Search results

documentation, but Articles 5(2) or 30(1)(a) GDPR require documentation and Articles 6(1)(a), 13(1)(c) and 14(1)(c) GDPR require the disclosure of the specific

in Articles 9(1)(a), 22(2)(c) and 49(1)(a) GDPR. See the commentary on Article 9(1)(a) GDPR for explicit consent. Generally, consent must be given directly

further details see Article 14(1)(d) GDPR. Similar to the ex-ante information in Article 13(1)(e) and 14(1)(e) GDPR, Article 15(1)(c) GDPR requires the controller

Article 13 should not be too long. Article 12 GDPR may be limited by Union or national Law in accordance with Article 23 GDPR. Article 12(1) GDPR requires controllers

it can be assumed that the SAs may be given additional powers, but that the existing powers may not be restricted. A contrary view cannot be derived from

(Nomos 2018). Recital 70 GDPR. Recital 71 sentence 1 GDPR. Recital 71 sentence 1 GDPR. Recital 28 sentence 1 GDPR, such as Hansen, in Simitis, Hornung, Spieker

See the commentary on Article 5(1)(b) GDPR for more details. The legal basis must necessarily be found either in Article 6(1) GDPR or, where special categories

non-material damage. Article 32(1) GDPR reflects the principle of integrity and confidentiality enshrined in Article 5(1)(f) GDPR. The controller and the

of Article 21(1) GDPR. Therefore, for a claim for deletion to be admissible, all and only the conditions listed in Article 21(1) must be met. In particular

83(5) Var. 1 or (6) GDPR, as otherwise there could be a violation of ne bis in idem. First, it follows from this criterion that a fine may also be imposed

subsume the corresponding legal basis contained in Article 6(1)(a) GDPR, 6(1)(d) GDPR and 6(1)(e) GDPR respectively, and would require no additional correlation

Article 6(1)(e) or (f) GDPR are clearly covered by Article 21(1) GDPR, mentioning profiling specifically is somewhat legally redundant. However, it can be seen

additional benefit of Article 14(1)(d) GDPR may be questionable, if one agrees that Article 14(1)(c) (see commentary on Article 13(1)(c) GDPR) already requires

Article 25 (1) and (2), Article 28(1), Article 32(1) GDPR, Article 89(1) GDPR). These measures can also be regarded as measures under Article 24(1) since they

paragraph (1). Although the measures should be implemented to ensure compliance with every data protection principle, and are therefore to be understood

May 2020 (Version 1.1), pp. 7-8 (available here). EDPB, ‘Guidelines 05/2020 on consent under Regulation 2016/679’, 4 May 2020 (Version 1.1), pp. 8-9 (available

their agreement must be the same as those of the SCCs. The SCCs will often leave some blank spaces to be filled in or options to be selected by the parties

agreement on joint responsibility as required under Article 26(1) of the GDPR. Article 33(1) GDPR outlines that controllers (as defined above) have an obligation

result of an infringement of the GDPR. Article 82(1) contains the conditions for such a claim, which are to be interpreted in accordance with EU law. Such conditions

(DPO) must also be involved in the drafting of the DPIA under Article 35(2) GDPR and Article 39(1)(c) GDPR, and their advice should be recorded by the

Article 57(1)(h) GDPR can also be initiated based on information that the SA obtained from another SA (e.g. in accordance with Article 60(1) GDPR and Article

clarified in C-132/21 that "Article 77(1), Article 78(1) and Article 79(1) of Regulation (EU) 2016/679 [...] must be interpreted as permitting the remedies

the supervisory authorities concerned shall be deemed to be in agreement with that draft decision and shall be bound by it. 7. The lead supervisory authority

version=1.0 https://www.garanteprivacy.it/documents/10160/0/Bilancio+di+previsione+2019+-+Sintetico.xlsx/700e5df5-f7c3-6510-1bd5-ef90e9824f17?version=1.0

(Article 65(1)(b) GDPR). It seems that the decision on a conflicting view can only be taken within a specific procedure under Article 65(1)(b) GDPR and

scope requires the data in question to be 'personal data'. This term is defined, and further discussed, in Article 4(1) GDPR. Any information that relates

Article 34(1) is not triggered, as the authorised party will not be able to make use of the data obtained. “Subsequent” measures should be interpreted

requirements of data minimization (Article 5(1)(c) GDPR) and storage limitation (Article 5(1)(e) GDPR). Under Article 30(1)(f) GDPR, where possible, the controller

make contact with him' (BVerwG, NJW 2006, 3367ff.)”. Article 1(1) in conjunction with Article 2(1) Directive (EU) 2016/680 of the European Parliament and of

categories of data listed under Article 9(1) GDPR. There have been conflicting arguments as to whether Article 22(1) GDPR lays down a right or a general prohibition

surveillance cameras, it was therefore in breach of Article 37(1)(b) GDPR by not having a DPO. Article 37(1) GDPR specifies three conditions in which the designation

that they will be considered to be ad hoc clauses that require the authorisation of the competent DPA" under Article 46(3)(a) GDPR.Article 46(1) allows the

However, Article 5(1)(d) GDPR gives the controller some leeway to continue processing inaccurate data - see more details under Article 5(1)(d) GDPR. Article

prior authorization, irrespective of the requirements of paragraph 1. Article 36(1) GDPR  establishes an obligation for the controller to consult the DPA

the GDPR (Article 3)’, 12 November 2019 (Version 2.1), p. 16 (available here) referring to Article 1(1)(b) Directive (EU) 2015/1535 of the European Parliament

processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject's consent

proceedings under Article 79(1) GDPR in limited circumstances of substantive violations. Instead, Article 79(1) GDPR should be read as excluding proceedings

Article 55 - Competence 1. Each supervisory authority shall be competent for the performance of the tasks assigned to and the exercise of the powers conferred

concerning potential conflicts of interest. According to Article 38(1) GDPR, the DPO must be involved in a timely manner in all issues which relate to the protection

an opinion of the EDPB (Article 6(1)(c) GDPR). Article 65(1)(a) GDPR addresses the cases where a consensus could not be reached within the consistency mechanism

(Version 2.1), p. 19 (available here). EDPB, ‘Guidelines 07/2020 on the concepts of controller and processor in the GDPR’, 07 July 2021 (Version 2.1), p. 19

under Articles 58(1)(d) or 58(3)(a) and 58(3)(b) GDPR do not qualify as decisions and cannot be subject to legal actions under Article 78(1) GDPR. A data subject

derogation shall not be applied, and the derogation from Article 49(1)(a) GDPR will be applicable instead. The incapacity may be physical, mental or legal

implementation requirements for 85(1) to be fulfilled. While not outlined, the academic commentary agrees that Article 85(1) should not be read as requiring member

of Article 40(1) establishes that they “shall encourage” this (emphasis added). Article 40(1) GDPR clarifies that codes of conduct must be tailored to “specific

public hearing. Under specific conditions the hearing may be secret. For an administrative fine to be issued, a prior invitation of the defendant (or his representative

processing. Paragraph 1 provides a comprehensive list of tasks that the DPO must perform according to the GDPR, and these tasks cannot be restricted by national

May 2020 (Version 1.1), p. 28 (available here). EDPB, ‘Guidelines 05/2020 on consent under Regulation 2016/679’, 4 May 2020 (Version 1.1), p. 27 (available

in Articles 70(1)(e) and 70(1)(f) GDPR was an editorial error. This obligation applies to all guidance issued by the Board. Articles 70(1)(n) to (q) GDPR

designation must be done in written form. The GDPR does not specify any particular requirements for the representative. However, under Article 1(17) GDPR, the

not' (cf. Art. 3(1)). Hornung and Spiecker in Simitis, Hornung, Spiecker gen. Döhmann, Datenschutzrecht, Article 1 GDPR, margin number 1 (Beck 2019) (accessed

responsible in writing and wait a period of 1 month (if you have no response) before filling a complaint. There seems to be no legal basis for this requirement

to Article 55 or 56. 2. Certification bodies referred to in paragraph 1 shall be accredited in accordance with that paragraph only where they have: (a)

pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and (b) the processing is carried

conditions for entities to qualify as NPOs. For the purposes of Article 80(1) GDPR must be (i) a not-for-profit body, organisation or association, (ii) properly

referred to in paragraph 1 within the period referred to in paragraph 3. 7. The supervisory authority referred to in paragraph 1 shall take utmost account

anonymisation would therefore neither be possible, nor required under Article 89(1) GDPR. All in all, it can be concluded that anonymisation only becomes

State in accordance with Article 55(1). In that case, the urgent need to act under Article 66(1) shall be presumed to be met and require an urgent binding

operation. These three requirements must be satisfied before a monitoring body can be accredited according to Article 41(1)(b) GDPR. Although this provision only

the purposes of Article 5(1)(e) GDPR when determining the duration for which data must be stored. Any such laws would also be relevant for determining whether

authority has taken a measure pursuant to paragraph 1 and considers that final measures need urgently be adopted, it may request an urgent opinion or an urgent

draft” to the BCR Lead , which may be commented by other DPAs concerned. The BCR Lead the submits, following Article 64(1) GDPR and Article 64(4) GDPR, a

that point, it is important to note that Article 13(1)(f) GDPR, Article 14(1)(f) GDPR, Article 15(1)(c) GDPR and Article 15(2) GDPR, make specific reference

establishment of SAs are set out in Article 51(1) and 52 GDPR, Article 54(1)(a) GDPR repeats that these should be legislated for through a Member State's domestic

will be subject to continuous change, since an EU-wide mechanism will need to be adaptable to take into account national regulations that may be sector-specific

of Article 88(1) GDPR. Therefore, for a comprehensive overview of the term ‘more specific’, please refer to section 2.1 below. Article 88(1) GDPR establishes

processing under Articles 13 or 14 GDPR. This can be drawn from the final sentence of Article 11(1) GDPR. It must be assessed with the utmost attention whether

