28 July 2021
- BVwG - W211 2221963-1 (category Article 6 GDPR)pursuant to Article 14 (1) (d), (e) and (f) and (2) (c), (e) and (f) of the GDPR in accordance with Article 14 (5) (a) of the GDPR (point 4). It was explained43 KB (7,062 words) - 19:38, 18 January 2021
- CNIL (France) - SAN-2021-022 (category Article 5(1) GDPR)cooperation process set up by the GDPR, all supervisory authorities concerned within the meaning of Article 4(22) of the GDPR may issue relevant and reasoned49 KB (7,295 words) - 10:16, 10 July 2022
- Datatilsynet (Norway) - 21/03126 (category Article 83(4)(a) GDPR)purposes of Article 4(16) GDPR." Consequently, the DPA concluded that the cooperation mechanism and procedure set out in Article 56(1) GDPR and Article 60 GDPR133 KB (19,309 words) - 05:16, 24 March 2023
- IMY (Sweden) - IMY-2022-9109 (category Article 12(2) GDPR)DPA issued a reprimand to the controller for breaching Article 12(2) GDPR and Article 12(6) GDPR. Share your comments here! Share blogs or news articles65 KB (7,759 words) - 10:10, 30 April 2024
- DSB (Austria) - 2023-0.594.826 (category Article 4(7) GDPR)III No. 84/2018 as amended: Article 15, Article 17, Article 51, paragraph one, Article 57, paragraph one, letter f, and Article 77, paragraph one, of Regulation56 KB (8,692 words) - 14:58, 10 April 2024
- LAG Schleswig-Holstein - 1 Sa 148/22 (category Article 4(1) GDPR)provided in each case in accordance with Art. 4 No. 2 GDPR, profiling them in accordance with Art. 4 No. 4 GDPR or other third parties other than their legal51 KB (8,324 words) - 15:52, 18 January 2024
- APDCAT (Catalonia) - PS 57/2023 (category Article 5(1)(f) GDPR)provided for article 77.1 of the LOPDGDD, results from the application of the general sanctioning regime provided for in article 83 of the RGPD. Article 83.5 of52 KB (7,751 words) - 14:16, 17 April 2024
- VG Neustadt an der Weinstraße - 3 L 763/22.NW (category Article 4 GDPR)court upheld Article 6(1)(e) GDPR as the legal basis for the processing of personal data. Furthermore, according to the court, Article 9(2)(j) GDPR states that54 KB (8,511 words) - 09:03, 16 December 2022
- OGH - 6Ob48/21h (category Article 80 GDPR)data as part of the credit check is based on Article 6 Paragraph 1b GDPR and Article 6 Paragraph 1f GDPR. We basically have a legitimate interest in carrying50 KB (8,140 words) - 12:09, 1 October 2021
- ICO (UK) - AMEX (category Article 4(11) GDPR)430 and 432(6)). 6. Consent is defined in Article 4(11) the General Data Protection Regulation 2016/679 ("GDPR") as "any freely given, specific, informed72 KB (8,623 words) - 10:38, 26 May 2021
- CNPD (Portugal) - Deliberaçao 2024/137 (category Article 5(1)(a) GDPR)conjunction with Article 3, Article 4(2) and Article 8(1)(b) of Law No. 58/2019, all of which implement the GDPR in the internal legal order.Article 4(2) and Article49 KB (7,923 words) - 14:36, 3 April 2024
- AEPD (Spain) - PS/00276/2021 (category Article 6(1)(b) GDPR)personal data was the necessity for the performance of a contract (Article 6(1)(b) GDPR). The AEPD confirmed that the website was not public and that only40 KB (6,381 words) - 10:12, 7 December 2021
- AEPD (Spain) - EXP202207521 (category Article 6(1) GDPR)hereafter, LPACAP), for the alleged infringement of article 6.1 of the GDPR, typified in Article 83.5 of the GDPR. The startup agreement was sent, in accordance54 KB (8,747 words) - 08:36, 30 August 2023
- CNIL (France) - SAN-2024-003 (category Article 4(11) GDPR)that there was no breach of Article 32 GDPR. Thus, the CNIL imposed a €310,000 fine on the controller for breaching Article 6 GDPR. To grasp the notion of52 KB (8,208 words) - 10:44, 13 March 2024
- LAG Berlin-Brandenburg - 10 Sa 2130/19 (category Article 4(14) GDPR)rely on Article 9(2)(b) GDPR. The LArbG Berlin-Brandenburg also confirmed that the processing was not necessary in light of Article 9(2)(b) GDPR, and emphasised50 KB (8,194 words) - 12:05, 3 March 2022
- OLG Stuttgart - 2 U 257/19 (category Article 13 GDPR)Data Protection Regulation. Pursuant to Article 8 (3) no. 2 UWG in conjunction with § Article 8 (1) and Article 3a UWG authorise competition associations52 KB (8,574 words) - 16:03, 10 March 2022
- LG Itzehoe - 10 O 84/20 (category Article 4 GDPR)with the terminology resulting from the GDPR (Art. 4 No. 1: "Personal data", Art. 4 No. 2: "Processing", Art. 4 No. 6: "File system"), (Gola/Heckmann/Gola/Reif48 KB (7,794 words) - 14:12, 6 July 2022
- Garante per la protezione dei dati personali (Italy) - 9771545 (category Article 5(1)(a) GDPR)duties under Article 13 GDPR, as the information allegedly provided to the data subject lacked the requirements laid down in said Article, and the relevant43 KB (6,766 words) - 14:59, 2 May 2023
