Search results
From GDPRhub
- Persónuvernd - 2020010425 (category Article 6(1)(a) GDPR)accepted as a legitimate interest for processing, they noted that the Recital 38 GDPR emphasised that the personal data of children should be given special18 KB (2,798 words) - 10:23, 8 July 2020
- APD/GBA (Belgium) - 04/2021 (category Article 5(1) GDPR)Article 31 of the GDPR demonstrated. 87. Regarding Articles 37 and 38 GDPR, the defendant does not require to be based of Article 37.1 GDPR to have to be a113 KB (18,732 words) - 16:50, 12 December 2023
- GDPR. Recital 71 sentence 1 GDPR. Recital 71 sentence 1 GDPR. Recital 28 sentence 1 GDPR, such as Hansen, in Simitis, Hornung, Spieker, Datenschutzrecht125 KB (16,328 words) - 16:01, 8 March 2024
- (available here). See, Article 38(4) GDPR. For more information in that respect, see Commentary on Article 37 GDPR to Article 39 GDPR). If a DPO is indeed designated71 KB (9,532 words) - 13:30, 6 March 2024
- Article 6 GDPR (category GDPR Articles) (section Tension with Article 5 and 12 GDPR in case of routine reliance on Article 6(4) GDPR)BDSG, Article 6 GDPR, margin number 20 (C.H. Beck 2020). Recital 32 sentence 1 GDPR. Recital 32 sentence 2 GDPR. Recital 32 sentence 3 GDPR. CJEU, C‑673/17108 KB (17,005 words) - 15:39, 18 March 2024
- of data established in Article 9(2)(a) GDPR, Article 9(2)(c) GDPR, Article 9(2)(g) GDPR and Article 9(2)(i) GDPR directly correlate with a specific legal44 KB (5,905 words) - 14:00, 24 October 2023
- of Articles 13 or 14 GDPR and Article 15(1) GDPR often overlaps, the controller has a different obligation under Article 15 GDPR to include the ex-post73 KB (9,896 words) - 15:46, 18 March 2024
- Article 83 GDPR (category GDPR Articles) (section (6) Non-compliance with orders pursuant to Article 58(2) GDPR)Article 83(8) GDPR corresponds in this respect to Recital 148 sentence 4 GDPR. Nemitz, in Ehmann,Selmayr, Datenschutz-Grundverordnung, Article 83 GDPR, margin55 KB (7,622 words) - 14:04, 7 November 2023
- Article 24 GDPR (category Article 24 GDPR) (section Shall implement appropriate technical and organisational measures to ensure GDPR compliance)Article 25 GDPR or Article 32 GDPR. This provision assigns a proactive role to the controller who has to ensure compliance with the GDPR at all stages30 KB (3,458 words) - 10:31, 25 April 2024
- under Article 6(4) GDPR and further processing for a compatible purpose under Article 6(4) GDPR. See the commentary on Article 6(4) GDPR for details on the51 KB (6,355 words) - 08:25, 18 April 2024
- dealt with in Article 12(6) GDPR. It is unclear why Article 12(2) GDPR refers to Articles 15 to 22 GDPR, while Article 11(2) GDPR only refers to Articles Articles76 KB (11,304 words) - 08:37, 4 March 2024
- Article 58 GDPR (category GDPR Articles) (section (d) Order to bring processing in compliance with the GDPR)(Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction (Article 18 GDPR), notification (Article 19 GDPR) or data portability46 KB (5,825 words) - 11:12, 7 November 2023
- Regulation (GDPR): A Commentary, Article 32 GDPR, p. 636 (Oxford University Press 2020). Jandt, in Kühling, Buchner, DS-GVO BDSG, Article 32 GDPR, margin number41 KB (5,197 words) - 12:17, 17 April 2024
- 22(2)(c) GDPR. Finally, decisions based on explicit consent are also subjected to the safeguards laid down in Article 22(3) GDPR. Article 22(3) GDPR lays down31 KB (4,768 words) - 06:24, 16 June 2023
- from any of the GDPR’s protections. → You can find all related decisions in Category:Article 39 GDPR Just as Article 38 GDPR, Article 39 GDPR also shows similarities23 KB (2,165 words) - 15:10, 27 July 2023
- Regulation (GDPR): A Commentary, Article 38 GDPR, p. 707 (Oxford University Press 2020). Bergt, in Kühling, Buchner, DS-GVO BDSG, Article 38 GDPR, margin number29 KB (2,951 words) - 14:19, 25 July 2023
- Data Protection Regulation (GDPR): A Commentary, Article 55 GDPR, page 909 (Oxford University Press 2020). See Recital 20 GDPR and CJEU, in C-245/20 - Autoriteit35 KB (3,971 words) - 21:34, 1 April 2024
- the validity, formation or effect of a contract in relation to a child. Recital 38: Protection for Children Children merit specific protection with regard19 KB (1,335 words) - 13:56, 24 October 2023
- Regulation (GDPR), Article 7 GDPR, p. 350 (Oxford University Press 2020). Heckmann, Paschke, in Ehmann, Selmayr, Datenschutz-Grundverordnung, Article 7 GDPR, margin31 KB (3,489 words) - 16:00, 8 March 2024
- (Article 12(1) GDPR), facilitate the data subject (Article 12(2) GDPR), respond and communicate the measures taken (Article 12(3) and (4) GDPR), the principle61 KB (8,488 words) - 15:47, 18 March 2024
- Article 82 GDPR – like almost all provisions of the GDPR – is directly applicable in all Member States without any act of implementation. Article 82 GDPR leaves33 KB (4,215 words) - 09:57, 19 March 2024
- Article 23 GDPR (category GDPR Articles) (section Consultation with the DPAs (Articles 36(4) and 57(1)(c) GDPR))(Article 12 GDPR), information (Articles 13 and 14 GDPR), access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction44 KB (4,896 words) - 06:25, 16 June 2023
- Article 72 GDPR regulates the Board's voting procedure. Generally, the GDPR grants the EDPB a high degree of autonomy. In particular, Article 72(2) GDPR entitles22 KB (2,266 words) - 08:26, 17 October 2023
- provisions of the GDPR require the controller to keep track of individual recipients. For example, Article 15(1)(c) GDPR and Article 19 GDPR require the disclosure31 KB (3,327 words) - 15:31, 5 June 2023
- important to note that Article 13(1)(f) GDPR, Article 14(1)(f) GDPR, Article 15(1)(c) GDPR and Article 15(2) GDPR, make specific reference to transfers of personal21 KB (1,831 words) - 08:51, 27 March 2023
- in Category:Article 2 GDPR Bäcker, in Wolff, Brink, BeckOK Datenschutzrecht, Article 2 GDPR, margin number 2 (C.H. Beck 2021, 38th edition) or Kühling/Raab34 KB (4,652 words) - 12:07, 12 November 2023
- large-scale, or involve processing of data under Article 9 GDPR or Article 10 GDPR. Recital 97 GDPR clarifies that the core activities of a controller are43 KB (4,904 words) - 12:59, 21 July 2023
- personal data as well (see Recital 163 GDPR). Tosoni in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 98 GDPR, p. 1315 (Oxford University15 KB (943 words) - 09:58, 8 November 2023
- the meaning Recital 86 GDPR). However, Article 34 GDPR does not provide a specific deadline of 72 hours as is the case in Article 33 GDPR. Instead, timelines37 KB (3,962 words) - 15:20, 16 June 2023
- under the GDPR. → You can find all related decisions in Category:Article 94 GDPR Kühling, Raab, in Kühling, Buchner, GVO BDSG, Article 94 GDPR, margin numbers13 KB (530 words) - 09:40, 3 October 2023
- outlined under other Articles of the GDPR, namely in Articles 51, 52 and 53 GDPR. The second objective, under Article 54(2) GDPR, seeks to regulate the confidentiality34 KB (3,649 words) - 13:19, 30 October 2023
- purposes outlined in Article 23(1)(a) to (j) GDPR (e.g. national and public security) as well as Recital 73 GDPR (e.g. protection of human life). In any case49 KB (5,993 words) - 06:22, 16 June 2023
- natural persons”. The GDPR does not define what constitutes a “risk to the rights and freedoms of natural persons”. Recital 75 GDPR only outlines potential54 KB (6,536 words) - 08:22, 16 June 2023
- since, under Article 28(1) GDPR, a controller shall only use processors providing the same standards under Article 25 GDPR. Manufacturers or producers43 KB (4,675 words) - 06:43, 16 June 2023
- of the most innovative elements in the GDPR related to the accountability principle (see Articles 5(2) and 24 GDPR). This provision regulates the cases in52 KB (7,297 words) - 08:05, 18 July 2023
- catalogue of penalties in Article 83 GDPR. National legislators may add provisions to fill these gaps. Under Recital 152 GDPR, these provisions may either be19 KB (1,477 words) - 14:12, 7 November 2023
- situation, Article 95 GDPR will not be relevant, and the GDPR applies as normal. Notably, Recital 173 GDPR, which relates to Article 95 GDPR, omits reference20 KB (1,539 words) - 08:21, 19 October 2023
- Article 93 GDPR (category Article 93 GDPR) (section GDPR cases where the examination procedure is referred to)Article 45(5) GDPR (revocation, change of such determinations); Articles 46(2)(c) and (d) GDPR (standard protection clauses); Article 47(3) GDPR (formats and17 KB (1,096 words) - 08:19, 19 October 2023
- compliance with the GDPR. Article 28(3)(h) GDPR enables such a task in case processors are used. According to Article 28(3)(h) GDPR, the processor should72 KB (9,140 words) - 13:12, 2 June 2023
- out data relating to deceased persons, this Recital confirms Recital 27 GDPR, according to which the GDPR “does not apply to the personal data of deceased29 KB (3,695 words) - 13:44, 21 March 2024
- You can find all related decisions in Category:Article 36 GDPR Recital 89 GDPR. Article 36 GDPR must therefore be read as one element within a wider framework31 KB (3,646 words) - 08:51, 21 July 2023
- (Article 15 GDPR), rectification (Article 16 GDPR), deletion (Article 17 GDPR), restriction of processing (Article 18 GDPR), objection (Article 21 GDPR) and the34 KB (3,646 words) - 08:53, 27 March 2023
- Article 79 GDPR (category GDPR Articles) (section Infringement of the plaintiff’s rights under the GDPR)Article 79 GDPR, margin number 14 (rdb.at 2018). Jahnel in Jahnel, DSGVO, Article 79 GDPR, margin number 29 (Jan Sramek 2021). See Recital 141 GDPR. Moos,31 KB (3,550 words) - 11:11, 29 November 2023
- consideration when the GDPR was drafted. There is consequently no need to 'balance' the GDPR against other rights for a second time, as the GDPR is already the28 KB (3,831 words) - 16:21, 14 March 2024
- 57 GDPR should be deemed inadmissible for the purposes of Article 31 GDPR. Article 31 GDPR can be read as a supporting provision to Article 58 GDPR. In22 KB (2,042 words) - 14:29, 20 November 2023
- Article 14 GDPR gives expression to the principle of transparency enshrined in Article 5(1)(a) GDPR and further defined in Article 12 GDPR. While Article47 KB (5,644 words) - 17:49, 5 March 2024
- Berlin. If their behaviour is monitored by an app, the GDPR applies. In light of Recital 14 GDPR and the EDPB guidelines, the targeting criterion covers37 KB (4,635 words) - 13:29, 24 October 2023
- Article 27 GDPR (category GDPR Articles) (section (a) Processing Which is Occasional and Does Not Include Data in the Sense of Articles 9 and 10 GDPR)Protection Regulation (GDPR): A Commentary, Article 27 GDPR, pp. 595-596 (Oxford University Press 2020). Recital 80 sentence 5 GDPR. Ziebarth, in Sydow,25 KB (2,418 words) - 14:11, 24 May 2023
- (Articles 55-59 GDPR). The GDPR provides for exceptions from provisions entailed in Chapter VI (independent supervisory authorities). Article 85(2) GDPR mandates27 KB (2,604 words) - 14:24, 16 January 2024
- published under Article 70(3) GDPR. Though Article 70(3) GDPR already obliges the EDPB to make these public, Article 71(2) GDPR ensures that the public is15 KB (1,196 words) - 08:15, 19 October 2023
- in other parts of the GDPR. To begin with, Recital 141 GDPR clarifies that an SA must “act on a complaint”. Article 57(1)(f) GDPR, in turns, establishes30 KB (3,874 words) - 10:46, 7 December 2023
- resolution mechanism under Article 65 GDPR in connection with Article 63 GDPR is triggered (Article 60 (4) GDPR). Article 60(2) GDPR clarifies that also in cross-border35 KB (4,017 words) - 16:04, 18 March 2024
- Article 11 GDPR (category GDPR Articles) (section (1) If the data subject is not identified, the GDPR applies in part)Articles 13 or 14 GDPR. This can be drawn from the final sentence of Article 11(1) GDPR. It must be assessed with the utmost attention whether GDPR provisions20 KB (1,854 words) - 16:32, 8 March 2024