Article 55. In that case, the urgent need to act under Article 66(1) shall be presumed to be met and require an opinion or an urgent binding decision from

under Articles 16, 17(1), and 18 vis-à-vis other recipients of the data, the notification should be done immediately. Recipients shall be notified either “in

Article 83 GDPR, Article 84(1) GDPR dispenses with complete harmonisation. It does, however, provide that any sanctions chosen must be ‘effective, proportionate

convictions and offences or related security measures based on Article 6(1) shall be carried out only under the control of official authority or when the processing

pursued need to be demonstrated; (iii) the processing has to be subject to independent oversight; and (iv) effective remedies need to be available to the

92 GDPR's wording seems to be in conflict with Article 290(1) TFEU, but in actuality it is not. Article 92(2) GDPR must be read in line with Article 92(3)

Whether Article 75(1) GDPR can truly ensure the secretariat's freedom from the EDPS' influence, remains to be seen. However, it must be acknowledged that

not apparent why the principle laid down in Article 72(1) GDPR should be deviated from. Article 72(1) GDPR stipulates that the Board shall take decisions

version can be found here. The current RoP are divided into eight sections: 1.      Legal nature, tasks and guiding principles of the EDPB (Articles 1 to 3 RoP)

national administration, can be prescribed for members. Competence requirements must be provided by law pursuant to Article 54(1)(b) GDPR. These competence

concerning the interpretation of Article 28(1) of Directive 95/46/EC ("DPD"), the Regulation's predecessor. Article 28(1) DPD established the existence of supervisory

Buchner, DS-GVO BDSG, Article 31 GDPR, margin numbers 1-4 (Beck 2020, 3rd edition). For instance, Article 58(1)(f) GDPR, which grants a supervisory authority

"Informatique et Libertés". Under Article R311-1(4) of the French code of administrative justice, acts taken by the CNIL can be appealed directly before the highest

nnees.be/introduire-une-requete-une-plainte In Dutch: https://www.gegevensbeschermingsautoriteit.be/verzoek-klacht-indienen The complaint can be sent by

shall have legal personality. 2. The Board shall be represented by its Chair. 3. The Board shall be composed of the head of one supervisory authority of each

(“RoP”). Article 33(1) RoP stipulates that in “accordance with Art 76 (1) GDPR”, discussions of the Board and of expert subgroups shall be confidential when:

accordance with paragraph 1 of this Article shall be subject to the supervision of an independent supervisory authority, which may be specific, provided that

relationship between the GDPR and the EPD is to be found in Recital 10 and Article 1(2) EPD. Article 1(2) EPD provides that the EPD's provisions serve

third countries and international organisations. The report shall be made public and be transmitted to the European Parliament, to the Council and to the

but not that the same data subject(s) must be party to the proceedings. If the requirements of Article 81(1) GDPR are fulfilled (meaning, “same subject

Article 93 - Committee procedure 1. The Commission shall be assisted by a committee. That committee shall be a committee within the meaning of Regulation

the Council. The reports shall be made public. 2. In the context of the evaluations and reviews referred to in paragraph 1, the Commission shall examine

official documents to be taken into account when applying this Regulation. Public access to official documents may be considered to be in the public interest

processing of personal data (see Article 5(1)(a) GDPR), the need to limit the purpose of such processing (see Article 5(1)(b) GDPR), the requirement to have a

Board should be set up as an independent body of the Union. To fulfil its objectives, the Board should have legal personality. The Board should be represented

this section! You can help us filling this section! There are two options: 1) a "recurso de reposicion" to ask the AEPD to reconsider its decision or 2)

secrecy 1. Member States may adopt specific rules to set out the powers of the supervisory authorities laid down in points (e) and (f) of Article 58(1) in

Directive 95/46/EC 1. Directive 95/46/EC is repealed with effect from 25 May 2018. 2. References to the repealed Directive shall be construed as references

records according to Article 57(1)(u) GDPR. The report may include that information but if it does not, it is unlikely to be invalid. However, the report

Article 74 - Tasks of the Chair 1. The Chair shall have the following tasks: (a) to convene the meetings of the Board and prepare its agenda; (b) to notify

Regulation, implementing powers should be conferred on the Commission when provided for by this Regulation. Those powers should be exercised in accordance with Regulation

of those articles of ZVOP-1 that are still valid or for controllers to whom ZVOP-1 fully applies. 2019 Annual Report can be found on ip-rs.si.

(like the correspondence with the controller) need to be attached. Under § 24(4) DSG complaints need to be filed one year from the time the complainant has

Article 99 - Entry into force and application 1. This Regulation shall enter into force on the twentieth day following that of its publication in the Official

may be used as an element to demonstrate compliance with the obligations of the controller. The carrying-out of processing by a processor should be governed

Commission requests that such matter should be handled in the consistency mechanism. That mechanism should be without prejudice to any measures that the

GDPR will be of special importance in light of Brexit, as undoubtedly new mechanisms for cooperation between the British DPA and UE DPAs will be needed.

final under the administrative procedure, but can be appealed to the courts. Decisions can, however, be appealed to the national courts, starting in the

identification number or any other identifier of general application shall be used only under appropriate safeguards for the rights and freedoms of the

may not be instructed in its functions and shall operate independently of other bodies and of undue influence. The tasks of the NAIH may only be determined

Transfers should only be allowed where the conditions of this Regulation for a transfer to third countries are met. This may be the case, inter alia, where

Of the 1,046 complaints that were resolved from 1. 1. 2018 to 24. 5. 2018 the DPC has only made 12 formal decisions, which is equivalent to 1,1% of the

Balaiti). The Organisational Chart can be found here. Reference to procedural law ant the procedure of the ANSPDCP can be found here (in RO). You can help us

2002/58/EC, that Directive should be amended accordingly. Once this Regulation is adopted, Directive 2002/58/EC should be reviewed in particular in order

agreement is replaced or revoked, it will then no longer be protected by Article 96 GDPR if it is found to be incompatible with other GDPR provisions. → You can

the Act of 1 August 2018 on the organisation of the National Data Protection Commission and the general data protection framework; the Act of 1 August 2018

Corresponding § 1(1) NVwVfG the German Administrative Procedures Law (Verwaltungsverfahrensgesetz - VwVfG) is applicable except for some provisions (§§ 1, 2, 61(2)

another MS, this will be considered as a cross-border case and will be forwarded to the competent supervisory authority which will be responsible for the

since 2020 can be found on this page (unfortunately only in Latvian). The DVI is financed by the Latvian government. The funding for 2022 is €1,486,803. Historical

the decision be appealed by the data subject, this will then go to the Court of Justice (CJEU) for a final decision. Article 64 states: 1.   The Court

filling this section! You can help us filling this section! According to § 14(1)(1)(6) BDSG the BfDI is responsible for complaints under Article 77 GDPR. The

and according to § 25(1)(2) LDSG and § 40(1) BDSG for complaints in the private sector within Baden-Württemberg. Complaints can be filed online on the LfDI's

actividad del consejo de transparencia y protección de datos de Andalucía 1/2020, page 24 - https://www.ctpdandalucia.es/sites/default/files/Informe%2

1983 - 1 BvR 209/83, 1 BvR 269/83, 1 BvR 362/83, 1 BvR 420/83, 1 BvR 440/83, 1 BvR 484/83 (in DE) (Abstract in EN) - ECLI:DE:BVerfG:1983:rs19831215.1bvr020983

provide an overview over which sectors and issues will be prioritized. For 2019-2020 this overview can be found here (in SE). You can help us filling this section

request, while without his or her active participation the complaint cannot be resolved; d) more than three years have passed from the event that is subject

Act of Hamburg (Hamburgisches Datenschutzgesetz - HmbDSG). Corresponding § 1 HmbDSG it makes complementary arrangements to the GDPR and regulates specific

section! You can help us by filling in this section! The decision database can be found here. You can help us by filling in this section! You can help us by

Article 57(1)(f) of the GDPR, each supervisory authority is required on its territory to handle complaints which, in accordance with Article 77(1) of that

practice. Recital 1: The protection of natural persons in relation to the processing of personal data is a fundamental right. Article 8(1) of the Charter

such information should not be known to internet users when he considers that it might be prejudicial to him or he wishes it to be consigned to oblivion, even

basis: Art. 4 (1), (2), (7) and (8), Art. 5, Art. 44, Art. 46 (1) and (2) (c), Art. 51 (1), Art. 57 (1) (d) and (f), Art. 77 (1), Art. 80 (1) and Art. 93

Can Article 4(1)(a) of [Directive 95/46], read in conjunction with recitals 18 to 20 of its preamble and Articles 1(2) and 28(1) thereof, be interpreted

between that infringement and that damage. The CJEU held that Article 82(1) GDPR must be interpreted as meaning that a mere ‘infringement’ of the GDPR itself

possible here. Subparagraph (1)(b) therefore has to be written as #1b! Example: [[Article 6 GDPR#1b|Article 6(1)(b)]] becomes Article 6(1)(b) and links to Article

can be brought directly against a controller. The civil procedure is mainly regulated in the Law 1/2000, of 7 January, on Civil Proceedings (Ley 1/2000

paragraph Article 5 (2) 1, letter c and letter f., Article 5, paragraph Article 6 (1) (a) Article 32 (1), (1), (33) 1 and 35, para. 1. Below is a more detailed