- NAIH (Hungary) - NAIH-13-10/2022 (category Article 5(1)(a) GDPR)procedure a It can be submitted in the case specified in Article 77 (1) of the GDPR. Article 77 (1) of the General Data Protection Regulation: Other administrative51 KB (8,202 words) - 14:49, 12 October 2022
- ICO (UK) - The Money Hive Limited (category Article 4(11) GDPR)("the GDPR"): regulation 8(2) of the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019. Article 4(11) of63 KB (8,280 words) - 14:53, 2 March 2022
- APD/GBA (Belgium) - 07/2024 (category Article 5(1)(c) GDPR)of the GDPR has violated: iv. Article 4.11), Article 5.1.a) and 5.2, Article 6.1.a), as well as Article 7.1 and 7.3 GDPR; v. Article 5, Article 24.1, as350 KB (51,369 words) - 09:25, 31 January 2024
- APD/GBA (Belgium) - 72/2021 (category Article 6(1)(e) GDPR)conditions provided for in Article 6.1.e) are met by the species. Under Article 6.3.b) and recital 45 of the GDPR, processing based on Article 6.1.e) must meet two57 KB (8,330 words) - 11:53, 30 June 2021
- CNIL (France) - SAN-2022-009 (category Article 28 GDPR)requirements of Article 28(3) GDPR. The processor did not dispute this violation. However, it claimed that it was not solely responsible as Article 28(3) GDPR imposes52 KB (8,268 words) - 13:02, 27 April 2022
- CNIL (France) - SAN-2022-017 (category Article 12(1) GDPR)proportionate, and dissuasive per Article 83(1) GDPR, and so the EDPB adopted a binding resolution in accordance with Article 65 GDPR to settle the dispute. The59 KB (8,323 words) - 11:51, 31 August 2022
- PHR - 22/01253 (category Article 15 GDPR)the grounds stated in paragraph 4 below, in particular in marginal numbers 4.16, 4.22, 4.24, 4.29, 4.30, 4.31, 4.35 and 4.36. I explain the ground of appeal241 KB (42,617 words) - 14:14, 13 September 2022
- NAIH (Hungary) - NAIH-3734-15/2023 (category Article 6(1)(f) GDPR)legislation (30) Based on Article 2 (1) of the GDPR, the GDPR must be applied to the data processing in this case. (31) Recital (47) GDPR: The data controller48 KB (7,721 words) - 11:09, 10 January 2024
- VwGH - Ro 2021/04/0010 (category Article 4 GDPR)data processing in question is profiling within the meaning of Article 4, Paragraph 4, GDPR, which creates “informational added value” to which express reference190 KB (30,999 words) - 10:00, 21 February 2024
- IDPC (Malta) - EDPBI:MT:OSS:D:2019:70 (category Article 15 GDPR)under the GDPR and to keep within the legal timeframes; and also giving due regard to the circumstances contemplated under Article 83.2 of the GDPR and taking10 KB (1,255 words) - 13:48, 9 February 2022
- VwGH - Ro 2019/04/0229 (category Article 4(7) GDPR)pursuant to Article 52, paragraph 2, item 7, DSG 2000 in conjunction with Article 69, paragraph 5, DSG and Article 62, paragraph 1, item 4, DSG, or 4) pursuant59 KB (8,848 words) - 12:41, 16 September 2021
- DSB (Austria) - DPA 2023-0.594.826 (category Article 4(7) GDPR)III No. 84/2018 as amended: Article 15, Article 17, Article 51, paragraph one, Article 57, paragraph one, letter f, and Article 77, paragraph one, of Regulation56 KB (8,709 words) - 14:27, 10 April 2024
- VwGH - Ro 2021/04/0010-11 (category Article 4(4) GDPR)algorithm. Under Article 4(4) GDPR, this processing of data is considered profiling. According to Austrian data protection law (see Article 1 §2 DSG), processing144 KB (21,026 words) - 14:50, 27 March 2024
- OGH - 6Ob129/21w (category Article 4(1) GDPR)provisions of the GDPR under national law implementing Article 85 GDPR. Processing can be based on legitimate interests under Article 6(1)(f) GDPR. In 2019, the60 KB (9,555 words) - 14:13, 2 March 2022
- DPC - Inquiry into University College Dublin (IN-19-7-4) (category Article 5(1)(f) GDPR)infringe Articles 5(1)(f)- 5(1)(e) and 33(1) GDPR? The DPC held that UCD infringed: - Articles 5(1)(f) and 32(1) GDPR by failing to process personal data on5 KB (626 words) - 16:35, 28 October 2021
- Garante per la protezione dei dati personali (Italy) - 9880398 (category Article 5(1)(a) GDPR)the processing was lawful within the meaning of Article 5(1)(a) GDPR. According to Article 88 GDPR, the GDPR is applicable without prejudice to more protective123 KB (20,446 words) - 14:39, 13 June 2023
- VG Berlin - 1 K 561/21 (category Article 4(1) GDPR)constitute perosnal data under Article 4(1) GDPR, since the individuals are identifiable and also because under Article 11 GDPR, it is not mandatory that individuals57 KB (9,204 words) - 10:55, 23 November 2023
- ICO (UK) - Monetary Penalty Notice to Easylife Limited (category Article 5(1)(a) GDPR)in the GDPR and the DPA. They are obliged by Article 5(2) to adhere to the data processing principles set out in Article 5(1) of the GDPR. Article 5(2) makes77 KB (9,347 words) - 07:39, 13 October 2022