- Article 57 GDPR (tasks of SAs), Article 58 GDPR (powers of SAs), as well as Article 65 GDPR (dispute resolution by the board), Article 63 GDPR (consistency55 KB (7,446 words) - 22:28, 1 April 2024
- interpreted Recital 144 GDPR to have limited the scope of Article 81 GDPR, as applying only to proceedings instigated under Article 78 GDPR. The first sentence27 KB (2,619 words) - 14:52, 16 November 2023
- the scope of the LED from the scope of the GDPR. Article 10 GDPR is intended to extend the protection of the GDPR to the processing of certain criminal data17 KB (1,768 words) - 15:41, 18 March 2024
- subject to the GDPR or, in cases where they are not established in the EU, act within the material and territorial scope of the GDPR. Article 48 GDPR refers to14 KB (716 words) - 15:19, 28 April 2022
- provisions of the GDPR. This decision refers to the Administrative cooperation between SAs (covering cooperation under Articles 56, 60, 61 and 62 GDPR) and the15 KB (810 words) - 16:13, 2 November 2023
- 88(1) GDPR) and a conditional function (Article 88(2) GDPR). While Article 88(2) GDPR determines the scope of the opening clause, Article 88(1) GDPR establishes32 KB (3,228 words) - 13:32, 30 November 2023
- Article 46(2)(d) GDPR, contractual clauses referred to in Article 46(3)(a) GDPR, or binding corporate rules within the meaning of Article 47 GDPR. In these cases15 KB (851 words) - 06:55, 29 April 2022
- exists only in cases of Article 64(2) GDPR but not the context of Article 70(2) GDPR. According to Article 70(3) GDPR, the EDPB is obligated to “forward its27 KB (3,038 words) - 12:19, 11 October 2023
- Category:Article 86 GDPR At para. 120 Kranenborg, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 86 GDPR, p. 1216 (Oxford University22 KB (2,177 words) - 10:01, 19 March 2024
- decision pursuant to Article 45 GDPR shall be used, when it exists; second, appropriate safeguards under Article 46 GDPR, such as binding corporate rules29 KB (3,500 words) - 08:54, 27 March 2023
- of knowledge between them. This way, Article 50 GDPR expands the exhortation under Article 57(1)(g) GDPR that calls for cooperation between EU DPAs, across17 KB (1,142 words) - 15:41, 28 April 2022
- It shall apply from 25 May 2018. There is no relevant recital for Article 99 GDPR. Article 99 GDPR sets out the dates of the Regulation's entry into force12 KB (295 words) - 08:25, 19 October 2023
- provisions under Article 75(3) GDPR. The employees of the Board's secretariat only report to the Chair (Recital 140 GDPR). In this respect, they are therefore20 KB (1,347 words) - 14:21, 17 October 2023
- proposed amendments to the GDPR (pursuant to Article 70(1)(b) GDPR). Although not explicitly mentioned in Article 69(2) GDPR, the requirement that the Board18 KB (1,327 words) - 12:36, 14 December 2023
- authority. Article 61(1) GDPR regulates how independent authorities are to cooperate to enable the uniform application of the GDPR. Supervisory authorities24 KB (2,181 words) - 11:46, 15 January 2024
- Article 91 GDPR (category Article 91 GDPR) (section Rules that are comprehensive and in line with the GDPR)true also under Article 91 GDPR”. See, Tosoni, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 91 GDPR, p. 1263 (Oxford University25 KB (2,482 words) - 10:04, 19 March 2024
- 5(1)(d) GDPR gives the controller some leeway to continue processing inaccurate data - see more details under Article 5(1)(d) GDPR. Article 16 GDPR, titled23 KB (2,489 words) - 23:24, 6 March 2024
- Article 40 GDPR (category GDPR Articles) (section (3) Controllers and processors that are not subject to the GDPR)Although Article 40(5) GDPR mentions that the competent DPA will be determined through the application of Article 55 GDPR, the GDPR does not provide concrete44 KB (5,008 words) - 14:50, 28 July 2023
- Article 29 GDPR (category GDPR Articles) (section Commonalities and differences in relation to Article 28(3)(b) GDPR)relevance of Article 29 GDPR were rooted in the fact that Article 28(3)(b) GDPR already seems to cover much of the scope of Article 29 GDPR. More specifically13 KB (674 words) - 13:15, 2 June 2023
- 60, 63, 64 and 65 GDPR) immediately adopt provisional measures intended to produce legal effects on its own territory. Article 66 GDPR creates strict conditions20 KB (1,590 words) - 16:11, 2 November 2023
- Article 96 GDPR if it is found to be incompatible with other GDPR provisions. → You can find all related decisions in Category:Article 96 GDPR It follows13 KB (450 words) - 08:22, 19 October 2023
- application of Article 65(1)(a) GDPR, (13 April 2021), margin number 57 (available here). See also Recital 143 GDPR. See Article 78(2) GDPR. Hijmans, in Kuner et33 KB (4,185 words) - 16:09, 2 November 2023
- sors_en Recital 121 GDPR. Hijmans, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation (GDPR): A Commentary, Article 53 GDPR, p. 88829 KB (2,894 words) - 23:06, 1 April 2024
- decisions pursuant to Article 65 GDPR (Article 70(1)(t) GDPR). Article 68 GDPR is the first of nine Articles (Articles 68-76 GDPR) governing the EDPB set forth20 KB (1,632 words) - 10:01, 11 October 2023
- exclusion of Article 82 GDPR is confirmed by the last sentence of Recital 142 GDPR. In addition, Article 80(2) GDPR does not permit Member States to allow NPOs26 KB (2,575 words) - 15:50, 9 November 2023
- with Article 58(1) GDPR. Article 90 GDPR was drafted with a view to regulate potential conflicts between the application of the GDPR on the one hand, and18 KB (1,599 words) - 12:26, 29 April 2022
- Article 85 GDPR (category Article 85 GDPR) (section Scope of the exceptions within the GDPR framework)prevention (Article 23(1)(a-j) GDPR) allow for far fewer GDPR restrictions than those granted by freedom of expression. Article 85(2) GDPR poses one condition for33 KB (3,748 words) - 14:25, 7 November 2023
- Article 18 GDPR (category GDPR Articles) (section (d) Objection to processing under Article 21(1) GDPR)Article 23(1)(e) GDPR, which sets out strict requirements for the Union or Member State's law restricting GDPR rights, Article 18(2) GDPR does not make any32 KB (3,730 words) - 08:43, 7 March 2024
- compliance with the GDPR under Article 58(2)(d) GDPR or even ban it under Article 58(2)(f) GDPR. Therefore, complaints under Article 77 GDPR should extend to33 KB (3,641 words) - 09:51, 19 March 2024
- Article 57 GDPR (category GDPR Articles) (section (a) Monitor and enforce the application of the GDPR)to Article 60 GDPR, Article 61 GDPR, Article 62 GDPR, Article 63 GDPR, Article 64 GDPR, Article 65 GDPR, Article 66 GDPR and Article 56 GDPR. The SA is also60 KB (7,796 words) - 20:12, 1 April 2024
- Article 62 GDPR, margin number 11 (Beck 2018, 2nd edition). Riccio, Scorza, Belisario, GDPR e normativa privacy – Commentario, Article 62 GDPR (Wolters Kluwer22 KB (1,915 words) - 13:46, 15 January 2024
- in Category:Article 74 GDPR For more on this point, see Article 72 GDPR. Dix in Kühling, Buchner, DS-GVO BDSG, Article 74 GDPR, margin number 7 (C.H. Beck15 KB (808 words) - 09:44, 17 October 2023
- 76 GDPR, margin number 1 (C.H. Beck 2020, 3rd edition). Docksey, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 76 GDPR, p15 KB (787 words) - 08:17, 19 October 2023
- purpose (Article 52(4)(5)(6) GDPR). Elements of SAs' complete independence are also addressed in Article 53 GDPR and Article 54 GDPR. The CJEU in the Case of47 KB (5,594 words) - 22:45, 1 April 2024
- differences between portability and access under Article 15(3) GDPR. According to Recital 68, the data should be available in an "interoperable format"40 KB (5,349 words) - 07:05, 1 June 2023
- Category:Article 45 GDPR Kuner, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation (GDPR): A Commentary, Article 45 GDPR, p. 774 (Oxford43 KB (5,641 words) - 14:58, 28 April 2022
- Article 42 GDPR (category GDPR Articles) (section (7-8) What processing operations can be certified under the GDPR)between Article 42(1) GDPR and Article 42(2) GDPR is that in the former, the applicant for certification is subject to the GDPR, while in latter, the applicant27 KB (2,452 words) - 14:26, 28 July 2023
- Article 19 GDPR therefore requires controllers, subject to certain exceptions, to communicate their exercise to recipients under Article 4(9) GDPR. The first19 KB (1,436 words) - 12:35, 12 May 2023
- mentioned in Recital 167 GDPR and Article 291 TFEU, the aim of implementing acts is to “ensure uniform conditions for implementing” the GDPR. In its GDPR Certification22 KB (1,634 words) - 14:40, 28 July 2023
- encompasses other obligations of controllers under the GDPR. EDPB: This extends to various obligations under the GDPR, including but not limited to the implementation37 KB (3,915 words) - 12:49, 24 May 2023
- majority principle under Article 72(1) GDPR would have applied regardless of Article 73(1) GDPR. In addition, the GDPR explicitly legislates for a simple majority19 KB (1,530 words) - 14:23, 12 October 2023
- ICO (UK) - Tuckers Solicitors LLP (category Article 5(1)(f) GDPR)Article 51 of the GDPR. 17. By Article 57(1) of the GDPR, it is the Commissioner's task to monitor and enforce the application of the GDPR. 18. By Article87 KB (10,588 words) - 14:32, 16 March 2022
- Article 92 GDPR (category Article 92 GDPR) (section (2) Delegation of power under Article 12(8) and 43(8) GDPR)of the European Union ("TFEU"), within the scope of the GDPR. The function of Article 92 GDPR is to lay down conditions for the delegation of power as19 KB (1,525 words) - 08:18, 19 October 2023
- of the GDPR enforcement across the Member States. → You can find all related decisions in Category:Article 64 GDPR Caspar in Kühling, Buchner, GDPR Article23 KB (2,079 words) - 16:07, 2 November 2023
- Category:Article 47 GDPR Kuner, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation (GDPR) Update of Selected Articles, Article 68 GDPR, p. 194 (Oxford29 KB (2,823 words) - 15:15, 28 April 2022
- EDPB - Binding Decision 2/2022 - 'Instagram' (category Article 5(1)(c) GDPR)performance of a contract (Article 6(1)(b) GDPR) and for legitimate interest (Article 6(1)(f) GDPR). Article 6(1)(b) GDPR In its original draft decision, the276 KB (38,206 words) - 09:46, 20 January 2023
- when passing the GDPR. In fact, all but one EU Member State (who has sought higher protections) have voted in favor the GDPR. The GDPR is not just consisting48 KB (5,978 words) - 15:57, 1 February 2024
- Recitals GDPR (section Recitals from the GDPR)progress. Fill in the name used for the recital if you use it so we can ensure a somewhat streamlined practice. Recital 1: The protection of natural persons182 KB (24,065 words) - 13:40, 9 July 2021
- per Article 45(3) GDPR, and subject to regular reporting, which Article 97(2) GDPR provides for. The third paragraph of Article 97 GDPR, obliges the Commission16 KB (778 words) - 08:24, 19 October 2023
- enforcement of the GDPR. → You can find all related decisions in Category:Article 59 GDPR Selmayr, in Ehmann, Selmayr, DS-GVO Kommentar, Article 59 GDPR, margin number15 KB (718 words) - 15:31, 19 October 2023
- undefined in the GDPR. “Expertise” is only referred to again under Article 41(2)(a) GDPR, although briefly. Additionally, Article 41(1) GDPR specifies that30 KB (2,720 words) - 14:02, 28 July 2023
- CJEU - C‑307/22 - Copies of Medical Records (category Article 12(5) GDPR)to in the first sentence of recital 63 GDPR. Neither the wording of Article 12(5) GDPR nor that of Article 15(1) and (3) GDPR condition the provision (to10 KB (1,478 words) - 11:17, 2 November 2023
- DSB (Austria) - 2021-0.586.257 (category Article 4(1) GDPR)data under Article 4(1) GDPR, especially because they allow to single out a data subject within the meaning of recital 26 of the GDPR. It is sufficient that108 KB (17,097 words) - 13:52, 12 May 2023