Court asked the following preliminary question: 'Is Article 15(1)(c) of the GDPR to be interpreted as meaning that the claim is limited to information

question that should be answered only by the Data Controller. The same criterion should be answered by any party to whom the data are asked to be disclosed. Secondly

under Article 2(1)(a) Directive 95/46 where a third party has additional knowledge required to identify a data subject. b) Whether Article 7(1)(f) prevents

the European Union (hereinafter ECJ) in its decision Planet49 1 st October 2019 (CJEU, 1 st October 2019, C-673/17, pt. 42). 29. In this regard, the Restricted

Article 6(1)(b) GDPR where only consent should be the relevant legal basis. The NO DPA also considers that data cannot be a commodity and it should not be possible

reproduction of the personal data to be provided pursuant to Article 15(1) of the GDPR, Article 15(3) sentence 1 of the GDPR must be interpreted as meaning that

the CJEU under Article 267 TFEU: (1) Is Article 77(1) of [the GDPR], read in conjunction with Article 78(1) thereof, to be understood as meaning that the

subsection 1, letters c and f, and Article 5, subsection 1, letter a, cf. Article 6, subsection 1, and Article 32, subsection 1, Article 33, subsection 1, and

........2 1 Description of the supervisory matter ............................................... .....................................3 1.1 The processing

Article 13(1) to (3), Article 14(1) to (4) and Article 15(1) to (3) do not apply to personal data consisting of a reference given (or to be given) in confidence

regulation[1] article 5, subsection 2, cf. Article 5, subsection 1, letters c and f, and Article 5, subsection 1, letter a, cf. Article 6, subsection 1, and

longer necessary. For the intentional infringement of Article 25(1) GDPR and Article 5(1)(a), (c), and (e) GDPR, the authority imposed a pecuniary penalty

Article 6(1)(a) and 4(11) GDPR in a case concerning the requirements of consent). Always use the most specific sub-paragraph (e.g. Article 6(1)(a) GDPR

national law, meaning the age of consent under GDPR is kept, namely 16 (art. 8.1 GDPR). See Article 7 of the national implementing law. See Article 5 of the

processing by the defendant can only be Article 6 (1) sentence 1 lit e) DSGVO (see b) or Article 6 (1) sentence 1 lit f) DSGVO (see c), the requirements

in paragraph 1. (3) The traders referred to in paragraph 1 shall be entitled to obtain personal data for their activities under paragraphs 1 and 2 from publicly

et seq. GDPR, which is why the invitee's bid should be excluded, is admissible and well-founded. 1. (1) The application for review is partially admissible

Court of Justice of the European Union (CJEU). 1) Should the purpose limitation (Article 5(1)(b) GDPR) be interpreted in such a way that it allows a controller

with the violation of article/and 5.1. c); 6.1.; 13.1. (c);13.1(e) and13.2(a)AVG: r PAGE 01-00001582885-0002-0033-01- □1-� r L _JCourt of Appeal Brussels

application 1.b., from §§ 1, 3 para. 1 no. 1, 4 UKlag in conjunction with §§ 307 para. 1, para. 2 no.1 in conjunction with Art. 5 para. 1 lit. a), Art

order for there to be a basis for treatment under Article 6 (1) (f) of the GDPR, three conditions must be met: First, there must be legitimate interests

taken. The measures must be completed no later than month after this decision became final. 1 Description of the supervisory matter 1.1 The processing The Swedish

........3 1 Description of the supervisory matter ............................................... .....................................3 1.1 The processing

The CJEU held that the remdies in Articles 77(1), 78(1) and 79(1) GDPR can be exercised concurrently with and independently of each other, even when referring

The measures must be completed no later than one month after this decision gained legal force. 1 Description of the supervisory matter 1.1 The processing

cf. Article 6 no. 1, the principle of legality in Article 5 no. 1 letter a and the principle of data minimization in Article 5 no. 1 letter c. Transparency

at least in part on services that will not be directly affected by decision point 1. The medical list will be able to continue its operations, but within

Articles 5(1)(a), 12(1) and 13(1)(c) GDPR within three months, to refer not only to information provided on data processed pursuant to Article 6(1)(b) GDPR

given that Article 6(1), Article 5(1)(a), Article 5(1)(d), Article 5(1)(c), and Article 14 GDPR were infringed in connection to Article 5(1)(b), the AEPD considers

subsection 1 point 1 of the Data Protection Act. According to Section 6, Subsection 1, Clause 1 of the Data Protection Act, Article 9, Section 1 of the Data

meaning of Directive 95/46? If the answer to Question 1 is that all or some of such information may be personal data within the meaning of the Directive,

a proportionate period of time 45 Section 5-1-e) of the Regulation provides that : 1. Personal data must be : (e) kept in a form which permits identification

under section 7 (1) (2) of the Data Protection Act, as the data are processed directly due to the statutory tasks referred to in section 6 (1). Personal data

resolve a complaint, or that complaints must be "upheld" or not upheld by the Commissioner. This same argument can be extended to to Articles 77 and 78. Recital

Article 5(1)(f) , 24 and 32 GDPR. Her non-material damage was the fear that her personal data, might be misused in the future and that she could be threatened

courts for privacy matters. Complaints can be filed directly with the lower instance court pursuant to § 1-3 of the Dispute Act. If the filing concerns

Article 15(1) GDPR. The court used Article 15(4) to read Article 15(3) as conferring a 'right' to the data free of charge. Payment can therefore be required

will hereinafter be referred to as [applicant] and the State. 1 The procedure 1.1. An application dated 30 January 2019, with productions 1 to 10, was received

secured in Chapter 2 § 1 in the Instrument of Government and Chapter 2 § 1 of The Fundamental Law on Freedom of Expression, and Chapter 1 § 1 in the Fundamental

Meta pursuant to Article 6(1)(f) GDPR. Lastly, the CJEU noted that the fact that Article 6(1)(a) and Article 9(2)(a) GDPR must be interpreted as meaning that

Justice, The motion has to be sent jointly with the disputed decision according to R 412-1 and R 412-2 of the same code, it has to be filed with the Registry

Freedom - La Ligue des Droits de l'Homme - the defendant: IAB Europe 1. Justification 2 1. Pursuant to the agreement concluded between the parties, as ratified

defendant: IAB Europe Interlocutory decision 01/2021 - 3/6 1. Facts and procedural history 1. Several complaints have been lodged against Interactive Advertising

Protection in § 1 DSG, the Rights to Privacy and Data Protection in Article 7 and 8 CFR and the Right to Privacy in Article 8 ECHR. Applications can be made direly

exceptions in Article 9(1) GDPR, Article 15 GDPR, Article 16 GDPR, Article 18(1)(a) GDPR, Article 18(1)(b) GDPR, Article 18(1)(d) GDPR, Article 20 GDPR

data as enumerated under Article 3(1) Directive 95/46. The court looked at the term personal data under Article 3(1) Directive 95/46 and Article 2(a) Directive

Article 22(1), with the exception of personal data referred to in Article 10 GDPR. This means that data concerning criminal records may be processed only

защита на личните данни), promulgated with State Gazette No. 1/ 4.01.2002 and entered into force 1.01.2002). Bulgarian law does not define legal entities as

of the Code and 10 of Legislative Decree lg. 1 September 2011, no. 150, opposition to this provision may be lodged with the ordinary judicial authority

business. The penalty imposed for the identified violations of Articles 5(1), 6(1) and (4) and 9 of the GDPR is not final, as the defendant has appealed against

of preference, must be classified as "processing of personal data" and that the operator of the search engine therefore needs to be considered a 'controller'

not be used to take decisions or measures relating to the data subject, nor for other purposes. Statistical and scientific research purposes must be clearly

Act (“Zakon o elektronskih komunikacijah, ZEKom-1). Cookies are regulated in Art. 157 ZEKom-1. It should be noted, cookies are not one of the priorities of

300,00 To 3): € 300,00 . . . In total: € 1.800 To 1): 3 days To 2): 1 day To 3): 1 day ... In total: 5 days Ad 1): Art. 83, para. 5, lit. a Previous search

the relevant court act and are undisputed. 3. Legal Assessment 3.1. To I to A) 3.1.1. Legal situation: Art. 12 of Regulation (EU) 2016/679 of the European

infringement of Articles 5.1. a), 5.1. c), 6.1, 8, 12.1 and 13 of the AVG has been proven and it is appropriate to order that the processing be brought into conformity

treaties (1) or the national provisions of § 173 sentence 1 VwGO in conjunction with § 173 sentence 1 VwGO. § 328 ZPO or §§ 108 f. FamFG (2). 53 (1) The judgment

violating Article 5(1)(c) and Article 5(1)(e) GDPR. The DPA of Berlin fined Deutsche Wohnen SE for violating Article 5(1)(c) and Article 5(1)(e) GDPR, because

Section 6 subsection 1 point 1 of the Data Protection Act must be interpreted in the light of this general principle. In addition, it should be noted that Section

basis must be identified at the outset of the processing among the ones exhaustively listed in Article 6(1) GDPR. Article 6(1) GDPR reads: 1. Processing

to prevent damage from criminal offenses (cf. § 34 Para. 1 No. 1 in conjunction Section 33 (1) no. 2 letters a, b, d, f, g BDSG) is not provided for. c)

Facts and procedure I.1. As for the complaint of complainant no. 1 (DOS-2020-05649) 1. On December 4, 2020, complainant no. 1 filed a complaint with the

the transmitted data (see point II.1.3 or II.1.3.1) at least in combination, personal data according to Art. 4 Z 1 DSGVO. For the lack of an appropriate

Articles 21 (1) sentence 1, 22 (1) and 4 no. 4 of the GDPR as well as recitals 71 p. 1, 2 and 72 can be interpreted as follows. 1, 2 and 72 can be understood

