Search results
From GDPRhub
- instructive in the interpretation of Recital 23 GDPR. Contrary to the usual definition of good and services, the GDPR clarifies that processing is covered37 KB (4,635 words) - 13:29, 24 October 2023
- Article 6 GDPR (category GDPR Articles) (section Tension with Article 5 and 12 GDPR in case of routine reliance on Article 6(4) GDPR)BDSG, Article 6 GDPR, margin number 20 (C.H. Beck 2020). Recital 32 sentence 1 GDPR. Recital 32 sentence 2 GDPR. Recital 32 sentence 3 GDPR. CJEU, C‑673/17108 KB (17,005 words) - 15:39, 18 March 2024
- GDPR. Recital 71 sentence 1 GDPR. Recital 71 sentence 1 GDPR. Recital 28 sentence 1 GDPR, such as Hansen, in Simitis, Hornung, Spieker, Datenschutzrecht125 KB (16,328 words) - 16:01, 8 March 2024
- Article 24 GDPR (category Article 24 GDPR) (section Shall implement appropriate technical and organisational measures to ensure GDPR compliance)Knyrim, DatKomm, Article 32 GDPR, margin numbers 23 (Manz 2022). Pollirer, in Knyrim, DatKomm, Article 32 GDPR, margin numbers 23 (Manz 2022). Pollirer, in30 KB (3,458 words) - 10:31, 25 April 2024
- in relation to the GDPR - usually in the form of a Restriction under Article 23 GDPR - these other rights exist in parallel to the GDPR. This means a data73 KB (9,896 words) - 15:46, 18 March 2024
- of data established in Article 9(2)(a) GDPR, Article 9(2)(c) GDPR, Article 9(2)(g) GDPR and Article 9(2)(i) GDPR directly correlate with a specific legal44 KB (5,905 words) - 14:00, 24 October 2023
- listed in Articles 13 GDPR. In certain cases, Article 23 GDPR may be used by Member States to exempt certain duties under Article 13 GDPR in certain situations71 KB (9,532 words) - 13:30, 6 March 2024
- (Article 12(1) GDPR), facilitate the data subject (Article 12(2) GDPR), respond and communicate the measures taken (Article 12(3) and (4) GDPR), the principle61 KB (8,488 words) - 15:47, 18 March 2024
- under Article 6(4) GDPR and further processing for a compatible purpose under Article 6(4) GDPR. See the commentary on Article 6(4) GDPR for details on the51 KB (6,355 words) - 08:25, 18 April 2024
- and purposes outlined in Article 23(1)(a) to (j) GDPR (e.g. national and public security) as well as Recital 73 GDPR (e.g. protection of human life). In49 KB (5,993 words) - 06:22, 16 June 2023
- dealt with in Article 12(6) GDPR. It is unclear why Article 12(2) GDPR refers to Articles 15 to 22 GDPR, while Article 11(2) GDPR only refers to Articles Articles76 KB (11,304 words) - 08:37, 4 March 2024
- Article 23 GDPR (category GDPR Articles) (section Consultation with the DPAs (Articles 36(4) and 57(1)(c) GDPR))(Article 12 GDPR), information (Articles 13 and 14 GDPR), access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction44 KB (4,896 words) - 06:25, 16 June 2023
- Regulation (GDPR): A Commentary, Article 32 GDPR, p. 636 (Oxford University Press 2020). Jandt, in Kühling, Buchner, DS-GVO BDSG, Article 32 GDPR, margin number41 KB (5,197 words) - 12:17, 17 April 2024
- (Article 4(23) GDPR), several supervisory authorities (SA) could be competent according to Article 55 GDPR. For this reason, Article 56(1) GDPR establishes55 KB (7,446 words) - 22:28, 1 April 2024
- Article 83 GDPR (category GDPR Articles) (section (6) Non-compliance with orders pursuant to Article 58(2) GDPR)Article 83(8) GDPR corresponds in this respect to Recital 148 sentence 4 GDPR. Nemitz, in Ehmann,Selmayr, Datenschutz-Grundverordnung, Article 83 GDPR, margin55 KB (7,622 words) - 14:04, 7 November 2023
- Article 14 GDPR gives expression to the principle of transparency enshrined in Article 5(1)(a) GDPR and further defined in Article 12 GDPR. While Article47 KB (5,644 words) - 17:49, 5 March 2024
- processing of personal data of deceased persons. Article 2 GDPR sets out the material scope of the GDPR. Paragraph 1 clarifies that the Regulation applies to34 KB (4,652 words) - 12:07, 12 November 2023
- of the most innovative elements in the GDPR related to the accountability principle (see Articles 5(2) and 24 GDPR). This provision regulates the cases in52 KB (7,297 words) - 08:05, 18 July 2023
- the meaning Recital 86 GDPR). However, Article 34 GDPR does not provide a specific deadline of 72 hours as is the case in Article 33 GDPR. Instead, timelines37 KB (3,962 words) - 15:20, 16 June 2023
- Data Protection Regulation (GDPR): A Commentary, Article 55 GDPR, page 909 (Oxford University Press 2020). See Recital 20 GDPR and CJEU, in C-245/20 - Autoriteit35 KB (3,971 words) - 21:34, 1 April 2024
- Regulation (GDPR), Article 7 GDPR, p. 350 (Oxford University Press 2020). Heckmann, Paschke, in Ehmann, Selmayr, Datenschutz-Grundverordnung, Article 7 GDPR, margin31 KB (3,489 words) - 16:00, 8 March 2024
- since, under Article 28(1) GDPR, a controller shall only use processors providing the same standards under Article 25 GDPR. Manufacturers or producers43 KB (4,675 words) - 06:43, 16 June 2023
- Article 82 GDPR – like almost all provisions of the GDPR – is directly applicable in all Member States without any act of implementation. Article 82 GDPR leaves33 KB (4,215 words) - 09:57, 19 March 2024
- consideration when the GDPR was drafted. There is consequently no need to 'balance' the GDPR against other rights for a second time, as the GDPR is already the28 KB (3,831 words) - 16:21, 14 March 2024
- Article 57 GDPR (category GDPR Articles) (section (a) Monitor and enforce the application of the GDPR)to Article 60 GDPR, Article 61 GDPR, Article 62 GDPR, Article 63 GDPR, Article 64 GDPR, Article 65 GDPR, Article 66 GDPR and Article 56 GDPR. The SA is also60 KB (7,796 words) - 20:12, 1 April 2024
- purpose (Article 52(4)(5)(6) GDPR). Elements of SAs' complete independence are also addressed in Article 53 GDPR and Article 54 GDPR. The CJEU in the Case of47 KB (5,594 words) - 22:45, 1 April 2024
- natural persons”. The GDPR does not define what constitutes a “risk to the rights and freedoms of natural persons”. Recital 75 GDPR only outlines potential54 KB (6,536 words) - 08:22, 16 June 2023
- Article 85 GDPR (category Article 85 GDPR) (section Scope of the exceptions within the GDPR framework)prevention (Article 23(1)(a-j) GDPR) allow for far fewer GDPR restrictions than those granted by freedom of expression. Article 85(2) GDPR poses one condition33 KB (3,748 words) - 14:25, 7 November 2023
- Article 27 GDPR (category GDPR Articles) (section (a) Processing Which is Occasional and Does Not Include Data in the Sense of Articles 9 and 10 GDPR)Protection Regulation (GDPR): A Commentary, Article 27 GDPR, pp. 595-596 (Oxford University Press 2020). Recital 80 sentence 5 GDPR. Ziebarth, in Sydow,25 KB (2,418 words) - 14:11, 24 May 2023
- interpreted Recital 144 GDPR to have limited the scope of Article 81 GDPR, as applying only to proceedings instigated under Article 78 GDPR. The first sentence27 KB (2,619 words) - 14:52, 16 November 2023
- important to note that Article 13(1)(f) GDPR, Article 14(1)(f) GDPR, Article 15(1)(c) GDPR and Article 15(2) GDPR, make specific reference to transfers of personal21 KB (1,831 words) - 08:51, 27 March 2023
- Article 18 GDPR (category GDPR Articles) (section (d) Objection to processing under Article 21(1) GDPR)to Article 23(1)(e) GDPR, which sets out strict requirements for the Union or Member State's law restricting GDPR rights, Article 18(2) GDPR does not make32 KB (3,730 words) - 08:43, 7 March 2024
- 22(2)(c) GDPR. Finally, decisions based on explicit consent are also subjected to the safeguards laid down in Article 22(3) GDPR. Article 22(3) GDPR lays down31 KB (4,768 words) - 06:24, 16 June 2023
- Article 58 GDPR (category GDPR Articles) (section (d) Order to bring processing in compliance with the GDPR)(Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction (Article 18 GDPR), notification (Article 19 GDPR) or data portability46 KB (5,825 words) - 11:12, 7 November 2023
- personal data as well (see Recital 163 GDPR). Tosoni in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 98 GDPR, p. 1315 (Oxford University15 KB (943 words) - 09:58, 8 November 2023
- out data relating to deceased persons, this Recital confirms Recital 27 GDPR, according to which the GDPR “does not apply to the personal data of deceased29 KB (3,695 words) - 13:44, 21 March 2024
- You can find all related decisions in Category:Article 36 GDPR Recital 89 GDPR. Article 36 GDPR must therefore be read as one element within a wider framework31 KB (3,646 words) - 08:51, 21 July 2023
- Article 79 GDPR (category GDPR Articles) (section Infringement of the plaintiff’s rights under the GDPR)Article 79 GDPR, margin number 14 (rdb.at 2018). Jahnel in Jahnel, DSGVO, Article 79 GDPR, margin number 29 (Jan Sramek 2021). See Recital 141 GDPR. Moos,31 KB (3,550 words) - 11:11, 29 November 2023
- in other parts of the GDPR. To begin with, Recital 141 GDPR clarifies that an SA must “act on a complaint”. Article 57(1)(f) GDPR, in turns, establishes30 KB (3,874 words) - 10:46, 7 December 2023
- (Article 15 GDPR), rectification (Article 16 GDPR), deletion (Article 17 GDPR), restriction of processing (Article 18 GDPR), objection (Article 21 GDPR) and the34 KB (3,646 words) - 08:53, 27 March 2023
- catalogue of penalties in Article 83 GDPR. National legislators may add provisions to fill these gaps. Under Recital 152 GDPR, these provisions may either be19 KB (1,477 words) - 14:12, 7 November 2023
- under the GDPR. → You can find all related decisions in Category:Article 94 GDPR Kühling, Raab, in Kühling, Buchner, GVO BDSG, Article 94 GDPR, margin numbers13 KB (530 words) - 09:40, 3 October 2023
- situation, Article 95 GDPR will not be relevant, and the GDPR applies as normal. Notably, Recital 173 GDPR, which relates to Article 95 GDPR, omits reference20 KB (1,539 words) - 08:21, 19 October 2023
- Article 93 GDPR (category Article 93 GDPR) (section GDPR cases where the examination procedure is referred to)Article 45(5) GDPR (revocation, change of such determinations); Articles 46(2)(c) and (d) GDPR (standard protection clauses); Article 47(3) GDPR (formats and17 KB (1,096 words) - 08:19, 19 October 2023
- resolution mechanism under Article 65 GDPR in connection with Article 63 GDPR is triggered (Article 60 (4) GDPR). Article 60(2) GDPR clarifies that also in cross-border35 KB (4,017 words) - 16:04, 18 March 2024
- (Articles 55-59 GDPR). The GDPR provides for exceptions from provisions entailed in Chapter VI (independent supervisory authorities). Article 85(2) GDPR mandates27 KB (2,604 words) - 14:24, 16 January 2024
- proposed amendments to the GDPR (pursuant to Article 70(1)(b) GDPR). Although not explicitly mentioned in Article 69(2) GDPR, the requirement that the Board18 KB (1,327 words) - 12:36, 14 December 2023
- 57 GDPR should be deemed inadmissible for the purposes of Article 31 GDPR. Article 31 GDPR can be read as a supporting provision to Article 58 GDPR. In22 KB (2,042 words) - 14:29, 20 November 2023
- 88(1) GDPR) and a conditional function (Article 88(2) GDPR). While Article 88(2) GDPR determines the scope of the opening clause, Article 88(1) GDPR establishes32 KB (3,228 words) - 13:32, 30 November 2023
- Article 11 GDPR (category GDPR Articles) (section (1) If the data subject is not identified, the GDPR applies in part)Articles 13 or 14 GDPR. This can be drawn from the final sentence of Article 11(1) GDPR. It must be assessed with the utmost attention whether GDPR provisions20 KB (1,854 words) - 16:32, 8 March 2024
- decision pursuant to Article 45 GDPR shall be used, when it exists; second, appropriate safeguards under Article 46 GDPR, such as binding corporate rules29 KB (3,500 words) - 08:54, 27 March 2023
- Article 40 GDPR (category GDPR Articles) (section (3) Controllers and processors that are not subject to the GDPR)Although Article 40(5) GDPR mentions that the competent DPA will be determined through the application of Article 55 GDPR, the GDPR does not provide concrete44 KB (5,008 words) - 14:50, 28 July 2023
- published under Article 70(3) GDPR. Though Article 70(3) GDPR already obliges the EDPB to make these public, Article 71(2) GDPR ensures that the public is15 KB (1,196 words) - 08:15, 19 October 2023
- exists only in cases of Article 64(2) GDPR but not the context of Article 70(2) GDPR. According to Article 70(3) GDPR, the EDPB is obligated to “forward its27 KB (3,038 words) - 12:19, 11 October 2023
- from any of the GDPR’s protections. → You can find all related decisions in Category:Article 39 GDPR Just as Article 38 GDPR, Article 39 GDPR also shows similarities23 KB (2,165 words) - 15:10, 27 July 2023
- with Article 58(1) GDPR. Article 90 GDPR was drafted with a view to regulate potential conflicts between the application of the GDPR on the one hand, and18 KB (1,599 words) - 12:26, 29 April 2022
- Category:Article 86 GDPR At para. 120 Kranenborg, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 86 GDPR, p. 1216 (Oxford University22 KB (2,177 words) - 10:01, 19 March 2024
- Article 72 GDPR regulates the Board's voting procedure. Generally, the GDPR grants the EDPB a high degree of autonomy. In particular, Article 72(2) GDPR entitles22 KB (2,266 words) - 08:26, 17 October 2023
- the scope of the LED from the scope of the GDPR. Article 10 GDPR is intended to extend the protection of the GDPR to the processing of certain criminal data17 KB (1,768 words) - 15:41, 18 March 2024
- subject to the GDPR or, in cases where they are not established in the EU, act within the material and territorial scope of the GDPR. Article 48 GDPR refers to14 KB (716 words) - 15:19, 28 April 2022
- large-scale, or involve processing of data under Article 9 GDPR or Article 10 GDPR. Recital 97 GDPR clarifies that the core activities of a controller are43 KB (4,904 words) - 12:59, 21 July 2023
- provisions of the GDPR. This decision refers to the Administrative cooperation between SAs (covering cooperation under Articles 56, 60, 61 and 62 GDPR) and the15 KB (810 words) - 16:13, 2 November 2023
- Article 91 GDPR (category Article 91 GDPR) (section Rules that are comprehensive and in line with the GDPR)true also under Article 91 GDPR”. See, Tosoni, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 91 GDPR, p. 1263 (Oxford University25 KB (2,482 words) - 10:04, 19 March 2024
- application of Article 65(1)(a) GDPR, (13 April 2021), margin number 57 (available here). See also Recital 143 GDPR. See Article 78(2) GDPR. Hijmans, in Kuner et33 KB (4,185 words) - 16:09, 2 November 2023
- Article 46(2)(d) GDPR, contractual clauses referred to in Article 46(3)(a) GDPR, or binding corporate rules within the meaning of Article 47 GDPR. In these cases15 KB (851 words) - 06:55, 29 April 2022
- directly to children. As such, Article 8 GDPR stipulates additional requirements for consent by children. Article 8 GDPR applies only if the processing of data19 KB (1,335 words) - 13:56, 24 October 2023
- authority. Article 61(1) GDPR regulates how independent authorities are to cooperate to enable the uniform application of the GDPR. Supervisory authorities24 KB (2,181 words) - 11:46, 15 January 2024
- provisions of the GDPR require the controller to keep track of individual recipients. For example, Article 15(1)(c) GDPR and Article 19 GDPR require the disclosure31 KB (3,327 words) - 15:31, 5 June 2023
- outlined under other Articles of the GDPR, namely in Articles 51, 52 and 53 GDPR. The second objective, under Article 54(2) GDPR, seeks to regulate the confidentiality34 KB (3,649 words) - 13:19, 30 October 2023
- of knowledge between them. This way, Article 50 GDPR expands the exhortation under Article 57(1)(g) GDPR that calls for cooperation between EU DPAs, across17 KB (1,142 words) - 15:41, 28 April 2022
- Article 42 GDPR (category GDPR Articles) (section (7-8) What processing operations can be certified under the GDPR)to Article 6 GDPR; the principles of data processing pursuant to Article 5 GDPR; the data subjects’ rights pursuant to Articles 12-23 GDPR; the obligation27 KB (2,452 words) - 14:26, 28 July 2023