- OGH - 6Ob56/21k (category Article 2(2)(c) GDPR)states is superimposed (see Recital 146 S 4 and 5 on the GDPR; cf. also Frenzel in Paal / Pauly, GDPR-BDSG3 Art 82 GDPR margin no.1; Wybitul / Haß / Albrecht127 KB (21,056 words) - 08:17, 19 August 2021
- APD/GBA (Belgium) - 62/2022 (category Article 12 GDPR)controller violated Article 6 GDPR because it had no legal basis to disclose the email addresses. It reasoned that Article 6(1)(a) GDPR was not applicable58 KB (9,477 words) - 18:41, 1 June 2022
- OLG Celle - 13 U 84/19 (category Article 16 GDPR)from the scope of Article 16 GDPR, in my opinion, already follows from the word "inaccurate" in the first sentence of Article 16 GDPR and does not need53 KB (8,795 words) - 11:53, 2 March 2022
- OLG München - 18 U 5493/19 Pre (category Article 99(2) GDPR)1 BGB § 307 para. 1, para. 2, para. 3 TMG § 3 para. 2 p. 1, § 13 As. 4 p. 1 GDPR Art. 99 para. 2 Guiding principles: (1) The operator of a social network58 KB (9,657 words) - 14:01, 20 September 2021
- CNIL (France) - Deliberation of the restricted training n°SAN-2022-021 of November 24, 2022 concerning the company ELECTRICITÉ DE FRANCE (category Article 5 GDPR)obligations under Article 21 of the GDPR. Fourthly, EDF breached its obligation to guarantee data security as prescribed in Article 32 of the GDPR. In particular52 KB (8,315 words) - 21:54, 6 March 2024
- CNIL (France) - SAN-2021-012 (category Article 14 GDPR)obligation to inform the persons concerned pursuant to Article 14 of the GDPR 71. Article 14 of the GDPR provides that when personal data have not been collected55 KB (8,897 words) - 13:56, 21 November 2023
- CNIL (France) - SAN-2021-019 (category Article 5(1)(c) GDPR)minimization (Article 5(1)(c) GDPR). The investigation also revealed other breaches with respect to the principle of storage limitation (Article 5(1)(e) GDPR). Indeed57 KB (9,375 words) - 14:23, 15 November 2021
- ICCJ - 325/10 February 2022 (category Article 82 GDPR)subject's right to privacy pursuant to Article 85 GDPR and Article 7 of Law 190/2018 (the Romanian implementation of the GDPR). As such, the case was considered56 KB (9,274 words) - 14:44, 5 October 2022
- OLG München - 18 U 2822/19 Pre (category Article 4 GDPR)violated section 13(6) of the German Telemedia Act (TMG) or Article 4(7) GDPR and Artcicle 25(1) GDPR? The Higher Regional Court Munich dismissed the appeal59 KB (9,846 words) - 14:03, 20 September 2021
- APD/GBA (Belgium) - 110/2023 (category Article 5(2) GDPR)breach of the principle of accountability under Article 5(2) GDPR and Article 33(5) GDPR. Article 5(2) GDPR establishes the principle of accountability which66 KB (9,820 words) - 10:13, 13 September 2023
- APD/GBA (Belgium) - 165/2023 (category Article 5(1)(f) GDPR)accordance with Article 1 (1) (f) and (2) of the GDPR, Article 24 (1) of the GDPR, Article 25, paragraph 1 of the GDPR and article 32 of the GDPR. Please also67 KB (9,908 words) - 11:09, 10 January 2024
- APD/GBA (Belgium) - 77/2023 (category Article 5(1)(a) GDPR)pursuant to Article 4, 2) of the GDPR, as much data processing to personal character. 72. The Litigation Chamber recalls that Article 4.7) of the GDPR defines150 KB (22,339 words) - 09:50, 21 June 2023
- CNIL (France) - SAN-2023-015 (category Article 7(1) GDPR)of Article 12 GDPR, Article 13 GDPR, Article 14 GDPR, Article 15 GDPR, Article 28 GDPR, Article 32 GDPR and Article 33 GDPR, as well as of Article L. 34-567 KB (10,546 words) - 13:55, 25 October 2023
- AEPD (Spain) - PS/00016/2022 (category Article 15 GDPR)of article 15 of the GDPR. V Classification of the infringement of article 15 of the GDPR The aforementioned infringement of article 15 of the GDPR supposes62 KB (9,829 words) - 14:09, 14 March 2023
- ICO (UK) - Tuckers Solicitors LLP (category Article 5(1)(f) GDPR)for by Article 51 of the GDPR. 17. By Article 57(1) of the GDPR, it is the Commissioner's task to monitor and enforce the application of the GDPR. 18. By87 KB (10,588 words) - 14:32, 16 March 2022
- processing. Same principles concerning fair data processing exist in the GDPR Article 5 and Recital 39 and the Irish DPA 2018. Share blogs or news articles64 KB (9,589 words) - 16:15, 1 June 2022
- NAIH (Hungary) - NAIH/2020/1154/9 (category Article 6(1)(f) GDPR)the general data protectionArticle 5 (1) (a), Article 5 (2), Article 12 (1) and (4) ofArticle 14, Article 15 and Article 21 (4).1.3. The Authority condemns192 KB (30,170 words) - 10:11, 17 November 2023
- AEPD (Spain) - PS-00507-2022 (category Article 4(1) GDPR)were initiated, based on Article 63 and Article 64 LPACAP and an infringement of Article 6(1) GDPR typified in Article 83(5) GDPR. After the proceedings49 KB (7,832 words) - 10:54, 22 January 2024