Article 6(1) GDPR? On the topic of non-material damages 4) Does Article 82(1) GDPR have a specific or general preventive character, and must that be taken

Article 12.2. of the GDPR. 8.1.3. As for the breach of the principle of minimization (article 5.1 c) of the GDPR) 8.1.3.1. In view of the consultation

third-party action (1.). On the complainant's side, his general right of personality (Article 2.1 in conjunction with Article 1.1 of the Basic Law) in

complainant. Specifically, the DSB cites Articles 5(1)(b) and (e), 9(2)(j), 89(1) GDPR and Section 7(1)(1) and (2)(1) GDPR. In particular, it follows from Article

2020). Factors to be taken into account when deciding on the amount of a fine. Article 83(1) and 83(2) GDPR provide that any fine should be “effective, proportionate

provided for in Article 5(1)(a), (e) and (f), Article 5(2), Article 24(1) and (2), Article 28(3), Article 30(1)(d) and (f) and Article 32(1) of the General Data

credit scoring purposes in light of Articles 5(1)(c), 5(1)(e) and 6(1)(f) GDPR and held that financial data may be stored for more than 5 years. This also applies

pursuant to Article 21(1) of the GDPR (Article 17(1)(a), (c)(1) and (d) of the GDPR). A request for erasure would therefore be opposed to a data use that

prevent this from happening, in violation with Article 24(1), Article 24(2), and Article 25(1) GDPR. According to Article 24(4) of the Finish Data Protection

it acts as a data controller (5(1)(a), 12(1), 13(1) of the General Data Protection Regulation, Articles 13(2) and 25(1)) Decision of the Deputy Data Protection

Section 6 subsection 1 point 1 of the Data Protection Act must be interpreted in the light of this general principle. In addition, it should be noted that Section

or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’);

subsection 1, point 1 of the Data Protection Act. According to Section 6, Subsection 1, Clause 1 of the Data Protection Act, Article 9, Section 1 of the Data

specific categories of information in Article 8 (1) and (5) of Directive 95/46 or in Article 9 (1), Article 10 (1) and Article 10 of Regulation 2016/679, the

2020, §§ 291, 288 Paragraph 1, 187 Paragraph 1 BGB in conjunction with §§ 253 Paragraph 1, 261 Paragraph 1, 222 para. 1 ZPO. II.62 II. 63 The decision

Administrative Court. 3. Legal Assessment 3.1. To dismiss the complaint 3.1.1. In accordance with Art. 15 Para. 1 GDPR, the data subject has the right to request

with the provisions of Article 6(1)(c), Article 6(1)(f) GDPR, or both provisions? 2.     Does the answer to Question 1 mean: a)      that the person whose

with article 5.1 of the RGPD, the processing of personal data must be governed by the following principles: "1. The personal data will be: a) treated in

***NIF.1 (hereinafter, the part claimed), for the installation of a video surveillance system located in URBANIZATION ***URBANIZATION.1, ***LOCALITY.1, LLEIDA

of the individual would be that a judgment given in a disputed case cannot be followed by a default notice, but could only be entered if the enforcement

of the individual would be that a judgment given in a disputed case cannot be followed by a default notice, but could only be entered if the enforcement

listed by way of example, are not to be equated with the non-material damage as such to be compensated under Article 82(1) of the GDPR; they can only "lead

met. In accordance with Section 6, Subsection 1, Section 1 of the Data Protection Act, Article 9, Section 1 of the Data Protection Regulation does not apply

sold to anyone. It may be transferred to third parties under the conditions established in art. 39. 1 of said Royal Decree 1434/2002: 1. The holder of the

information society services the age of consent is 16 years following Article 8(1) GDPR. There is no specific age of consent for other support and advisory services

the public: 0117 OSLO Offl §13 cf. Fvl §13 no. 1 Their reference Our reference Date 9135764/1 20 / 01790-1 (19/01267) / EHN 22.12.2020 Decision on the imposition

on April 1, 2017 in the amount of €39.96, 14 Tariff B... increase on April 1, 2020 in the amount of €74.26, 15Tarif T... increase on April 1, 2017 in the

served on the defendant until January 15, 2021 (Section 204 (1) No. 1 BGB, Section 253 (1) ZPO). Insofar as the district court has determined that the

Article 6(1), Article 7(1), Article 24(1), Article 25(1), Article 32(1)(b), Article 32(1)(c) and Article 32(1)(b), Article 32(1)(c) and Article 32(1)(d). d

Ordinance Article 5 No. 1 letter a and the requirement for legal basis in Article 6 (1) is among the basic requirements to be met when a business processes

been able to be accomplished via a more mild measure - the area of surveillance must be limited only to that needed for the purpose to be met and not to

violation of articles 38.1, 38.3, 39.1 a) and 39.1 b) of the GDPR; - to issue an injunction against Company A to comply with Article 38.1 of the GDPR, within

Chapter 5 contains the operative part and the legal remedies clause. 1. Introduction 1.1 Legal entities involved and reason for investigation OLVG is a foundation

concerning the violation of Articles 5.1. c); 6.1. ; 13.1. c); 13.1. e) and 13.2. a) of the GDR:- pursuant to Article 100, § 1, 9° of the ICA, to order the respondent

would have had to be issued, Art. 33 Para. 1 M 158/10 -, resolution of September 14, 2012 - 1 M 94/12 - and resolution of October 25, 2012 - 1 M 103/12 -, each

comply with section 5.1(b) of the MDR, and for failure to comply with section 5.1(a) of the MDR. and 5.1(b), 6.1, 25.1 and 25.2, 32.1 and 32.4 of the MDR

Article 5(1)(e) of the General Data Protection Regulation requires that personal data be stored in a form from which the data subject can be identified

that should be imposed, they must The provisions contained in articles 83.1 and 83.2 of the RGPD must be observed, which they point out: "1. Each supervisory

Article 102 (1) (1) and (3) of the Act of 10 May 2018 on the protection of personal data (Journal of Laws of 2019. item 1781), as well as Article 57 (1) (a),

***NIF.1, for a violation of Article 6.1 and another of article 13 of the RGPD, typified in Article 83.5 letters a) and b) of the RGPD, a fine of €1,500 (€1

▪ Articles 5.1.a and 5.2 (principles of fairness, transparency and accountability) ▪ Article 6.1 (lawfulness of processing); ▪ Article 9.1 and 9.2 (processing

controller will be responsible for compliance with the provisions of section 1 and able to demonstrate it (“proactive responsibility”).” Article 72.1 a) of the

contents Nos. 1, 3, 4, 5 and 83, as well as content No. 64. 1 SPMT-ARISTA is an external service for prevention and protection at work, which since 1 January

sanctions not be imposed on the basis that the infractions would be statute-barred. SIXTH: The following are declared accredited PROVEN FACTS 1) The claimant

processing", details in its section 1 the cases in which data processing is considered lawful: "1. Processing will only be lawful if it meets at least one

fine that should be imposed, the following must be observed: provisions contained in articles 83.1 and 83.2 of the RGPD, which indicate: "1. Each supervisory

article 72.1.b) of the LOPDGDD, with a fine of 6,000 euros (six a thousand euros). 2. That the claimed party be imposed, within the term to be determined

for compensation must be dismissed and, therefore, the action must be dismissed in its entirety. Costs125    Under Article 134(1) of the Rules of Procedure

III Article 5.1.f) of the GDPR Article 5.1.f) “Principles relating to processing” of the GDPR establishes: "1. The personal data will be: (…) f) treated

91 Paragraph 1, 709 S. 1, S. 2 ZPO. 44 The amount in dispute is set at a total of 16,000.00 EUR. The determination is based on §§ 48 Abs. 1 GKG, 3 ZPO.

to injunctive relief from § 29 para. 1 sentence 1 no. 2 BDSG old version, but from § 29 para. 1 sentence 1 no. 1 BDSG old version, although the "basic

associated with the complaining party the email ***USER.1@gmail.com and the phone number ***PHONE.1. - That within the framework of the contracting, the conditions

publishing a blog for some time under the pseudonym ***PSEUDONYM.1, which is titled “***BLOG.1” (***URL.1 in which he makes assertions such as that the complaining

the provisions of Articles 1 (3) and 15 (1) of the said Directive No. 2002/58 , which provide for the following: Article 1 3 - This Directive does not

Something that, in casu, would no longer be, nor is, possible to achieve. 52. It should also be noted that the rules must be interpreted taking into account the

under appeal must be annulled in this respect. Url search result links 1, 3–7 and 9–11 In the ECJ judgment C-131/12 related to the right to be forgotten, it

***LOCALIDAD.1 (***PROVINCIA.1), on August 7, 2019, with identification number certified ***ATESTADO.1` and the invoice number ***FACTURA.1 issued by VDF

article be understood 6.1 f), which considers the treatment based on legitimate interest lawful; that is, the interest Legitimate is the purpose (to be satisfied)

such as phone number and car chassis number must be considered as personal data in the sense of Article 4(1) GDPR when relating to identified or identifiable

Article 13 paragraphs 1 and 2 (information to be provided when personal data is collected from the data subject), Article 15 paragraphs 1 and 3 (the data subject's

August 1, 2022 filed a claim with the Spanish Data Protection Agency. The claim- tion is directed against who it identifies as B.B.B. with NIF ***NIF.1 (hereinafter

Article 22(1) GDPR, the Court held that it imposes three cumulative conditions for its application: There must be a decision; The decision must be based solely

indicates in its paragraph 1 the cases in which the processing of third party data is considered to be lawful: "1. Treatment shall be lawful only if at least

with Art. 2 para. 1, Art. 1 para. 1 GG, Art. 17 para. 1 lit. d) DSGVO, because her personal data is stored according to Art. 6 para. 1 lit. f. DSGVO had

could hardly be determined from the controller's privacy policy. In doing so, the DPA also ruled out any legal grounds under Article 6(1)(b) GDPR (contractual