- sors_en Recital 121 GDPR. Hijmans, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation (GDPR): A Commentary, Article 53 GDPR, p. 88829 KB (2,894 words) - 23:06, 1 April 2024
- provisions under Article 75(3) GDPR. The employees of the Board's secretariat only report to the Chair (Recital 140 GDPR). In this respect, they are therefore20 KB (1,347 words) - 14:21, 17 October 2023
- differences between portability and access under Article 15(3) GDPR. According to Recital 68, the data should be available in an "interoperable format"40 KB (5,349 words) - 07:05, 1 June 2023
- 5(1)(d) GDPR gives the controller some leeway to continue processing inaccurate data - see more details under Article 5(1)(d) GDPR. Article 16 GDPR, titled23 KB (2,489 words) - 23:24, 6 March 2024
- 60, 63, 64 and 65 GDPR) immediately adopt provisional measures intended to produce legal effects on its own territory. Article 66 GDPR creates strict conditions20 KB (1,590 words) - 16:11, 2 November 2023
- exclusion of Article 82 GDPR is confirmed by the last sentence of Recital 142 GDPR. In addition, Article 80(2) GDPR does not permit Member States to allow NPOs26 KB (2,575 words) - 15:50, 9 November 2023
- decisions pursuant to Article 65 GDPR (Article 70(1)(t) GDPR). Article 68 GDPR is the first of nine Articles (Articles 68-76 GDPR) governing the EDPB set forth20 KB (1,632 words) - 10:01, 11 October 2023
- It shall apply from 25 May 2018. There is no relevant recital for Article 99 GDPR. Article 99 GDPR sets out the dates of the Regulation's entry into force12 KB (295 words) - 08:25, 19 October 2023
- Category:Article 45 GDPR Kuner, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation (GDPR): A Commentary, Article 45 GDPR, p. 774 (Oxford43 KB (5,641 words) - 14:58, 28 April 2022
- compliance with the GDPR under Article 58(2)(d) GDPR or even ban it under Article 58(2)(f) GDPR. Therefore, complaints under Article 77 GDPR should extend to33 KB (3,641 words) - 09:51, 19 March 2024
- Article 29 GDPR (category GDPR Articles) (section Commonalities and differences in relation to Article 28(3)(b) GDPR)relevance of Article 29 GDPR were rooted in the fact that Article 28(3)(b) GDPR already seems to cover much of the scope of Article 29 GDPR. More specifically13 KB (674 words) - 13:15, 2 June 2023
- systems of the Member States. → See Article 23 GDPR. → You can find all related decisions in Category:Article 19 GDPR. The obligation to notify under Article19 KB (1,436 words) - 12:35, 12 May 2023
- Article 62 GDPR, margin number 11 (Beck 2018, 2nd edition). Riccio, Scorza, Belisario, GDPR e normativa privacy – Commentario, Article 62 GDPR (Wolters Kluwer22 KB (1,915 words) - 13:46, 15 January 2024
- Article 96 GDPR if it is found to be incompatible with other GDPR provisions. → You can find all related decisions in Category:Article 96 GDPR It follows13 KB (450 words) - 08:22, 19 October 2023
- of the GDPR enforcement across the Member States. → You can find all related decisions in Category:Article 64 GDPR Caspar in Kühling, Buchner, GDPR Article23 KB (2,079 words) - 16:07, 2 November 2023
- in Category:Article 74 GDPR For more on this point, see Article 72 GDPR. Dix in Kühling, Buchner, DS-GVO BDSG, Article 74 GDPR, margin number 7 (C.H. Beck15 KB (808 words) - 09:44, 17 October 2023
- 76 GDPR, margin number 1 (C.H. Beck 2020, 3rd edition). Docksey, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 76 GDPR, p15 KB (787 words) - 08:17, 19 October 2023
- encompasses other obligations of controllers under the GDPR. EDPB: This extends to various obligations under the GDPR, including but not limited to the implementation37 KB (3,915 words) - 12:49, 24 May 2023
- compliance with the GDPR. Article 28(3)(h) GDPR enables such a task in case processors are used. According to Article 28(3)(h) GDPR, the processor should72 KB (9,140 words) - 13:12, 2 June 2023
- mentioned in Recital 167 GDPR and Article 291 TFEU, the aim of implementing acts is to “ensure uniform conditions for implementing” the GDPR. In its GDPR Certification22 KB (1,634 words) - 14:40, 28 July 2023
- majority principle under Article 72(1) GDPR would have applied regardless of Article 73(1) GDPR. In addition, the GDPR explicitly legislates for a simple majority19 KB (1,530 words) - 14:23, 12 October 2023
- Article 92 GDPR (category Article 92 GDPR) (section (2) Delegation of power under Article 12(8) and 43(8) GDPR)of the European Union ("TFEU"), within the scope of the GDPR. The function of Article 92 GDPR is to lay down conditions for the delegation of power as19 KB (1,525 words) - 08:18, 19 October 2023
- Regulation (GDPR): A Commentary, Article 38 GDPR, p. 707 (Oxford University Press 2020). Bergt, in Kühling, Buchner, DS-GVO BDSG, Article 38 GDPR, margin number29 KB (2,951 words) - 14:19, 25 July 2023
- Category:Article 47 GDPR Kuner, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation (GDPR) Update of Selected Articles, Article 68 GDPR, p. 194 (Oxford29 KB (2,823 words) - 15:15, 28 April 2022
- Recitals GDPR (section Recitals from the GDPR)progress. Fill in the name used for the recital if you use it so we can ensure a somewhat streamlined practice. Recital 1: The protection of natural persons182 KB (24,065 words) - 13:40, 9 July 2021
- when passing the GDPR. In fact, all but one EU Member State (who has sought higher protections) have voted in favor the GDPR. The GDPR is not just consisting48 KB (5,978 words) - 15:57, 1 February 2024
- undefined in the GDPR. “Expertise” is only referred to again under Article 41(2)(a) GDPR, although briefly. Additionally, Article 41(1) GDPR specifies that30 KB (2,720 words) - 14:02, 28 July 2023
- per Article 45(3) GDPR, and subject to regular reporting, which Article 97(2) GDPR provides for. The third paragraph of Article 97 GDPR, obliges the Commission16 KB (778 words) - 08:24, 19 October 2023
- enforcement of the GDPR. → You can find all related decisions in Category:Article 59 GDPR Selmayr, in Ehmann, Selmayr, DS-GVO Kommentar, Article 59 GDPR, margin number15 KB (718 words) - 15:31, 19 October 2023
- DSB (Austria) - 2021-0.586.257 (category Article 4(1) GDPR)data under Article 4(1) GDPR, especially because they allow to single out a data subject within the meaning of recital 26 of the GDPR. It is sufficient that108 KB (17,097 words) - 13:52, 12 May 2023
- CJEU - C‑307/22 - Copies of Medical Records (category Article 23(1)(i) GDPR)to in the first sentence of recital 63 GDPR. Neither the wording of Article 12(5) GDPR nor that of Article 15(1) and (3) GDPR condition the provision (to10 KB (1,478 words) - 11:17, 2 November 2023
- IMY (Sweden) - DI-2020-11373 (category Article 44 GDPR)NOYB, local case number 9782890. Page 22 of 23The Swedish Privacy Agency Diary number: DI-2020-11373 23(23) Date: 2023-06-30 4 Appeal reference 4.1 How113 KB (12,773 words) - 15:20, 6 December 2023
- BVwG - W211 2222613-2/12E (category Article 15(3) GDPR)same applies to the right to erasure under Article 17 of the GDPR. Recital 63 of the GDPR also supports this view. It shows that the legislator wants to51 KB (8,592 words) - 07:03, 2 November 2021
- HDPA (Greece) - 23/2020 (category Article 23 GDPR)proportionality (Article 8(1) CFR, Article 9A Greek Constitution, Recital 64 GDPR), underlined that the GDPR totally respects all fundamental rights and freedoms included9 KB (1,089 words) - 15:35, 6 December 2023
- OVG Sachsen-Anhalt - 1 M 49/23 (category Article 53(1) GDPR)election by a parliamentary assembly is explicitly envisaged by the GDPR in Recital 121. Share your comments here! Share blogs or news articles here! The14 KB (1,999 words) - 14:20, 18 July 2023
- IMY (Sweden) - DI-2020-11368 (category Article 44 GDPR)of Chapter V GDPR. The complaint was transferred to the Swedish DPA in its quality of lead supervisory authority pursuant to Article 56 GDPR. Following the115 KB (12,842 words) - 08:38, 5 July 2023
- IMY (Sweden) - DI-2020-11397 (category Article 44 GDPR)Article 46 GDPR. In 2020, noyb lodged a complaint with the Austrian DPA alleging that the controller breached the provisions of Chapter V GDPR. The complaint121 KB (13,722 words) - 15:16, 5 July 2023
- IMY (Sweden) - DI-2020-11370 (category Article 44 GDPR)of Chapter V GDPR. The complaint was transferred to the Swedish DPA in its quality of lead supervisory authority pursuant to Article 56 GDPR. Following the131 KB (14,752 words) - 08:36, 5 July 2023
- LG Berlin - (526 OWi LG) 212 Js-OWi 1/20 (1/20), 526 OWiG LG 1/20 (category Article 83(4) GDPR)to Article 83 GDPR in conjunction with Article 4 No. 7 and 8 GDPR, fines for violations of the GDPR pursuant to Article 83(4) to (6) GDPR are not only to36 KB (5,810 words) - 13:09, 21 January 2022
- CJEU - C-268/21 - Norra Stockholm Bygg (category Article 6(3) GDPR)proportionality of the measure under Article 6(4) GDPR, in accordance with the objectives referred to in Article 23(1) GDPR. It recalled that these objectives include9 KB (1,372 words) - 10:12, 7 June 2023
- CJEU - C-40/17 - Fashion ID (category Article 80 GDPR)Fashion ID Court: CJEU Jurisdiction: European Union Relevant Law: Article 80 GDPR Article 1 Directive 95/46 Article 1(1) Directive 2009/22/EC Article 10 Directive6 KB (492 words) - 13:09, 1 June 2023
- CJEU - C-77/21 - Digi (category Article 5(1)(b) GDPR)regarding Articles 5(1)(b) GDPR and 5(1)(e) GDPR and held that national courts had to determine, using the factors of Article 6(4) GDPR, whether further processing49 KB (7,800 words) - 09:22, 5 January 2024
- HDPA (Greece) - 6/2020 (category Article 5 GDPR)subject pursuant to Article 9 (2) (a) of the GDPR ΕΙΣ/7564/05.11.2019 and the invocation of recital 47 of the GDPR 2016/679, inter alia, informed the Authority29 KB (4,557 words) - 15:33, 6 December 2023
- HDPA (Greece) - 20/2020 (category Article 2(2)(a) GDPR)point (g) of GDPR and 13 par. 1 point g. 4624/2019, and to exercise respectively the powers conferred on it by the provisions of Articles 58 GDPR and 15 Law29 KB (4,578 words) - 15:35, 6 December 2023
- OGH - 6Ob35/21x (category Article 4(1) GDPR)laid down in the GDPR, so that the general conditions for claims were decisive, unless the GDPR contained special rules; even under the GDPR, only non-material27 KB (4,090 words) - 09:54, 10 September 2021
- VG Wiesbaden - 6 K 788/20.WI (category Article 4(4) GDPR)15(1)(h) of the GDPR, the right of data subjects to object under Article 21(1)(1)(2) of the GDPR and - in essence - in Article 22 of the GDPR as a general52 KB (8,534 words) - 12:58, 15 December 2021
- LAG Berlin-Brandenburg - 10 Sa 443/21 (category Article 15 GDPR)and b) GDPR. With its reply of August 23, 2019, the defendant obviously did not fulfill the further claim according to letters c) to g). Recital 53 The28 KB (4,527 words) - 15:58, 26 April 2022
- Rb. Midden-Nederland - UTR- 20 817 en UTR 20 3081 (category Article 77 GDPR)complaint in accordance with Article 78, second paragraph, of the GDPR and recital 141 of the GDPR. Has the defendant observed the reasonable period in handling25 KB (3,954 words) - 13:39, 16 November 2020
- OLG Nürnberg - 8 U 2907/21 (category Article 12(5)(b) GDPR)to access under Article 15 GDPR because the controller was entitled to reject the request pursuant to Article 12(5)(b) GDPR. The court reasoned that this24 KB (3,847 words) - 15:19, 11 September 2022
- Datatilsynet (Norway) - 21/03530 (category Article 6(1)(b) GDPR)situation is warranted. In this respect, Recital 137 GDPR states 65 66See Article 77 GDPR. See Recital 137 GDPR. 28that an urgent need to act in order to99 KB (14,431 words) - 16:20, 6 December 2023
- AEPD (Spain) - EXP202105680 (category Article 9 GDPR)justification or basis for the processing, violating Article 9 GDPR. AEPD highlighted that Recital 46 GDPR already recognizes that, in exceptional situations, such66 KB (10,558 words) - 13:14, 13 December 2023
- LG Krefeld - 2 O 448/20 (category Article 15(1) GDPR)an access request under Article 15(1) GDPR. According to Recital 63 GDPR, the right of access under Article 15 GDPR serves data subjects to be informed about17 KB (2,758 words) - 14:10, 15 December 2021
- APD/GBA (Belgium) - 81/2020 (category Article 5(1)(c) GDPR)e) of the GDPR). 8.1.4. As for breaches of Articles 5.2. and 24 of the GDPR 88. Article 24.1 of the GDPR which covers Chapter IV of the GDPR devoted to127 KB (21,484 words) - 17:01, 12 December 2023
- CNIL (France) - SAN-2020-012 (category Article 4(7) GDPR)understood as made to the GDPR, in accordance with article 94 of the last. Likewise, it is apparent from recital 173 of the GDPR that this text explicitly93 KB (14,936 words) - 17:09, 6 December 2023
- HDPA (Greece) - 33/2020 (category Article 23 GDPR)Articles 12 and 15 GDPR regarding the right to access personal data, while it also underlined the restrictions to this right that Articles 23 GDPR and 33 Law 4624/201920 KB (2,270 words) - 15:37, 6 December 2023
- CNIL (France) - SAN-2019-005 (category Article 5(1)(e) GDPR)Article 32 GDPR. Retaining personal data of an applicant for a lease after another applicant has been selected also violates Article 5(1)(e) GDPR. The customer41 KB (6,558 words) - 17:09, 6 December 2023
- BVwG - W245 2252208-1/36E and W245 2252221-1/30E (category Article 44 GDPR)norm addressee of Chapter V GDPR. The bB be directly responsible for BF2, which violated Art. 44 ff GDPR. Regarding The GDPR is applicable to the processing158 KB (26,392 words) - 08:25, 7 June 2023
- APD/GBA (Belgium) - 42/2020 (category Article 2(1) GDPR)regard on that article 2.1) GDPR read in conjunction with recital 15 of the GDPR, although an exclusion from the scope of the GDPR provides for files or a30 KB (4,871 words) - 16:58, 12 December 2023
- AEPD (Spain) - PS/00070/2019 (category Article 4(11) GDPR)transparency), Article 12(1), Article 7, Article 13 and Article 14 GDPR, the corresponding GDPR recitals (32, 39, 42, 47, 58, 60, 61, and 72), as well are Articles422 KB (70,184 words) - 13:56, 13 December 2023
- DSB (Austria) - D123.921/0005-DSB/2019 (category Article 1(2) GDPR)according to Art 15 Paragraph 1 GDPR, such as the origin of the data. In accordance with Art 15 (4) GDPR and Recital 63 GDPR, the information must be restricted42 KB (6,592 words) - 13:58, 12 May 2023
- OLG Hamm - 7 U 19/23 (category Article 82 GDPR)of the GDPR according to Art. 99 Para. 2 GDPR as of May 25, 2018 follows from Art. 79 Para. 2 Sentence 1 GDPR in conjunction with recital 22 GDPR as well130 KB (21,874 words) - 09:43, 15 February 2024
- AEPD (Spain) - EXP202201721 (category Article 6(1) GDPR)the sanctioning regime imposed by the GDPR. And this is because the GDPR is a closed and complete system. The GDPR is a European standard directly applicable79 KB (12,408 words) - 13:24, 13 December 2023
- OLG Köln - 15 U 126/19 (category Article 17(1)(d) GDPR)Article 17(1)(d) GDPR since the data was unlawfully processed. The defendant claimed that its activities fall under exception in (Article 85 GDPR) read in conjunction121 KB (20,412 words) - 15:58, 10 March 2022
- LG München - 31 O 16606/20 (category Article 5(1)(f) GDPR)causality between the "GDPR breach" and the "damage". Article 82(1) GDPR requires that the damage occurs as a result of a specific GDPR breach. Although it25 KB (4,028 words) - 07:10, 8 February 2022
- IMY (Sweden) - DI-2020-10561 (category Article 12(3) GDPR)AB for violating Article 17 GDPR by not deleting personal data of the complainant without undue delay and Article 23 GDPR by providing incorrect information17 KB (1,940 words) - 15:23, 6 December 2023
- AEPD (Spain) - PS/00240/2019 (category Article 5(1)(b) GDPR)principle enclosed in Article 5(1)(b) GDPR. On this matter, the AEPD argued that, according to Article 5(1)(a) GDPR, Recital 39 and Article 6(1)(f), an interest602 KB (102,229 words) - 14:21, 13 December 2023
- Hoge Raad - 21/00241 (category Article 6(1)(c) GDPR)1 lit. f GDPR (for the protection of the processor's legitimate interests)? Right to erasure (Art. 17 GDPR); right to object (Art. 21 GDPR)? Locations29 KB (4,605 words) - 17:00, 15 December 2021