- CNPD (Luxembourg) - Délibération n° 20FR/2021 (category Article 38(1) GDPR)of articles 38.1, 38.3, 39.1 a) and 39.1 b) of the GDPR; - to issue an injunction against Company A to comply with Article 38.1 of the GDPR, within four66 KB (9,458 words) - 19:42, 4 September 2021
- CNIL (France) - SAN-2020-012 (category Article 4(7) GDPR)understood as made to the GDPR, in accordance with article 94 of the last. Likewise, it is apparent from recital 173 of the GDPR that this text explicitly93 KB (14,936 words) - 17:09, 6 December 2023
- OLG Nürnberg - 8 U 2907/21 (category Article 12(5)(b) GDPR)to access under Article 15 GDPR because the controller was entitled to reject the request pursuant to Article 12(5)(b) GDPR. The court reasoned that this24 KB (3,847 words) - 15:19, 11 September 2022
- IMY (Sweden) - DI-2020-11370 (category Article 44 GDPR)of Chapter V GDPR. The complaint was transferred to the Swedish DPA in its quality of lead supervisory authority pursuant to Article 56 GDPR. Following the131 KB (14,752 words) - 08:36, 5 July 2023
- APD/GBA (Belgium) - 141/2021 (category Article 38(6) GDPR)personal data, which resulted in a conflict of interest in breach of Article 38(6) GDPR. The data subject filed complaint regarding a violation to their right90 KB (14,937 words) - 12:35, 3 August 2022
- BVwG - W214 2233132-1/13E (category Article 15(1)(c) GDPR)decision date 05/17/2022 standard AVG §38 B-VG Art133 Para.4 DSG §24 GDPR Art12 GDPR Art15 DSGVO Art15 Abs1 litc GDPR Art77 VwGVG §17 saying W214 2233132-1/13E47 KB (7,519 words) - 09:28, 13 February 2024
- OLG Köln - 15 U 126/19 (category Article 17(1)(d) GDPR)DSGVO and Art. 38 BayDSG, Recital 153 of the DSGVO continues to refer to this requirement, so that - when interpreting the law, the recitals do not have an121 KB (20,412 words) - 15:58, 10 March 2022
- LG Krefeld - 2 O 448/20 (category Article 15(1) GDPR)an access request under Article 15(1) GDPR. According to Recital 63 GDPR, the right of access under Article 15 GDPR serves data subjects to be informed about17 KB (2,758 words) - 14:10, 15 December 2021
- accordance with Article 38.3 of the AVG Findings of the Inspectorate 316. The Inspection Service finds that BSCA nv, contrary to what Article 38.3 of the AVG prescribes206 KB (30,485 words) - 09:54, 14 December 2023
- APD/GBA (Belgium) - 24/2021 (category Article 38 GDPR)37.7 GDPR in connection with the designation of the data protection officer. 4) Breach of Articles 38.2 and 38.3 GDPR and no breach of Article 38.6 GDPR:110 KB (18,238 words) - 16:56, 12 December 2023
- APD/GBA (Belgium) - 25/2020 (category Article 38 GDPR)meaning of the GDPR, and such processing of personal data did not fall within the scope of the "household exemption". Therefore, the GDPR applied in full84 KB (14,035 words) - 16:56, 12 December 2023
- CNIL (France) - SAN-2019-005 (category Article 5(1)(e) GDPR)Article 32 GDPR. Retaining personal data of an applicant for a lease after another applicant has been selected also violates Article 5(1)(e) GDPR. The customer41 KB (6,558 words) - 17:09, 6 December 2023
- BVwG - W245 2252208-1/36E and W245 2252221-1/30E (category Article 44 GDPR)norm addressee of Chapter V GDPR. The bB be directly responsible for BF2, which violated Art. 44 ff GDPR. Regarding The GDPR is applicable to the processing158 KB (26,392 words) - 08:25, 7 June 2023
- OLG Köln - 15 U 89/19 (category Article 17(3) GDPR)DSGVO and Art. 38 BayDSG, Recital 153 of the DSGVO continues to refer to this requirement, so that - when interpreting the law, the recitals do not have an143 KB (24,273 words) - 15:59, 10 March 2022
- Garante per la protezione dei dati personali (Italy) - 9524194 (category Article 58(2)(f) GDPR)institutions, the child's best interests must be a primary consideration'; - recital 38 of the Regulation, according to which children deserve specific protection9 KB (1,280 words) - 15:53, 6 December 2023
- BVwG - W211 2230221-1 (category Article 15(1)(c) GDPR)right to information according to Art 15 GDPR, especially since it can be derived from recitals 9 and 10 of the GDPR that the European legislator is reducing19 KB (2,825 words) - 09:42, 26 November 2021
- CNPD (Luxembourg) - Délibération n° 41FR/2021 (category Article 38(1) GDPR)of articles 37.7, 38.1, 38.3 and 39.1.b) of the GDPR; - to issue an injunction against Company A to comply with Article 38.3 of the GDPR within four months56 KB (8,326 words) - 16:57, 6 December 2023
- Court of Appeal of Brussels - 2020/AR/813 (category Article 5(1)(c) GDPR)6.1.f) GDPR) and in this balancing the considerations of the GDPR related to Art. 6.1.f) GDPR eligible [...] be taken, in particular Recital 47. Thus85 KB (12,340 words) - 15:30, 19 August 2022
- LG Berlin - (526 OWi LG) 212 Js-OWi 1/20 (1/20), 526 OWiG LG 1/20 (category Article 83(4) GDPR)to Article 83 GDPR in conjunction with Article 4 No. 7 and 8 GDPR, fines for violations of the GDPR pursuant to Article 83(4) to (6) GDPR are not only to36 KB (5,810 words) - 13:09, 21 January 2022
- APD/GBA (Belgium) - 73/2020 (category Article 38(1) GDPR)processing of personal data is carried out in accordance with the GDPR. In doing so, the GDPR requires, among other things, that the nature and scope of the93 KB (14,040 words) - 17:00, 12 December 2023
- CJEU - C-77/21 - Digi (category Article 5(1)(b) GDPR)regarding Articles 5(1)(b) GDPR and 5(1)(e) GDPR and held that national courts had to determine, using the factors of Article 6(4) GDPR, whether further processing49 KB (7,800 words) - 09:22, 5 January 2024
- APD/GBA (Belgium) - 38/2021 (category Article 5 GDPR)10 complainant (article 6.1 a) of the GDPR combined with article 7 of the GDPR), (2) article 6.1 c) of the GDPR in that the publication results on the73 KB (11,604 words) - 16:57, 12 December 2023
- HDPA (Greece) - 50/2022 (category Article 5(1)(b) GDPR)10 of the GDPR, but concerns children, who require specific protection with regard to personal data (recital 38 and Article 6(1)(f) of the GDPR). vii. the19 KB (2,790 words) - 15:32, 6 December 2023
- Datatilsynet (Denmark) - 2018-32-0357 (category Article 4(11) GDPR)reprimand concerning the requirements for consent as required by Article 6(1)(a) GDPR. Datatilsynet examined a complaint regarding the processing of personal data65 KB (9,767 words) - 16:22, 6 December 2023
- CNPD (Luxembourg) - Délibération n° 38FR/2021 (category Article 38(1) GDPR)Articles 37.7, 38.1, 38.2 and 39.1 b) of the GDPR; - to issue an injunction against the public establishment compliance with Article 38.2 of the GDPR within six81 KB (11,895 words) - 16:58, 6 December 2023
- APD/GBA (Belgium) - 81/2020 (category Article 5(1)(c) GDPR)e) of the GDPR). 8.1.4. As for breaches of Articles 5.2. and 24 of the GDPR 88. Article 24.1 of the GDPR which covers Chapter IV of the GDPR devoted to127 KB (21,484 words) - 17:01, 12 December 2023
- APD/GBA (Belgium) - 17/2020 (category Article 12(3) GDPR)all the persona data mentioned by virtue of Article 15(1) GDPR, in the lights of Recital (63) GDPR. Thus, the authority ruled that the lack of a complete52 KB (8,603 words) - 16:55, 12 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 3021/452/2017 (category Article 5(1)(a) GDPR) (section Application of Articles 12 and 15 GDPR to call records)and GDPR. These issues are not discussed here. The question for the DPA to decide was whether Article 12(1) GDPR in conjunction with Article 15 GDPR requires41 KB (6,220 words) - 09:48, 17 November 2023
- APD/GBA (Belgium) - 21/2022 (category Article 5(1)(f) GDPR) (section Accountability (Article 24 GDPR), data protection by design and by default (Article 25 GDPR), integrity and confidentiality (Article 5(1)(f) GDPR), as well as security of processing (Article 32 GDPR))243. In order to strengthen the enforcement of the rules of the GDPR, recital 148 GDPR clarifies that penalties, including administrative fines, should429 KB (58,279 words) - 09:12, 2 November 2022
- Datatilsynet (Norway) - 21/03530 (category Article 6(1)(b) GDPR)situation is warranted. In this respect, Recital 137 GDPR states 65 66See Article 77 GDPR. See Recital 137 GDPR. 28that an urgent need to act in order to99 KB (14,431 words) - 16:20, 6 December 2023
- IMY (Sweden) - DI-2020-11368 (category Article 44 GDPR)of Chapter V GDPR. The complaint was transferred to the Swedish DPA in its quality of lead supervisory authority pursuant to Article 56 GDPR. Following the115 KB (12,842 words) - 08:38, 5 July 2023
- ICO - Monetary Penalty on Ticketmaster UK Limited (category Article 4(2) GDPR)such data. 2 Recital 3. 3 Recital 5. 3 b. the rapid technological developments which have occurred during a period of globalisation.4 As Recital (6) explains:130 KB (21,195 words) - 13:52, 25 April 2021
- HDPA (Greece) - 44/2019 (category Article 5(1) GDPR)compliance and accountability according to Article 5(1) GDPR, Article 5(2) GDPR and Article 6(1) GDPR. Since the company had totally ignored the its compliance127 KB (21,184 words) - 15:39, 6 December 2023
- OLG Hamm - 7 U 19/23 (category Article 82 GDPR)of the GDPR according to Art. 99 Para. 2 GDPR as of May 25, 2018 follows from Art. 79 Para. 2 Sentence 1 GDPR in conjunction with recital 22 GDPR as well130 KB (21,874 words) - 09:43, 15 February 2024
- APD/GBA (Belgium) - 37/2020 (category Article 17 GDPR)The appointment of such a representative shall not 38 THE EU GENERAL DATA PROTECTION REGULATION (GDPR), A Commentary, Edited by Kuner, Bygrave and Docksey131 KB (22,429 words) - 16:57, 12 December 2023
- LAG Berlin-Brandenburg - 10 Sa 443/21 (category Article 15 GDPR)violations of the provisions of the GDPR. It should be borne in mind here that recital 146 sentence 3 of the GDPR requires a broad interpretation in order28 KB (4,527 words) - 15:58, 26 April 2022
- VGH Baden-Württemberg - 1 S 397/19 (category Article 5(1)(d) GDPR)Article 16 sentence 1 GDPR is the legal basis for a request for rectification, even if the request has been submitted before the GDPR entered into force:112 KB (19,310 words) - 08:08, 23 June 2022
- AP (The Netherlands) - 31.05.2021 (category Article 32 GDPR)Data, https://wetten.overheid.nl/BWBR0033572/2013-03-01. 47See also recital 75 of the GDPR. 12/41Date Unidentified May 31, 2021 [CONFIDENTIAL] processing infringes106 KB (14,502 words) - 17:09, 12 December 2023
- APD/GBA (Belgium) - 18/2020 (category Article 38(1) GDPR)Protection Officer (Article 38.6 GDPR) and the insufficient involvement of the Data Protection Officer (Article 38.1 GDPR). On the procedural aspects of55 KB (8,810 words) - 16:55, 12 December 2023
- [The equivalent GDPR Article to Article 48(3)(a) EU GDPR is Article 46(3)(a) GDPR, and Article 50(1)(d) EU GDPR is Article 49(1)(d) GDPR.] Share blogs or73 KB (9,347 words) - 13:28, 26 July 2023
- DSB (Austria) - D124.1177/0006-DSB/2019 (category Article 5(1)(e) GDPR) (section Article 17(1)(d) GDPR)5(1)(b) and (e), 9(2)(j), 89(1) GDPR and Section 7(1)(1) and (2)(1) GDPR. In particular, it follows from Article 9(2)(j) GDPR that the processing of data relating31 KB (4,648 words) - 13:56, 12 May 2023
- Tietosuojavaltuutetun toimisto (Finland) - 6609/163/19 (category Article 5(1)(c) GDPR)Article 5(1)(c) GDPR. The Finish DPA further ordered the controller to bring its processing activities into compliance under Article 58(2)(d) GDPR. The controller13 KB (1,873 words) - 13:06, 3 March 2024
- APD/GBA (Belgium) - 136/2023 (category Article 38(3) GDPR)5(1)(f) GDPR, Article 5(1)(a) GDPR, Article 5(2) GDPR, Article 12 GDPR, Article 13 GDPR, Article 14 GDPR, Article 24(1) GDPR, and Article 25 GDPR, as a result58 KB (9,184 words) - 16:49, 12 December 2023
- CNIL (France) - SAN-2020-009 (category Article 5(1)(a) GDPR)5(1)(a) GDPR? Is the information relating to personal data processing operations easily accessible within the meaning of Articles 12 and 13 GDPR? Is the48 KB (7,404 words) - 17:09, 6 December 2023