82 Para. 1 GDPR. This means that a threshold of significance in the sense that immaterial minor damage does not have to be compensated cannot be agreed (ECJ

debate. 3.1. Article 108 of the Law of 3 December 2017 establishing the Data Protection Authority (hereinafter "WOG") reads as follows: "§ 1 The Arbitration

Authority (APO below}, what it does on June 17, 2020 » 1• 1 Impugned Decision, Exhibit 36, §§ 1 - 24. 1 PAGE 01-00003026497-0006-0025-02-01-� L_JCourt of Appeal

magnitude will be sufficiently effective, be in a reasonable proportion to the infringement and have a deterrent effect, cf. Article 83 no. 1 of the Privacy

The CJEU ruled that personal data collected on the basis of Article 6(1)(e) may be used in legal proceedings, but the judge has to consider the principle

party claimed within the framework of the provisions of article 118.1 of Law 39/2015, of 1 October, of the Common Administrative Procedure of Public Administrations

procedures." II Article 5.1.f) of the GDPR Article 5.1.f) "Principles relating to processing" of the GDPR establishes: "1. Personal data will be: (…) f) processed

personal data that can be required to be corrected in accordance with Article 16. It would be interesting to see which positions will be taken by courts and

will hereinafter be referred to as [applicant] and the State. 1 The procedure 1.1. An application dated 30 January 2019 with productions 1 to 7 was received

principles are to be interpreted in accordance with Part II of Schedule 1. 
 (3) …. 
 (4)Subject to section 27(1), it shall be the duty of a data

grants each control authority and as established in articles 47, 48.1, 64.2 and 68.1 of the Organic Law 3/2018, of December 5, Protection of Personal Data

(c)), C/EX/2332-1/14-05-2019 (for the complaint under (b) and (c)) and C/EX/2332-1/14-05-2019 (for the complaint under (d)). d'), C/EX/3218- 1/06-06-2019 (for

accordance with the provisions of articles 55 para. 1, 2 para. 1 and 3 para. 2 GDPR and 13 para. 1 item g' Law 4624/2019, the Authority has the authority

GDPR), grants each control authority and as established in articles 47, 48.1 and 64.1 of the Law Organic 3/2018, of December 5, Protection of Personal Data

their processing, according to with article 21 par. 1 of the GDPR, which is based on article 6 par. 1 item or GDPR. In his reply dated 24-05-2022, the Data

time, cannot be considered justified at the time of review. Consequently, it must be assessed whether the information in question should be considered outdated

healthcare personnel: Article 6(1)(f), legitimate interest. For the subjective personal data about healthcare personnel: Article 6(1)(f), legitimate interest

particular, it follows from the provisions of Article 57 (1) (f) of the GDPR and Article 13 (1) (g) of Law 4624/2019 that the Authority has the competence

framework Article 6.1 of the GDPR establishes the assumptions that allow the use of processing of personal data. "1. Processing will only be lawful if at least

e7141c720c53441c2483c; has_js=1; _gid=GA1.2.1837808855.1597415922; _gat=1 Upgrade-Insecure-Requests 1 If-None-Match" 1597405902-1" Cache-Control max-age=0”

"From what has been stated, it can be concluded that, since Mr. A.A.A.'s request was presented on 6 March 2019, it would be excluded from the copies of the

purposes for which they are processed. Article 5(1)(c) of the GDMP provides that personal data must be adequate, relevant and limited to what is necessary

pertaining to human dignity (Article 2(1) Greek Constitution) and to the right to freely form one's personality (Article 5(1) Greek Constitution). The HDPA focused

processing of Article 5(1) GDPR, underlined that, based on Article 5(2) GDPR, it is the data processor's responsibility to conform and to be able to prove their

she had worked. The Greek DPA held that a CCTV system shall be handled as subject to Article 4(1) and Article 4(2) of GDPR Regulation. That judgment does

cloudflare.com/resources/assets/slt31c6tev37/1 M 1 j5uuFDuLTYiZJJDPBag/bda8d591447971 b3df2bccf5aa4e0916/Customer OPA v,3 1 -en J Oct 2020.pdf 13. Note that the

Article 58 ( 1) of the Data Protection Regulation [1] . 2 (e) . However, all affected data subjects who are specifically Intervare's customers must be notified

functions assigned to the control authorities in the article 57.1 and the powers granted in article 58.1 of the Regulation (EU) C/ Jorge Juan, 6 www.aepd.es 28001

the parties to the 08.1.2020 plenary sitting and subsequently a deadline for the submission of statements. At the hearing held in 08.1.2020, the Director

Appeal of Brussel therefore referred six questions to the CJEU: (1) Should Article 55(1), Articles 56 to 58 and Articles 60 to 66 of [Regulation 2016/679]

income, appears to be effective, proportionate and dissuasive at the same time, in accordance with the requirements of Article 83, paragraph 1, of this Regulation

Regulation No. 1/2000; REPORTER Attorney Guido Scorza; WHEREAS, THE GUARANTOR: a) pursuant to art. 58, par. 2, lett. d) and f) and 66, par. 1 of the Regulation:

questions: ‘(1) For the purposes of Article 2(h) of Directive 95/46, what conditions must be fulfilled in order for an indication of wishes to be regarded

Regulation No 1/2000; REPORTER Mr Guido Scorza, lawyer; IN THE LIGHT OF THE FOREGOING, THE SUPERVISOR a) pursuant to Articles 58(2)(f) and 66(1) of the Regulation

order was to stay in place until it could be ensured that the files containing user personal data could only be accessed by authorized users or the data

of article 16 par. 1 and 2 of law 3917/2011, par. 1 and 2 of article 11 of law 3471/2006 were amended, so that with article 11 par. 1 of law 3471/2006 "The

the administrative procedure as prescribed by the art. 114.1.c) of Law 39/2015, of October 1, on Administrative Procedure Common of Public Administrations

personal data in violation of Article 5(1)(c) GDPR and Article 15(1) GDPR. Firstly, the DPA found a violation of Article 5(1)(c) GDPR, as the controller had retained

their customers and obtain consent in the event that their personal data will be processed by a social network through transmission from the company’s or individual’s

with L’s complaint against 401 GWN, pursuant to Articles 57(1), point (g) of GDPR and 13 par. 1 point g. 4624/2019, and to exercise respectively the powers

REASONS Having regard to the above: (1) Effects, on the basis of Articles 19 (1) (f) and 21 of Law 2472/1997, shall be paid to the ‘unilateral shareholding

Reasons for the decision 1 On the competence of the CNIL Article 55(1) of the GPSR provides: Each supervisory authority shall be competent to exercise the

in violation of the following GDPR provisions: Article 5(1) and Article 5(2) and Article 25(1): for failing to implement control systems of the personal

(definition) Article 5.2: Principle of accountability Article 6.1.a: Legal basis of consent Article 6.1.f: Legal basis of overriding legal interest Article 6.4:

paragraph 1, of Law Decree no. 28 of 2020 has, in fact, provided that in the above-mentioned period of time the parties may request or be ordered ex officio

(Datatilsynet) held that the controller had breached Articles 5(1)(a) and (c), 6, 12(1) and 13 GDPR and for this fined the controller NOK 100,000 (approximately

right that can be cogitated in relation to other fundamental rights but always on the basis of the principle of proportionality (Article 8(1) CFR, Article

medical exams. HDPA accepted that the physician violated also art. 12 par. 1 GDPR obligation to facilitate the exercise of applicant’s right of access by

Directive 95/46 Processing for solely journalistic purposes 1. Article 3(1) of Directive 95/46/EC is to be interpreted as meaning that an activity in which data

articulation was confirmed by the CJEU in its Planet49 decision of October 1, 2019 (CJEU, October 1, 2019, C 673/17, pt. 42). 57. In this respect, the Restricted Committee

full internal compliance and accountability as foreseen in Articles 5(1) and (2) and 6(1) GDPR. Finally, it imposed the fine of € 5.000. Share your comments

Articles 15 to 22 of the RGPD, regulated in article 64.1 of the LOPDGDD, according to the which: "1. When the procedure refers exclusively to the lack of

such data should be publicly available. Does the tax number of the owner of a building constitute personal data or data that should be publicly available

the user would not be able to determine what types of content would be presented to the user and in what form this content would be presented. The DPA

of the Code and 10 of Legislative Decree lg. 1 September 2011, no. 150, opposition to this provision may be lodged with the ordinary judicial authority

Articles 15 to 22 of the RGPD, regulated in article 64.1 of the LOPDGDD, according to the which: "1. When the procedure refers exclusively to the lack of

., with the apparent sender's number "..." and (b) on ... at ..., with 1 Ave. 1-3 Kifissia Street, 11523 Athens, Greece T: 210 6475 600 - E: contact@dpa

the data subject when his data would be removed. DPA hold that Alektum Oy has violated GDPR Article 15 Subsection 1 and 2 as well as Article 12 Subsection

this complaint, the Authority sent the complainant the number one. C/EX/4904-1/09-08-2019 document, in which he asked for his views on the complainants, taking

First law on processing of personal data in Cyprus was L. 138(1)/2001 for the harmonisation of national law with the Directive 95/46/EC. This law was amended

joint control of data in accordance with Article 4(7) and Article 26(1) GDPR must be interpreted 'exclusively' as involving deliberately coordinated actions

individuals must be unambiguous and that it follows from the "Planet 49" decision of 1 October 2019 of the CJEU that the use of pre-checked boxes cannot be considered

arguments for the following reasons: 1) Article 78(2) GDPR defines the applicable time frame in line with Article 4:13(1) of the Dutch Administrative law.