- Garante per la protezione dei dati personali (Italy) - 9949453 (category Article 5(1)(a) GDPR)assessed that the controller violated Article 5(1)(a) GDPR, Article 6 GDPR, Article 7 GDPR, Article 13 GDPR and Article 130 of the Italian Privacy Code also44 KB (6,773 words) - 08:38, 29 November 2023
- regarding Article 6(1) GDPR and consent requirements regulated previously to GDPR. The fact that the infringements related to Article 25 GDPR did not include440 KB (73,154 words) - 09:44, 12 May 2021
- BGH - I ZR 2/21 (category Article 4(1) GDPR)to Art. 4 No. 1 GDPR, personal data is all information relating to an identified or identifiable natural person. According to Art. 4 No. 2 GDPR, processing66 KB (11,440 words) - 15:55, 30 March 2022
- Garante per la protezione dei dati personali (Italy) - 9864063 (category Article 5(1)(b) GDPR)their conservation. From what emerged in the documents (see paragraphs 4.2, 4.3 and 4.4), it does not appear that the Company has adopted, in compliance with152 KB (24,743 words) - 14:39, 21 March 2023
- CNIL (France) - SAN-2024-004 (category Article 4(11) GDPR)cross-border processing within the meaning of Article 4, paragraph 23, of the GDPR. 33. Pursuant to Article 60(3) of the GDPR, the draft decision adopted by the restricted69 KB (10,971 words) - 11:00, 17 April 2024
- APD/GBA (Belgium) - 162/2022 (category Article 4(11) GDPR)and (2) GDPR; b. a breach of Article 12(1) and (6) GDPR, Article 13(1) and (2) GDPR and Article 14(1) and (2) GDPR, Article 5(2) GDPR, Article 24(1) GDPR71 KB (10,426 words) - 08:21, 23 November 2022
- Datatilsynet (Norway) - 22/03622 (category Article 5(1)(c) GDPR)basis as per Article 6(3) GDPR to process the transaction personal data ("bongdata" in Norwegian) as intended, and based on Article 58(2)(f) GDPR imposed a73 KB (10,929 words) - 08:41, 31 May 2023
- VGH Baden-Württemberg - 1 S 1739/20 (category Article 5 GDPR)freedom (Article 2.2 sentence 2 of the Basic Law) and her general right of personality (Article 2.1 of the Basic Law in conjunction with Article 1.1 of the66 KB (10,911 words) - 08:49, 21 June 2022
- VG Hannover - 10 A 1443/19 (category Article 6(1)(f) GDPR)to Union law insofar as it affects non-public bodies. Article 6(1)(e) GDPR and Article 6(3) GDPR only give the member states regulatory leeway to regulate66 KB (10,800 words) - 07:54, 19 July 2023
- BVerwG - 6 C 7.20 (category Article 5(1)(d) GDPR)Administrative Court's application of Article 16 GDPR. The Administrative Court had correctly assumed that, while Article 16 GDPR was applicable, it could not be64 KB (10,816 words) - 15:44, 22 June 2022
- CNIL (France) - SAN-2021-021 (category Article 12 GDPR)arising from Article 25 of the GDPR. 5. The breach relating to the obligation to ensure the security of personal data 97. Article 32 of the GDPR provides that:69 KB (11,291 words) - 15:15, 19 January 2022
- APD/GBA (Belgium) - 55/2021 (category Article 6(1)(e) GDPR)data on the basis of Article 6.1.e GDPR ? - Did the administration sharing confidential data with a third party violates article 25 GDPR ? - Should the administration81 KB (13,211 words) - 16:59, 12 December 2023
- VG Cottbus - VG 4 K 1191/19 (category Article 4(2) GDPR)is done using a water meter and its readout. Article 12(5) GDPR in conjunction with Article 18(1)(d) GDPR does not prevent the charging of an administrative75 KB (12,396 words) - 12:11, 30 March 2022
- LG Essen - 6 O 190/21 (category Article 33 GDPR)violated Article 34(2) GDPR, because he only informed the data subject of the alleged data loss. However, the information obligations of Article 34 GDPR provide28 KB (4,596 words) - 18:30, 18 November 2021
- VG Köln - 6 K 3228/19 (category Article 6(1)(f) GDPR)found that GDPR does not prevent the claimant from exercising their basic right. In this regard the court referred to Article 6(1)(f) GDPR to highlight68 KB (11,146 words) - 17:16, 9 March 2022
- Garante per la protezione dei dati personali (Italy) - 9995680 (category Article 5(1)(a) GDPR)processing lack any applicable conditions found in Article 9(2) GDPR and was found in breach of Article 5(2) GDPR. Additionally, the Garante reiterated that the105 KB (16,849 words) - 11:58, 11 April 2024
- CNIL (France) - SAN-2023-024 (category Article 7(4) GDPR)must be possible under Article 82 of the LIL. Consent under this Article must be understood within the meaning of Article 4(11) GDPR meaning it must be given76 KB (12,140 words) - 13:55, 28 February 2024
- regarding Article 6(1) GDPR and consent requirements regulated previously to GDPR. The fact that the infringements related to Article 25 GDPR did not include457 KB (75,575 words) - 09:36, 12 May 2021