- NAIH (Hungary) - NAIH-1091-10/2022 (NAIH-6936/2021) (category Article 5(2) GDPR)to Article 13 (1) of the GDPR of what is written in paragraph Recital (39) of the GDPR and Article 5 (1) point a) of the GDPR stipulate that the information69 KB (11,255 words) - 10:08, 17 November 2023
- CNIL (France) - SAN-2020-014 (category Article 9 GDPR)Article 32 GDPR? - Does the fact that this health data is not encrypted constitute a breach of the security obligation under Article 32 GDPR? - Does the26 KB (4,050 words) - 17:10, 6 December 2023
- APD/GBA (Belgium) - 28/2020 (category Article 6(1)(f) GDPR)from its database. The litigation chamber concluded to a violation of the GDPR considering that: - the controller did not stop the sending of direct marketing27 KB (4,363 words) - 16:56, 12 December 2023
- AEPD (Spain) - E/03884/2020 (category Article 2(1) GDPR)outside the material scope of the GDPR. Also, with regards to the definition of personal data from Article 4(1) GDPR, the DPA did not reach a firm conclusion56 KB (8,737 words) - 09:35, 26 May 2021
- NAIH (Hungary) - NAIH/2020/974/4 (category Article 5(1)(a) GDPR)prohibition of processing sensitive data under Article 9(2)? Were there any other GDPR violations incurred by the processing? The DPA held that there was no lawful67 KB (10,815 words) - 10:11, 17 November 2023
- AEPD (Spain) - PS/00341/2020 (category Article 5 GDPR)under Article 5(1)(a) and Article 5(2) GDPR respectively]. The Spanish DPA even made reference to Recital 40 GDPR on the legality of processing. The Spanish32 KB (4,831 words) - 14:31, 13 December 2023
- OLG Dresden - 4 U 1905/21 (category Article 12(5)(b) GDPR)Data Protection Regulation - GDPR). The defendant has a right of refusal under Art. 12 Para. 5 Sentence 2 Letter b) GDPR to. The provision only lists the40 KB (6,325 words) - 16:12, 18 May 2022
- NAIH (Hungary) - NAIH/2020/6484 (category Article 15(1)(a) GDPR)provided for in Infotv. Pursuant to Section 38 (3) (b), within the scope of its responsibilities under Section 38 (2) and (2a) as defined in this Act, in particular27 KB (4,159 words) - 10:13, 17 November 2023
- APD/GBA (Belgium) - 36/2021 (category Article 5(1) GDPR)view to vigorous enforcement of the rules of the GDPR. After all, as is clear from Recital 148 GDPR, the GDPR puts first and foremost that with every serious62 KB (9,417 words) - 16:57, 12 December 2023
- NAIH (Hungary) - NAIH/2020/2555 (category Article 4(1) GDPR)However, the DPA concluded that the controller did not violate Article 15(2) GDPR by asking for more information to identify the data subject when the data33 KB (5,033 words) - 10:12, 17 November 2023
- AEPD (Spain) - PS/00335/2020 (category Article 5(1)(f) GDPR)own security protocols. This therefore breached Article 5(1)(f) GDPR and Article 32 GDPR. The initial sanction for infringing Article 5(1)(f) was a fine34 KB (5,427 words) - 14:30, 13 December 2023
- OLG Naumburg - 9 U 6/19 (category Article 9(1) GDPR)found that customers’ order data is health data and fall within Article 9(1) GDPR. Amazon does not collect health data stricto sensu but it can draw conclusions32 KB (5,236 words) - 16:00, 10 March 2022
- CNPD (Luxembourg) - Délibération n° 13FR/2023 (category Article 5(1)(b) GDPR)employees. The DPA found a violation of Article 5(1)(b) GDPR, Article 5(1)(c) GDPR and Article 13 GDPR. Following a visit to the premises of two public bodies96 KB (13,984 words) - 16:57, 6 December 2023
- Court of Appeal of Brussels - 2020/AR/1160 (Second Interim Decision) (category Article 6(4) GDPR)Articles 6, 7 and 12 of the GDPR. In the contested decision, the Belgian DPA found the infringement of Article 6, 7, 12, 13 and 24 GDPR sufficiently proven. In67 KB (10,544 words) - 09:24, 10 September 2021
- UODO (Poland) - ZSZZS.440.768.2018 (category Article 5(1)(c) GDPR)and rights they may have in relation to the processing of personal data (recital 38 of the TYROM). Member States of the European Union have the additional32 KB (5,139 words) - 10:02, 17 November 2023
- BVwG - W214 2233132-1/27E (category Article 15 GDPR)standard B-VG Art 133 Paragraph 4 DSG §24 DSG §4 GDPR Art 12 GDPR Art 15 GDPR Art 15 Paragraph 1 litc GDPR Art77 UWG §26b paragraph 1 B-VG Art. 133 today87 KB (14,194 words) - 10:07, 15 February 2024
- RvS - 202002066/1/A3 (category Article 15(3) GDPR)understood. Article 15 of the GDPR belongs to Chapter III of the GDPR, entitled "The rights of the data subject". Recital 11 in the preamble states that22 KB (3,354 words) - 09:23, 18 February 2022
- UODO (Poland) - ZSOŚS.421.25.2019 (category Article 38(1) GDPR)1, art. 25 sec. 1, art. 32 sec. 1 lit. b. and lit. d, art. 32 sec. 2, art. 38 sec. 1, art. 39 sec. 1 lit. b and art. 39 sec. 2, art. 30 sec. 1 lit. d, as156 KB (25,012 words) - 10:01, 17 November 2023
- AEPD (Spain) - EXP202201681 (category Article 38(6) GDPR)following fines: - €5,000 for the violation of Article 38(6) GDPR; - €8,000 for the violation of Article 13 GDPR; - €1,000 for the violation of Article 22(2) LSSI195 KB (30,495 words) - 12:40, 13 December 2023
- NAIH (Hungary) - NAIH/2020/34/3 (category Article 12(2) GDPR)of access under Article 15 GDPR? By denying the complainant access, did the respondent infringe Articles 12(1) or 12(2) GDPR? The NAIH that the complainant's48 KB (7,727 words) - 10:11, 17 November 2023
- AEPD (Spain) - EXP202205932 (category Article 6(1) GDPR)under Article 6(1) GDPR. In light of this, the DPA issued a fine of €70,000 to másLUZ Energía (SIE) by virtue of Article 83(5) GDPR for unlawful processing32 KB (4,952 words) - 13:11, 13 December 2023
- AEPD (Spain) - PS/00322/2020 (category Article 5(1)(f) GDPR)constitute a violation of the GDPR? The AEPD held that the email constituted a confidentiality breach and violated Article 32 GDPR, as the law firm had failed26 KB (3,840 words) - 14:28, 13 December 2023
- AEPD (Spain) - PS/00308/2020 (category Article 5(1)(a) GDPR)article 84.3 of the LGT, and the offenses typified in articles 38.3 c), d) and i) and 38.4 d), g) and h) of Law 34/2002, of July 11, on services of the25 KB (4,016 words) - 14:27, 13 December 2023
- of the GDPR. 92. 92. Firstly, the restricted formation emphasises that, in this case, the criterion provided for in Article 83(2)(a) of the GDPR relating73 KB (11,864 words) - 17:03, 6 December 2023
- APD/GBA (Belgium) - 34/2020 (category Article 5(1)(b) GDPR)(Article 37 GDPR) and the position of the official for data protection (Article 38 GDPR); • compliance with the obligation to cooperate (Article 31 GDPR and Article82 KB (13,250 words) - 16:57, 12 December 2023
- BVwG - W211 2222613-2/12E (category Article 15(3) GDPR)same applies to the right to erasure under Article 17 of the GDPR. Recital 63 of the GDPR also supports this view. It shows that the legislator wants to51 KB (8,592 words) - 07:03, 2 November 2021
- article 84.3 of the LGT, and the offenses typified in articles 38.3 c), d) and i) and 38.4 d), g) and h) of Law 34/2002, of July 11, on services of the34 KB (5,222 words) - 12:58, 13 December 2023
- AEPD (Spain) - PS/00240/2019 (category Article 5(1)(b) GDPR)principle enclosed in Article 5(1)(b) GDPR. On this matter, the AEPD argued that, according to Article 5(1)(a) GDPR, Recital 39 and Article 6(1)(f), an interest602 KB (102,229 words) - 14:21, 13 December 2023
- AEPD (Spain) - PS/00205/2021 (category Article 6(1) GDPR)constitutes personal data according with Article 4(1) GDPR therefore its processing falls within the scope of GDPR. The DPA also analysed whether the controller28 KB (4,527 words) - 12:35, 13 December 2023
- EFTA Court - Joined Cases E-11/19 and E-12/19 (category Article 57(3) GDPR)as “anonymisation”. Recital 26 of the GDPR clarifies that anonymous information does not fall within the scope of the GDPR. The GDPR does not explicitly59 KB (8,242 words) - 10:47, 17 March 2021
- RvS - 201902417/1/A2 (category Article 6(1)(e) GDPR)time, which is a violation of the GDPR. As to the claim for damages, the CoS notes that though Article 82(1) of the GDPR states that full compensation for37 KB (5,721 words) - 12:41, 16 September 2021
- FG München - Auskunftsanspruch nach Art. 15 DSGVO (category Article 15(3) GDPR)whether Art. 15 GDPR applies to the investigation files at all, since according to Art. 2 Para. 2 d GDPR, Section 2a Para. 4 AO, the GDPR does not apply97 KB (16,519 words) - 09:57, 22 February 2023
- APD/GBA (Belgium) - 55/2021 (category Article 6(1)(e) GDPR)which it is up to him to implement (article5.1.a) of the GDPR - explained in recital 39 of the GDPR). Different consequencesarising from one or the other81 KB (13,211 words) - 16:59, 12 December 2023
- CNIL (France) - SAN-2021-024 (section The material competence of the CNIL and the non-application of the "one-stop shop" mechanism provided for by the GDPR)understood as references to the GDPR, in accordance with Article 94 of the latter. 34. Similarly, it follows from recital 173 of the GDPR that this text explicitly82 KB (13,428 words) - 17:02, 6 December 2023
- AEPD (Spain) - PS/00070/2019 (category Article 4(11) GDPR)transparency), Article 12(1), Article 7, Article 13 and Article 14 GDPR, the corresponding GDPR recitals (32, 39, 42, 47, 58, 60, 61, and 72), as well are Articles422 KB (70,184 words) - 13:56, 13 December 2023
- HDPA (Greece) - 2/2023 (category Article 4(7) GDPR)the principles of Article 5 GDPR is not cured by the existence of a legitimate purpose and legal basis (cf. GDPR 38/2004, GDPR 43/2019). In addition, the31 KB (5,021 words) - 16:15, 18 July 2023
- Korkein hallinto-oikeus (Finland) - KHO:2023:56 (category Article 5(1)(c) GDPR)Article 6 GDPR. The DPA established that notwithstanding that the controller has a legal basis for processing, processing is still in breach of the GDPR when45 KB (5,016 words) - 14:14, 21 March 2024
- CNIL (France) - SAN-2021-023 (category Article 56 GDPR) (section The material competence of the CNIL and the non-application of the "one-stop shop" mechanism provided for by the GDPR)understood as made to the GDPR , in accordance with Article 94 of the latter. Similarly, it appears from recital 173 of the GDPR that this text explicitly120 KB (19,650 words) - 09:00, 6 April 2022
- APD/GBA (Belgium) - 07/2021 (category Article 5(1) GDPR)ones processing. Decision on the merits 07/2021 - 14/25 10 recital 50 GDPR. Recital 50 of the GDPR states that this is a separate legal basis required for72 KB (11,208 words) - 16:51, 12 December 2023
- CNIL (France) - SAN-2020-008 (category Article 5(1)(e) GDPR)violation of Article 12 GDPR ? Are the following practices an infringement on data subjects' information right as described in Article 12 GDPR ? Spreading the104 KB (16,646 words) - 17:09, 6 December 2023
- CNPD (Luxembourg) - Délibération n° 24FR/2022 (category Article 12(1) GDPR)and C”. 57See in particular Articles 5.1.a) and 12 of the GDPR, see also recital (39) of the GDPR. 58cf. points 11 and 12 of this decision. 59“Objective 282 KB (11,472 words) - 16:58, 6 December 2023
- LG Köln - 28 O 138/22 (category Article 82 GDPR)protection of Art. 82 GDPR does not cover violations of Art. 13, 14, 15, 24, 25 and Art. 34 GDPR. In addition, there is no breach of the GDPR by the defendant39 KB (6,362 words) - 14:01, 22 June 2023
- APD/GBA (Belgium) - 71/2020 (category Article 4(1) GDPR)of the concept of personal data Article 4, 1) of the GDPR, as explained in Recital 26 of the GDPR, Opinion 4/2007 of the Decision on the merits 71/202079 KB (12,260 words) - 17:00, 12 December 2023
- CNPD (Luxembourg) - Délibération n° 6FR/2023 (category Article 31 GDPR)controller for the purposes of Article 4(7) GDPR, and Company A was the processor for the purposes of Article 4(8) GDPR. The DPA found that both Companies A and55 KB (9,079 words) - 16:57, 6 December 2023
- CNPD (Portugal) - Deliberação 984/2018 (category Article 5(1)(f) GDPR)pages 38 to 82), in short, that:1. The CNPD cannot be considered as a national control authority under theterms of article 51, paragraph 1 of the GDPR, as40 KB (5,935 words) - 16:55, 6 December 2023