- OLG Frankfurt am Main - 13 U 206/20 (category Article 17(1) GDPR)plaintiff pursuant to Article 82(1) GDPR, since there have been violations of Article 6(1)(a) GDPR and Article 34 GDPR. The defendant also breached the obligation44 KB (7,334 words) - 09:02, 17 March 2022
- APD/GBA (Belgium) - 03/2021 (category Article 5(1)(b) GDPR)operations, it is necessary to fall back on article 6.1. AVG and recital 50 GDPR. Recital 50 of the GDPR states that this is a separate legal basis required for32 KB (4,880 words) - 16:50, 12 December 2023
- CNIL (France) - SAN-2020-009 (category Article 5(1)(a) GDPR)5(1)(a) GDPR? Is the information relating to personal data processing operations easily accessible within the meaning of Articles 12 and 13 GDPR? Is the48 KB (7,404 words) - 17:09, 6 December 2023
- DSB (Austria) - D124.1177/0006-DSB/2019 (category Article 5(1)(e) GDPR) (section Article 17(1)(d) GDPR)5(1)(b) and (e), 9(2)(j), 89(1) GDPR and Section 7(1)(1) and (2)(1) GDPR. In particular, it follows from Article 9(2)(j) GDPR that the processing of data relating31 KB (4,648 words) - 13:56, 12 May 2023
- LAG Baden-Württemberg - Sa 11/18 (category Article 23 GDPR)the meaning of Art. 15 (1) (2) (b) GDPR in conjunction with Art 4 No. 1 GDPR. According to recital 63 p. 7 to the GDPR, the party entitled to information18 KB (2,724 words) - 08:24, 14 March 2022
- EFTA Court - Joined Cases E-11/19 and E-12/19 (category Article 57(3) GDPR)as “anonymisation”. Recital 26 of the GDPR clarifies that anonymous information does not fall within the scope of the GDPR. The GDPR does not explicitly59 KB (8,242 words) - 10:47, 17 March 2021
- APD/GBA (Belgium) - 37/2020 (category Article 17 GDPR)serious breach of the GDPR. The violation of Article 17, 1., a) constitutes also a violation of an essential principle of the GDPR and constitutes at least131 KB (22,429 words) - 16:57, 12 December 2023
- LG Bonn - 29 OWi 1/20 (category Article 32(1) GDPR)(4) to (6) GDPR, the European legislator obviously had supranational antitrust law as a model. This is expressed in recital 150 of the GDPR, for example58 KB (9,577 words) - 08:06, 16 September 2021
- UODO (Poland) - ZSPR.421.2.2019 (category Article 5(1)(f) GDPR)notification system for adverse events. As emphasised in recital 76 of Regulation 2016/679 (the recitals contain a justification for the provisions of the operative71 KB (11,304 words) - 10:01, 17 November 2023
- CNIL (France) - Google Analytics (no case number) (category Article 4(23)(b) GDPR)the effect that this processing was of a cross-border nature (Article 4(23)(b) GDPR). The CNIL nonetheless remained the lead supervisory authority as the40 KB (5,904 words) - 16:51, 24 February 2022
- AEPD (Spain) - PS/00001/2021 (category Article 5(1)(f) GDPR)in Article 25 GDPR. Additionally, the AEPD concluded that the controller had violated Article 5(1)(f) GDPR, noting that although the GDPR does not demand270 KB (43,335 words) - 12:39, 13 December 2023
- CNIL (France) - SAN-2020-014 (category Article 9 GDPR)Article 32 GDPR? - Does the fact that this health data is not encrypted constitute a breach of the security obligation under Article 32 GDPR? - Does the26 KB (4,050 words) - 17:10, 6 December 2023
- contact-with-brussels-airport 2 AVG, recital 53. 3Data Protection Authority, 'Strategic plan 2020-2025',page 23. Decision on the merits 47/2022 - 3/73206 KB (30,485 words) - 09:54, 14 December 2023
- FG München - Auskunftsanspruch nach Art. 15 DSGVO (category Article 15(3) GDPR)competence granted to the member states by Art. 23 GDPR, namely the limitation competence of Art. 23 Para. 1 e) GDPR. As far as relevant here, the AO standardizes97 KB (16,519 words) - 09:57, 22 February 2023
- OGH - 6Ob35/21x (request for preliminary ruling under Article 267 TFEU) (category Article 82 GDPR)laid down in the GDPR, so that the general conditions for claims were decisive, unless the GDPR contained special rules; even under the GDPR, only non-material23 KB (3,551 words) - 09:54, 10 September 2021
- ICO - Monetary Penalty on Ticketmaster UK Limited (category Article 4(2) GDPR)such data. 2 Recital 3. 3 Recital 5. 3 b. the rapid technological developments which have occurred during a period of globalisation.4 As Recital (6) explains:130 KB (21,195 words) - 13:52, 25 April 2021
- AEPD (Spain) - EXP202105344 (category Article 6(1) GDPR)made without legitimizing cause of those included in article 6 of the GDPR. The GDPR applies to personal data. Said regulation defines as «data personal”22 KB (3,319 words) - 13:00, 13 December 2023
- Commissioner (Cyprus) - 11.17.001.010.007 (category Article 5(1)(c) GDPR)Article 34(1) GDPR as it failed to communicate the data breach to its users in an appropriate way. In this, the DPC also referred to Recital 86 GDPR which foresees20 KB (3,082 words) - 13:42, 31 January 2024
- OLG Dresden - 4 U 1905/21 (category Article 12(5)(b) GDPR)Data Protection Regulation - GDPR). The defendant has a right of refusal under Art. 12 Para. 5 Sentence 2 Letter b) GDPR to. The provision only lists the40 KB (6,325 words) - 16:12, 18 May 2022
- CNPD (Luxembourg) - Délibération n° 20FR/2021 (category Article 38(1) GDPR)for the year, thus violating Article 39(1)(b) GDPR regarding the DPO's duties to monitor compliance with GDPR. In view of those violations, the CNPD: imposed66 KB (9,458 words) - 19:42, 4 September 2021
- Garante per la protezione dei dati personali (Italy) - 9856694 (category Article 5(1)(a) GDPR)28(3) GDPR. Verizon replied that the obligation to conclude a written agreement between controller and processor is not clearly stated in the GDPR. Such49 KB (7,758 words) - 15:44, 6 December 2023
- DSB (Austria) - 2022-0.332.606 (category Article 2(2)(c) GDPR)under the household exception found in Article 2(2)(c) GDPR. According to this provision, the GDPR does not apply to the processing of personal data by natural21 KB (3,166 words) - 13:43, 12 May 2023
- OGH - 6Ob56/21k (request for preliminary ruling under Article 267 TFEU) (category Article 5(1)(c) GDPR)member states is superimposed (see Recital 146 S 4 and 5 on the GDPR; cf. also Frenzel in Paal / Pauly, GDPR-BDSG3 Art 82 GDPR margin no.1; Wybitul / Haß / Albrecht122 KB (20,253 words) - 08:17, 19 August 2021
- Datatilsynet (Denmark) - 2020-31-4131 (category Article 2(1) GDPR)personal data for such activities (recital 18 of the GDPR) and therefore, the website must operate according to the GDPR requirements. The DPA examined Orienteringsret24 KB (3,651 words) - 16:38, 6 December 2023
- HDPA (Greece) - 44/2019 (category Article 5(1) GDPR)compliance and accountability according to Article 5(1) GDPR, Article 5(2) GDPR and Article 6(1) GDPR. Since the company had totally ignored the its compliance127 KB (21,184 words) - 15:39, 6 December 2023
- APD/GBA (Belgium) - 36/2021 (category Article 5(1) GDPR)view to vigorous enforcement of the rules of the GDPR. After all, as is clear from Recital 148 GDPR, the GDPR puts first and foremost that with every serious62 KB (9,417 words) - 16:57, 12 December 2023
- [The equivalent GDPR Article to Article 48(3)(a) EU GDPR is Article 46(3)(a) GDPR, and Article 50(1)(d) EU GDPR is Article 49(1)(d) GDPR.] Share blogs or73 KB (9,347 words) - 13:28, 26 July 2023
- APD/GBA (Belgium) - 141/2021 (category Article 38(6) GDPR)reopening of the debates. 14. On 23 November 2021, the Dispute Resolution Chamber notified the Respondent of its intention to On 23 November 2021, the Dispute90 KB (14,937 words) - 12:35, 3 August 2022
- OLG Köln - 15 U 89/19 (category Article 17(3) GDPR)Article 17(3) GDPR. Two doctors sued a platform for deletion of their basic profile set up on the platform without their consent under Article 17 GDPR. They argued143 KB (24,273 words) - 15:59, 10 March 2022
- RvS - 201902417/1/A2 (category Article 6(1)(e) GDPR)time, which is a violation of the GDPR. As to the claim for damages, the CoS notes that though Article 82(1) of the GDPR states that full compensation for37 KB (5,721 words) - 12:41, 16 September 2021
- UODO (Poland) - ZSZZS.440.768.2018 (category Article 5(1)(c) GDPR)Protection Regulation) (OJ L 119, 04.05.2016, p. 1, as amended by OJ L 127, 23.05.2018, p. 2), after conducting administrative proceedings on collection32 KB (5,139 words) - 10:02, 17 November 2023
- VGH Baden-Württemberg - 1 S 397/19 (category Article 23(1)(c) GDPR)Article 16 sentence 1 GDPR is the legal basis for a request for rectification, even if the request has been submitted before the GDPR entered into force:112 KB (19,310 words) - 08:08, 23 June 2022
- APD/GBA (Belgium) - 21/2022 (category Article 5(1)(f) GDPR) (section Accountability (Article 24 GDPR), data protection by design and by default (Article 25 GDPR), integrity and confidentiality (Article 5(1)(f) GDPR), as well as security of processing (Article 32 GDPR))243. In order to strengthen the enforcement of the rules of the GDPR, recital 148 GDPR clarifies that penalties, including administrative fines, should429 KB (58,279 words) - 09:12, 2 November 2022
- Commissioner (Cyprus) - 11.17.001.008.001 (category Article 5(1)(f) GDPR)data breach should be reported to the DPA, according to article 33 of the GDPR as it is likely to cause risk to the rights and freedoms of the data subject61 KB (9,412 words) - 16:52, 6 December 2023
- GHSHE (Netherlands) - 200.270.589 01 and 200.270.589 02 (category Article 6(1)(c) GDPR)is subject’ (recital 45 of the preamble to the GDPR). (P. 85) (…) The basis of processing data, referred to in Article 6(1)(c) of the GDPR, is the processing91 KB (15,371 words) - 15:11, 5 October 2021
- HDPA (Greece) - 2/2023 (category Article 4(7) GDPR)attorney, on 23/12/2022 the no. prot. G/EIS/12802/23-12-2022 memorandum. During the above hearing, but also with the no. prot. C/EIS/12802/23-12-2022 following31 KB (5,021 words) - 16:15, 18 July 2023
- Garante per la protezione dei dati personali (Italy) - 9446730 (category Article 23 GDPR)terms of personal data protection in violation of Articles 5, 6, 13, 23 and 32 GDPR. The employer dismissed the employee after a disciplinary proceeding34 KB (5,420 words) - 15:51, 6 December 2023
- APD/GBA (Belgium) - 12/2019 (category Article 4(11) GDPR)the ePrivacy Directive and Articles 6(1)(a) and 7 GDPR, in the lights of Article 4(11) and Recital 32 GDPR. Following this report, the GBA issued a decision107 KB (17,697 words) - 16:52, 12 December 2023
- APD/GBA (Belgium) - 71/2020 (category Article 4(1) GDPR)of the concept of personal data Article 4, 1) of the GDPR, as explained in Recital 26 of the GDPR, Opinion 4/2007 of the Decision on the merits 71/202079 KB (12,260 words) - 17:00, 12 December 2023
- APD/GBA (Belgium) - 15/2021 (category Article 5(2) GDPR)morespecifically the articulation between article 15.4 of the GDPR and recital 63 of the GDPR, as well asbalancing the right to access and obtain data against85 KB (13,724 words) - 16:52, 12 December 2023
- BVerfG - 1 BvR 2853/19 (category Article 82 GDPR)asserted here and based on Article 82 of the GDPR, appears questionable in view of sentence 3 of recital 146 of the GDPR. In the case in dispute, however, no damage19 KB (3,209 words) - 13:08, 15 September 2021
- LG Magdeburg - 9 O 1571/20 (category Article 6(1) GDPR)Article 82 (1) and (2) GDPR, any person who has suffered material or non-material damage as a result of a violation of the GDPR is entitled to compensation27 KB (4,216 words) - 13:26, 8 January 2024
- AEPD (Spain) - EXP202203617 (category Article 5(1)(c) GDPR)data without a legitimate basis, in breach of Article 6 GDPR. For the violation of Article 6 GDPR, the AEPD fined the controller €6,000. In order to determine74 KB (11,726 words) - 13:02, 13 December 2023
- Rb. Gelderland - AWB 19/2901 (category Article 5 GDPR)performance of this purchase contract (Article 6(1)(b) GDPR). Therefore, the processing is compatible with the GDPR. In the Netherlands, as of 1 July 2018 a passenger17 KB (2,610 words) - 16:18, 10 March 2022
- AEPD (Spain) - PS/00070/2020 (category Article 5(1)(a) GDPR)the publication of the judgment breach the GDPR? The AEPD held that the respondent’s actions violated the GDPR Article 5(1)(a) requirement that processing43 KB (7,001 words) - 13:56, 13 December 2023
- APD/GBA (Belgium) - 28/2020 (category Article 6(1)(f) GDPR)from its database. The litigation chamber concluded to a violation of the GDPR considering that: - the controller did not stop the sending of direct marketing27 KB (4,363 words) - 16:56, 12 December 2023
- APD/GBA (Belgium) - 25/2020 (category Article 5 GDPR)meaning of the GDPR, and such processing of personal data did not fall within the scope of the "household exemption". Therefore, the GDPR applied in full84 KB (14,035 words) - 16:56, 12 December 2023
- OGH - 6Ob159/20f (category Article 12(1) GDPR)to information under Article 15 of the GDPR, especially since it can be deduced from recitals 9 and 10 of the GDPR that the European legislator did not intend22 KB (3,310 words) - 07:44, 5 October 2021
- APD/GBA (Belgium) - 75/2023 (category Article 6(1)(f) GDPR)article 12, second paragraph, of the GDPR. 78. Recital 59 of the GDPR further clarifies the standard in Article 12 of the GDPR: “There should be arrangements77 KB (11,604 words) - 08:55, 29 June 2023
- APD/GBA (Belgium) - 07/2021 (category Article 5(1) GDPR)ones processing. Decision on the merits 07/2021 - 14/25 10 recital 50 GDPR. Recital 50 of the GDPR states that this is a separate legal basis required for72 KB (11,208 words) - 16:51, 12 December 2023
- OLG Stuttgart - 9 U 34/21 (category Article 82 GDPR)breach (Article 32 GDPR). Does the plaintiff have a right to compensation according to Article 82(1) GDPR and does Article 82(3) GDPR stipulate a reversal60 KB (10,254 words) - 11:22, 22 December 2021
- VG Mainz - 1 K 584/19.MZ (category Article 9(1) GDPR)of Art. 9 GDPR do not apply because the plaintiff did not seek to process that kind of data. The legality is thus determined by Art. 6 GDPR. In the absence58 KB (9,665 words) - 08:51, 25 November 2020
- NAIH (Hungary) - NAIH/2020/34/3 (category Article 12(2) GDPR)of access under Article 15 GDPR? By denying the complainant access, did the respondent infringe Articles 12(1) or 12(2) GDPR? The NAIH that the complainant's48 KB (7,727 words) - 10:11, 17 November 2023
- APD/GBA (Belgium) - 55/2021 (category Article 6(1)(e) GDPR)which it is up to him to implement (article5.1.a) of the GDPR - explained in recital 39 of the GDPR). Different consequencesarising from one or the other81 KB (13,211 words) - 16:59, 12 December 2023
- DSB (Austria) - 2021-0.101.211 (category Article 4(15) GDPR)according to the first sentence of recital 41 of the GDPR, a legal basis, on which (the here relevant) Art. 9(2)(i) of the GDPR is based, does not necessarily37 KB (5,745 words) - 13:53, 12 May 2023
- APD/GBA (Belgium) - 73/2020 (category Article 5 GDPR)processing of personal data is carried out in accordance with the GDPR. In doing so, the GDPR requires, among other things, that the nature and scope of the93 KB (14,040 words) - 17:00, 12 December 2023
- APD/GBA (Belgium) - 04/2021 (category Article 5(1) GDPR)the provisions of the GDPR, in particular Article 5 (1) GDPR, article 24 and article 28 GDPR, all this based on article 58.2, d) GDPR and article 100, §1113 KB (18,732 words) - 16:50, 12 December 2023
- Court of Appeal of Brussels - 2020/AR/813 (category Article 5(1)(c) GDPR)6.1.f) GDPR) and in this balancing the considerations of the GDPR related to Art. 6.1.f) GDPR eligible [...] be taken, in particular Recital 47. Thus85 KB (12,340 words) - 15:30, 19 August 2022
- APD/GBA (Belgium) - 72/2020 (category Article 5(1)(b) GDPR)controller/employer, the free of the worker's consent can be questioned (Recital 43 of the GDGR and opinion of the Group of Article 29" on data protection34 KB (5,677 words) - 17:00, 12 December 2023
- CNIL (France) - SAN-2022-022 (category Article 12(3) GDPR)considers that, in accordance with the provisions of recital 63 of the GDPR and Article 15(4) of the GDPR, it is not obliged to respond to them if it would59 KB (9,623 words) - 17:03, 6 December 2023