questions to the CJEU for a preliminary ruling on the following matters: (1) Whether the collection and other processing of personal data carried out by

in force. Therefore, it cannot be ruled out if any possible processing is inappropriate or disproportionate. It should be well-known to everyone that the

Greek original. Please refer to the Greek original for more details. 1 Ave. Kifissia 1-3, 11523 Athens, Greece TEL: 210 6475 600 - E: contact@dpa.gr - www

Articles 6(1)(c) and (e), 6(3) and 9(1) GDPR. The preliminary questions concern the issue whether the existence of a legal obligation – Article 6(1)(c) GDPR

€ 3,000 appears to be both effective, proportionate and dissuasive, in accordance with the requirements of Article 83, paragraph 1, of this Regulation

DPA determined that the legal grounds of Article 6(1)(b), 6(1)(c), Article 6(1)(d) and Article 6(1)(e) GDPR were not applicable in this case. It also held

this complaint, the Authority sent the complainant the number one.C/EX/3409-1/07-06-2019 document requesting his views on the complainants, taking into account

provisions of art. 32 para. (1) and para. (2) of the General Regulation on Data Protection and violation of the provisions of art. 3 para. (1) and para. (3) lit

response. In the light of the above, the Authority sent letter ref. C/ΕΞ/5370-1/15-10-2019 requesting clarifications to DEI, which, in its reply from... and

basis for this personal data processing and, therefore, violated Articles 5(1)(a) and 6 GDPR. Furthermore, the DPA held that the controller did not implement

letter in violation of article 15 (1) cond. 12 par. 2, 3 and 4 GDPR and c) 30,000 euros for violation of Article 25 (1) GDPR because it did not in practice

electronically stored material, that they had no legal basis as per Article 6(1)(f) GDPR and that they had failed to inform the employee as per Article 13

defendant was responsible for, and had to be able to demonstrate, compliance with the principles set out in Article 5(1) GDPR. The defendant also had to implement

details. RESOLUTION Article 56 (1) and (2) point 8, § 58 (1) of the Personal Data Protection Act (hereafter IKS) and Article 58 (1) point d and (2) points d

that they had to be revoked. 1. the warning issued in respect of Camera 1 (point 1 of the decision of 23 November 2018) is lawful Camera 1 films the area

from Art. 2 Para. 1 in conjunction with Art. 1 Para. 1 GG.42 III. The decision on costs is a mixed cost decision (Section 155 (1) Sentence 1 VwGO) on the one

DSG), Federal Law Gazette I no. 165/1999 as amended; Sections 1(1)(1) and (2), 2(1), 3(1)(1), (1a) and (2) and 4 of the Epidemics Act 1950 (hereinafter: EpiG)

complaint will be rejected as unfounded. Legal basis: Art. 5 para. 1 lit. a to f, Art. 6 para. 1 lit. c, Art. 51 para. 1, Art. 57 para. 1 lit. f and Art

infringement of Article 5.1 b) in conjunction with Article 6.4. AVG, on article 5.1 a) in conjunction with article 6.1. AVG and on article 5.1 c) GDPR has been

imposed a fine of €65,000 on Lursoft for breaching Article 5(1)(a), 5(1)(b), 5(1)(c) and 6(1) GDPR. Lursoft has since appealed the decision, meaning the

assessment: Regarding A) 3.1 § 8a VwGVG (extract): § 8a. (1) Unless otherwise stipulated by federal or Land law, procedural assistance shall be granted to a party

the postal inquiries of Customer 1, the Authority determines that Customer 1 has violated Article 12 (1) and Article 14 (1) points a) and c) of the General

parties will hereinafter be referred to as [plaintiff 1] , [plaintiff 2] , NDC Mediagroep and [defendant 2]. The procedure 1.1. The course of the procedure

law and be in accordance with the requirements of the rule of law. That can also be lower regulations. Nor can it be inferred from Article 10(1) of the

sentence 1 BayDSG and is therefore partly unlawful. The applicability of Article 13.1 letter d in conjunction with Article 2(1) and Article 1(1) of the

are as follows (formatting not 1: 1 reproduced): "1. SECTION: DESCRIPTION AND LIMITATION OF THE PROCESSING OPERATIONS [...] 1.2 Functional description of

35 (1) 9) of the PSA, but in refusing to comply with a request for information, § 35 (1) 5 ) and Point 10 of because § 35 section 1 subsection 5 1 added

years according to Section 98 (1) WTBG or seven years according to Section 132 (1) Federal Fiscal Code ("BAO") or Section 212 (1) Corporate Code (“UGB”). -

no. 2, Art. 5 para. 1 lit. f, Art. 6 Para. 1 lit. c and lit. f, Art. 13, Art. 51 Para. 1, Art. 57 Para. 1 lit. f and Art. 77 Para. 1 of Regulation (EU)

4 line 16, Art. 12 para. 1, Art. 14 para. 1 to para. 5, Art. 15, Art. 51 para. 1, Art. 57 para. 1 lit. f and Art. 77 para. 1 of Regulation (EU) 2016/679

offenses according to To 1): Art 5 Paragraph 1, Art 9 in conjunction with Art 83 Paragraph 5 lit a GDPR To 2): Art 5 para 1, Art 6 para 1 in conjunction with

performance of a contract (Article 6(1)(b) GDPR) and for legitimate interest (Article 6(1)(f) GDPR). Article 6(1)(b) GDPR In its original draft decision

Article 6(1)(d) nor Article 6(1)(e) can be used as a legal basis. The DPA researches if Article 6(1)(f) can be used as a legal basis: In order to be able to

damage is to be determined and calculated. However, the Court of Justice has consistently held that the damage to be compensated must be real and certain

provision(s): Regarding 1) - Article 5(1)(a) and (c) and Article 6(1) of the Data Protection Basic Regulation - DSGVO, OJ No L 119, 4.5.2016, p. 1. Re 2) (a) Section

follows: "§ 26b paragraph 1 (1) trade secret is information that" § 26b paragraph one, (1) trade secret is information that 1. is secret because it is neither

paying profiles. II.4. Article 12(1),(2) and (3), Article 17, Article 19, Article 24(1) and Article 25(1) AVG 63. Article 12 (1) GDPR stipulates that the controller

Article 6(1)(c) instead of Article 6(1)(f) as the District Court held. The Court of Appeal ruled that the District Court's discussion of Article 6(1)(c) was

section 1, subsection 1, section 14, subsections 1–2, section 15, subsections 1 and 3. and subsection 4, 3 points, section 16, subsection 1, section 18

data protection authority proceedings I. Customer 1. as a data controller (1) finds that: a) Customer 1. did not comply with the natural persons processing

approved appeal of Article 5(1)(a), Article 12(1), Article 13(1) and Article 13(2). The appeal for Article 5(1)(c), Article 6(1) and Article 8 GDPR was not

containing SNDS data. 1.3.3. The processing operations mentioned in paragraph 1.3.2 can only be implemented after authorization from the CNIL. 1.4. Public interest

12 (1) of the GDPR, as it did not provide transparent and understandable information, - Article 15 (1) and Article 17 (1) of the GDPR, Article 12 (1) -

Article 1 (1). b) Lack of adequate information on the purpose of data processingThe General Data Protection Regulation5. According to Article 1 (1) (a),

of the child in relation to information society services: 1. Where point (a) of Article 6 (1) applies, in respect of information society services offered

of art. 62, §1 WOG submitted to the Disputes Chamber. 4. On April 3, 2020, the Disputes Chamber will decide on the basis of art. 95, §1, 1 ° and art. 98

Para. 1 GDPR, which pursuant to Art. 57 Para. 1 lit. q GDPR in conjunction with Section 2 (2) of the ÜStAkk-V can be submitted to this. On point 1 (partial

6 no. 1 letter f the nearby legal basis. The legal basis of Article 6 (1) (f) provides instruction on a balance of interests. Personal data can be processed

referred to as "[applicant 1]", "[applicant 2]" and "Google". The applicants are jointly referred to as '[applicant sub 1] et al.'. 1 The procedure The course

the clause cannot be based on a legitimate interest under Article 6(1)(f) GDPR, so that the principle of lawfulness under Article 5(1)(a) GDPR is violated

and Articles 100 §1, 13° and 101 WOG, to impose an administrative fine of EUR 1000 on the defendant for breach of Articles 6.1, 17.1(c) and (d), 21.2,

Article 62, §1 WOG transferred to the Disputes Chamber. 4. On 23 July 2019, the Disputes Chamber will decide on the basis of Article 95, §1, 1 ° and Article

lawfulness of processing under Article 6(1) for controller 1, to also find violations of Articles 5(1)(a), 12(1) and 14(1)(a) GDPR for both controllers. This

trial period requesting: 1) To the Department of Education of the Government of Navarra (Directorate General of education): 1.1.1.Provision or regulation

DPA gave a controller a warning for violating Articles 5(1)(a), 5(1)(b), 5(1)(c), 5(2) and 24(1) GDPR by recording the private space of its neighbours with

...............39 6.1.1 Analysisbythe LSA inthe Draft Decision.............................................................39 6.1.2 Summaryofthe objectionsraisedbythe

on 1 May 2014. 6.3. An overview submitted by ING of the balance of the loan between 1 April 2014 and 1 December 2015 shows a limit of € 15,000 on 1 December

Section 1 (1) DSG can therefore not be assumed (RS0130870). 3.2.1. On the legality of the publication of the BF's data in the app Art 6 para 1 GDPR contains

secrecy (Section 1 (1) DSG) as follows The appeal is dismissed as unfounded. Legal basis: Article 51(1), Article 57(1)(f) and Article 77(1) of Regulation