- AEPD (Spain) - EXP202305587 (category Article 5(1)(f) GDPR)sanction for both Article 5(1)(f) and 32 GDPR in this case would constitute a double violation of the GDPR, when in fact Article 5(1)(f) GDPR is merely a concretion285 KB (44,507 words) - 11:21, 30 April 2024
- Rb. Amsterdam - C/13/683377 / HA ZA 20-468 (category Article 5(1)(a) GDPR)in violation of Article 6 GDPR. Thirdly, it was claimed that Meta unlawfully processed special categories of personal data (Article 9 GDPR). Fourth, and243 KB (40,160 words) - 11:54, 5 April 2023
- APD/GBA (Belgium) - 66/2021 (category Article 4(3) GDPR)indictments. 2.2. Identification of the controller (Article 4.7 GDPR) 71. In accordance with Article 4.7 of the GDPR, the controller should be considered: the “natural88 KB (13,010 words) - 20:12, 30 December 2021
- APD/GBA (Belgium) - 149/2022 (category Article 49(4) GDPR)Violations of Article 5(1)(a) GDPR and Article 6(1) GDPR The DPA held that the controller did not violate Article 5(1)(a) GDPR and Article 6(1) GDPR. The DPA89 KB (13,017 words) - 15:07, 2 November 2022
- AEPD (Spain) - PS/00375/2022 (category Article 5(1)(b) GDPR)purposes of prescription in the article 72.1.a) of the LOPDGDD. . Violation of article 32 of the RGPD, typified in article 83.4.a) of the same Regulation, and55 KB (8,720 words) - 10:46, 18 January 2024
- GHAMS - 200.295.747/01 (category Article 15(1)(h) GDPR)contained in Article 15(1)(h) only relates to the form of automated decision making referred to in Article 22(1) to (4). This implied that under Article 15(1)(h)80 KB (13,304 words) - 13:05, 12 April 2023
- Datatilsynet (Norway) - 20/03046 (category Article 32 GDPR)Ordinance Article 32, but that the notified fee is accepted. 4. The requirements of the regulations 4.1. Responsible for processing Article 4 (7) of the87 KB (13,389 words) - 08:08, 24 June 2022
- APD/GBA (Belgium) - 46/2022 (category Article 5(1)(a) GDPR)erasure (Article 17 of the GDPR), the right to restriction (Article 18 GDPR), as well as the right of opposition (Article 21 GDPR) 91. Article 17 of the86 KB (12,864 words) - 06:37, 23 February 2023
- AEPD (Spain) - PS/00189/2021 (category Article 6(1) GDPR)Vodafone processed personal data without a legal basis according to Article 6(1) GDPR. The complainant has been a victim of identity theft with the data23 KB (3,387 words) - 09:55, 22 September 2021
- VfGH - G 287/2022-16, G 288/2022-14 (category Article 85 GDPR)requirements of Article 85 GDPR. § 9(1) DSG provides - in implementation of the obligation under EU law pursuant to Article 85(1) GDPR - that the provisions202 KB (29,013 words) - 13:35, 12 January 2023
- Rb. Amsterdam - C/13/687315 / HA RK 20-207 (category Article 4(4) GDPR)subject falls outside of the scope of Article 20 GDPR. The data that falls under Article 20 is less than under Article 15 GDPR. The court also considered that82 KB (14,053 words) - 16:25, 25 March 2021
- APD/GBA (Belgium) - 188/2022 (category Article 4(1) GDPR)II.4. Violation of Article 12(1) and (4) of the GDPR, Article 17 of the GDPR, Article 24(1) of the GDPR and Article 25 (1) of the GDPR 55. The Inspectorate95 KB (14,325 words) - 14:27, 25 January 2023
- Datainspektionen - DI-2019-3840 (category Article 5(1)(f) GDPR)with Article 5 (1) (f) and Article 32.1 and 32.2 of the Data Protection Ordinance, Chapter 4 § 2 and ch. 6 § 7 the Patient Data Act and Chapter 4 2 § HSLF-FS87 KB (13,573 words) - 11:43, 7 April 2022
- OLG Koblenz - 5 U 2141/21 (category Article 82 GDPR)examined Article 81 of the GDPR, but not the actually relevant Article 82 of the GDPR. The claims asserted in the counterclaim under Article 82 of the81 KB (13,639 words) - 18:14, 7 June 2022
- Tietosuojavaltuutetun toimisto (Finland) - 8422/161/21 (category Article 12(1) GDPR)with the GDPR. In the context of the extended ex officio investigation, the DPA also found a violation of Article 12(6) GDPR and Article 12(2) GDPR on facilitating74 KB (11,917 words) - 06:52, 27 September 2023
- AEPD (Spain) - PS/00501/2021 (category Article 5(2) GDPR)that according to the evidence in the case, Vodafone had violated Article 6(1) GDPR for unlawful processing of the data without a proven justification26 KB (3,914 words) - 12:38, 2 February 2022
- VwGH - 2021/04/0030-4 (category Article 5 GDPR)access under Article 15 GDPR and for violating the principles of data minimisation (Article 5(1)(c) GDPR), confidentiality (Article 5(1)(f) GDPR) and the controller’s92 KB (15,327 words) - 08:27, 10 May 2024
- APD/GBA (Belgium) - 57/2023 (category Article 5(1) GDPR)violation of Article 5(1)(a), Article 12(1) and (2), Article 13(1)(c) and (2)(a) of the GDPR. II.4. Article 5 GDPR, Article 24 (1) GDPR and Article 25 (1) and99 KB (15,129 words) - 09:21, 31 May 2023