- GHAL - 200.278.124/01 (category Article 5(1)(c) GDPR)Article 17 GDPR (cf. Article 17 (3) b GDPR). In that case, the data subject does not have the right to object as referred to in Article 21 GDPR, because35 KB (5,805 words) - 10:04, 14 December 2023
- Personvernnemnda (Norway) - 2023-14 (21/01067) (category Article 57(1)(f) GDPR)right to lodge a complaint as per Article 77 GDPR, in conjunction with Recital 141, and Article 57(1)(f) GDPR. The Board referenced an earlier decision (PVN-2017-09)16 KB (2,363 words) - 19:27, 13 November 2023
- Commissioner (Cyprus) - 11.17.001.010.201 (category Article 5(1)(a) GDPR)with the principles of the GDPR, in particular that of lawfulness, by violating the provisions of Articles 6 and 5(1)(a) GDPR. Share your comments here23 KB (3,737 words) - 10:30, 7 June 2023
- Commissioner (Cyprus) - 17.05.23 (category Article 5(1)(c) GDPR)violation of Article 5(1)(c) GDPR, and the controller had no legal basis for the processing as required by Article 6 GDPR. As a result of the violations31 KB (4,973 words) - 16:50, 6 December 2023
- APD/GBA (Belgium) - 24/2021 (category Article 6 GDPR)Article 6.1 GDPR, read in conjunction with Articles 5.2 GDPR and 24.1 GDPR; 5) the performance of a data protection impact assessment (Article 35 GDPR) the framework110 KB (18,238 words) - 16:56, 12 December 2023
- ANSPDCP (Romania) - Fine against Proleasing Motors SRL (category Article 32(1) GDPR)(ANSPDCP) fined leasing company €15,000 for violation of Article 32(1) and (2) GDPR after investigating a data breach reported by the company, where the personal6 KB (732 words) - 15:17, 13 December 2023
- GHAL - 200.256.387 (category Article 6(1)(c) GDPR)data to be delete. It brought a legal action based on Article 17 GDPR and Article 21 GDPR, read in conjunction with the Dutch Data Protection Act (Wet bescherming27 KB (4,289 words) - 07:57, 7 March 2022
- AEPD (Spain) - EXP202203969 (category Article 6(1) GDPR)LPACAP), for the alleged infringement of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR. SEVENTH: Notification of the aforementioned initiation45 KB (7,135 words) - 13:08, 13 December 2023
- APD/GBA (Belgium) - 61/2020 (category Article 5(1)(d) GDPR)2.1.2. The scope of the GDPR and the jurisdiction of the Disputes Chamber34. In principle, the defendant argues that the GDPR would not apply in thisfile41 KB (6,354 words) - 16:59, 12 December 2023
- AEPD (Spain) - PS/00341/2019 (category Article 21 GDPR)administrative sanction to be imposed, we should read certain recitals of the RGPD, among others, recital 148, which indicates the following: 'In order to strengthen26 KB (4,032 words) - 14:31, 13 December 2023
- AEPD (Spain) - EXP202309109 (category Article 5(1)(c) GDPR)means of such activity, by virtue of article 4.7 of the GDPR. For its part, article 5.1.c) of the GDPR regulates the “principles relating to processing” establishing18 KB (2,733 words) - 13:18, 13 December 2023
- BVwG - W101 2132183-1 and W101 2132039-1 (category Article 4(1) GDPR) (section Use of online tools to provide access in line with Article 12 GDPR)via letter as well. According to the BVwG, this is in line with recital 63 of the GDPR ("Where possible, the controller should be able to provide remote107 KB (17,615 words) - 09:42, 10 September 2021
- Court of Appeal of Brussels - 2022/AR/549 (category Article 17(3)(e) GDPR)proceedings”, that “Recital 65 of the GDPR also includes the exception of the legal defense as provided for in article 17.3.e of the GDPR to the right to erasure"37 KB (5,765 words) - 09:53, 14 December 2023
- Personvernnemnda (Norway) - PVN-2022-22 (category Article 9 GDPR)sensitive personal data under Article 9 GDPR and their lack of valid consent to do so under Article 6(1) GDPR. In 2020, the Norwegian Consumer Council91 KB (14,440 words) - 10:06, 17 November 2023
- Article 9(2)(j) GDPR could be a legal basis for scientific research purporses or statistical purposes. Lastly, Recital 46 of the GDPR specifically mentions25 KB (3,096 words) - 17:48, 25 November 2021
- CNPD (Luxembourg) - Délibération n° 6FR/2023 (category Article 31 GDPR)controller for the purposes of Article 4(7) GDPR, and Company A was the processor for the purposes of Article 4(8) GDPR. The DPA found that both Companies A and55 KB (9,079 words) - 16:57, 6 December 2023
- AEPD (Spain) - PS/00172/2020 (category Article 6(1) GDPR)is charged with committing an offense for violation of article 6.1 of the GDPR, which states that: "one. The treatment will only be lawful if it complies38 KB (6,160 words) - 14:06, 13 December 2023
- AEPD (Spain) - PS/00023/2020 (category Article 5(1)(c) GDPR)warning, in accordance with Article 58(2)(b) of the GDPR, in connection with the above-mentioned Recital 148. Therefore, in accordance with the applicable21 KB (3,298 words) - 13:46, 13 December 2023
- CNIL (France) - SAN-2020-008 (category Article 5(1)(e) GDPR)violation of Article 12 GDPR ? Are the following practices an infringement on data subjects' information right as described in Article 12 GDPR ? Spreading the104 KB (16,646 words) - 17:09, 6 December 2023
- NAIH (Hungary) - NAIH/2020/6484 (category Article 15(1)(a) GDPR)although the Applicant’s letter is June 2020 It is dated 23 July, and it was not actually dispatched until 23 July 2020. The Applicant a In support of its statement27 KB (4,159 words) - 10:13, 17 November 2023
- Rb. Amsterdam - C/13/692003/HA RK 20-302 (category Article 15(1) GDPR)accurate and lawfully processed (see recital 63 GDPR). Automated decision-making and profiling 4.8. Pursuant to Article 22 GDPR, [applicants] have the right,30 KB (4,797 words) - 10:03, 19 May 2021
- AEPD (Spain) - EXP202202164 (category Article 5(1) GDPR)information.” Recitals 39 and 60 of the GDPR help clarify the scope of the right of information provided to interested parties. Recital 39 establishes:29 KB (4,482 words) - 14:06, 5 March 2024
- NAIH (Hungary) - NAIH/2020/2555 (category Article 4(1) GDPR)However, the DPA concluded that the controller did not violate Article 15(2) GDPR by asking for more information to identify the data subject when the data33 KB (5,033 words) - 10:12, 17 November 2023
- BVwG - W211 2225136-1 (category Article 5 GDPR)of the GDPR, and even less than one month between the deletion from the edict file and the request for deletion pursuant to Article 17 of the GDPR. Furthermore39 KB (6,244 words) - 09:40, 10 September 2021
- AEPD (Spain) - PS/00335/2020 (category Article 5(1)(f) GDPR)own security protocols. This therefore breached Article 5(1)(f) GDPR and Article 32 GDPR. The initial sanction for infringing Article 5(1)(f) was a fine34 KB (5,427 words) - 14:30, 13 December 2023
- AKI (Estonia) - 2.1.-1/21/129 (category Article 6 GDPR)constitutes personal data, and is thus the scope of the GDPR. In accordance with recital 59 of the GDPR, the controller should be obliged to respond to requests22 KB (3,237 words) - 12:25, 17 June 2022
- DVI (Latvia) - SIA “Lursoft IT” (category Article 5(1)(a) GDPR)proceeding personal data under Article 5(1)(a) GDPR. Lursoft claim to be have such a legal basis under Article 6(1)(c) GDPR. However, this was rejected by the Latvian90 KB (14,351 words) - 16:10, 6 December 2023
- APD/GBA (Belgium) - 31/2020 (category Article 5(1)(c) GDPR)consent under Article 8 GDPR also apply? Did the defendant, as the controller, fail to adhere to the data transparency (Article 5(1)(a) GDPR) and the data minimisation48 KB (7,926 words) - 16:56, 12 December 2023
- APD/GBA (Belgium) - 135/2022 (category Article 4(23) GDPR)in both Belgium and the UK, violated Article 15(1) GDPR, Article 15(3) GDPR and Article 12(3) GDPR GDPR for deleting data instead of providing access to39 KB (5,674 words) - 08:57, 29 June 2023
- UODO (Poland) - DKN.5131.6.2020 (category Article 33(1) GDPR)subjects? The Polish DPA found that the University violated Article 33(1) GDPR and Article 34, because it had notified neither the supervisory authority66 KB (10,785 words) - 10:00, 17 November 2023
- Datatilsynet (Denmark) - 2018-7320-0166 (category Article 5(1)(c) GDPR)personal data to the jewellery company Pandora SA according to Article 17 GDPR. The company asked him to submit his passport or driving license before considering18 KB (2,773 words) - 16:22, 6 December 2023
- CE - N° 430810 (category Article 6(1)(a) GDPR)"more options" page or definitively confirm the creation of their account. 23. 23. If the architecture described in the previous point means that the user42 KB (6,800 words) - 09:50, 10 September 2021
- Garante per la protezione dei dati personali (Italy) - 9542096 (category Article 12(3) GDPR)Article 12(3) in relation to Article 15 GDPR. The Garante hence applied an administrative fine as per Article 83(5) GDPR. The amount of such fine was set at21 KB (3,092 words) - 15:54, 6 December 2023
- AEPD (Spain) - PS/00127/2020 (category Article 13 GDPR)of the general information duty included in Article 13 GDPR. Is this a violation of Article 13 GDPR? The AEPD held that there had been a violation of Article35 KB (5,363 words) - 14:02, 13 December 2023
- APD/GBA (Belgium) - 17/2020 (category Article 12(3) GDPR)all the persona data mentioned by virtue of Article 15(1) GDPR, in the lights of Recital (63) GDPR. Thus, the authority ruled that the lack of a complete52 KB (8,603 words) - 16:55, 12 December 2023
- AEPD (Spain) - EXP202203914 (category Article 6(1) GDPR)verifying the identity of the requesting third party. It also recalled Recital 40 GDPR, which emphasises that each data processing must be based on consent37 KB (5,914 words) - 10:42, 13 December 2023
- APD/GBA (Belgium) - 38/2021 (category Article 5 GDPR)10 complainant (article 6.1 a) of the GDPR combined with article 7 of the GDPR), (2) article 6.1 c) of the GDPR in that the publication results on the73 KB (11,604 words) - 16:57, 12 December 2023
- DSB (Austria) - 2021-0.347.702 (category Article 6(1)(f) GDPR)Respondent explained that the GDPR does not recognize any express “group privilege”, but it can be deduced from Recital 48 to the GDPR that an exchange of customer25 KB (3,875 words) - 10:36, 11 January 2024
- Gerechtshof Amsterdam - 200.251.466/01 (category Article 21 GDPR)under Article 21 GDPR can be made at any time and several times. It also found that a provisional measure can be granted under Article 21 GDPR if an urgent19 KB (3,021 words) - 15:48, 15 March 2022
- UODO (Poland) - DKN.5112.7.2020 (category Article 5(1)(a) GDPR)(minutes of acceptance of oral explanations are attachments No. 1 and No. 23 to the inspection protocol) that a survey was conducted in order to identify29 KB (4,687 words) - 09:56, 17 November 2023
- AEPD (Spain) - PS/00227/2020 (category Article 6(1) GDPR)Articles 6 and 13 GDPR? The AEPD decided to impose, for infringement of Article 6 GDPR, a fine of € 10000 and, for infringement of Article 13 GDPR, a fine of46 KB (7,230 words) - 14:20, 13 December 2023
- AEPD (Spain) - PS/00128/2020 (category Article 4(13) GDPR)hours of employees without having informed them in accordance with Article 13 GDPR. The AEPD received a letter filed by the interested party against the respondent39 KB (5,912 words) - 14:02, 13 December 2023
- VG Regensburg - RN 9 K 19.1061 (category Article 2 GDPR)Article 77(1) GDPR and subsequently the right of judicial remedy against the supervisory authority under Article 78(1) GDPR. Article 79 (1) GDPR provides for94 KB (15,537 words) - 09:09, 25 August 2020
- of the GDPR. 92. 92. Firstly, the restricted formation emphasises that, in this case, the criterion provided for in Article 83(2)(a) of the GDPR relating73 KB (11,864 words) - 17:03, 6 December 2023
- DSB (Austria) - D122.844/0006-DSB/2018 (category Article 12(5) GDPR)account data under Article 15 GDPR? Is GDPR applicable to a case that was still pending before the DPA on 25. 5. 2018? GDPR applies to cases pending before19 KB (2,936 words) - 13:55, 12 May 2023
- AEPD (Spain) - EXP202201746 (category Article 5(1)(f) GDPR)infringement of Article 32 GDPR. Therefore, the Spanish DPA issued a warning sanction for each violation of Article 5(1)(f) and Article 32 GDPR. AEPD highlighted62 KB (9,703 words) - 13:05, 13 December 2023
- AEPD (Spain) - PS/00044/2020 (category Article 13 GDPR)(AEPD) imposed a warning on a Spanish public notary for infringing Article 13 GDPR by not offering the claimant relevant information when obtaining a copy of39 KB (6,270 words) - 13:51, 13 December 2023
- DSB (Austria) - 2020-0.550.322 (category Article 4(2) GDPR)provisions of the GDPR that are directly applicable do not supersede the provisions of the VStG and to the extent that Art. 83 (8) GDPR and recital 148 are ordered26 KB (4,098 words) - 13:51, 12 May 2023
- Court of Appeal of Brussels - 2020/AR/1160 (Second Interim Decision) (category Article 6(4) GDPR)Articles 6, 7 and 12 of the GDPR. In the contested decision, the Belgian DPA found the infringement of Article 6, 7, 12, 13 and 24 GDPR sufficiently proven. In67 KB (10,544 words) - 09:24, 10 September 2021
- BVwG - W214 2233132-1/13E (category Article 15(1)(c) GDPR)Article 77 GDPR was very clear and limited in scope. However, the DSB went on to assert a violation of Article 12 GDPR and Article 15(1)(h) GDPR, acting beyond47 KB (7,519 words) - 09:28, 13 February 2024
- CNIL (France) - SAN-2021-024 (section The material competence of the CNIL and the non-application of the "one-stop shop" mechanism provided for by the GDPR)understood as references to the GDPR, in accordance with Article 94 of the latter. 34. Similarly, it follows from recital 173 of the GDPR that this text explicitly82 KB (13,428 words) - 17:02, 6 December 2023
- AEPD (Spain) - PS/00205/2021 (category Article 6(1) GDPR)constitutes personal data according with Article 4(1) GDPR therefore its processing falls within the scope of GDPR. The DPA also analysed whether the controller28 KB (4,527 words) - 12:35, 13 December 2023
- AP (The Netherlands) - 31.05.2021 (category Article 32 GDPR)Data, https://wetten.overheid.nl/BWBR0033572/2013-03-01. 47See also recital 75 of the GDPR. 12/41Date Unidentified May 31, 2021 [CONFIDENTIAL] processing infringes106 KB (14,502 words) - 17:09, 12 December 2023
- NAIH (Hungary) - NAIH/2020/1154/9 (category Article 6(1)(f) GDPR)relevant additional information referred to in paragraph 2information. Page 23 23[14. Paragraphs 5 to 4 shall not apply if and to the extent that:(a) the data192 KB (30,170 words) - 10:11, 17 November 2023
- AEPD (Spain) - PS/00341/2020 (category Article 5 GDPR)under Article 5(1)(a) and Article 5(2) GDPR respectively]. The Spanish DPA even made reference to Recital 40 GDPR on the legality of processing. The Spanish32 KB (4,831 words) - 14:31, 13 December 2023
- Datatilsynet (Denmark) - 2019-31-1424 (category Article 15 GDPR)Thus, it violated Article 15 GDPR. The Datatilsynet issued an injunction and ordered the company, as foreseen under 58(2)(c) GDPR, to carry out a concrete33 KB (5,189 words) - 16:23, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9269618 (category Article 5(1)(f) GDPR)measure against the University of Rome "La Sapienza" - 23 January 2020 Register of measures n. 17 of 23 January 2020 THE GUARANTOR FOR THE PROTECTION OF PERSONAL34 KB (4,967 words) - 15:46, 6 December 2023
- APD/GBA (Belgium) - 34/2020 (category Article 5(1)(b) GDPR)1 b) GDPR) and the legality of the processing (Article 6.1 GDPR); as well • compliance with the responsibility of the controller (Article 24 GDPR), security82 KB (13,250 words) - 16:57, 12 December 2023
- BVwG - W176 2244407-1/18E (category Article 15(4) GDPR)Article 23 GDPR. Restrictions on the right to information under Art. 15 GDPR result in particular from the express provision in Art. 15 (4) GDPR that the48 KB (7,816 words) - 11:04, 29 July 2022
- AEPD (Spain) - EXP202203996 (category Article 15 GDPR)Resolution regarding the right to access (art. 15 GDPR) and its formalities art. 12(2) GDPR. The Health service of the Balearic Islands (Controller) didn’t26 KB (4,017 words) - 12:37, 13 December 2023