- VG Hannover - 10 A 502/19 (category Article 5(1)(a) GDPR)4 No. 1 GDPR. The query of this date in the order form on the plaintiff's homepage is also a processing operation within the meaning of the GDPR. Because41 KB (6,779 words) - 12:35, 24 November 2021
- VG Mainz - 1 K 584/19.MZ (category Article 9(1) GDPR)of Art. 9 GDPR do not apply because the plaintiff did not seek to process that kind of data. The legality is thus determined by Art. 6 GDPR. In the absence58 KB (9,665 words) - 08:51, 25 November 2020
- APD/GBA (Belgium) - 47/2022 (category Article 5(1)(b) GDPR)Articles 6.1.C and 9.2.i) of the GDPR. 86. In accordance with Article 6.3 of the GDPR, read in the light of recital 41 of the GDPR, the processing of 26 personal207 KB (31,357 words) - 14:21, 8 June 2022
- BVerfG - 1 BvR 16/13 (category Article 17 GDPR)time limit for lodging an appeal (cf. § 90.1, 2 and § 93 of the BVerfGG). 38 The complainant is also entitled to lodge a complaint. He complains of an133 KB (21,944 words) - 15:59, 22 March 2022
- APD/GBA (Belgium) - 12/2019 (category Article 4(11) GDPR)the ePrivacy Directive and Articles 6(1)(a) and 7 GDPR, in the lights of Article 4(11) and Recital 32 GDPR. Following this report, the GBA issued a decision107 KB (17,697 words) - 16:52, 12 December 2023
- VG Ansbach - 14 K 19.01274 (category Article 77 GDPR)the GDPR also applied to facts before the above-mentioned date. The Court noted that the entry-into-force of the GDPR according to Article 99 GDPR represents33 KB (5,554 words) - 11:06, 19 November 2021
- APD/GBA (Belgium) - 72/2020 (category Article 5(1)(b) GDPR)controller/employer, the free of the worker's consent can be questioned (Recital 43 of the GDGR and opinion of the Group of Article 29" on data protection34 KB (5,677 words) - 17:00, 12 December 2023
- Garante per la protezione dei dati personali (Italy) - 9556625 (category Article 5(1) GDPR)para. of the GDPR, the law or regulation that constitutes the legal basis referred to in letters c) and e) of co. 1 of art. 6 of the GDPR, could contain57 KB (9,144 words) - 15:55, 6 December 2023
- NAIH (Hungary) - NAIH/2020/1154/9 (category Article 6(1)(f) GDPR)deal with them, however, the ECtHR pointed out that the mere fact that Page 38 38any information available to the public does not necessarily exclude it from192 KB (30,170 words) - 10:11, 17 November 2023
- CNIL (France) - SAN-2022-020 (category Article 3(2)(a) GDPR)account". 81. The restricted formation recalls that, according to recital 38 of the GDPR, "children deserve specific protection with regard to their personal59 KB (9,566 words) - 17:03, 6 December 2023
- BVwG - W211 2234354-1 (category Article 15 GDPR)15(1)(h) GDPR is not limited to cases of Article 22 GDPR but also applies in other cases of purely automated processing, as Article 15(1)(h) GDPR uses the33 KB (5,335 words) - 16:07, 26 January 2022
- VG Ansbach - AN 14 K 19.01274 (category Article 77 GDPR)review under Article 78 GDPR. The disputed infringement occurred before the GDPR came into legal force according to Article 99 GDPR. Therefore, the data subject's35 KB (5,807 words) - 14:24, 12 October 2022
- AP (The Netherlands) - 14.01.2022 (category Article 5(1)(c) GDPR)17 of the AVG) are included below. Recital 59 of the GDPR further clarifies the standard in Article 12 of the GDPR: Arrangements should be made available50 KB (7,656 words) - 17:05, 12 December 2023
- AEPD (Spain) - PS/00247/2019 (category Article 32(2) GDPR)Article 83.4.a of the GDPR. Assessing the circumstances modifying liability, both adverse and favourable, contemplated in article 83.2 GDPR, the AEPD established39 KB (6,720 words) - 14:22, 13 December 2023
- APD/GBA (Belgium) - 15/2023 (category Article 38(3) GDPR)paragraph 1 GDPR and Article 25 (1) GDPR 84. Based on Article 12(1) GDPR, Article 13(1) and (2) GDPR and Article 14(1) and paragraph 2 of the GDPR, it is necessary105 KB (15,883 words) - 15:05, 8 March 2023
- OGH - 6Ob56/21k (request for preliminary ruling under Article 267 TFEU) (category Article 5(1)(c) GDPR)member states is superimposed (see Recital 146 S 4 and 5 on the GDPR; cf. also Frenzel in Paal / Pauly, GDPR-BDSG3 Art 82 GDPR margin no.1; Wybitul / Haß / Albrecht122 KB (20,253 words) - 08:17, 19 August 2021
- CJEU - C-453/21 - X-Fab Dresden GmbH & Co. KG (category Article 38(3) GDPR)effectiveness of the GDPR. Third, the CJEU looked at the context of Article 38(3) GDPR and noted that, according to Article 39(1)(b) GDPR, the task of the12 KB (1,791 words) - 12:19, 12 May 2023
- ANSPDCP (Romania) - Fine against IKEA ROMÂNIA SA (category Article 32(1)(b) GDPR)personal data, in breach of Article 32(1)(b) GDPR and Article 32(2) GDPR. The DPA emphasised, referring to recital 38, that children need specific protection5 KB (673 words) - 08:46, 3 November 2021
- APD/GBA (Belgium) - 117/2021 (category Article 38(3) GDPR)(Article 32 GDPR); the DPO of the hospital was not directly reporting to the highest management level of within the organization (Article 38(3) GDPR). The Belgian35 KB (4,931 words) - 12:59, 9 November 2021
- UODO (Poland) - DKE.561.2.2020 (category Article 58(1)(e) GDPR)children's personal data (requiring special protection, as mentioned in recital 38 of Regulation 2016/679). It should also be noted that at no stage of [27 KB (4,390 words) - 09:50, 17 November 2023
- APD/GBA (Belgium) - 31/2020 (category Article 5(1)(c) GDPR)consent under Article 8 GDPR also apply? Did the defendant, as the controller, fail to adhere to the data transparency (Article 5(1)(a) GDPR) and the data minimisation48 KB (7,926 words) - 16:56, 12 December 2023
- BVwG - W176 2244407-1/18E (category Article 15(4) GDPR)Article 23 GDPR. Restrictions on the right to information under Art. 15 GDPR result in particular from the express provision in Art. 15 (4) GDPR that the48 KB (7,816 words) - 11:04, 29 July 2022
- CNPD (Luxembourg) - Délibération n° 21FR/2021 (category Article 5(1)(c) GDPR)not compliant with Article 13 GDPR. The CNPD held that the controller infringed Article 5(1)(c) GDPR and Article 13 GDPR and decided to: - impose an administrative52 KB (7,520 words) - 13:13, 20 July 2021
- HDPA (Greece) - 12/2022 (category Article 5(1)(a) GDPR)fairness and transparency under Article 5(1)(a) GDPR, and the principle of accountability under Article 5(2) GDPR. Additionally, the HDPA held that the employer’s46 KB (7,390 words) - 08:07, 1 April 2022
- AEPD (Spain) - PS/00234/2020 (category Article 7 GDPR)AEPD concluded that the defendant could have breached Article 13 GDPR, Article 7 GDPR and Article 22(2) LSSI: there was no identification of the data controller47 KB (7,368 words) - 14:21, 13 December 2023
- APD/GBA (Belgium) - 37/2021 (category Article 5(1)(b) GDPR)with article 24 GDPR. They are contained in article 25 of the AVG mentioned above and are explained in more detail in recital 78 GDPR. The defendant therefore45 KB (6,780 words) - 16:57, 12 December 2023
- NAIH (Hungary) - NAIH/2020/66/21 (category Article 25(1) GDPR)Infotv. Section 38 (3) and Section 60 (1) pursuant to the Authority’s Infotv. Personal data within the scope of its duties under Section 38 (2) and (2a) ex67 KB (10,492 words) - 10:11, 17 November 2023
- VSRS - II Ips 23/2020 (category Article 17 GDPR)profile of this person (35 to 37). justification point). 11 Recital 85. 12 Recital 87. 13 Recital 93. 14 In the judgment, the CJEU addressed issues concerning55 KB (9,115 words) - 09:22, 7 June 2022
- NAIH (Hungary) - NAIH-373-31/2023 (category Article 5(1)(b) GDPR)95/46/EC (hereinafter: general data protection regulation or GDPR), and Article 6 (1) of the GDPR. 2. The Authority finds that Customer 1 violated the principle140 KB (23,189 words) - 08:25, 20 February 2024
- APD/GBA (Belgium) - 158/2022 (category Article 6 GDPR)July 2021. 7GDPR, Art. 12. 8 GDPR, Art. 12.2 and 12.3. 9GDPR, Art. 12.3. 1 GDPR, Art. 12.3. 1 GDPR, Art. 12.4. Decision 158/2022 - 6/13 26. Secondly, it42 KB (6,128 words) - 12:47, 16 November 2022
- APD/GBA (Belgium) - 75/2023 (category Article 6(1)(f) GDPR)article 12, second paragraph, of the GDPR. 78. Recital 59 of the GDPR further clarifies the standard in Article 12 of the GDPR: “There should be arrangements77 KB (11,604 words) - 08:55, 29 June 2023
- APD/GBA (Belgium) - 162/2022 (category Article 38(1) GDPR)and (2) GDPR and Article 14(1) and (2) GDPR, Article 5(2) GDPR, Article 24(1) GDPR and Article 25(1) of the GDPR; and c. a violation of Article 38(1) and71 KB (10,426 words) - 08:21, 23 November 2022
- BVwG - W252 2239742-1/11Z (category Article 12(1) GDPR)of the personal data to be disclosed under Article 15 (1) GDPR, Article 15 (3) sentence 1 GDPR applies to this effect to be interpreted that due to the12 KB (1,594 words) - 13:52, 14 September 2022
- APD/GBA (Belgium) - 71/2022 (category Article 5(1)(c) GDPR)of Article 38.3 of the GDPR, but no infringement on Article 38. 1, 38.2 and 38.6 of the GDPR and no infringement of Article 39 of the GDPR. 5. On February69 KB (10,468 words) - 07:37, 9 June 2022
- Commissioner (Cyprus) - 17.05.23 (category Article 5(1)(c) GDPR)violation of Article 5(1)(c) GDPR, and the controller had no legal basis for the processing as required by Article 6 GDPR. As a result of the violations31 KB (4,973 words) - 16:50, 6 December 2023
- AEPD (Spain) - PS/00001/2021 (category Article 5(1)(f) GDPR)in Article 25 GDPR. Additionally, the AEPD concluded that the controller had violated Article 5(1)(f) GDPR, noting that although the GDPR does not demand270 KB (43,335 words) - 12:39, 13 December 2023
- IDPC (Malta) - CDP/COMP/429/2023 (category Article 2(2)(c) GDPR)that therefore the exemption under Article 2(2)(c) GDPR applied. Article 2(2)(c) GDPR states that the GDPR will not apply if the data is processed in the course19 KB (3,039 words) - 14:24, 21 February 2024
- in later cases): The GDPR was enacted on the basis of Article 16 TFEU in particular (see the preamble and recital 12 of the GDPR). However, the wording5 KB (720 words) - 09:07, 30 January 2024
- APD/GBA (Belgium) - 15/2021 (category Article 5(2) GDPR)morespecifically the articulation between article 15.4 of the GDPR and recital 63 of the GDPR, as well asbalancing the right to access and obtain data against85 KB (13,724 words) - 16:52, 12 December 2023
- NAIH (Hungary) - NAIH-2020/2204/8 (category Article 12(4) GDPR)pursuant to Article 12 (4) of the GDPR, hence the Customer’s request for access did not meet the requirements of the GDPR. III.1.2. The Customer's request60 KB (9,820 words) - 10:08, 17 November 2023
- CNIL (France) - SAN-2022-022 (category Article 12(3) GDPR)considers that, in accordance with the provisions of recital 63 of the GDPR and Article 15(4) of the GDPR, it is not obliged to respond to them if it would59 KB (9,623 words) - 17:03, 6 December 2023
- AEPD (Spain) - PS/00132/2022 (category Article 6(1) GDPR)website, Ms. A.A.A., herein the data controller, violated Article 6 GDPR and Article 13 GDPR, as well as Article 22.2 LSSI (Spanish national law). The data52 KB (8,416 words) - 12:59, 13 December 2023
- Court of Appeal of Brussels - 2020/AR/329 (category Article 57(1)(f) GDPR)77 GDPR equals the right to claim a full substantive investigation and a full substantive assessment by the supervisory authority? Article 57 GDPR provides48 KB (7,560 words) - 09:03, 20 August 2021
- FG Berlin-Brandenburg - 16 K 5148/20 (category Article 2(1) GDPR)interpretation of the GDPR. Second, the court argued with the drafting history of the GDPR which connects Article 15(3) GDPR to Article 20(1) GDPR, showing that45 KB (7,420 words) - 18:15, 12 March 2024
- APD/GBA (Belgium) - 188/2022 (category Article 38 GDPR)and (2) GDPR o Articles 5(1)(a) and 6 GDPR, o Articles 17 of the GDPR, Article 24(1) of the GDPR and Article 25(1) of the GDPR; and o Articles 38(1) and95 KB (14,325 words) - 14:27, 25 January 2023