- APD/GBA (Belgium) - 101/2022 (category Article 5(1)(f) GDPR)arising from Article 5.2 and Article 24 GDPR whereby it is up to the defendant to demonstrate that it also acts in accordance with Article 5.1.f GDPR namely:88 KB (13,264 words) - 09:09, 29 June 2022
- AEPD (Spain) - PS/00188/2021 (category Article 6(1) GDPR)contemplates in its article 76, entitled “Sanction- tions and corrective measures ”: "1. The penalties provided for in sections 4, 5 and 6 of article 83 of the Regulation33 KB (5,242 words) - 11:42, 11 August 2021
- APD/GBA (Belgium) - 57/2021 (category Article 5(1)(a) GDPR)result of the violations of article 5.1 a), article 5.2, article 6.1, article 12.1, article 13.1 c) and d) and article 13.2 b) GDPR. 21. On 17 June 2020, the99 KB (15,064 words) - 14:05, 2 June 2021
- FG München - 15 K 1212/19 (category Article 4(7) GDPR)the "lifting". (4.2) Exclusions (4.2.1) GDPR and AO restrictions According to Art. 15 Para. 1 GDPR, the person concerned (Art. 4 No. 1 GDPR) has a right to98 KB (16,511 words) - 08:37, 9 May 2022
- APD/GBA (Belgium) - 15/2023 (category Article 4(11) GDPR)of Article 6(1)(e) are met. II.2. Article 5 of the GDPR, Article 24(1) of the GDPR and Article 25(1) and (2) of the AVG II.2.1. Article 5 (2) GDPR, Article105 KB (15,883 words) - 15:05, 8 March 2023
- LG Berlin - 31 O 714/21 (category Article 15 GDPR)The Regional Court of Berlin held that a right to information under Article 15 GDPR cannot be enforced by way of an interim injunction, since there is no94 KB (15,693 words) - 13:55, 6 April 2022
- VG Gelsenkirchen - 20 K 6392/18 (category Article 12(5) GDPR)free copy (see below (b)) is neither by Article 15 (4) GDPR (see below (c)) nor by Article 12 (5) sentence 2 GDPR excluded (see below (d)). The claim is98 KB (16,595 words) - 15:50, 17 March 2022
- AEPD (Spain) - EXP202206805 (category Article 5(1)(a) GDPR)by virtue of Article 83(2)(e) of the GDPR in order to gauge the illegality of the data controller’s actions. The AEPD, relying on Article 85 of Law 39/201537 KB (5,879 words) - 07:09, 4 October 2023
- First-tier Tribunal - Clearview AI Inc. v ICO (category Article 3(2)(b) GDPR)2018), Article 4(7) of the General Data Protection Regulation (the GDPR), and Article 4(7) of the UK General Data Protection Regulation (the UK GDPR).99 KB (16,103 words) - 08:41, 25 October 2023
- AP (The Netherlands) - 7.04.2022 (redirect from AP (The Netherlands) - Dutch Tax and Customs Administration fined €3,700,000 for six GDPR violations) (category Article 5(1)(b) GDPR)(possible) fraud. This resulted in a breach of Article 5(1)(a) GDPR and Article 6(1) GDPR in conjunction with Article 8 of the Dutch Personal Data Protection49 KB (7,201 words) - 17:06, 12 December 2023
- NAIH (Hungary) - NAIH-6484-2-2022 (category Article 12(4) GDPR)redress. Therefore, the DPA declared an infringement of Article 12(3) GDPR and Article 12(4) GDPR. Additionally, the DPA held that the controller, whether66 KB (10,501 words) - 14:46, 12 October 2022
- AEPD (Spain) - PS/00477/2019 (category Article 6 GDPR)violation of Articles 13 and 14 of the GDPR, and a fine of €4 million for a violation of Article 6 of the GDPR, and ordered CaixaBank, to conduct a review566 KB (93,179 words) - 13:43, 13 December 2023
- AEPD (Spain) - PS/00331/2022 (category Article 25 GDPR)virtue of article 4.7 of the GDPR. The GDPR provides, in its article 56.1, for cases of cross-border processing, provided for in its article 4.23), in relation240 KB (38,122 words) - 13:54, 28 February 2024
- NS - 30 Cdo 3909/2023-174 (category Article 85 GDPR)Union is intrinsic to EU law and finds its basis "also in Article 5 of the Treaty [now Article 4(3) TFEU], according to which Member States [shall] take103 KB (16,947 words) - 08:34, 24 April 2024
- VG Hamburg - 21 K 1802/21 (category Article 4(1) GDPR)HmbKrebsRG Article 9 (1) GDPR, Article 6 (1) GDPR, Article 5 (1) in conjunction with Articles 12, 13 and/or Article 14 GDPR and/or Article 5 (1) (in particular115 KB (18,479 words) - 16:31, 25 January 2023
- NAIH (Hungary) - NAIH-5802-9/2022. (category Article 5(1)(a) GDPR)violated Article 14(1) and (2) GDPR. Because it failed to provide clear and transparent information, the controller also violated Article 12(1) GDPR. The DPA120 KB (19,907 words) - 10:48, 9 November 2022
- Garante per la protezione dei dati personali (Italy) - 9735672 (category Article 5(1)(d) GDPR)according to its faculties under Article 58(2)(a), Article 58(2)(b) and Article 58(2)(d), as well as Article 83(5) GDPR, Share your comments here! Share380 KB (62,114 words) - 15:20, 26 January 2022