- CNIL (France) - SAN-2020-003 (category Article 5(1)(c) GDPR)activities of SPARTOO SAS did not comply with a series of GDPR provisions (art. 5§1(c), 5§1(e), 13, 32 GDPR). In that respect, CNIL imposed a fine of 250,000 euros61 KB (10,028 words) - 17:09, 6 December 2023
- VG Hannover - 10 A 502/19 (category Article 5(1)(a) GDPR)4 No. 1 GDPR. The query of this date in the order form on the plaintiff's homepage is also a processing operation within the meaning of the GDPR. Because41 KB (6,779 words) - 12:35, 24 November 2021
- VGH München – 5 CS 19.2087 (category Article 4(1) GDPR)opening clause in Article 86 GDPR if the disclosure involves personal data? The court held that the VIG complies with Article 86 GDPR: The provisions of this40 KB (6,397 words) - 08:03, 21 March 2022
- AEPD (Spain) - PS/00234/2020 (category Article 7 GDPR)increasedregulations.C / Jorge Juan, 6www.aepd.es28001 - Madridsedeagpd.gob.es Page 23 23/23In accordance with the above,the Director of the Spanish Agency for Data47 KB (7,368 words) - 14:21, 13 December 2023
- AEPD (Spain) - PS/00179/2020 (category Article 32(1) GDPR)established in article 5 of the GDPR. The security of personal data is regulated in articles 32, 33 and 34 of the GDPR. III The GDPR defines personal data security100 KB (16,401 words) - 14:07, 13 December 2023
- DSB (Austria) - D130.206/0006-DSB/2019 (category Article 3(2)(a) GDPR)line with Article 13 GDPR. On the DSB's request, the controller declared R*** Hotels GmbH as its representative under Article 27 GDPR and sent a reply to40 KB (6,007 words) - 13:59, 12 May 2023
- NAIH (Hungary) - NAIH-2020/2204/8 (category Article 12(4) GDPR)Sections 3, 4, 6, 11, 12, 13, 16, 17, 21, 23-24. Section 4 (5), Section 5 (3) to (5), (7) and (8), Section 13 (2) § 23, § 25, 25 / G. § (3), (4) and (6), 2560 KB (9,820 words) - 10:08, 17 November 2023
- AEPD (Spain) - PS/00389/2019 (category Article 5 GDPR)processing under the GDPR. The local authorities filed a complaint with the Spanish DPA against the complainant for an alleged violation of the GDPR by finding scattered31 KB (4,819 words) - 14:34, 13 December 2023
- AEPD (Spain) - PS/00120/2020 (category Article 13 GDPR)warning to Escuela Infantil (nursery school) for the infringement of Article 13 GDPR. The decision is the consequence of a complaint filed by a Spanish citizen31 KB (4,808 words) - 14:01, 13 December 2023
- Gerechtshof Amsterdam - 200.258.736/01 (category Article 15 GDPR)entitled to receive the information requested to ABN AMRO on the basis of the GDPR, considering they were not personal data. In the context of a litigation41 KB (7,150 words) - 12:30, 4 October 2021
- APD/GBA (Belgium) - 39/2020 (category Article 5(1)(f) GDPR)exclude the defendant from the proceedings. Decision on the substance 39/2020- 23/23 FOR THESE REASONS, the Data Protection Authority's Litigation Chamber, after62 KB (10,509 words) - 16:58, 12 December 2023
- Garante per la protezione dei dati personali (Italy) - 9556625 (category Article 5(1) GDPR)para. of the GDPR, the law or regulation that constitutes the legal basis referred to in letters c) and e) of co. 1 of art. 6 of the GDPR, could contain57 KB (9,144 words) - 15:55, 6 December 2023
- OLG Naumburg - 9 U 6/19 (category Article 9(1) GDPR)found that customers’ order data is health data and fall within Article 9(1) GDPR. Amazon does not collect health data stricto sensu but it can draw conclusions32 KB (5,236 words) - 16:00, 10 March 2022
- DSB (Austria) - 2020-0.349.984 (category Article 4(2) GDPR)(Art. 6 Para. 1 lit. f GDPR). In this context, Art. 6 Para. 1 lit. c GDPR in conjunction with the PMG and Art. 6 Para. 1 lit. f GDPR relevant: The Respondent28 KB (4,228 words) - 14:00, 12 May 2023
- cookies is the IDE cookie of the domain doubleclick.net. SECOND: On 02/14/23, a request letter is sent to the OPENHOST entity S.L. to inform this Agency52 KB (7,564 words) - 12:41, 13 December 2023
- AEPD (Spain) - PS/00152/2020 (category Article 33 GDPR)was responsible for violating Article 33 GDPR, and issued it with a warning pursuant to Article 58(2)(b) GDPR. The AEPD did not find the former Secretary27 KB (4,243 words) - 14:06, 13 December 2023
- Court of Appeal of Brussels - 2020/AR/329 (category Article 57(1)(f) GDPR)77 GDPR equals the right to claim a full substantive investigation and a full substantive assessment by the supervisory authority? Article 57 GDPR provides48 KB (7,560 words) - 09:03, 20 August 2021
- CNPD (Luxembourg) - Délibération n° 24FR/2022 (category Article 12(1) GDPR)and C”. 57See in particular Articles 5.1.a) and 12 of the GDPR, see also recital (39) of the GDPR. 58cf. points 11 and 12 of this decision. 59“Objective 282 KB (11,472 words) - 16:58, 6 December 2023
- FG Berlin-Brandenburg - 16 K 5148/20 (category Article 2(1) GDPR)interpretation of the GDPR. Second, the court argued with the drafting history of the GDPR which connects Article 15(3) GDPR to Article 20(1) GDPR, showing that45 KB (7,420 words) - 18:15, 12 March 2024
- AEPD (Spain) - EXP202100897 (category Article 6(1) GDPR)the processing (Article 21(1) GDPR). Finally, the DPA fined the controller €12,000 for a violation of Article 6(1) GDPR due to the lack of a valid legal72 KB (11,671 words) - 13:34, 13 December 2023
- LG München I - 23 O 10931/20 (category Article 15 GDPR)provision of personal data on the account is explicitly allowed by the GDPR as Recital 63 GDPR states that, where possible, the controller should be able to provide16 KB (2,545 words) - 11:30, 25 April 2022
- VG Neustadt an der Weinstraße - 3 L 763/22.NW (category Article 6(1)(e) GDPR)VwGO). Recital 64 The fact that the 2022 census collects and processes personal data within the meaning of Art. 4 No. 1 GDPR (Art. 4 No. 2 GDPR), which54 KB (8,511 words) - 09:03, 16 December 2022
- CNIL (France) - SAN-2022-020 (category Article 3(2)(a) GDPR)personal data of French data subject and held that the GDPR was applicable pursuant of Article 3(2)(a) GDPR. The DPA determined that the controller offered services59 KB (9,566 words) - 17:03, 6 December 2023
- OLG Innsbruck - 1 R 182/19b (category Article 82 GDPR)article 82(1) GDPR, asking for the data controller to be held liable for the damage caused to them by the data processing which infringed the GDPR. Should a54 KB (7,916 words) - 12:06, 9 May 2022
- UODO (Poland) - DKN.5131.7.2020 (category Article 33(1) GDPR)professional secrecy or other economic or social damage referred to in recital 85 of the GDPR Preamble. Therefore, bearing in mind the principle of accountability50 KB (8,066 words) - 10:00, 17 November 2023
- OVG Münster - 16 A 1582/21 (category Article 12(5) GDPR) (section No Restrictive Regulation under Article 23 GDPR)of the GDPR or the second sentence of Article 12(5) of the GDPR or is not limited by EU or German law within the meaning of Article 23 of the GDPR. Above123 KB (20,784 words) - 10:11, 26 November 2021
- Rb. Den Haag - C/09/581706 / HA RK 19-593 (category Article 12(5) GDPR)from the preamble to the GDPR that the GDPR aims to provide natural persons with a consistent and high level of protection (recital 10). This may indicate34 KB (5,811 words) - 09:44, 8 December 2020
- VSRS - II Ips 23/2020 (category Article 17 GDPR)profile of this person (35 to 37). justification point). 11 Recital 85. 12 Recital 87. 13 Recital 93. 14 In the judgment, the CJEU addressed issues concerning55 KB (9,115 words) - 09:22, 7 June 2022
- KG Berlin - 3 Ws 250/21 - 161 AR 64/21 (category Article 83 GDPR)the fact that the GDPR incorporates EU antitrust law not only from the wording of the provision, but also from recital 150 to the GDPR. This states: "Where38 KB (5,956 words) - 11:41, 21 January 2022
- APD/GBA (Belgium) - 149/2023 (category Article 5(1)(a) GDPR)of the GDPR – (article 13.1. c) of the GDPR) and does not mention the data retention periods personal data processed (article 13.2. a) of the GDPR more precisely);113 KB (17,325 words) - 08:50, 19 March 2024
- AEPD (Spain) - EXP202103039 (category Article 13 GDPR)Article 13 GDPR. In the present case, the controller omitted this obligation. The DPA therefore held that the controller violated Article 13 GDPR by neither22 KB (3,385 words) - 13:35, 13 December 2023
- RvS - 201905319/1/A3 (category Article 12(6) GDPR)Act and, subsequently, the GDPR. Request for compensation in case his data is processed unlawfully is also in line with the GDPR. The facts that this may21 KB (3,337 words) - 10:08, 16 December 2020
- BVwG - W258 2217446-1 (category Article 4(1) GDPR)personal data under Article 9(1) GDPR. Their processing would require the data subjects' explicit consent under Article 9(2)(a) GDPR and § 151(4) GewO, ordered79 KB (12,652 words) - 09:41, 10 September 2021
- AEPD (Spain) - PS/00006/2022 (category Article 12 GDPR)the Article 12 of the GDPR, in conjunction with Article 17 of the GDPR. V Classification of the infringement of article 12 of the GDPR The aforementioned54 KB (8,870 words) - 10:43, 13 December 2023
- VG Gelsenkirchen - 20 K 6392/18 (category Article 12(5) GDPR)member state law within the meaning of Art. 23 GDPR. According to Art. 23 Para. 1 GDPR, the rights from Art. 15 GDPR can be restricted by legislation of the98 KB (16,595 words) - 15:50, 17 March 2022
- LG Erfurt - 8 O 1280/21 (category Article 23 GDPR)of the GDPR be considered as a restriction on the right to a free copy of the personal data processed by the controller under Article 23(1) GDPR? b) If15 KB (2,461 words) - 17:01, 24 August 2022
- CNIL (France) - SAN-2020-018 (category Article 12 GDPR) (section Violations of the obligations to inform as prescribed by Article 12 and 13 GDPR:)violation of Articles 12 and 13 GDPR? Did Nestor fail to respect the exercises of the right of access in violation of Article 15 GDPR? Did Nestor fail to satisfy69 KB (11,007 words) - 17:10, 6 December 2023
- APD/GBA (Belgium) - 138/2022 (category Article 5(1)(a) GDPR)Article 2(2)(c) GDPR. When the cameras also record, as in this case, public or private spaces, this provisions doesn’t apply. Therefore, the GDPR was applicable43 KB (6,274 words) - 08:57, 29 June 2023
- VG Ansbach - AN 14 K 22.00468 (category Article 2(2) GDPR)of the GDPR, which is a condition for a reprimand pursuant to Article 58(2)(b) GDPR. Material scope of the GDPR According to the court, the GDPR applies38 KB (6,226 words) - 15:30, 18 January 2023
- Commissioner (Cyprus) - 11.17.001.007.220 (category Article 7(4) GDPR)Company claimed that under the GDPR, there is no right that a trade union can exercise. They thought that the justiciability of GDPR is limited only to the natural56 KB (8,913 words) - 16:52, 6 December 2023
- HDPA (Greece) - 12/2022 (category Article 5(1)(a) GDPR)fairness and transparency under Article 5(1)(a) GDPR, and the principle of accountability under Article 5(2) GDPR. Additionally, the HDPA held that the employer’s46 KB (7,390 words) - 08:07, 1 April 2022
- AEPD (Spain) - PS/00173/2020 (category Article 5(1)(d) GDPR)the infringement of the accuracy principle, as per Article 5(1)(d) of the GDPR. The decision is the consequence of a complaint submitted by another Spanish22 KB (3,424 words) - 14:06, 13 December 2023
- AEPD (Spain) - PS/00408/2020 (category Article 6(1) GDPR)such acts and uploaded the video to Instagram had infringed Article 6(1) GDPR, for processing personal data without a legitimate basis (namely without47 KB (7,616 words) - 14:35, 13 December 2023
- Administrative Court Stockholm - Mål nr 1930-23 (category Article 32(1) GDPR)incur major costs of implementation which under Article 32(2) GDPR makes a breach of 32(1) GDPR more likely. Despite the fact that not all data was classified79 KB (9,390 words) - 09:30, 27 November 2023
- APD/GBA (Belgium) - 37/2021 (category Article 5(1)(b) GDPR)with article 24 GDPR. They are contained in article 25 of the AVG mentioned above and are explained in more detail in recital 78 GDPR. The defendant therefore45 KB (6,780 words) - 16:57, 12 December 2023
- VG Frankfurt am Main - 5 L 623/21.F (category Article 23 GDPR)according to Article 23 GDPR, restrictions of obligations and rights under Article 12 GDPR - Article 22 GDPR Article 34 GDPR and Article 5 GDPR, insofar as its30 KB (4,766 words) - 15:12, 8 September 2021
- Tietosuojavaltuutetun toimisto (Finland) - 2437/161/22 (category Article 33 GDPR)with Article 33 GDPR and Article 34 GDPR. Consequently, it issued a reprimand to the controller in accordance with Article 58(2)(b) GDPR. First, the DPA21 KB (3,220 words) - 17:44, 27 April 2022
- AEPD (Spain) - PS/00322/2020 (category Article 5(1)(f) GDPR)constitute a violation of the GDPR? The AEPD held that the email constituted a confidentiality breach and violated Article 32 GDPR, as the law firm had failed26 KB (3,840 words) - 14:28, 13 December 2023
- AEPD (Spain) - PS/00340/2019 (category Article 6(1)(e) GDPR)data subject under Article 21(1) GDPR had been violated by the PAR. Did Mrs AAA have a right to object under Article 21 GDPR? Had the PAR infringed this right23 KB (3,554 words) - 14:31, 13 December 2023
- AEPD (Spain) - EXP202204530 (category Article 6(1) GDPR)article 6 of the GDPR. The assumptions that allow the processing of personal data to be considered lawful listed in article 6.1 of the GDPR: 1. Treatment26 KB (3,971 words) - 13:26, 13 December 2023
- AEPD (Spain) - PS/00308/2020 (category Article 5(1)(a) GDPR)fraudulently in the complainant's name. This was in breach of Article 6(1) GDPR (lawfulness of processing). Vodafone payed the reduced fine of €36000 (guilty25 KB (4,016 words) - 14:27, 13 December 2023
- AEPD (Spain) - EXP202105333 (category Article 6(1) GDPR)LPACAP), for the alleged infringement of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR. SIXTH: On October 13, 2022, DIGI requests the extension49 KB (7,973 words) - 13:25, 13 December 2023
- CJEU - C-205/21 - Ministerstvo na vatreshnite raboti (category Article 9 GDPR)Charter. 61 First, it should be noted that, in the light of recital 19 of the GDPR and recitals 9 to 12 of Directive 2016/680 and by virtue of Article 2(1)110 KB (18,000 words) - 08:01, 5 June 2023
- UODO (Poland) - ZSPR.421.3.2018 (category Article 14 GDPR)pursuant to Art. 14 par. 5 lit. b GDPR? The President of UODO found that: 1) The applicable provision is the Art. 14 GDPR since the data controller collects52 KB (8,444 words) - 10:01, 17 November 2023
- CNPD (Luxembourg) - Délibération n° 38FR/2021 (category Article 37(7) GDPR)Officer (DPO) under Section 4 of Chapter 4 of the GDPR (see in particular Article 37 GDPR to Article 39 GDPR). One of these audit proceedings concerned a Luxembourg81 KB (11,895 words) - 16:58, 6 December 2023
- APD/GBA (Belgium) - 158/2022 (category Article 6 GDPR)July 2021. 7GDPR, Art. 12. 8 GDPR, Art. 12.2 and 12.3. 9GDPR, Art. 12.3. 1 GDPR, Art. 12.3. 1 GDPR, Art. 12.4. Decision 158/2022 - 6/13 26. Secondly, it42 KB (6,128 words) - 12:47, 16 November 2022
- CNIL (France) - SAN-2021-020 (category Article 28(3) GDPR) (section On the failure to comply with Article 28 GDPR)carry out an investigation of SLIMPAY's GDPR compliance. The DPA found out that SLIMPAY breached several GDPR provisions. The DPA noted that some of the56 KB (9,069 words) - 17:02, 6 December 2023
- Rb. Noord-Holland - AWB-20 4638 (category Article 15(1) GDPR)activity the request relates. The defendant draws on case law, as well as Recital 63 GDPR, which at sentence seven states: "Where the controller processes a large16 KB (2,267 words) - 11:58, 11 August 2021
- AEPD (Spain) - EXP202204881 (category Article 6(1) GDPR)alleged infringement of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR. SIXTH: On January 23, 2023, DIGI requests a copy of the file and55 KB (9,017 words) - 10:46, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9509515 (category Article 5(1)(a) GDPR)fraud prevention under Article 6(1)(f) GDPR. Did the company’s policy breach Article 6 or any other articles of the GDPR? The Garante held that the policy breached33 KB (5,342 words) - 15:52, 6 December 2023