- OVG Rheinland-Pfalz - 10 A 10302/21 (category Article 4(2) GDPR) (section Scope of Application of the GDPR not Opened)accordance with the GDPR (Art. 24(1) GDPR), that data protection principles such as data minimisation are effectively implemented (Art. 25(1) GDPR) and that a31 KB (4,797 words) - 10:46, 27 July 2021
- CJEU - C-33/22 - Österreichische Datenschutzbehörde (category Article 2(2)(a) GDPR)committee fall under national security as defined by Recital 16 GDPR, therefore, making Article 2(2)(a) GDPR applicable? 3) If question 2 is answered in the8 KB (1,127 words) - 08:53, 30 January 2024
- RvS - 201901006/1/A2 (category Article 79 GDPR)equivalence and effectiveness (see Manfredi judgment, paragraph 64). However, recital 146 in the preamble to the AVG must be taken into account when exercising34 KB (5,179 words) - 07:10, 7 April 2020
- Court of Appeal of Brussels - 2019/AR/1006 (category Article 16 GDPR)accordance with Article 4(1) GDPR, according to the DPA. The Court of Appeal of Brussels held that, in accordance with Article 16 GDPR, the data subject has the59 KB (9,290 words) - 09:10, 5 May 2024
- AEPD (Spain) - EXP202205820 (category Article 6 GDPR)article 4.1 of the GDPR, are a Personal data and its protection, therefore, is the subject of said Regulation. In the article 4.2 of the GDPR defines the concept61 KB (9,700 words) - 13:21, 13 December 2023
- VwGH - Ro 2021/04/0010 (category Article 4 GDPR)Art. 6 Para. 3 GDPR sets out the content requirements for an appropriate legal basis, which in connection with Recital 41 of the GDPR should be clear190 KB (30,999 words) - 10:00, 21 February 2024
- CNPD (Portugal) - Deliberação 2022/140 (category Article 5(1)(e) GDPR)5(1)(f) GDPR and a fine of €100,000 for the violation of Article 37 GDPR. The DPA issued a reprimand for the violations of Article 5(1)(e) GDPR and Article75 KB (12,306 words) - 10:02, 21 December 2022
- NAIH (Hungary) - NAIH-3734-15/2023 (category Article 38(2) GDPR)Based on Article 2 (1) of the GDPR, the GDPR must be applied to the data processing in this case. (31) Recital (47) GDPR: The data controller - including48 KB (7,721 words) - 11:09, 10 January 2024
- APD/GBA (Belgium) - 165/2023 (category Article 38(1) GDPR)2 of the GDPR, Article 24.1 of the GDPR, Article 25.1 of the GDPR and Articles 32.1 and 32.2 GDPR; 2. Articles 35.1, 35.2, 35.3 and 35.7 GDPR; and 3. Article67 KB (9,908 words) - 11:09, 10 January 2024
- BVwG - W252 2248630-1 (category Article 4(11) GDPR)grounds for processing according to Art 6 Para 1 GDPR (see Art 6 Para 1 lit a GDPR; as well as recital 43 GDPR). Only one (valid) consent is subsequently one28 KB (4,614 words) - 08:06, 4 August 2023
- DSB (Austria) - 2022-0.858.901 (category Article 6(1) GDPR)protection of their personal data (cf. Article 8 of the GDPR for the area of consent and Recital 38). Furthermore, continuous monitoring of minors in the19 KB (2,904 words) - 12:53, 17 April 2024
- DSB (Austria) - 2023-0.789.858 (category Article 12(3) GDPR)pieces of information (see also Recital 63 GDPR). In accordance with Article 15 Paragraph 3 GDPRArticle 15 Paragraph 3 GDPR, the controller provides a copy57 KB (9,442 words) - 08:55, 17 January 2024
- CJEU - C-205/21 - Ministerstvo na vatreshnite raboti (category Article 9 GDPR)Charter. 61 First, it should be noted that, in the light of recital 19 of the GDPR and recitals 9 to 12 of Directive 2016/680 and by virtue of Article 2(1)110 KB (18,000 words) - 08:01, 5 June 2023
- BVerfG - 1 BvR 276/17 (category Article 17 GDPR)under Union law at the time of the decision of the Higher Regional Court. 38 However, the first argument against this seems to be that these requirements127 KB (21,367 words) - 16:00, 22 March 2022
- DSB (Austria) - 2023-0.583.644 (category Article 5(1)(a) GDPR)101 and 102 TFEU (see Recital 150 GDPR) only applies to those within the meaning of Articles 101 and 102 TFEU (see Recital 150 GDPR). is relevant for the93 KB (15,554 words) - 10:04, 15 February 2024
- VwGH - Ro 2021/04/0010-11 (category Article 4(4) GDPR)Paragraph 3 GDPR specifies content requirements for an appropriate legal basis, which are clear and precise in the context of recital 41 of the GDPR and should144 KB (21,026 words) - 14:50, 27 March 2024
- Hoge Raad - ECLI:NL:PHR:2023:935 (category Article 5(1)(c) GDPR)wrongly relied on the GDPR to redact documents. In this judgment, the Supreme Court clarified the relationship between the GDPR and domestic evidentiary103 KB (17,620 words) - 10:13, 29 November 2023
- DSB (Austria) - 2023-0.637.760 (category Article 31 GDPR)the GDPR). The DSB is a supervisory authority within the meaning of Article 51 GDPR Article 51, GDPR (see also Section 18 Paragraph 1 DSG). The GDPR grants82 KB (13,593 words) - 11:03, 24 January 2024
- GHSHE (Netherlands) - 200.274.447 01 (category Article 5 GDPR)reinstate the employer for the violation of his data protection rights under the GDPR. Share your comments here! Share blogs or news articles here! The decision60 KB (10,118 words) - 15:12, 5 October 2021
- VG Hamburg - 21 K 1802/21 (category Article 4(1) GDPR)information required under Art. 14 GDPR. recital 60 The defendant requests Recital 61 reject the complaint. Recital 62 As justification, she repeats her115 KB (18,479 words) - 16:31, 25 January 2023
- AEPD (Spain) - PS/00059/2020 (category Article 28 GDPR)powers of the GDPR are linked to the application of the GDPR. National legislation may assign functions and powers inspired by the GDPR, but can also grant287 KB (48,336 words) - 13:53, 13 December 2023
- APD/GBA (Belgium) - 138/2022 (category Article 5(1)(a) GDPR)Article 2(2)(c) GDPR. When the cameras also record, as in this case, public or private spaces, this provisions doesn’t apply. Therefore, the GDPR was applicable43 KB (6,274 words) - 08:57, 29 June 2023
- EDPB - Binding Decision 5/2022 - 'Whatsapp' (category Article 4 GDPR)Adopted 13 GDPR for processing on foot of Article 6(1)(b) GDPR . The IE recalls the general requirement of transparencyunder Article5(a)GDPR 54,anditsp289 KB (33,568 words) - 15:00, 1 February 2023
- DSB (Austria) - 2023-0.603.142 (category Article 31 GDPR)Letter a GDPR). (Article 58 Paragraph One Litera a, GDPR). From this provision, taken together with Article 31 of the GDPR, Article 31 of the GDPR results76 KB (12,550 words) - 09:24, 28 February 2024
- EDPB - Binding Decision 1/2020 - 'Twitter' (category Article 4(24) GDPR)(Article 5(2) GDPR), of engagement of a processor (Article 28 GDPR), and in respect of the security of processing of personal data (Article 32 GDPR). However183 KB (30,819 words) - 09:50, 20 January 2023
- DSB (Austria) - 2020-0.759.615 (category Article 6(1)(f) GDPR)3 of Recital 51 GDPR, the DSB found that the pictures taken from the data subject did not constitute biometric data according to Article 9(1) GDPR because21 KB (3,259 words) - 15:52, 20 April 2022
- BVwG - W274 2246166-1 (category Article 12(3) GDPR)have a past infringement of the GDPR determined by the data protection authority since § 24(1) BDSG and Article 77(1) GDPR refer to “infringes” in the present42 KB (6,630 words) - 17:08, 2 February 2022
- CNIL (France) - SAN-2020-003 (category Article 5(1)(c) GDPR)activities of SPARTOO SAS did not comply with a series of GDPR provisions (art. 5§1(c), 5§1(e), 13, 32 GDPR). In that respect, CNIL imposed a fine of 250,000 euros61 KB (10,028 words) - 17:09, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9835095 (category Article 38 GDPR)time of the complaint. The DPA held this to be a violation of Article 38(6) GDPR because the officer was in a position of a conflict of interest. In this100 KB (16,086 words) - 17:05, 8 February 2023
- NAIH (Hungary) - NAIH-2020-2546-5 (category Article 5(1)(c) GDPR)to Article 2 (1) of the GDPR, the GDPR applies to the processing of data in the present case. The relevant provisions of the GDPR in the present case are72 KB (11,159 words) - 10:09, 17 November 2023
- CNPD (Luxembourg) - Délibération n° 47FR/2021 (category Article 5(1)(c) GDPR)01"). 21 See in particular Articles 5.1(a) and 12 of the GDPR, see also Recital (39) of the GDPR. _____________________________________________________________69 KB (11,315 words) - 13:30, 19 January 2022
- AEPD (Spain) - EXP202203617 (category Article 5(1)(c) GDPR)data without a legitimate basis, in breach of Article 6 GDPR. For the violation of Article 6 GDPR, the AEPD fined the controller €6,000. In order to determine74 KB (11,726 words) - 13:02, 13 December 2023
- APD/GBA (Belgium) - 33/2022 (category Article 5(1)(f) GDPR)24.1. of the GDPR] include the implementation of appropriate data protection policies by the data controller”. 29. Recital 74 of the GDPR adds that “it26 KB (4,116 words) - 15:36, 30 March 2022
- EDPB - Binding Decision 4/2022 - 'Meta (Instagram)' (category Article 4 GDPR)with GDPR transparencyobligations under Article 13(1)(c) GDPR involves a separateand different legalassessment tothatrequired in Article6(1)(b) GDPR.TheIE468 KB (51,340 words) - 14:10, 30 January 2023
- OLG Köln - 20 U 295/21 (category Article 4(1) GDPR)excessiveness of the request under Article 12(5) GDPR alleging that the data subject uses Article 15 GDPR only to verify the validity of the premium increases42 KB (6,689 words) - 08:30, 21 November 2022
- VG München - M 32 K 20.2879 (category Article 6(2) GDPR)half-sentence GDPR and Art. 86 GDPR. These regulations indicate a certain information accessibility of the GDPR. According to recital (EC) 154 to Art. 86 GDPR, the34 KB (5,661 words) - 13:40, 20 September 2021
- DPC (Ireland) - IN-19-7-6 (category Article 17 GDPR)from the GDPR under Article 2(2) of the GDPR. 165. Article 2(2) of the GDPR outlines certain types of processing of personal data to which the GDPR does not513 KB (85,155 words) - 13:25, 8 July 2023
- CNPD (Portugal) - Deliberação 2022/1072 (category Article 9(1) GDPR)therefore violated Articles 9(1) GDPR out of negligence. The DPA fined the controller €1,600,000 pursuant of Article 83(5)(a) GDPR and considered this a high163 KB (27,222 words) - 16:54, 6 December 2023
- AP (The Netherlands) - 24.02.2022 (category Article 13(1)(e) GDPR)applicants' rights. Consequently, the Ministry violated Article 32 GDPR and Article 24 GDPR. The DPA also found that visa applicants were insufficiently informed179 KB (22,957 words) - 17:07, 12 December 2023
- Datainspektionen - DI-2018-9274 (category Article 5(1)(b) GDPR)data in violation of the GDPR. The DPA also held that Google had processed personal data in violation of Articles 5(1)(b) and 6 GDPR by sending notifications96 KB (12,267 words) - 11:43, 7 April 2022
- VG Berlin - 1 K 391/20 (category Article 91(1) GDPR)also supported by Recital 128 GDPR. Therefore, the court found the independent nature of the church supervisory authorities to be GDPR-compliant. Second36 KB (5,768 words) - 14:17, 18 May 2022
- APD/GBA (Belgium) - 72/2021 (category Article 6(1)(e) GDPR)processing of their personal data (articles 5 and 6 of the GDPR and articles 12 to 14 of the GDPR), and on the other hand, the compliance of the response57 KB (8,330 words) - 11:53, 30 June 2021
- OLG Köln - 15 U 137/21 (category Article 15 GDPR)with the GDPR or whether it also covers damages arising from infringements of any provision of the GDPR. It pointed out that Article 82(1) GDPR refers to31 KB (5,138 words) - 08:10, 5 September 2022
- AEPD (Spain) - PS/00408/2020 (category Article 6(1) GDPR)such acts and uploaded the video to Instagram had infringed Article 6(1) GDPR, for processing personal data without a legitimate basis (namely without47 KB (7,616 words) - 14:35, 13 December 2023
- VG Neustadt an der Weinstraße - 3 L 763/22.NW (category Article 6(1)(e) GDPR)VwGO). Recital 64 The fact that the 2022 census collects and processes personal data within the meaning of Art. 4 No. 1 GDPR (Art. 4 No. 2 GDPR), which54 KB (8,511 words) - 09:03, 16 December 2022