- CNIL (France) - SAN-2023-021 (category Article 5(1)(c) GDPR)cross-border nature within the meaning of Article 4 (23) of the aforementioned GDPR. 47. In application of article 55.1 of the GDPR, the restricted committee considers115 KB (18,607 words) - 11:00, 6 February 2024
- Rb. Den Haag - C/09/550982/HA ZA 18/388 (category Article 5(1)(b) GDPR)The facts 3.1-3.10 4 The SyRI legislation 4.1-4.3 General 4.4-4.7 Provision of data for a joint venture 4.8-4.10 Legal basis SyRI 4.11-4.16 Risk notifications128 KB (21,722 words) - 16:14, 10 March 2022
- AEPD (Spain) - PS/00226/2020 (category Article 7(4) GDPR)violation of Article 7(4) GDPR. Based on these considerations, the AEPD issued a €2,000,000 fine against Caixabank for infringing Article 6 GDPR in relation373 KB (61,959 words) - 14:17, 9 March 2022
- LAG Düsseldorf - 12 Sa 186/19 (category Article 9 GDPR)conjunction with Article 9 (3) GDPR and in conjunction with the national provisions (Article 9 (4) GDPR) have been met. 177 (4.3.1.) Data processing is initially120 KB (20,753 words) - 17:06, 7 March 2022
- NAIH (Hungary) - NAIH-85-3/2022 (category Article 6(4) GDPR) (section Fine and order to comply with GDPR)(EU) No Article 5 (1) (a) and (b), Article 6 (1), Article 6 (4) Article 12 (1), Article 13, Article 21 (1) and (2), Article 24 (1), Article 25 Article 1 (1)147 KB (23,028 words) - 13:36, 28 February 2023
- NAIH (Hungary) - NAIH-5114-35/2022 (category Article 5(1)(e) GDPR)legitimate interest. Based on Article 2 (1) of the GDPR, the GDPR must be applied to the data management in this case. GDPR Article 4, point 1: "personal data":146 KB (22,679 words) - 15:52, 3 May 2023
- Court of Appeal - (2021) IECA 53 (category Article 4(11) GDPR)these allegations, she placed reliance upon Recitals 1, 4 and 7 together of Article 4(11) of GDPR. Whelan J., has stated the evidence indicates that the136 KB (23,256 words) - 13:47, 29 April 2021
- Garante per la protezione dei dati personali (Italy) - 9920942 (category Article 5(1)(b) GDPR)fairness and transparency, as stipulated by Article 5(1)(a) GDPR, Article 12(1) GDPR, as well as Article 13(2) GDPR due to the lack of information on the period111 KB (17,635 words) - 13:18, 13 September 2023
- Tietosuojavaltuutetun toimisto (Finland) - 9970/163/2019 (category Article 5(1)(a) GDPR)processing of the personal data was neither in breach of Article 5(1)(a) GDPR, nor of Article 32 GDPR. Share your comments here! Press release (in English)104 KB (16,725 words) - 10:38, 29 February 2024
- AEPD (Spain) - PS/00267/2021 (category Article 6 GDPR)involve a breach of the provisions of Article 6 of the GDPR, in relation to Article 22 of the LOPDGDD. Article 6 of the GDPR has four paragraphs, which in turn193 KB (32,580 words) - 11:16, 15 June 2022
- Tietosuojavaltuutetun toimisto (Finland) - 8492/163/20 (category Article 5(1)(d) GDPR)administrative penalty fee: 1) Article 5, Paragraph 1, subparagraphs d and a; 2) Article 13; 3) paragraph 3 of Article 12; and 4) Article 15(1). Viking Line Oy149 KB (24,224 words) - 12:20, 2 January 2023
- AEPD (Spain) - PS/00281/2022 (category Article 4(1) GDPR)for a violation of article 58.2 c) of the GDPR, in accordance with article 83.6 of the GDPR, classified as very serious in article 72.1.m) of the LOPDGDD313 KB (53,033 words) - 10:20, 7 June 2023
- APD/GBA (Belgium) - 15/2021 (category Article 5(2) GDPR)rectification.(article 16 of the GDPR), the right to be forgotten (article 17 of the GDPR), and the right to limit the use ofdata processed unlawfully (article 1885 KB (13,724 words) - 16:52, 12 December 2023
- DPC (Ireland) - IN-19-7-6 (category Article 17 GDPR)under Article 4(6) of the GDPR. 86. The relevant provisions, which have been set out above, are Article 2(1), 4(1), 4(6) and Recital 15 of the GDPR. 87.513 KB (85,155 words) - 13:25, 8 July 2023
- DPC (Ireland) - WhatsApp Ireland Limited - IN-18-12-2 (category Article 4(1) GDPR) (section WhatsApp’s transparency obligations in the context of non-users under Articles 14 and 12(1) GDPR)the relevant provisions of the GDPR are Article 14, read in conjunction with Article 12(1). 28. Article 14 of the GDPR concerns transparency in the context830 KB (115,261 words) - 15:37, 22 February 2022
- Garante per la protezione dei dati personali (Italy) - 9893718 (category Article 5(1)(a) GDPR)agreement violated Articles 28 and 29 GDPR and that the lack of records of the processing activities violated Article 30 GDPR. For theses reasons, it deemed the141 KB (23,423 words) - 08:10, 14 June 2023
- OLG Hamm - 20 U 146/22 (category Article 12(5)(b) GDPR)meaning of Article 4(1) GDPR. Nevertheless, in this case the controller had the right to disregard the request in light of Article 12(5)(b) GDPR, as the latter30 KB (4,784 words) - 08:39, 8 August 2023