- BGH - VI ZB 39/18 (category Article 23(1)(j) GDPR)democratic society as required under Article 23(1)(j) GDPR. Moreover, the exception provided for under Article 6(4) GDPR which allows processing for different53 KB (8,894 words) - 15:56, 22 March 2022
- Court of Appeal of Brussels - 2021/AR/163 (category Article 83 GDPR)(articles 12 and 14 of the GDPR); A breach of his right of access (article 15 of the GDPR); A breach of Article 28 of the GDPR with regard to its status72 KB (11,389 words) - 08:59, 20 August 2021
- AEPD (Spain) - PS/00416/2019 (category Article 6 GDPR)data in the context of telephone jokes. Article 6 GDPR (legality of processing) and Articles 13 and 14 GDPR (transparency) were infringed. The decision is206 KB (32,869 words) - 14:36, 13 December 2023
- VG Ansbach - AN 14 K 20.00083 (category Article 6(1)(b) GDPR)Article 28 BayVwVfG (cf. also GDPR recital 129). As a remedial measure, the prohibition order is based on Art. 58 (2) GDPR. Since this is a prohibition36 KB (5,858 words) - 13:51, 16 May 2022
- APD/GBA (Belgium) - 136/2023 (category Article 5(1)(f) GDPR)5(1)(f) GDPR, Article 5(1)(a) GDPR, Article 5(2) GDPR, Article 12 GDPR, Article 13 GDPR, Article 14 GDPR, Article 24(1) GDPR, and Article 25 GDPR, as a result58 KB (9,184 words) - 16:49, 12 December 2023
- Garante per la protezione dei dati personali (Italy) - 9570997 (category Article 5(1) GDPR)came from abusive call centers that process personal data without respecting GDPR. Secondly, the Garante found out a wrongful management of contact lists,131 KB (21,014 words) - 15:55, 6 December 2023
- Hoge Raad - ECLI:NL:PHR:2023:935 (redirect from Hoge Raad - 23/00030) (category Article 5(1)(c) GDPR)wrongly relied on the GDPR to redact documents. In this judgment, the Supreme Court clarified the relationship between the GDPR and domestic evidentiary103 KB (17,620 words) - 10:13, 29 November 2023
- CNIL (France) - SAN-2021-023 (category Article 56 GDPR) (section The material competence of the CNIL and the non-application of the "one-stop shop" mechanism provided for by the GDPR)understood as made to the GDPR , in accordance with Article 94 of the latter. Similarly, it appears from recital 173 of the GDPR that this text explicitly120 KB (19,650 words) - 09:00, 6 April 2022
- DSB (Austria) - 2023-0.789.858 (category Article 12(3) GDPR)pieces of information (see also Recital 63 GDPR). In accordance with Article 15 Paragraph 3 GDPRArticle 15 Paragraph 3 GDPR, the controller provides a copy57 KB (9,442 words) - 08:55, 17 January 2024
- VG Ansbach - 14 K 19.01274 (category Article 77 GDPR)the GDPR also applied to facts before the above-mentioned date. The Court noted that the entry-into-force of the GDPR according to Article 99 GDPR represents33 KB (5,554 words) - 11:06, 19 November 2021
- Datainspektionen - DI-2019-9432 (category Article 5(1)(f) GDPR)information to The Data Protection Officer. Page 22 of 23 Page 23 The Data Inspectorate DI-2019-9432 2 3 (23) How to appeal If you want to appeal the decision59 KB (8,959 words) - 11:43, 7 April 2022
- IMY (Sweden) - DI-2020-10547 (category Article 6(1) GDPR)DPA initiated supervision pursuant to Article 56 GDPR in accordance with the Article 60 GDPR cooperation mechanism. The handover of the complaint was made37 KB (4,294 words) - 15:52, 25 October 2022
- AEPD (Spain) - EXP202102778 (category Article 6(1)(f) GDPR)had violated Article 6(1) GDPR since the legitimate interest assessment on which the processing was based (Article 6(1)(f) GDPR) was understood as insufficient84 KB (13,036 words) - 13:26, 13 December 2023
- LG Köln - 13 K 278/21 (category Article 9(1) GDPR)damage. As can be seen from recital 146 sentence 3 of the GDPR, the concept of damage is to be interpreted broadly. Recital 75 GDPR cites as examples of damage35 KB (5,679 words) - 11:27, 2 August 2023
- CNPD (Luxembourg) - Délibération n° 41FR/2021 (category Article 37(7) GDPR)Officer (DPO) under Section 4 of Chapter 4 of the GDPR (see in particular Article 37 GDPR to Article 39 GDPR). One of these audit proceedings concerned a Luxembourg56 KB (8,326 words) - 16:57, 6 December 2023
- AEPD (Spain) - PS/00132/2022 (category Article 6(1) GDPR)website, Ms. A.A.A., herein the data controller, violated Article 6 GDPR and Article 13 GDPR, as well as Article 22.2 LSSI (Spanish national law). The data52 KB (8,416 words) - 12:59, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9861827 (category Article 5(1)(a) GDPR)under Article 13 GDPR. Incidentally, the DPA also found that such a privacy policy was not complete and did not comply with the GDPR requirements. In addition87 KB (14,525 words) - 15:45, 6 December 2023
- VG Hamburg - 21 K 1802/21 (category Article 4(1) GDPR)information required under Art. 14 GDPR. recital 60 The defendant requests Recital 61 reject the complaint. Recital 62 As justification, she repeats her115 KB (18,479 words) - 16:31, 25 January 2023
- FG München - 15 K 118/20 (category Article 4(7) GDPR)personal data under Article 15(1) GDPR is limited by the law. Limitations result from Article 13(4) GDPR and Article 23(1)(e) GDPR in conjunction with §§ 32a85 KB (14,338 words) - 22:04, 9 February 2022
- DSB (Austria) - 2020-0.759.615 (category Article 6(1)(f) GDPR)3 of Recital 51 GDPR, the DSB found that the pictures taken from the data subject did not constitute biometric data according to Article 9(1) GDPR because21 KB (3,259 words) - 15:52, 20 April 2022
- VG Ansbach - AN 14 K 19.01274 (category Article 77 GDPR)review under Article 78 GDPR. The disputed infringement occurred before the GDPR came into legal force according to Article 99 GDPR. Therefore, the data subject's35 KB (5,807 words) - 14:24, 12 October 2022
- APD/GBA (Belgium) - 29/2024 (category Article 12(3) GDPR)view to vigorous enforcement of the rules of the GDPR. 24. As is clear from recital 148 GDPR, the GDPR stipulates that in every serious infringement - therefore27 KB (4,073 words) - 10:26, 21 February 2024
- AEPD (Spain) - PS/00183/2022 (category Article 5(1)(d) GDPR)Regarding the substitution of the fine with a reprimand, the DPA alluded to Recital 148 GDPR which stated that the applicable sanctions for the violation of the63 KB (10,203 words) - 13:01, 13 December 2023
- Datatilsynet (Norway) - 20/02136 (notification) (category Article 6(1) GDPR)Articles 57 and 58 GDPR. The NO DPA is the supervisory authority established in line with Article 51(1) GDPR to monitor the application of the GDPR on the territory77 KB (11,517 words) - 10:36, 22 October 2022
- OVG Bautzen - 3 B 357/20 (category Article 5 GDPR)accordance with Article 6(2) GDPR and Article 6(3) GDPR for adaptation to the application of Article 6(1)(c) GDPR and Article 6(1)(e) GDPR. The court stressed that111 KB (18,198 words) - 11:22, 27 November 2023
- APD/GBA (Belgium) - 62/2022 (category Article 12 GDPR)controller violated Article 6 GDPR because it had no legal basis to disclose the email addresses. It reasoned that Article 6(1)(a) GDPR was not applicable because58 KB (9,477 words) - 18:41, 1 June 2022
- APD/GBA (Belgium) - 11/2022 (category Article 4(1) GDPR)communications using the GDPR, specifically on the basis of Article 4.11, Article 6.1.a GDPR (consent requirement) and Article 13 GDPR (information to be provided)92 KB (13,989 words) - 14:56, 3 February 2022
- APD/GBA (Belgium) - 47/2022 (category Article 5(1)(b) GDPR)Articles 6.1.C and 9.2.i) of the GDPR. 86. In accordance with Article 6.3 of the GDPR, read in the light of recital 41 of the GDPR, the processing of 26 personal207 KB (31,357 words) - 14:21, 8 June 2022
- LG Heidelberg - 4 S 1/21 (category Article 82 GDPR)term "pain and suffering" is not used in Art. 82 GDPR or in the other norms of the GDPR. Art. 82 (1) GDPR only standardizes a “claim for damages” for every19 KB (3,085 words) - 15:59, 20 April 2022
- VG Berlin - 1 K 391/20 (category Article 91(1) GDPR)also supported by Recital 128 GDPR. Therefore, the court found the independent nature of the church supervisory authorities to be GDPR-compliant. Second36 KB (5,768 words) - 14:17, 18 May 2022
- Rb. Midden-Nederland - UTR 19 /1761 and UTR 19/1627 (category Article 55(3) GDPR)included in the final text in recital 80 of Directive 2016/6805. Although this difference raises the question of why recital (20) of the preamble to the36 KB (5,806 words) - 08:45, 8 September 2021
- RvS - 202100165/1/A3 (category Article 17(3)(e) GDPR)ECLI:EU:C:1996:404). 9.3. The purpose of the GDPR, as reflected in recitals 1 and 2 in the preamble to the GDPR, is the protection of natural persons with27 KB (4,241 words) - 11:28, 28 July 2022
- CE - N° 432656 (category Article 4(11) GDPR)allowed the processing of sensitive data based on consent and that recital 42 GDPR states that to be freely given, a consent must be based on a real choice22 KB (3,153 words) - 16:51, 9 November 2020
- VwGH - Ro 2020/04/0031-9 (category Article 6(1)(f) GDPR)accordance with Art. 17 General Data Protection Regulation (GDPR), after writing of May 23, 2018 the deletion of the entry concerning him about his Bankruptcy74 KB (10,458 words) - 14:49, 27 March 2024
- DSB (Austria) - DSB-D130.1174 (category Article 3 GDPR)activities fell within the territorial scope of the GDPR under Article 3 GDPR. The territorial scope of the GDPR applies if the processing activities are related86 KB (14,497 words) - 13:42, 3 April 2024
- VGW - VGW-101/042/791/2020-44 (category Article 15(1)(h) GDPR)Data Protection Regulation (GDPR). The provisions of Article 15 (4) of the General Data Protection Regulation (GDPR) and Recital 63 of the General Data Protection90 KB (14,726 words) - 14:01, 23 October 2023
- Rb. Oost-Brabant - C/01/356292 / KG ZA 20-141 (category Article 6(1)(e) GDPR)forward a balancing test as required by Articles 21(1) and 6(1)(e) GDPR and Recital 69 GDPR. It found that the BKR registration was made correctly and the18 KB (2,804 words) - 16:26, 10 March 2022
- OGH - 6Ob56/21k (category Article 2(2)(c) GDPR)member states is superimposed (see Recital 146 S 4 and 5 on the GDPR; cf. also Frenzel in Paal / Pauly, GDPR-BDSG3 Art 82 GDPR margin no.1; Wybitul / Haß / Albrecht127 KB (21,056 words) - 08:17, 19 August 2021
- OLG Köln - 20 U 295/21 (category Article 4(1) GDPR)excessiveness of the request under Article 12(5) GDPR alleging that the data subject uses Article 15 GDPR only to verify the validity of the premium increases42 KB (6,689 words) - 08:30, 21 November 2022
- NAIH (Hungary) - NAIH-373-31/2023 (category Article 5(1)(b) GDPR)95/46/EC (hereinafter: general data protection regulation or GDPR), and Article 6 (1) of the GDPR. 2. The Authority finds that Customer 1 violated the principle140 KB (23,189 words) - 08:25, 20 February 2024
- RvS - 201902699/1/A2 (category Article 79 GDPR)infringement of GDPR can result in non-material damage and that a data subject must receive full and effective compensation of the damages under GDPR, do not mean37 KB (5,696 words) - 07:22, 7 April 2020
- APD/GBA (Belgium) - 172/2022 (category Article 6 GDPR)controller and processor in the GDPR”, adopted on July 7, 2021. 6 GDPR, Art. 12. 7GDPR, Art. 12.2 and 12.3. 8 GDPR, Art. 12.3. 9 GDPR, art. 12.3. Decision 172/202243 KB (6,300 words) - 11:35, 20 December 2022
- OLG Köln - 15 U 137/21 (category Article 15 GDPR)with the GDPR or whether it also covers damages arising from infringements of any provision of the GDPR. It pointed out that Article 82(1) GDPR refers to31 KB (5,138 words) - 08:10, 5 September 2022
- AEPD (Spain) - PS/00269/2019 (category Article 5(1)(f) GDPR)violation of the GDPR? The AEPD held that the senders of the email violated the principle of data confidentiality under Article 5(1)(f) GDPR, by revealing30 KB (4,761 words) - 14:24, 13 December 2023
- OLG Stuttgart - 2 U 257/19 (category Article 13 GDPR)Court of Stuttgart points out that the absence of information of Article 13 GDPR constitutes an unfair trade-based action as understood by § 3 of the national52 KB (8,574 words) - 16:03, 10 March 2022
- CJEU - T‑384/20 - OC v European Commission (category Article 4(1) GDPR)(and 4(1) GDPR), because the applicant was not identified, and was not identifiable according to the 'means reasonably likely to be used' (Recital 16 Regulation5 KB (642 words) - 14:40, 9 January 2024
- Datainspektionen - DI-2018-9274 (category Article 5(1)(b) GDPR)data in violation of the GDPR. The DPA also held that Google had processed personal data in violation of Articles 5(1)(b) and 6 GDPR by sending notifications96 KB (12,267 words) - 11:43, 7 April 2022
- Rb. Rotterdam - ROT 19/1395 (category Article 5(1)(c) GDPR)the data minimization principle, as foreseen in Article 5(1)(c) GDPR and Recital 39 GDPR. Share your comment here! Share blogs or news articles here! See17 KB (2,674 words) - 16:30, 10 March 2022
- APD/GBA (Belgium) - 57/2021 (category Article 5(1)(a) GDPR)c) GDPR in conjunction with Article 5.1 a) GDPR and Article 5.2 GDPR. - Violation of article 13.1 d) GDPR in conjunction with article 5.1 a) GDPR and99 KB (15,064 words) - 14:05, 2 June 2021
- LArbG Nürnberg - 4 Sa 201 22 (category Article 15 GDPR)under Article 15(1) GDPR are not covered as such by Article 82(1) GDPR. The court reached this conclusions by looking at Recital 146 GDPR and at the original19 KB (2,972 words) - 05:25, 9 May 2023
- VG Frankfurt am Main - 5 L1281/22.F (category Article 5(1)(f) GDPR)precautionary measure in accordance with Art. 21 GDPR and requested a suspension in accordance with Art. 18 GDPR. On August 25, 2020, he complained again about25 KB (3,840 words) - 13:34, 4 August 2022
- FG München - 15 K 1212/19 (category Article 2(2)(d) GDPR)competence granted to the member states by Art. 23 GDPR, namely the limitation competence of Art. 23 Para. 1 e) GDPR. As far as relevant here, the AO standardizes98 KB (16,511 words) - 08:37, 9 May 2022
- VG Schwerin - 1 A 1343/19 SN (category Article 4(1) GDPR) (section Recital 62 Sentence 1 GDPR Does Not Preclude the Claim to a Copy)of the GDPR. The scope of application of the GDPR is opened pursuant to Art. 2 and Art. 3 of the GDPR. Recital21 Pursuant to Art. 2(1) of the GDPR, the Regulation61 KB (10,071 words) - 14:28, 14 July 2021
- AEPD (Spain) - EXP202202837 (category Article 6(1) GDPR)(Considering 40 GDPR), Article 6.1 of the GDPR is therefore applicable and not RD 1720/2007 used by the defendant. Thus, the aforementioned article 6.1 GDPR establishes58 KB (8,995 words) - 13:00, 13 December 2023
- AEPD (Spain) - EXP202211953 (category Article 5(1)(a) GDPR)information under Article 13 GDPR, and for the processing of personal data in a manner contrary to Article 5(1)(a) of the GDPR. A data subject submitted a85 KB (13,042 words) - 12:42, 13 December 2023
- Rb. Gelderland - C/05/391171 / HA RK 21-135 (category Article 5(1)(c) GDPR)and 21 GDPR. No unlawful processing by BKR so that Art. 17 para. 1 lit. d GDPR is not applicable. BKR filed an objection pursuant to art. 21 GDPR to consider56 KB (9,287 words) - 16:00, 26 January 2022
- AP (The Netherlands) - z2020-19687 (category Article 12(3) GDPR)paragraph 5 of the GDPR, Article 15, fourth paragraph of the GDPR and Article 23 of the GDPR (further elaborated in Article 41 of the GDPR Implementation Act19 KB (3,033 words) - 21:07, 19 May 2023
- KamR Stockholm - 2829-23 (category Article 1(2) GDPR)Article 12 GDPR - Article 16 GDPR and whether the controller's processing activities fulfill the principle of transparency in Article 5(1)(a) GDPR and accountability12 KB (1,448 words) - 11:21, 7 May 2024
- UODO (Poland) - DKE.561.11.2020 (category Article 34(4) GDPR)administrative fine. The DPA found that an entrepreneur violated Article 34 GDPR by not notifying the data subjects about the breach of their personal data46 KB (7,322 words) - 09:51, 17 November 2023
- AEPD (Spain) - EXP202201681 (category Article 13 GDPR)allow them to adequately develop the functions that the GDPR assigns them, as Recital 97 of the GDPR recalls, "The level of necessary specialized knowledge195 KB (30,495 words) - 12:40, 13 December 2023