Law §1 para 1 Data Protection Law §1 para 2 Data Protection Law §9 para 1 Media Law §1 no 6 Media Law §1 no 7 Media Law §1 Z8 lit c Law of Parties §1 para

which it did not only found a violation of Article 6(1), but also of Articles 5(1)(a), 12(1) and 14(1)(a) GDPR (lack of adequate information concerning the

should only be processed if the purpose cannot reasonably be fulfilled in another way. 5. Reason for the Data Protection Authority's decision 5.1. Processing

processing (Article 6.1.a) of the RGPD). Article 45.1. of the LPACAP, under the heading "Publication", states: "1. Administrative acts shall be published when

system should be in line with the GDPR. It recalled the principle of data minimisation according to Article 5(1)(c) GDPR, which has to be followed both

interest. Therefore the controller violated Article 5(1)(a) and (2), Article 6(1), Article 12(1), Article 13(1)(b) and (c) GDPR. The DPA imposed a fine of €50

2 lit. a, Art. 5 para. 1 lit. a, Art. 12 para. 1, para. 2 and para. 3, Art. 13, Art. 27, Art. 57 para. 1 lit. f, Art. 58 para. 1 lit. b and para. 2 lit

Para. 1, Art. 13 Para. 4, Art. 14 Para. 5 a, Art. 15, Art. 23 para. 1 e and i FGO § 32a Paragraph 1 No. 1, Paragraph 2, § 32c Paragraph 1 No. 1§ 33, §

25 / N. §, 51 / A. § (1), Articles 52-54. §- in Section 55 (1) - (2), Sections 56-60. §, 60 / A. § (1) - (3) and (6), § 61 (1) paragraph 61 (a) and (c)

Act (hereinafter: Itv.) 45 / A. § (1). From the advance payment of the fee, the Itv. Section 59 (1) and Section 62 (1) (h) shall release the party initiating

Article 62, § 1 WOG transferred to the Disputes Chamber. 4. On February 7, 2020, the Disputes Chamber will decide on the basis of Article 95, § 1, 1° and Article

§ 56 subsection 1, subsection 2 point 8, § 58 subsection 1, § 10 of the Personal Data Protection Act (IKS) and Article 58 paragraph 1 point d and paragraph

Art. 82 Para. 1, Para. 2, Art. 5 Para. 1 lit. a Var. 1, Article 6 paragraph 1 subparagraph. 1 lit. 1, Article 6 paragraph 1 subparagraph. 1 lit. a, Art.

proceedings can be regarded as covered by Section 1 (2) DSG. Otherwise, successful litigation or legal enforcement or legal defense would not be possible and

Claimant 1 has stated that, on *** DATE.1 , he received on his line ofmobile phone *** PHONE. 1 a prank call through the app"*** APPLICATION.1", in which

Pursuant to Section 45(1)(1) of the Public Information Act (PIA) and Section 85(4) of the Administrative Procedure Act (HMS) I decide: 1) dismiss the objection;

the basis of article 6.1 e) GDPR read together with articles 5.2 GDPR and 24.1 GDPR. 3) Violation of Articles 12.1, 12.6, 13.1 and 13.2 GDPR: the Inspection

(Section 540, Paragraph 1, Sentence 1, No. 1 of the Code of Civil Procedure). In addition and in summary, the following is to be stated, insofar as it is

SUBSTANTIATION On [...] March 2020, pursuant to Art. 78 sec. 1, art. 79 sec. 1 point 1 and art. 84 sec. 1 points 1-4 of the Act of May 10, 2018 on the Protection of

§ 166 para. 1 p. 1 ZPO § 114 para. 1 p. 1, § 121 para. 1 StVZO § 31a paragraph 1 p. 1, paragraph 3 Regulation (EU) 2016/679 Art. 5 para. 1 lit. d, Art

should always be respected and only the data that is necessary to achieve the purpose should be processed. However, this information must be adequately protected

Paragraph 24(1) and (1) and (2) of the B-VG. 5 DSG as amended, with the provisos that part 1. of the ruling concerning the data protection complaint of 1 February

law (hereinafter: Itv.) 44 / A. § (1). From the advance payment of the fee is Itv. Section 59 (1) and Section 62 (1) (h) shall release the party initiating

from Article 5 (1) of the Privacy Regulation. We refer to Article 5 (1) (a), (b), (c) and (f): «1. Personal information must (...) (a) be treated in a lawful

voluntary. 28. Article 1 of the draft decree enshrines the principle that the downloading and use of the "StopCovid" application must be based on a voluntary

Article 5(1)(d) of the GPRS, in relation to Article 4(1) of the LOPDGDD, which governs the principle of accuracy of personal data. IV Article 72.1.a) of the

which are not technical or necessary: Cookie Provider _gat_gtag_UA_49758120_1 1 1 (...) / _gid (...) / _ga (...) / 2.- There is an information banner about

principles. II.3. Article 5.1.a (transparency), Article 12.1, 12.2 and 12.6, Article 13.1 and 13.2, Article 14.1 and 14.2 GDPR II.3.1. Findings of the Inspection

that the controller had violated Article 5(1)(f) GDPR, Article 17(1) GDPR, Article 25(1) GDPR, Article 32(1) GDPR and Article 32(2) GDPR. As a result,

decree has not changed the content of Article 11.5 1 invoked, now replaced by Article 1-9 § 5. 1Article 1-9 § 5: Correction of an error made in an act, an

Section 61 (1). The decision is based on Ákr. 82. § (1), it becomes final with its communication. 19 (85) Art. § 112 and § 116 (1) and § 114 (1), respectively

part-time study, in addition to his full-time work. 1.9. In 2015, the loans referred to under 1.1. will be restructured, as a result of which the original

Agency's decision 3.1. Authorization to record telephone conversations 3.1.1. Pursuant to Article 9 (1) of the Data Protection Regulation 1, there is in principle

protection authority of 24.1.2020; e-mail of the Austrian data protection authority of 31.1.2020; e-mail of the plaintiff of 31.1.2020) will be returned. - The applications

Article 6 (1) (f)Article 13 (2) (f) and Article 14 (2) (g), Article 14 (1) andArticle 15 (1) (h) and Article 21 (1)infringement of Article 18 (1) (a) and

50AT SAObjection, pp. 1-7;ES SAObjectionpp. 1-3;FI SAObjection pp. 2-7;HU SAObjectionpp. 2-4;NLSA Objection,pp.1-12;NOSAObjection,pp.1-9;SESAObjection,pp

to the Dutch original for more details. DECISION 1 The further course of the proceedings on appeal 1.1 The court of appeal refers to its judgment of 9 July

"There are different doctrines on the first question in Austria and Germany: 1.1.1. For a right of choice for the person responsible: According to Haidinger

measures for processing special categories of data, cf. Article 32(1)(b) GDPR, Article 32(1)(d), Article 24 and Article 35, cf. Article 5. In May 2019, a municipality

or from § 823.1, § 1004 of the Civil Code in conjunction with Article 1.1, Article 2.1 of the Basic Law. 8 a) The complainant's right to be listed did not

Agency's decision 3.1. Processing of personal data using ProctorExam 3.1.1. It follows from Article 2 (1) of the Data Protection Regulation 1, that the Regulation

with Art. 5 sec. 1 lit. f, art. 24 sec. 1, art. 25 sec. 1, art. 32 sec. 1 lit. d, art. 32 sec. 2, art. 33 paragraph. 1 and art. 34 sec. 1 of the Regulation

protection rules. 4.1. The legal basis for the treatment 4.1.1. It is clear from Article 6 (1) of the Data Protection Regulation 1, letter a, that the

personal content, and despite her objection, thereby violating Articles 6(1)(f), 13, 17(1)(e), and 21 GDPR. The Norwegian DPA (Datatilsynet) received a complaint

R.F. Plaizier in Amsterdam.1 The procedure1.1.The course of the procedure is apparent from: -the application with exhibits 1 to 13, -the statement of defense

are to be used must be taken into account. Furthermore, the Court considered that recital 39 GDPR states, inter alia, that 1) personal data should be adequate

Article 5.1 sentence 1 of the Basic Law. The claim to access to information is based on § 2.1 sentence 1 no. 1 VIG and not on Article 5.1 sentence 1 of the

referred for a preliminary ruling 1.1 On the first question, there are different doctrines in Austria and Germany: [18] 1.1.1 For a right of choice of the responsible

OrdinanceArticle 5 No. 1 letter f, and the Privacy Regulation 32 No. 1. letter book d The background and reasons for the decision follow below. 1. The case 1.1. Description

Para. 2 Z 1 VwGVG, the hearing can be omitted if the party's application initiating the previous administrative procedure or the complaint is to be rejected

5 (1) (a), 12 (1) and 13 of the General Data Protection Regulation. Decision The current information practices of the controller under Article 5 (1) (a)

following must be assessed: 1) whether the controller's procedure for storing customer purchase data was in accordance with Article 5(1)(e), Article 25(1) and Article

the defence's motion to discontinue the proceedings did not have to be granted. 1. (1) The BfDI's penalty notice sets out the data protection infringement

for decision 1 The action is admissible, with the local jurisdiction of the Munich Regional Court resulting from Article 44(1) sentence 1 of the GDPR,

application can only be extracted in the manner described above. D. From a legal point of view, it follows that D.1 The legal situation: D.1.1. infringement of

stipulates that personal data must be collected for specific, explicit and legitimate purposes. 4.3. Article 1, under 1.1, of the Covenant states that the

for a preliminary ruling. In ground 1, [the appellant] states that his request is based on Articles 1, 6 paragraph 1 (f) and 21 of the AVG and therefore

office. 1 The further course of the proceedings on appeal 1.1 The court takes over the content of the interlocutory judgment of 30 October 2018. 1.2 Subsequently