- Rb. Zeeland-West-Brabant - 10072897 AZ VERZ 22-61 (category Article 4(2) GDPR)of data within the meaning of Article 4(2) GDPR, hence the lawfulness of the observation was tested directly against Article 8 ECHR. The requirement by the30 KB (4,770 words) - 12:39, 10 November 2022
- AEPD (Spain) - EXP202210101 (category Article 6(1) GDPR)particular via an identifier (Article 4.1 of the GDPR). The defendant is accused of committing an infraction due to violation of article 6 of the RGPD, “Legitimacy85 KB (13,823 words) - 12:51, 3 April 2024
- UOOU (Czech Republic) - UOOU-01025/20-121 (category Article 5 GDPR)legal basis under Article 6(1) GDPR and in violation of transparency obligations in the privacy policy under Article 5(1)(a) and 13 GDPR. The DPA in the246 KB (39,598 words) - 09:26, 24 April 2024
- Communications Act (ZEKom-1), the GDPR and the Data Protection Act (ZVOP-1). The principles of Article 5 of the GDPR must be followed and attention must29 KB (4,524 words) - 14:47, 17 March 2022
- LG Bonn - 13 O 126/22 (category Article 82 GDPR)data processing within the meaning of Article 6 (1) GDPR. 69Personal data within the meaning of Article 4 No. 1 GDPR is available because the plaintiff's37 KB (5,954 words) - 13:58, 22 June 2023
- VG Köln - 25 K 2138/19 (category Article 16 GDPR)claim was Article 16 GDPR, as § 12 Bundesmeldegesetz (BMG - Federal Registration Act) clarifies. Then, it held that the legal requirements of Article 16 GDPR39 KB (6,235 words) - 11:14, 15 June 2022
- ArbG Duisburg - 5 Ca 877/23 (category Article 12 GDPR)of €10,000 under Article 82(1) GDPR for a violation of Articles 15 GDPR and 12(3) GDPR. The LAG held that a mere violation of the GDPR does not give rise27 KB (4,303 words) - 15:09, 6 December 2023
- AEPD (Spain) - EXP202205206 (category Article 5(1)(f) GDPR)alleged violation of Article 5.1.f) of the RGPD and Article 32 of the GDPR, typified in Article 83.5 of the GDPR and Article 83.4 of the GDPR. C/ Jorge Juan263 KB (41,516 words) - 09:29, 24 April 2024
- AEPD (Spain) - PS/00368/2021 (category Article 6(1) GDPR)required by Article 13 GDPR. Furthermore, the AEPD, highlighted that the RFEF did not provide the information required by Article 13(3) GDPR about further246 KB (41,139 words) - 14:25, 24 November 2022
- OLG Hamm - 7 U 19/23 (category Article 82 GDPR)contract (Article 6(1)(b) GDPR), nor could be based on legitimate interest of the controller (Article 6(1)(f) GDPR). Consent (Article 6(1)(a) GDPR) could130 KB (21,874 words) - 09:43, 15 February 2024
- violation of Article 5.1.c) of the GDPR, Article 6 of the GDPR, Article 9 of the GDPR, Article 12 of the GDPR, Article 35 of the RGPD, Article 13 of the RGPD337 KB (50,591 words) - 15:29, 5 August 2021
- AEPD (Spain) - PS/00500/2020 (category Article 4(4) GDPR)adopted on July 7, 2021, state that Article 26 of the GDPR, which reflects the definition of Article 4.7 of the GDPR, provides that “When two or more managers408 KB (64,616 words) - 14:28, 24 November 2022
- VG Schwerin - 1 A 1343/19 SN (category Article 4(1) GDPR) (section Expert Opinion as Personal Data Within the Meaning of Article 4(1) GDPR)para. 2 lit. c and Article 15(3) of the GDPR. The expert opinion was personal data within the meaning of Art. 4 No. 1 of the GDPR. The GDPR does not differentiate61 KB (10,071 words) - 14:28, 14 July 2021
- AEPD (Spain) - PS/00140/2020 (category Article 6(1)(a) GDPR)according to Article 58(2)(d) GDPR. First, the AEPD established that the GDPR was applicable under Article 3(1) GPDR or, if not, at least Article 3(2)(a) GDPR390 KB (63,154 words) - 07:08, 9 June 2022
- OLG Köln - 15 U 108/23 (category Article 82 GDPR)as a “violation” within the meaning of Article 4 No. 12 GDPR. No data protection impact assessment (Art. 35 GDPR) was carried out. The defendant did not81 KB (13,415 words) - 09:47, 15 February 2024
- Garante per la protezione dei dati personali (Italy) - 9703988 (category Article 5(1)(c) GDPR)awarded (Article 167 of the RD 31 August 1933, No. 1592; Article 4, paragraph 3, of the Ministerial Decree of 22 October 2004, No. 270 and Article 7 , paragraph222 KB (35,993 words) - 09:52, 20 October 2021
- LAG Düsseldorf - 12 Sa 18/23 (category Article 82 GDPR)tried to base the processing on contract (Article 6(1)(b) GDPR) or legitimate interest (Article 6(1)(f) GDPR), the requirement of necessity was not met102 KB (17,108 words) - 09:44, 15 February 2024
- OLG Köln - 6 U 58/23 (category Article 44 GDPR)adequacy decision (Article 45 GDPR) nor suitable guarantees (Article 46 GDPR) are in place for the third country concerned, cf. Article 49 Paragraph 1 Sentence118 KB (19,824 words) - 10:49, 6 February 2024