- AEPD (Spain) - PS/00365/2019 (category Article 31 GDPR)Article 31 GDPR in conjunction with Article 58(1)(e) GDPR. The AEPD, therefore, agreed to impose a penalty of € 20000 under Article 83(5)(e) GDPR. The fact86 KB (14,295 words) - 14:32, 13 December 2023
- AEPD (Spain) - PS/00477/2019 (category Article 6 GDPR)with the requirements of Articles 13 and 14 of the GDPR? In relation to Article 13 and 14 of the GDPR, the AEPD held that the information CaixaBank provided566 KB (93,179 words) - 13:43, 13 December 2023
- OLG Köln - 15 U 108/23 (category Article 82 GDPR)several GDPR violations by the controller, and went on to assess whether they could give rise to the award of immaterial damages under Article 82 GDPR also81 KB (13,415 words) - 09:47, 15 February 2024
- Rb. Amsterdam - C/13/689705/HA RK 20-258 (category Article 15 GDPR)whether that data is correct and has been processed lawfully (see recital 63 GDPR ). The GDPR is the successor to the Personal Data Directive 7 , as implemented57 KB (9,498 words) - 20:42, 28 April 2021
- AEPD (Spain) - PS/00059/2020 (category Article 28 GDPR)powers of the GDPR are linked to the application of the GDPR. National legislation may assign functions and powers inspired by the GDPR, but can also grant287 KB (48,336 words) - 13:53, 13 December 2023
- APD/GBA (Belgium) - 41/2023 (category Article 6(1)(f) GDPR)reached by means other than email exchanges. c) Weighing of interests (recital 47 GDPR): It is important to take into account the expectations of the data19 KB (2,672 words) - 07:53, 24 April 2023
- AEPD (Spain) - PS/00214/2022 (category Article 6(1) GDPR)of contract (Article 6(1)(b) GDPR), legal obligation (Article 6(1)(c) GDPR) and legitimate interest (Article 6(1)(f) GDPR) and determined that the controller131 KB (20,916 words) - 12:38, 13 December 2023
- BAG - 2 AZR 296/22 (category Article 17(1)(d) GDPR)democratic society to protect the objectives set out in Article 23(1) of the GDPR. According to recital 50, in order to protect these important objectives of general49 KB (8,060 words) - 13:00, 5 September 2023
- DPC (Ireland) - IN-19-7-6 (category Article 17 GDPR)from the GDPR under Article 2(2) of the GDPR. 165. Article 2(2) of the GDPR outlines certain types of processing of personal data to which the GDPR does not513 KB (85,155 words) - 13:25, 8 July 2023
- CNPD (Portugal) - Deliberação 2022/1072 (category Article 9(1) GDPR)therefore violated Articles 9(1) GDPR out of negligence. The DPA fined the controller €1,600,000 pursuant of Article 83(5)(a) GDPR and considered this a high163 KB (27,222 words) - 16:54, 6 December 2023
- Rb. Amsterdam - c/13/673085 / HA ZA 19-340 (category Article 17(1) GDPR)obtain the deletion of the data referred to in Article 17 GDPR, because Article 17 (3) (b) GDPR precludes this. By publishing the decision, the District25 KB (4,071 words) - 13:55, 20 September 2021
- LG Deggendorf - 33 O 461/22 (category Article 82 GDPR)is also confirmed by the explanations in recitals 75, 85 and 146 of the GDPR. First, recital 146 of the GDPR, which specifically concerns the right to66 KB (11,183 words) - 09:28, 12 July 2023
- ICO (UK) - Emailmovers Limited (category Article 4(7) GDPR)transparent manner in relation to the data subject": UK GDPR Art 5(1)(a). This provision is supplemented by Recital 39 which provides, relevantly: "Any processing29 KB (4,150 words) - 12:48, 3 August 2021
- Rb. Amsterdam - 20/1908 (category Article 6(1)(c) GDPR) (section 2. Is Spanish royal decree 1070/2017 a law under the GDPR?)of this recital focuses on the data processing activity itself and not on who the actor is. The Court concluded that both Recital 122 and Recital 128 focus21 KB (3,054 words) - 10:07, 10 September 2021
- AP (The Netherlands) - Decision of 11 December 2023 imposing administrative fine on Uber (category Article 12(1) GDPR)paragraph 2, GDPR). 5) Uber does not explicitly mention the right to data portability/data portability in it privacy statement (art.13,2,b,GDPR). 2/23 Date Unmarked80 KB (11,628 words) - 11:41, 23 February 2024
- OGH - 6Ob127/20z (category Article 4(1) GDPR)79 GDPR in cases of an alleged violation of Article 15 GDPR or can such violation only be subject to a complaint before a DPA under Article 77 GDPR? Do34 KB (5,408 words) - 13:57, 20 September 2021
- Korkein hallinto-oikeus (Finland) - KHO:2023:56 (category Article 5(1)(c) GDPR)Article 6 GDPR. The DPA established that notwithstanding that the controller has a legal basis for processing, processing is still in breach of the GDPR when45 KB (5,016 words) - 14:14, 21 March 2024
- Rb. Midden-Nederland - UTR 20/2315 (category Article 6(1)(f) GDPR)lines and under f, of the GDPR. 14. For a successful appeal to Article 6, paragraph 1, opening lines and under f, of the GDPR, three conditions must be36 KB (5,873 words) - 11:21, 17 August 2022
- OLG Linz - 6R49/19x (category Article 2(1) GDPR)responsible (Nemitz in Ehmann/Selmayr, Datenschutz-Grundverordnung² Art 82 Rz 23). Where several controllers or several processors or one controller and one33 KB (5,113 words) - 09:50, 14 December 2023
- BVerfG - 1 BvR 16/13 (category Article 17 GDPR)results in particular from Article 23.1 of the Basic Law in conjunction with the Treaties of the European Union. Article 23.1 of the Basic Law obliges the133 KB (21,944 words) - 15:59, 22 March 2022
- UODO (Poland) - DKN.5131.31.2021 (category Article 5(1)(a) GDPR)Article 33(1) GDPR by failing to inform the DPA of the data breach. Second, the DPA held that the controller violated Article 28(1), (3) and (9) GDPR by not concluding105 KB (17,237 words) - 09:22, 10 May 2023
- Datatilsynet (Denmark) - 2020-441-4364 (category Article 5(1)(a) GDPR)comply with Article 33 (3) of the GDPR. The DPA assessed that the Zoo did not comply with Article 34(1) of the GDPR by failing to carry out an adequate33 KB (5,347 words) - 16:39, 6 December 2023
- LAG Baden-Württemberg - 5 Ta 123/19 (category Article 15 GDPR)general validity. In particular, § 23.3 RVG expressly applies only to proceedings in which, unlike those under § 23.1 RVG, the fees are not based on the11 KB (1,797 words) - 18:17, 20 September 2021
- APD/GBA (Belgium) - 49/2023 (category Article 6(1)(e) GDPR)Article 9(1) GDPR. Since Article 9 GDPR was not applicable, the DPA examined the lawfulness of the processing under Article 6(1)(e) GDPR which was put57 KB (8,705 words) - 11:48, 16 May 2023
- NSA - III OSK 6781/21 (category Article 17 GDPR)5-9 of the GDPR to press activities does not prevent the application of art. 17 GDPR to press activities; 2) art. 17 sec. 3 lit. a of the GDPR through its49 KB (7,938 words) - 15:32, 28 March 2023
- RvS - 201901006/1/A2 (category Article 79 GDPR)entails that the civil court has exclusive jurisdiction to hear such a request. 23. The Division is of the opinion that in this transitional phase, in which34 KB (5,179 words) - 07:10, 7 April 2020
- CNPD (Luxembourg) - Délibération n° 47FR/2021 (category Article 5(1)(c) GDPR)01"). 21 See in particular Articles 5.1(a) and 12 of the GDPR, see also Recital (39) of the GDPR. _____________________________________________________________69 KB (11,315 words) - 13:30, 19 January 2022
- OLG Hamm - 11 U 88/22 (category Article 82 GDPR)2022, Art. 82 GDPR marginal number 14). With regard to recital 146 sentence 1 of the GDPR, however, processing must have violated the GDPR (Nemitz, in:85 KB (14,523 words) - 05:28, 26 April 2023
- Datatilsynet (Denmark) - 2018-41-0013 (category Article 4(11) GDPR)consent cf. Article 9(2)(a) GDPR and Article 6(1)(a) GDPR. The DPA referred to Article 4(11) GDPR, Article 7 GDPR and Recital 32 regarding the conditions47 KB (7,748 words) - 12:51, 22 June 2022
- EWHC (UK) - Johnson v Eastlight Community Homes Ltd (category Article 82 GDPR)minimis threshold. In comparison to pre-GDPR legislation, the court found no difference in the wording of Article 82(1) GDPR which would prevent the continued46 KB (7,676 words) - 10:45, 7 December 2021
- Hoge Raad - 22/03293 (category Article 15 GDPR)placed emphasis on the fundamental rights nature of the GDPR, pointing to Recitals 10 and 59 GDPR. Recital 10 establishes that Member States should provide for8 KB (1,136 words) - 11:34, 4 October 2023
- AEPD (Spain) - EXP202203956 (category Article 6(1) GDPR)LPACAP), for the alleged infringement of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR. FIFTH: Notified of the aforementioned start-up agreement52 KB (8,323 words) - 13:17, 13 December 2023
- OLG Hamm - 20 U 146/22 (category Article 12(5)(b) GDPR)of Article 4(1) GDPR. Nevertheless, in this case the controller had the right to disregard the request in light of Article 12(5)(b) GDPR, as the latter30 KB (4,784 words) - 08:39, 8 August 2023
- Garante per la protezione dei dati personali (Italy) - 9791886 (category Article 35 GDPR)also for treatments carried out for statistical or research purposes (see recital no. 26 of the Regulation and "WP29 Opinion 05/2014 on Anonymization techniques"97 KB (15,437 words) - 11:27, 16 August 2022
- APD/GBA (Belgium) - 32/2022 (category Article 5(1)(c) GDPR)article 12.3 . was also committed GDPR and Articles 21.2 and 21.3 GDPR. 3See in that regard also recital 70 of the GDPR: When personal data is processed31 KB (4,547 words) - 15:54, 3 May 2022
- APD/GBA (Belgium) - 95/2023 (category Article 4(1) GDPR)dedicated to article 5.1. a) of the GDPR, being able to rely on one of the bases of lawfulness of the article 6.1. of the GDPR. When the data controller plans27 KB (3,839 words) - 13:12, 18 July 2023
- AEPD (Spain) - PS/00126/2021 (category Article 6(1) GDPR)negligence of the infringement (Article 83(2)(b) GDPR) the impact on basic personal identifiers (Article 83(2)(g) GDPR) Share your comments here! Share blogs or26 KB (3,922 words) - 13:10, 9 June 2021
- APD/GBA (Belgium) - 149/2022 (category Article 5(1)(b) GDPR)Article 5(1)(a) GDPR and Article 6(1) GDPR The DPA held that the controller did not violate Article 5(1)(a) GDPR and Article 6(1) GDPR. The DPA stated89 KB (13,017 words) - 15:07, 2 November 2022
- APD/GBA (Belgium) - 33/2022 (category Article 5(1)(f) GDPR)and against accidental loss, destruction or alteration of data. 23. Recital 83 of the GDPR envisages that “[...] the controller [...] assesses the risks26 KB (4,116 words) - 15:36, 30 March 2022
- based on a clear interest legitimate in accordance with article 6.1. f) and recital 47 of the Regulation General Data Protection 679/2016, by our company, having34 KB (5,222 words) - 12:58, 13 December 2023
- EDPB - Binding Decision 5/2022 - 'Whatsapp' (category Article 4 GDPR)border processing pursuant Article4(23)GDPR.Asthemain establishment ofWhatsApp IE (asdefined in Article4(16) GDPR)wasfound tobe in Ireland,the IE SA was289 KB (33,568 words) - 15:00, 1 February 2023
- OVG Rheinland-Pfalz - 10 A 10302/21 (category Article 4(2) GDPR) (section Scope of Application of the GDPR not Opened)accordance with the GDPR (Art. 24(1) GDPR), that data protection principles such as data minimisation are effectively implemented (Art. 25(1) GDPR) and that a31 KB (4,797 words) - 10:46, 27 July 2021
- Datatilsynet (Norway) - 22/03622 (category Article 5(1)(c) GDPR)data as personal data from the point of collection, and references Recital 26 GDPR. Because of this, the DPA assessed the interference the collection of73 KB (10,929 words) - 08:41, 31 May 2023
- AEPD (Spain) - PS/00197/2020 (category Article 5(1)(b) GDPR)Articles 6(1)(b), 5(1)(b) and 5(1)(c) GDPR? The Spanish DPA (AEPD) deemed itself competent under Article 58(2) GDPR in conjunction with Article 47 of the129 KB (21,793 words) - 14:09, 13 December 2023
- APD/GBA (Belgium) - 162/2022 (category Article 4(11) GDPR)of the GDPR, article 6, paragraph 1 of the GDPR, article 24 (1) GDPR and Article 25 (1) and (2) GDPR; b. a breach of Article 12(1) and (6) GDPR, Article71 KB (10,426 words) - 08:21, 23 November 2022
- OLG Köln - 6 U 58/23 (category Article 44 GDPR)consent regulated in Chapter II of the GDPR (Articles 6, 7 GDPR) (cf. Pauly, in: Paal/Pauly, GDPR/BDSG, a.a.O., Art. 44 GDPR no. 2). 122This is missing in the118 KB (19,824 words) - 10:49, 6 February 2024
- FG Berlin-Brandenburg - 16 K 16155/21 (category Article 79(2) GDPR)the reference to Article 79(2) GDPR from Article 82(6) GDPR, and the fact that one could argue that Article 82(6) GDPR overrides Member State procedural19 KB (2,925 words) - 11:09, 27 July 2022
- Rb. Rotterdam - 9435922 (category Article 4(2) GDPR)data is a form of processing as referred to in the GDPR (article 4 sub 2 GDPR). Article 6 of the GDPR provides that the processing of personal data is only20 KB (3,042 words) - 10:02, 18 March 2022
- IDPC (Malta) - CDP/COMP/429/2023 (category Article 2(2)(c) GDPR)that therefore the exemption under Article 2(2)(c) GDPR applied. Article 2(2)(c) GDPR states that the GDPR will not apply if the data is processed in the course19 KB (3,039 words) - 14:24, 21 February 2024
- VwGH - Ro 2021/04/0010-11 (category Article 4(4) GDPR)Paragraph 3 GDPR specifies content requirements for an appropriate legal basis, which are clear and precise in the context of recital 41 of the GDPR and should144 KB (21,026 words) - 14:50, 27 March 2024
- Cass.Civ. - 13073/23 (category Article 82 GDPR)compliance with the GDPR. Second, the court stressed that not every violation necessarily leads to liability under Article 82 GDPR. As a matter of fact18 KB (2,724 words) - 09:56, 21 June 2023
- APD/GBA (Belgium) - 77/2023 (category Article 5(1)(a) GDPR)336. 56 GDPR, recital 45. 57 Article 29 Working Party, op. cit. p. 23. Decision on the merits 77/2023 – 22/49 GDPR, insofar as said processing is carried150 KB (22,339 words) - 09:50, 21 June 2023
- Datatilsynet (Norway) - 20/03771-17 (category Article 44 GDPR)noting Recital 148 GDPR, which states that a reprimand may be issued in case of a minor infringement. 21Also worth noting is that under the GDPR, only administrative69 KB (10,520 words) - 07:55, 10 August 2023
- DSB (Austria) - DSB 2023-0.404.421 (category Article 5(1)(a) GDPR)Article 5(1)(b) GDPR and against the provisions of Article 5(1)(a) GDPR and Article 6(1)(f) GDPR in conjunction with Article 6(4) GDPR. Further, the DSB40 KB (6,348 words) - 09:05, 16 November 2023
- APD/GBA (Belgium) - 105/2022 (category Article 2(1) GDPR)that the GDPR does not apply to the processing of the data of the companies of the complainant's customers with referring to recital 14 of the GDPR, the Disputes44 KB (6,420 words) - 11:00, 6 July 2022
- CNIL (France) - SAN-2020-013 (category Article 6 GDPR)only investigating GDPR infringements but also breaches of the Directive ePrivacy, transcribed into French law. It reminded that GDPR and ePrivacy each82 KB (13,424 words) - 17:10, 6 December 2023
- CNPD (Portugal) - Deliberação 984/2018 (category Article 5(1)(f) GDPR)especially in the area of fines,uncontroversially expressed in recital 150 of the GDPR “In order to reinforceand harmonize administrative sanctions for40 KB (5,935 words) - 16:55, 6 December 2023
- BVwG - W214 2233132-1/27E (category Article 15 GDPR)standard B-VG Art 133 Paragraph 4 DSG §24 DSG §4 GDPR Art 12 GDPR Art 15 GDPR Art 15 Paragraph 1 litc GDPR Art77 UWG §26b paragraph 1 B-VG Art. 133 today87 KB (14,194 words) - 10:07, 15 February 2024
- NSA - III OSK 161/21 (category Article 5(1)(c) GDPR)particular that the wording of Article 23(1)(5) excludes the application of the so-called "legalising consent", 3. Article 23(1)(3) and Article 26(1)(3) of the44 KB (7,216 words) - 12:03, 10 September 2021
- APD/GBA (Belgium) - 66/2021 (category Article 4(3) GDPR)above. 103. In accordance with the aforementioned Article 23 GDPR, as explained in recital 73 GDPR, however, the rights of data subjects can only be limited88 KB (13,010 words) - 20:12, 30 December 2021
- IMY (Sweden) - DI-2019-4062 (category Article 5(1)(a) GDPR)these breaches also entailed a violation of Articles 12(1) GDPR, 5(1)(a) GDPR and 5(2) GDPR. Regarding the information provided by Klarna on the purpose118 KB (13,497 words) - 16:24, 6 April 2022