Categories of recipients to whom the information is or will be passed on Pursuant to Article 30 (1) (1) (d) GDPR, a list shall include information on the categories

personal data in Article 5 (1). Chapter III of the Privacy Regulation must also be safeguarded in order for the processing to be lawful. In its decision,

provides in paragraphs 1 and 2: ‘1. Personal data collected by competent authorities for the purposes set out in Article 1(1) shall not be processed for purposes

Authority, and in accordance with the provisions of Articles 47, 48.1, 64.2 and 68.1 of the LOPDGDD, the Director of the Spanish Agency for Data Protection

obligation under the articles5 (1) (f), 5 (2), 15, 32 and 33 of the Regulation, as well as article 33 (1) (y) of Law 125 (1) / 2018and she was asked to submit

would be through the granting of consent by the complainant to process his personal data processing (Article 6.1.a. AVG), nor that there would be an agreement

3. Justification 3.1.1. Regarding the purpose limitation findings (Article 5.1 b) GDPR) and the lawfulness of processing (Article 6.1 GDPR) 12. In its report

EXAMPLE On [...] February 2019, pursuant to Article 78(1), Article 79(1)(1) and Article 84(1)(1-4) of the Act of 10 May 2018 on the protection of personal

data would only be accessible for a period of 5 years (after which it would be deleted or anonymised), the data controller would not be exceeding the period

the information required by Article 1 (1) in such a way that such information can be easily understood; and at hand 3.1. Regarding security camera surveillance

THIRD: To appoint as instructor INSTRUCTOR.1 and, as secretary SECRETARY.1, indicating that any of them may be challenged, if appropriate, in accordance

......... 17 5.1 On the findings of an infringement of Article 33(1) GDPR.................................................... 17 5.1.1 Analysis by the

thus failed to fulfil its obligations under Article 5(1) GDPR, Article 24(1) GDPR and Article 28(1) GDPR. Second, the DPA found that, since the data processing

necessary. The complaint should therefore be dismissed as unfounded or the proceedings should be discontinued. 1.5 In the contested decision, the authority

permissions of Art. 6 Para. 1 GDPR. You have thereby violated the following legal provision (s):  Art. 5 para. 1 lit. a, Art. 6 Para. 1 in conjunction with Art

('integrity and confidentiality'). The controller shall be responsible for compliance with paragraph 1 and shall be able to prove it ("proactive responsibility")

question must be that it follows from Articles 77(1) and 57(3) of the GDPR that where a data subject becomes a party to proceedings under Article 78(1) of the

are processed at all (Art 15(1)(1) GDPR) or whether information on specific processed data is requested (Art 15(1)(2) GDPR). 1.2 The competent panel of experts

that this would be sufficiently "effective, proportionate and dissuasive" as per Article 83(1). In addition to a breach of Article 6(1)(f), the lack of

referred to in paragraph 1, points (c) and (e), must be established by: a) Union law; or b) the 26 Article 6.1.c of theAVG. 27Article 6.1.e of theAVG. Decision

defendant should be charged with the violation of Article 58.1 of the RGPD typified in Article 83.5 e) of the RGPD. The The sanction that should be imposed is

because its processing activities infringed Articles 5(1)(a)(b) and (c), 6(1), 12(1)-(5), 15(1) and 17(1) of the GDPR. Furthermore, the Authority, pursuant

Pronounced in public on 30 September 2020 545. ANNEX AVG Article 5 1. Personal data must be a) be processed in a manner which is lawful, adequate and transparent

controller violated Article 5.1.c, 5.1.b and 6.1.e of the RPGD. 48. Under Article 100 LCA, the Litigation Chamber has the power to: 1 ° dismiss the complaint;

Article 6(1) GDPR? The Spanish DPA (AEPD) referred to the principle of lawfulness, fairness and transparency (Article 5(1)(a)), as well as Article 6(1) on the

100, §1, 9° WOG, order the defendant to order that the processing in is brought into line with Articles 5.1(a) and (b), 5.2, 6.1, 12.1, art. 13.1. b) and

data controller must be prepared to suspend data processing at any time if the data subject so requests (see Art 17 (1), Article 21 (1)) or if a data protection

Articles 5.1.b) and 5.1.c) of the GDPR pursuant to Article 95, §1, 3° of the LCA; - pursuant to Article 58.2.c) of the GDPR and Article 95, § 1, 5° of the

details. 201907720/1/A3. Date of judgment: 9 December 2020 SECTION ADMINISTRATIVE LAW Judgment on the appeals of: 1. [appellant under 1], residing at [place

and 32, paragraph 1, AVG and further elaborated in article32, paragraph2, preamble, FISHOrdinancesBIO standards5.1.1,5.1.1.1and5.1.2.1. 2.4PhysicalSecurityAccesstoNVIS

Regulation No. 1/2000; Dr Agostino Ghiglia as rapporteur; WHEREAS 1. The report against the company and the preliminary investigation activity. 1.1. In a report

this processing, in violation of Article 5(1)(c) GDPR; It violated Article 13(1) and (1) GDPR, and Article 5(1) GDPR by failing to adequately inform data

provided in article 5.1 d) of the RGPD, in relation to article 4.1 of the LOPDGDD, and another against the provisions of article 5.1 f) of the RGPD, in relation

updates. In the near future step 1 PAGE □1-□□□□149307□-□□□3-□□22- □1-□1-� L _J' Court of Appeal Brussels -2019/AR/1006 -p. 4 13-1 the Bank X from the current

Regulation) Article 1, paragraph 2, Article 5, Article 6, paragraph 1, subparagraph f, Article 17(1)(a), (c) and (d), Article 17(3)(a), Article 21(1) Judgments

Article 6 (1) of the Data Protection Regulation. Article 17 (1) (c) and that the information shall not be deleted in accordance with Article 17 (1). 1, letter

in Article 6(1), - processing as described above, and in particular one of the conditions laid down in Article 6(1). 1 AVG. It should be stressed that

Act (hereinafter: Act I ) 45 / A. § (1). From the advance payment of the fee, the Itv. Section 59 (1) and Section 62 (1) (h) shall release the party initiating

***NUMBER.1 and ***NUMBER.2, carrying out citizen security tasks in the locality of ***LOCATION.1, they observe the step located ***ADDRESS.1, of said locality

invokes thefirst time a series of other GDPR violations (Articles 5.1.a, 5.1.f, 5.2, 6.1.a, 6.1.f, 12,13, 17 and 25). In particular, it raises the question of

violations of the provisions of Art. 5 sec. 1 lit. a), art. 28 sec. 1, 3 and 9, art. 33 sec. 1 and art. 34 sec. 1 and 2 of Regulation 2016/679 is blatant and

report, page 34, point 4.4.8.1. 24Investigation report, page 34, point 4.4.8.2.1.1 25Investigation report, page 34, point 4.4.8.2.2.1 ______________________

imposed by sections 24.1., 28.1. and 30.1. of the DGPS ; -On 11 June 2019, the Disputes Chamber decides, pursuant to Article 95, § 1, 1° and 98 of the ICA

data. Pursuant to Article 5 (1) of the Data Protection Regulation. 2. For the purposes of paragraph 1 (b), personal data shall be collected for explicit and

the Strijp-S housing complex in Eindhoven. It's agreed 1 Facts 1.6 1.7 1.8 1.9 1.10 1.11 1.12 1.13 1.14 that [plaintiff] directly to PME Investment Services

complainant must be regarded as personal data, since the complainant on the basis of his vehicle data can be identified within the meaning of Article 4. 1) GDPR

in article 72.1.b) of the LOPDGDD. VI In order to establish the administrative fine to be imposed, the provisions contained in Articles 83(1) and 83(2) of

and the interests of the interested." Article 6.1.b) of the RGPD indicates: "1. The treatment will only be lawful if at least one of the following is met

for the sale of a brand vehicle was signed. ***MARK.1, model ***MODELO.1, license plate ***MATRICULA.1 in which it appears as the buyer the claiming party

p. 3 breach of articles 5.1.a} and 5.1.b), 6.1, 25.1 and 25.2, 32.1 and 32.4 of the GDPR read together. This decision may be appealed against within thirty

implements them. 13th 9 10gl. on § 9 BDSG and Art. 2 Paragraph 1 in conjunction with 1 Paragraph 1 GG: Lotz / Wendler, CR 2016, 31, 34. Martini, in: Paal / Pauly

cameraslancia towards public space ”(folio nº 1).The art. 5.1 c) RGPD provides the following: Personal data will be:"Adequate, relevant and limited to what is

articles 5.1.,b) juncto 24.1 and 9.2.a) juncto 7.3 of the RGPD; - that it is not necessary to pronounce one of the measures provided for in Article 100, §1 of

entire territory of Hungary. Pursuant to Section 112 (1) and (2) and Section 116 (1) and Section 114 (1), there is a right of appeal against the decision through

asociada" ***TELÉFONO.1as "Customer Data", A.A.A., NIF ***NIF.1, VODAFONE telephone number ***TELÉFONO.1 and address "Street ***ADDRESS.1". - An envelope with

with NIF ***NIF.1 (hereinafter the claimant), for the installation of a video surveillance in ***ADDRESS.1, ***APPARTMENTS.1 - ***LOCALITY.1 (SANTACRUZ OF

101 WOG of EUR 25,000 to be imposed on the defendants for infringements of the articles 5.1.f, 5.2, 24, 32, 33.1 and 5, 34.1 GDPR. Against this decision