- Datatilsynet (Norway) - 20/02136 (notification) (category Article 6(1) GDPR)Articles 57 and 58 GDPR. The NO DPA is the supervisory authority established in line with Article 51(1) GDPR to monitor the application of the GDPR on the territory77 KB (11,517 words) - 10:36, 22 October 2022
- AEPD (Spain) - EXP202206735 (category Article 6 GDPR)article 4.1 of the GDPR, is data personnel and their protection, therefore, is the subject of said Regulation. In article 4.2 of the GDPR defines the concept75 KB (12,421 words) - 13:23, 13 December 2023
- APD/GBA (Belgium) - 85/2022 (category Article 4(11) GDPR)and 7(1) GDPR; Articles 5, paragraph 2 and 24 GDPR; Articles 12, paragraph 1, j° 13 and 14 GDPR; Article 5(1)(e) GDPR; and Article 7(3) GDPR. - order the171 KB (24,826 words) - 15:55, 18 June 2022
- OGH - 6Ob19/23x (category Article 15(1)(c) GDPR)(5) GDPR regarding the exercise of the trade of the address method and direct marketing companies, which are within the borders of the GDPR (Recital Gr33 KB (4,912 words) - 13:56, 10 May 2023
- IMY (Sweden) - IMY-2022-695 (category Article 4(15) GDPR)personal data was automated. Thus Article 2(1) GDPR applies and the processing falls within the scope of the GDPR. The DPA assessed that a summons to one of43 KB (5,076 words) - 09:32, 21 November 2023
- ICO (UK) - Emailmovers Limited (category Article 4(7) GDPR)transparent manner in relation to the data subject": UK GDPR Art 5(1)(a). This provision is supplemented by Recital 39 which provides, relevantly: "Any processing29 KB (4,150 words) - 12:48, 3 August 2021
- CNIL (France) - SAN-2022-024 (category Article 3 GDPR)LinkedIn and Salesforce.com. The DPA held that the GDPR was not applicable according to Article 3 GDPR. The controller was a company based in the United30 KB (4,714 words) - 10:34, 4 January 2023
- as has been stated, it is considered that it is not of application of art 38.4.g of the LSSI to the extent that it is not being breached the art. 22 LSSI52 KB (7,564 words) - 12:41, 13 December 2023
- OLG Hamm - 11 U 88/22 (category Article 82 GDPR)2022, Art. 82 GDPR marginal number 14). With regard to recital 146 sentence 1 of the GDPR, however, processing must have violated the GDPR (Nemitz, in:85 KB (14,523 words) - 05:28, 26 April 2023
- OLG Stuttgart - 2 U 257/19 (category Article 13 GDPR)Court of Stuttgart points out that the absence of information of Article 13 GDPR constitutes an unfair trade-based action as understood by § 3 of the national52 KB (8,574 words) - 16:03, 10 March 2022
- DPC - C-19-X-XXX Ryanair DAC - November 2020 (category Article 4(22) GDPR)and (4) GDPR.” 32. Article 32 of the GDPR relates to the security of processing of personal data. More specifically, Article 32(1) of the GDPR states that35 KB (4,975 words) - 20:43, 5 May 2021
- VG Frankfurt am Main - 5 L1281/22.F (category Article 5(1)(f) GDPR)precautionary measure in accordance with Art. 21 GDPR and requested a suspension in accordance with Art. 18 GDPR. On August 25, 2020, he complained again about25 KB (3,840 words) - 13:34, 4 August 2022
- VG Regensburg - RN 9 K 19.1061 (category Article 2 GDPR)Article 77(1) GDPR and subsequently the right of judicial remedy against the supervisory authority under Article 78(1) GDPR. Article 79 (1) GDPR provides for94 KB (15,537 words) - 09:09, 25 August 2020
- DSB (Austria) - DSB-D213.1759 (category Article 5(1)(c) GDPR)out in Art. 5 GDPR and on the basis of one of the grounds for permission set out in Art. 6 GDPR. Article 6, Paragraph 1, Letter f, GDPR (legitimate interest72 KB (11,993 words) - 14:21, 10 April 2024
- AEPD (Spain) - PS/00388/2020 (category Article 7 GDPR)option. The AEPD also found that there had been a violation of Article 7 GDPR before the controller allowed the user to choose what specific processing52 KB (8,471 words) - 14:33, 13 December 2023
- APD/GBA (Belgium) - DOS-2019-05837 (category Article 5(1)(b) GDPR)on the merits 46/2024 - 10/16 reverted to Article 6.1. GDPR and recital 50 GDPR. In recital 50 GDPR8 is states that a separate legal basis is required for46 KB (7,313 words) - 23:42, 24 April 2024
- AEPD (Spain) - PS/00416/2019 (category Article 6 GDPR)data in the context of telephone jokes. Article 6 GDPR (legality of processing) and Articles 13 and 14 GDPR (transparency) were infringed. The decision is206 KB (32,869 words) - 14:36, 13 December 2023
- VG Ansbach - AN 14 K 20.00083 (category Article 6(1)(b) GDPR)Article 28 BayVwVfG (cf. also GDPR recital 129). As a remedial measure, the prohibition order is based on Art. 58 (2) GDPR. Since this is a prohibition36 KB (5,858 words) - 13:51, 16 May 2022
- Datatilsynet (Norway) - 21/03126 (category Article 33(1) GDPR)Article 4(16) GDPR." Consequently, the DPA concluded that the cooperation mechanism and procedure set out in Article 56(1) GDPR and Article 60 GDPR did not apply133 KB (19,309 words) - 05:16, 24 March 2023
- AEPD (Spain) - EXP202211953 (category Article 5(1)(a) GDPR)information under Article 13 GDPR, and for the processing of personal data in a manner contrary to Article 5(1)(a) of the GDPR. A data subject submitted a85 KB (13,042 words) - 12:42, 13 December 2023
- AEPD (Spain) - PS/00362/2021 (category Article 5(1)(f) GDPR)according to Article 5(1)(f) GDPR and the necessity to implement technical and organizational safeguards from Article 32 GDPR. Accordingly, only asking for31 KB (4,769 words) - 08:00, 8 September 2021
- BVwG - W245 2239715-1 (category Article 6 GDPR)6 (1) lit. f GDPR throughout. Other reasons (Art. 6 Para. 1 lit. a-e GDPR) were not shown by BF2 in the procedure. Art. 6 (1) (f) GDPR enables the processing62 KB (10,455 words) - 10:50, 7 September 2022
- IP (Slovenia) - 0611-182/2021/23 (category Article 5(1)(b) GDPR)surveillance, could be based on Article 6(1)(f) GDPR, and complied with Articles 3, 24 and 74 ZVOP-1 and Article 38 of the Slovenian Constitution. During the53 KB (8,251 words) - 08:30, 27 September 2023
- DSB (Austria) - 2020-0.436.002 (category Article 4(1) GDPR)the meaning of Article 4(4) GDPR. Taking into account recital 71 GDPR and WP 251 rev.01, the DSB emphasized that the GDPR differentiates between profiling28 KB (4,091 words) - 05:23, 14 August 2021
- APD/GBA (Belgium) - 172/2022 (category Article 6 GDPR)controller and processor in the GDPR”, adopted on July 7, 2021. 6 GDPR, Art. 12. 7GDPR, Art. 12.2 and 12.3. 8 GDPR, Art. 12.3. 9 GDPR, art. 12.3. Decision 172/202243 KB (6,300 words) - 11:35, 20 December 2022
- AEPD (Spain) - PS/00179/2020 (category Article 32(1) GDPR)established in article 5 of the GDPR. The security of personal data is regulated in articles 32, 33 and 34 of the GDPR. III The GDPR defines personal data security100 KB (16,401 words) - 14:07, 13 December 2023
- OLG München - 18 U 2822/19 Pre (category Article 4 GDPR)Protection Regulation (GDPR): The protection of the free movement of data within the European Union. Recital 10(f) of the GDPR emphasises that the rules59 KB (9,846 words) - 14:03, 20 September 2021
- Rb. Amsterdam - C/13/689705/HA RK 20-258 (category Article 15 GDPR)whether that data is correct and has been processed lawfully (see recital 63 GDPR ). The GDPR is the successor to the Personal Data Directive 7 , as implemented57 KB (9,498 words) - 20:42, 28 April 2021
- LAG Schleswig-Holstein - 6 Ta 49/22 (category Article 82(1) GDPR)of Article 82(1) GDPR has occurred, as a breach of the GDPR itself constitutes non-material damage. Recital 146, sentences 1 and 6 GDPR support this interpretation13 KB (1,981 words) - 10:19, 14 July 2022
- NAIH (Hungary) - NAIH – 6427-1/2023 (category Article 5(1)(b) GDPR)violation of Article 5(1)(e) GDPR and Article 32 GDPR, but the DPA dismissed its previous finding of the Article 5(1)(b) GDPR violation. The DPA found that87 KB (14,360 words) - 08:30, 27 September 2023
- OLG Hamm - 20 U 146/22 (category Article 12(5)(b) GDPR)of Article 4(1) GDPR. Nevertheless, in this case the controller had the right to disregard the request in light of Article 12(5)(b) GDPR, as the latter30 KB (4,784 words) - 08:39, 8 August 2023
- RvS - 201905087/1/A2 (category Article 6(1)(f) GDPR)violation of the GDPR by the local authorities considering the lack of prove of an actual damage caused by the lack of information under the GDPR. To be compensated33 KB (5,123 words) - 07:17, 15 September 2020
- Rb. Gelderland - C/05/391171 / HA RK 21-135 (category Article 5(1)(c) GDPR)and 21 GDPR. No unlawful processing by BKR so that Art. 17 para. 1 lit. d GDPR is not applicable. BKR filed an objection pursuant to art. 21 GDPR to consider56 KB (9,287 words) - 16:00, 26 January 2022
- CNIL (France) - SAN-2021-020 (category Article 28(3) GDPR) (section On the failure to comply with Article 28 GDPR)carry out an investigation of SLIMPAY's GDPR compliance. The DPA found out that SLIMPAY breached several GDPR provisions. The DPA noted that some of the56 KB (9,069 words) - 17:02, 6 December 2023
- Korkein hallinto-oikeus (Finland) - KHO:2024:34 (category Article 17(1) GDPR)not override the data subject's right to privacy. Pursuant to Article 17(1) GDPR, the data subject had requested Google LLC (the controller) to remove several60 KB (9,713 words) - 13:07, 26 March 2024
- VG Gelsenkirchen - 20 K 6392/18 (category Article 12(5) GDPR)Para. 5 GDPR were met in the present case. According to Art. 12 Para. 5 GDPR, the first-time provision of the information under Art. 15 Para. 3 GDPR had to98 KB (16,595 words) - 15:50, 17 March 2022
- AEPD (Spain) - PS/00140/2021 (category Article 5 GDPR)article 84.3 of the LGT, and the offenses typified in articles 38.3 c), d) and i) and 38.4 d), g) and h) of Law 34/2002, of July 11, on services of the28 KB (4,254 words) - 11:30, 16 June 2021
- APD/GBA (Belgium) - 57/2023 (category Article 5(1) GDPR)Article 13(1)(c) and (2)(a) of the GDPR. II.4. Article 5 GDPR, Article 24 (1) GDPR and Article 25 (1) and (2) GDPR II.4.1. Findings in the Inspection Report99 KB (15,129 words) - 09:21, 31 May 2023
- DSB (Austria) - 2021-0.285.169 (category Article 2(2)(c) GDPR) (section GDPR Does Not Apply Due to Exception of Article 2(2)(c) GDPR)of Article 4(15) GDPR. The DSB founds that the GDPR does not apply due to the household exception provided for in Article 2(2)(c) GDPR. Pursuant to Article31 KB (4,887 words) - 14:21, 21 July 2021
- RvS - 201902699/1/A2 (category Article 79 GDPR)infringement of GDPR can result in non-material damage and that a data subject must receive full and effective compensation of the damages under GDPR, do not mean37 KB (5,696 words) - 07:22, 7 April 2020
- ICO (UK) - Tempcover Ltd (category Article 4(11) GDPR)her”. 7. Recital 32 of the GDPR materially states that “When the processing has multiple purposes, consent should be given for all of them” . Recital 42 materially40 KB (5,684 words) - 18:42, 16 February 2022
- WSA w Warszawie - II SA/Wa 809/20 (category Article 4(14) GDPR)processing of personal data (recital 38 of the GDPR preamble). Moreover, referring to the wording of recitals 10 and 45 of the GDPR, the supervisory authority82 KB (13,213 words) - 12:13, 10 May 2021
- APD/GBA (Belgium) - 115/2022 (category Article 5(1)(c) GDPR)a basis of lawfulness own. Recital 50 of the GDPR 11 is explicit in this regard. These legal bases 9Recital 50 of the GDPR: [...] In order to establish42 KB (6,237 words) - 11:23, 5 August 2022
- her”. 7. Recital 32 of the GDPR materially states that “When the processing has multiple purposes, consent should be given for all of them”. Recital 42 materially39 KB (5,404 words) - 11:56, 21 September 2021
- APD/GBA (Belgium) - 49/2023 (category Article 6(1)(e) GDPR)Article 9(1) GDPR. Since Article 9 GDPR was not applicable, the DPA examined the lawfulness of the processing under Article 6(1)(e) GDPR which was put57 KB (8,705 words) - 11:48, 16 May 2023