- EDPB - Binding Decision 4/2022 - 'Meta (Instagram)' (category Article 4 GDPR)with GDPR transparencyobligations under Article 13(1)(c) GDPR involves a separateand different legalassessment tothatrequired in Article6(1)(b) GDPR.TheIE468 KB (51,340 words) - 14:10, 30 January 2023
- LG Essen - 18 O 204/21 (category Article 4(1) GDPR)under Article 4(1) GDPR. Moreover the court found that the controller can refuse to act on the request according to Article 12(5)(b) GDPR, because the request24 KB (3,694 words) - 10:56, 15 June 2022
- APD/GBA (Belgium) - 15/2023 (category Article 4(11) GDPR)paragraph 1 GDPR and Article 25 (1) GDPR 84. Based on Article 12(1) GDPR, Article 13(1) and (2) GDPR and Article 14(1) and paragraph 2 of the GDPR, it is necessary105 KB (15,883 words) - 15:05, 8 March 2023
- DSB (Austria) - 2023-0.583.644 (category Article 5(1)(a) GDPR)101 and 102 TFEU (see Recital 150 GDPR) only applies to those within the meaning of Articles 101 and 102 TFEU (see Recital 150 GDPR). is relevant for the93 KB (15,554 words) - 10:04, 15 February 2024
- BVwG - W256 2214855-1/6E (category Article 6(1)(f) GDPR)(1) Data Protection Act - Next search term). 3 Previous search termGDPR; see also Recital 211: "This impact assessment should in particular address the measures27 KB (4,149 words) - 16:02, 22 March 2022
- APD/GBA (Belgium) - 74/2020 (category Article 6(1)(f) GDPR)point b) GDPR and Article 100, §1, 5 ° WOG to be reprimanded for the infringement of Article 25 (1) GDPR; b. on the basis of Article 83 GDPR and Articles82 KB (12,100 words) - 17:01, 12 December 2023
- BVwG - W274 2251055-1/5E (category Article 6(1)(f) GDPR)for more details. Decision date June 23, 2023 standard B-VG Art 133 Paragraph 4 DSG §1 Paragraph 1 GDPR Art5 GDPR Art6 Paragraph 1 Directive 2014/65/EU137 KB (21,991 words) - 12:01, 20 September 2023
- IP (Slovenia) - 0611-182/2021/23 (category Article 5(1)(b) GDPR)taking into account their relationship to the controller, as stated in Recital 47 GDPR in connection with the EDPB Guidelines 3/2019 on processing personal53 KB (8,251 words) - 08:30, 27 September 2023
- APD/GBA (Belgium) - 57/2023 (category Article 5(1) GDPR)Article 13(1)(c) and (2)(a) of the GDPR. II.4. Article 5 GDPR, Article 24 (1) GDPR and Article 25 (1) and (2) GDPR II.4.1. Findings in the Inspection Report99 KB (15,129 words) - 09:21, 31 May 2023
- BVerfG - 1 BvR 276/17 (category Article 17 GDPR)the content provider did not necessarily have to lead to the same result. 23 3 The Hamburg Commissioner for Data Protection and Freedom of Information127 KB (21,367 words) - 16:00, 22 March 2022
- Garante per la protezione dei dati personali (Italy) - 9994882 (category Article 5(1)(f) GDPR)reply to the request for information. In its decision, the DPA cited Recital 35 GDPR which specifies that data related to health ‘includes information on44 KB (6,958 words) - 13:31, 23 April 2024
- BlnBDI (Berlin) - 632.276, 521.11692, 591.616 (category Article 6(1) GDPR)conduct infringed Article 6(1) GDPR in conjunction with Article 83(5)(a) GDPR for the following reasons. Article 6(1) GDPR provides that the processing of8 KB (1,064 words) - 11:55, 23 October 2022
- APD/GBA (Belgium) - DOS-2019-05837 (category Article 5(1)(b) GDPR)on the merits 46/2024 - 10/16 reverted to Article 6.1. GDPR and recital 50 GDPR. In recital 50 GDPR8 is states that a separate legal basis is required for46 KB (7,313 words) - 23:42, 24 April 2024
- Datatilsynet (Norway) - 21/03126 (category Article 33(1) GDPR)Article 4(16) GDPR." Consequently, the DPA concluded that the cooperation mechanism and procedure set out in Article 56(1) GDPR and Article 60 GDPR did not apply133 KB (19,309 words) - 05:16, 24 March 2023
- RvS (Netherlands) - 202001625/1/A3 (category Article 4 GDPR)Serooskerken clerk Pronounced in public on November 10, 2021 290. APPENDIX GDPR Recital, recital 39 (...) Personal data may only be processed if the purpose of the31 KB (4,864 words) - 09:50, 26 November 2021
- Rb. Rotterdam - ROT 19/5030 (category Article 4(7) GDPR)interpretation of the term 'controller' in the GDPR. Indeed, it follows from recital 9 of the preamble to the GDPR that the objectives and principles of Directive28 KB (4,560 words) - 15:01, 10 August 2021
- DSB (Austria) - 2023-0.603.142 (category Article 31 GDPR)Letter a GDPR). (Article 58 Paragraph One Litera a, GDPR). From this provision, taken together with Article 31 of the GDPR, Article 31 of the GDPR results76 KB (12,550 words) - 09:24, 28 February 2024
- AEPD (Spain) - PS/00028/2022 (category Article 5(1)(f) GDPR)confidentiality. Second, the DPA found a violation of Article 32 GDPR. The DPA held Article 32 GDPR requires the controller to have a complete protocol that must58 KB (9,301 words) - 12:39, 13 December 2023
- DSB (Austria) - 2021-0.119.956 (category Article 5(1)(e) GDPR)on treatments or procedures (see Recital 63 GDPR). b. If the data is processed in accordance with Article 28 of the GDPR, I request that you additionally50 KB (8,021 words) - 15:40, 18 January 2024
- Court of Appeal of Brussels - 2019/AR/1006 (category Article 16 GDPR)accordance with Article 4(1) GDPR, according to the DPA. The Court of Appeal of Brussels held that, in accordance with Article 16 GDPR, the data subject has the59 KB (9,290 words) - 09:10, 5 May 2024
- NAIH (Hungary) - NAIH-2020-2546-5 (category Article 5(1)(c) GDPR)to Article 2 (1) of the GDPR, the GDPR applies to the processing of data in the present case. The relevant provisions of the GDPR in the present case are72 KB (11,159 words) - 10:09, 17 November 2023
- BVwG - W176 2255954-1 (category Article 1 GDPR)Article 77 GDPR. The Austrian DPA argued that a legal person does not fall within the personal scope of the GDPR pursuant to Article 1(1) and (2) GDPR. Therefore27 KB (4,362 words) - 14:08, 5 July 2023
- IMY (Sweden) - DI-2019-6523 (category Article 13(1)(c) GDPR)(Article 6(1)(b) GDPR) and legitimate interests (Article 6(1)(f) GDPR), the DPA found that the controller violated Article 13(1)(c) GDPR by indicating an17 KB (1,990 words) - 09:02, 8 May 2024
- Garante per la protezione dei dati personali (Italy) - 9751362 (category Article 5(1)(b) GDPR)privacy policy did not refer to GDPR. Clearview did not have a representative in the Union as mandated by Article 27 GDPR. Accordingly, the activities of134 KB (21,856 words) - 05:16, 25 May 2022
- OVG Hamburg - 3 Bs 146/23 (category Article 5 GDPR)wording of Article 5 Paragraph 1 Letter b) GDPR (“specified […] purposes”) and the wording in Recital 39 Sentence 6 GDPR, (“In particular, the specific purposes26 KB (4,083 words) - 14:05, 24 January 2024
- AZOP (Croatia) - Decision 23-03-2023 (category Article 11 GDPR)access request under Article 15 GDPR to the office and also requested her personal data to be deleted under Article 17 GDPR. The data subject also claimed24 KB (3,725 words) - 16:01, 28 November 2023
- VwGH - Ro 2021/04/0010 (category Article 4 GDPR)Art. 6 Para. 3 GDPR sets out the content requirements for an appropriate legal basis, which in connection with Recital 41 of the GDPR should be clear190 KB (30,999 words) - 10:00, 21 February 2024
- OGH - 6Ob19/23x (category Article 15(1)(c) GDPR)(5) GDPR regarding the exercise of the trade of the address method and direct marketing companies, which are within the borders of the GDPR (Recital Gr33 KB (4,912 words) - 13:56, 10 May 2023
- IMY (Sweden) - IMY-2022-695 (category Article 4(15) GDPR)personal data was automated. Thus Article 2(1) GDPR applies and the processing falls within the scope of the GDPR. The DPA assessed that a summons to one of43 KB (5,076 words) - 09:32, 21 November 2023
- LSG Niedersachsen-Bremen - L 16 SF 5/21 DS (category Article 77 GDPR)supported by the structure of Article 78 GDPR, which is strictly intertwined with Article 77 GDPR. Indeed, Article 78(2) GDPR provides the data subject with the34 KB (5,655 words) - 14:08, 16 May 2023
- AEPD (Spain) - EXP202206805 (category Article 5(1)(a) GDPR)complaining party, thereby contravening article 6 of the GDPR. In this sense, Recital 40 of the GDPR states: “(40) For the processing to be lawful, personal37 KB (5,879 words) - 07:09, 4 October 2023
- Rb. Midden-Nederland - UTR 21/3403 (category Article 23(1)(e) GDPR)also falls within the scope of Article 23(1)(e) GDPR, and thus the processing does not violate Article 6(4) GDPR. Hence, the Court concluded that all of23 KB (3,541 words) - 11:29, 8 June 2022
- Garante per la protezione dei dati personali (Italy) - 9960875 (category Article 12(3) GDPR)Article 12(3) GDPR. Therefore, the DPA ruled that because the processing carried out by the controller breached Article 12 GDPR and Article 15 GDPR. Since the34 KB (5,386 words) - 16:16, 19 December 2023
- IP - 0610-376/2020/35 (category Article 13(1) GDPR)Administration did not provide the relevant information under Article 13 GDPR when processing expressions of interest for COVID-19 vaccination on the e-government110 KB (17,995 words) - 11:15, 22 April 2021
- ICO (UK) - Tempcover Ltd (category Article 4(11) GDPR)her”. 7. Recital 32 of the GDPR materially states that “When the processing has multiple purposes, consent should be given for all of them” . Recital 42 materially40 KB (5,684 words) - 18:42, 16 February 2022
- CNIL (France) - SAN-2022-024 (category Article 3 GDPR)LinkedIn and Salesforce.com. The DPA held that the GDPR was not applicable according to Article 3 GDPR. The controller was a company based in the United30 KB (4,714 words) - 10:34, 4 January 2023
- GHAMS - 200.295.747/01 (category Article 15(1)(h) GDPR)under point 7, they argue. 3.23 The grievance succeeds. Uber argued, without any further explanation, that under Article 23(1)(c), (d) and (h) AVG it is80 KB (13,304 words) - 13:05, 12 April 2023
- AG Pfaffenhofen a. d. Ilm - 2 C 133/21 (category Article 6(1)(a) GDPR)Letter f GDPR. It is true that the processing of personal data for direct mail can also represent a legitimate interest according to recital 47 GDPR. However28 KB (4,447 words) - 16:37, 13 January 2022
- HDPA (Greece) - 47/2023 (category Article 12(1) GDPR)purposes pursued by Article 15 of the GDPR, it is noted that, as specified in Recital 11, the purpose of the GDPR is to strengthen and specify in detail36 KB (6,028 words) - 07:43, 20 March 2024
- APD/GBA (Belgium) - 85/2022 (category Article 4(11) GDPR)and 7(1) GDPR; Articles 5, paragraph 2 and 24 GDPR; Articles 12, paragraph 1, j° 13 and 14 GDPR; Article 5(1)(e) GDPR; and Article 7(3) GDPR. - order the171 KB (24,826 words) - 15:55, 18 June 2022
- OLG Brandenburg - 11 U 9/23 (category Article 2(1) GDPR)may refuse to comply with access requests under Article 15 GDPR pursuant to Article 12(5)(b) GDPR if they are aimed exclusively at achieving objectives that27 KB (4,404 words) - 08:48, 12 July 2023
- ArbG Duisburg - 5 Ca 877/23 (category Article 12 GDPR)Articles 15 GDPR and 12(3) GDPR. The LAG held that a mere violation of the GDPR does not give rise to a right to compensation under Article 82(1) GDPR. The LAG27 KB (4,303 words) - 15:09, 6 December 2023
- AEPD (Spain) - EXP202102056 (category Article 5(1)(f) GDPR)Article 5.1.f) of the GDPR, typified in Article 83.5 of the GDPR and of Article 32 of the GDPR, typified in Article 83.4 of the GDPR. In order to issue said15 KB (2,206 words) - 13:53, 12 April 2023
- AEPD (Spain) - EXP202210101 (category Article 6(1) GDPR)following the ruling of January 23, 1998, partially transcribed in the SSTS of October 9, 2009, Rec 5285/2005, and 23 of October 2010, Rec 1067/2006, that85 KB (13,823 words) - 12:51, 3 April 2024
- PHR - 22/01253 (category Article 23 GDPR)corresponding interest can be found in the GDPR. Notably, the PG referenced Recital 52 and Article 9 GDPR. Recital 52 GDPR states that a derogation from the prohibition241 KB (42,617 words) - 14:14, 13 September 2022
- CJEU - C-175/20 - Valsts ieņēmumu dienests (category Article 5(1)(c) GDPR)set out in the GDPR, notably those of Article 5 GDPR. As for the second question, the CJEU assessed whether the provisions of the GDPR should be interpreted12 KB (1,818 words) - 15:15, 12 May 2023
- OLG Nürnberg - 4 U 347/21 (category Article 12(5) GDPR)data that is needed also for purposes other than those included in Recital 63 GDPR. Moreover, the court held that the access request cannot be considered35 KB (5,672 words) - 08:48, 30 January 2024
- VG Cottbus - VG 4 K 1191/19 (category Article 4(2) GDPR)done using a water meter and its readout. Article 12(5) GDPR in conjunction with Article 18(1)(d) GDPR does not prevent the charging of an administrative fee75 KB (12,396 words) - 12:11, 30 March 2022
- ICO (UK) - Royal Mail Group Limited (category Article 4(11) GDPR). 7. Recital 32 of the GDPR materially states that “When the processing has multiple purposes, consent should be given for all of them” . Recital 42 materially41 KB (5,879 words) - 12:39, 23 March 2022
- AP (The Netherlands) - 24.02.2022 (category Article 13(1)(e) GDPR)applicants' rights. Consequently, the Ministry violated Article 32 GDPR and Article 24 GDPR. The DPA also found that visa applicants were insufficiently informed179 KB (22,957 words) - 17:07, 12 December 2023
- LAG Düsseldorf - 12 Sa 18/23 (category Article 82 GDPR)permissible in accordance with Art. 88 GDPR in conjunction with Section 26 BDSG, the violation of the GDPR required for Art. 82 GDPR was already lacking. There is102 KB (17,108 words) - 09:44, 15 February 2024
- AEPD (Spain) - PS/00247/2019 (category Article 32(2) GDPR)Article 83.4.a of the GDPR. Assessing the circumstances modifying liability, both adverse and favourable, contemplated in article 83.2 GDPR, the AEPD established39 KB (6,720 words) - 14:22, 13 December 2023
- AEPD (Spain) - PS/00062/2020 (category Article 13 GDPR)Article 13 GDPR even if the contact form is not operational? The Spanish DPA (AEPD) held that the defendant, PSI, violated Article 13 GDPR by failing to44 KB (7,162 words) - 13:53, 13 December 2023
- VG Berlin - 1 K 561/21 (category Article 4(1) GDPR)17(3)(b) GDPR nor on Article 18(1)(c) GDPR in order to prevent the automatic deletion of the recordings, as the right to access under Article 15 GDPR is not57 KB (9,204 words) - 10:55, 23 November 2023
- NAIH (Hungary) - NAIH/2020/32/4 (category Article 5(1) GDPR)procedure fall within the scope of the GDPR pursuant to Article 2(1) of the GDPR and consequently the rules of the GDPR apply to these processing. The Authority75 KB (12,586 words) - 10:10, 17 November 2023
- AEPD (Spain) - PS/00413/2021 (category Article 5(1)(c) GDPR)c), typified in article 83.5.a) of the GDPR. SIXTH: Notified of the initiation agreement, the claimant on 09/23/2021 requested extension of the term to69 KB (11,301 words) - 10:49, 23 March 2023
- UODO (Poland) - ZSPR.421.7.2019 (category Article 7(3) GDPR)investigation regarding the compliance of processing operations with the GDPR at the ClickQuickNow Sp. z o. o. The UODO found that the company did not60 KB (9,815 words) - 10:02, 17 November 2023
- AEPD (Spain) - EXP202205850 (category Article 5(1)(c) GDPR)excessive for the intended purpose of processing as per Article 5(1)(c) GDPR and Recital 39 GDPR. The AEPD issued a reprimand on the controller. Share your comments29 KB (4,590 words) - 15:06, 19 April 2023
- Garante per la protezione dei dati personali (Italy) - 9256486 (category Article 4 GDPR)(2) and 24 (1), (2) GDPR), privacy by design (Article 25 (1) GDPR) and as controller towards its data processors (Article 28 GDPR). Consequently, the Garante144 KB (23,155 words) - 15:46, 6 December 2023
- APD/GBA (Belgium) - 161/2022 (category Article 3(1) GDPR)territorial scope of the GDPR, Article 3 of the GDPR assumes of two different cases. In the first case (Article 3.1 of the GDPR), the data processing carried19 KB (2,689 words) - 15:30, 23 November 2022
- ICO (UK) - Colour Car Sales Limited (category Article 4(11) GDPR)her". 8. Recital 32 of the GDPR materially states that "When the processing has multiple purposes, consent should be given for all of them". Recital 42 materiallyprovides22 KB (2,764 words) - 16:07, 19 September 2021