- LG Hannover - 13 O 129/21 (category Article 82(1) GDPR)Article 82(1) GDPR, because the controller unlawfully disclosed the data to its customers. The court also held that under Article 82 GDPR the violation28 KB (4,506 words) - 11:20, 4 November 2022
- APD/GBA (Belgium) - 77/2023 (category Article 5(1)(a) GDPR)less severity depending on the effects 86 GDPR, art. 16 87 GDPR, art. 17.1.a 88 GDPR, art. 18.1.a 89 G.HAAS, GDPR legal guide: the regulations on the protection150 KB (22,339 words) - 09:50, 21 June 2023
- APD/GBA (Belgium) - 07/2024 (category Article 5(1)(c) GDPR)as well as Articles 25.1 and 25.2 GDPR; vi. Articles 30.1, 30.2, and 30.3 GDPR; vii. Article 38.1 and Article 39.1 GDPR. Finally, the Inspection Service350 KB (51,369 words) - 09:25, 31 January 2024
- APD/GBA (Belgium) - 14/2023 (category Article 5(1)(a) GDPR)and 6.1 GDPR) as well as the principle of minimization (article 5.1.c GDPR). II.1. Basis of lawfulness of processing (Article 5.1.a and 6.1 GDPR) 6. The33 KB (4,897 words) - 14:05, 1 March 2023
- AEPD (Spain) - EXP202301323 (category Article 7(3) GDPR)AEPD both the GDPR and the LSSI regulate the same situation. It considers the LSSI a lex specialis that is to be applied instead of the GDPR since the controller’s31 KB (4,748 words) - 15:41, 27 March 2024
- AEPD (Spain) - PS/00475/2021 (category Article 13 GDPR)Article 6 GDPR, nor of Article 8 GDPR. There was also no violation of Article 9 GDPR, since the exception for explicit consent from Article 9(2)(a) GDPR applied64 KB (10,187 words) - 14:26, 24 November 2022
- DSB (Austria) - DSB-D130.217 (category Article 3 GDPR)the territorial scope of the GDPR (Article 3 GDPR) as it was based exclusively in the USA and under US law, and thus the GDPR is not applicable. It also77 KB (12,447 words) - 08:22, 4 April 2024
- APD/GBA (Belgium) - 57/2021 (category Article 5(1)(a) GDPR)c) GDPR in conjunction with Article 5.1 a) GDPR and Article 5.2 GDPR. - Violation of article 13.1 d) GDPR in conjunction with article 5.1 a) GDPR and99 KB (15,064 words) - 14:05, 2 June 2021
- ICO (UK) - Royal Mail Group Limited (category Article 4(11) GDPR). 7. Recital 32 of the GDPR materially states that “When the processing has multiple purposes, consent should be given for all of them” . Recital 42 materially41 KB (5,879 words) - 12:39, 23 March 2022
- PHR - 22/01253 (category Article 15 GDPR)corresponding interest can be found in the GDPR. Notably, the PG referenced Recital 52 and Article 9 GDPR. Recital 52 GDPR states that a derogation from the prohibition241 KB (42,617 words) - 14:14, 13 September 2022
- CNPD (Portugal) - Deliberaçao 2024/137 (category Article 5(1)(a) GDPR)physical reality and in a digital environment. 84. In short, as recital 38 of the GDPR states, "children deserve special protection with regard to their49 KB (7,923 words) - 14:36, 3 April 2024
- NAIH (Hungary) - NAIH-7058-5/2022 (category Article 6(1) GDPR)to be unlawful. The processing violated Article 7(2) GDPR, Article 7(4) GDPR and Article 6(1)(a) GDPR. The controller was fined 2,000,000 HUF (approx. €566 KB (10,499 words) - 08:55, 10 February 2023
- AEPD (Spain) - PS/00281/2022 (category Article 4(1) GDPR)12/05/2015 18:38:10 INSTALLATION IN TESTS 12/05/2015 18:38:10 INSTALLATION UNDER TESTS FOR MAINTENANCE - ***NUMBER.1 BY TECHN 05/12/2015 18:38:10 000:08:00313 KB (53,033 words) - 10:20, 7 June 2023
- APD/GBA (Belgium) - 39/2020 (category Article 5(1)(f) GDPR)addition to submitted the 2012 electoral roll, according to his own statements. 38. On the basis of the factual elements of the case and the defendant's statements62 KB (10,509 words) - 16:58, 12 December 2023
- AG Pfaffenhofen a. d. Ilm - 2 C 133/21 (category Article 6(1)(a) GDPR)Letter f GDPR. It is true that the processing of personal data for direct mail can also represent a legitimate interest according to recital 47 GDPR. However28 KB (4,447 words) - 16:37, 13 January 2022
- HDPA (Greece) - 9/2024 (category Article 5(1)(a) GDPR)specifically regulated in Law 3471/2006, the GDPR applies (see also article 95 GDPR as well as the recital under No. 173, as well as Opinion 5/2019 of the102 KB (17,186 words) - 13:46, 26 April 2024
- UOOU (Czech Republic) - UOOU-01025/20-121 (category Article 5 GDPR)basis under Article 6(1) GDPR and in violation of transparency obligations in the privacy policy under Article 5(1)(a) and 13 GDPR. The DPA in the first instance246 KB (39,598 words) - 09:26, 24 April 2024
- Administrative Court Stockholm - Mål nr 1930-23 (category Article 32(1) GDPR)incur major costs of implementation which under Article 32(2) GDPR makes a breach of 32(1) GDPR more likely. Despite the fact that not all data was classified79 KB (9,390 words) - 09:30, 27 November 2023
- LAG Düsseldorf - 12 Sa 18/23 (category Article 82 GDPR)permissible in accordance with Art. 88 GDPR in conjunction with Section 26 BDSG, the violation of the GDPR required for Art. 82 GDPR was already lacking. There is102 KB (17,108 words) - 09:44, 15 February 2024
- her”. 8. Recital 32 of the GDPR materially states that “When the processing has multiple purposes, consent should be given for all of them”. Recital 43 materially32 KB (5,066 words) - 09:04, 14 February 2022
- Court of Appeal - (2021) IECA 53 (category Article 4(11) GDPR)to the properties, defending the baseless claims of B. as well as A". GDPR' Recital 111 provides that provisions should be made where the transfer is occasional136 KB (23,256 words) - 13:47, 29 April 2021
- VwGH - 2021/04/0030-4 (category Article 5 GDPR)regard to the modalities in Article 12 GDPR. Recital 58 of the GDPR states that information under Article 14 GDPR can be provided in electronic form, for92 KB (15,327 words) - 12:22, 8 May 2024
- BVwG - W256 2235360-1 (category Article 4 GDPR)Constitutional Court on the legal situation before the GDPR. Recital 41, second sentence, of the GDPR also states that a corresponding legal basis must be67 KB (10,431 words) - 08:39, 21 February 2024
- VwGH - Ro 2020/04/0031-9 (category Article 6(1)(f) GDPR)1 lit. c GDPR. It cannot be deduced from Section 256 IO that Insolvency data (at all) also based on other permitted circumstances Art. 6 GDPR may no longer74 KB (10,458 words) - 14:49, 27 March 2024
- NAIH (Hungary) - NAIH-1855-4/2022 (category Article 5(2) GDPR)Regulation (GDPR), when and in what form and with what content it informed the data subjects of the personal data breach, in accordance with Article 34 GDPR. B)50 KB (7,405 words) - 13:58, 28 November 2022
- ICO - Monetary Penalty on Marriott International Inc. (category Article 5(1)(f) GDPR)data and on the free movement of such data. 3 Recital 3. 4 Recital 5. § Recital 7. 7 See, i particular, Recitals 11, 148, 150, and Article 5, Chapter IV and241 KB (31,368 words) - 09:59, 9 May 2022
- LG Frankfurt am Main - 2-24 O 156/21 (category Article 6(1)(b) GDPR)under Article 80(1) GDPR and Article 80(2) GDPR. Also, the court clarified, making reference to CJEU case C-319/20, that Article 80(2) GDPR does not presuppose70 KB (11,309 words) - 14:37, 21 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 2245/163/2019 (category Article 5(1)(c) GDPR)25 GDPR. In accordance with Article 58(2)(d) GDPR, the DPA ordered the controller to bring its processing operations into compliance with the GDPR. Hence20 KB (3,195 words) - 15:22, 2 March 2022
- AEPD (Spain) - PS/00214/2022 (category Article 6(1) GDPR)of contract (Article 6(1)(b) GDPR), legal obligation (Article 6(1)(c) GDPR) and legitimate interest (Article 6(1)(f) GDPR) and determined that the controller131 KB (20,916 words) - 12:38, 13 December 2023
- APD/GBA (Belgium) - 149/2023 (category Article 5(1)(a) GDPR)of the GDPR – (article 13.1. c) of the GDPR) and does not mention the data retention periods personal data processed (article 13.2. a) of the GDPR more precisely);113 KB (17,325 words) - 08:50, 19 March 2024
- APD/GBA (Belgium) - 66/2021 (category Article 4(3) GDPR)points out that the term “personal data”, as explained in Article 4.1 GDPR, Recital 26 GDPR as well as Group Opinion 4/2007 Data protection and the case law88 KB (13,010 words) - 20:12, 30 December 2021
- VG Berlin - 1 K 561/21 (category Article 4(1) GDPR)17(3)(b) GDPR nor on Article 18(1)(c) GDPR in order to prevent the automatic deletion of the recordings, as the right to access under Article 15 GDPR is not57 KB (9,204 words) - 10:55, 23 November 2023
- APD/GBA (Belgium) - 124/2021 (category Article 6(3) GDPR)the obligations imposed by Article 37(5) and (7) of the GDPR and Article 38, paragraph 1 of the GDPR has not been complied with. (designation of the data38 KB (5,625 words) - 10:37, 7 December 2021
- GHAMS - 200.295.747/01 (category Article 15(1)(h) GDPR)personal data Article 20 For data falling within the right to data portability (GDPR, art 20), which includes all data I have provided and which have been indirectly80 KB (13,304 words) - 13:05, 12 April 2023
- CPDP (Bulgaria) - PNN-01-33/2022 (category Article 32 GDPR)information about his state of health' (Article 4(15) of the GDPR). According to Recital 35 of the GDPR, personal data concerning the health of a data subject71 KB (11,948 words) - 17:01, 8 February 2023
- Tietosuojavaltuutetun toimisto (Finland) - 1150/161/2021 (category Article 1(2) GDPR)that the firm had violated Articles 33(1) GDPR (notification of data breaches to the DPA) and Article 34(1) GDPR (communication of data breaches to data153 KB (24,570 words) - 15:11, 26 March 2024
- OGH - 6Ob87/21v (category Article 5(1)(c) GDPR)violation of Article 5(1)(c)(e) GDPR and a prevailing legitimate interest of the defendant according to Article 6(f) GDPR. It must be noted that the judgment38 KB (6,129 words) - 10:12, 10 September 2021
- NAIH (Hungary) - NAIH-2501-10/2022 (category Article 5(1)(a) GDPR)required under Article 13 GDPR, as well as the fact of data transfer abroad, were completely missing. The DPA stated that Article 13 GDPR only provides the bare90 KB (14,299 words) - 13:52, 2 February 2023
- NAIH (Hungary) - NAIH-4447-6/2021 (category Article 5(1)(c) GDPR)the mayoral office of a district in Budapest under Article 17(1)(d) of the GDPR. Previously, the data subject registered to ask a question from the elected88 KB (14,152 words) - 10:07, 28 September 2021
- APD/GBA (Belgium) - 11/2022 (category Article 4(1) GDPR)communications using the GDPR, specifically on the basis of Article 4.11, Article 6.1.a GDPR (consent requirement) and Article 13 GDPR (information to be provided)92 KB (13,989 words) - 14:56, 3 February 2022
- Rb. Amsterdam - C/13/687315 / HA RK 20-207 (category Article 4(1) GDPR)pursuant to article 46 GDPR Uber (iv) the existence of automated decision-making, including those laid down in Articles 22(1) and 22(4) GDPR (at least meaningful82 KB (14,053 words) - 16:25, 25 March 2021
- OGH - 6Ob56/21k (category Article 2(2)(c) GDPR)member states is superimposed (see Recital 146 S 4 and 5 on the GDPR; cf. also Frenzel in Paal / Pauly, GDPR-BDSG3 Art 82 GDPR margin no.1; Wybitul / Haß / Albrecht127 KB (21,056 words) - 08:17, 19 August 2021
- AEPD (Spain) - PS/00477/2019 (category Article 6 GDPR)with the requirements of Articles 13 and 14 of the GDPR? In relation to Article 13 and 14 of the GDPR, the AEPD held that the information CaixaBank provided566 KB (93,179 words) - 13:43, 13 December 2023
- VGH München - 5 BV 20.2104 (category Article 2(2)(d) GDPR)the GDPR pursuant to Article 2(2)(d). Article 79 GDPR does not explicitly limit judicial remedies to the rights enshrined in Chapter III of the GDPR. Following61 KB (10,218 words) - 12:31, 13 June 2023
- FG München - 15 K 118/20 (category Article 4(7) GDPR)Article 15(1) GDPR. The data subject was not entitled to further disclosure. On the applicability of the GDPR: The court determined that the GDPR and the data85 KB (14,338 words) - 22:04, 9 February 2022
- APD/GBA (Belgium) - 137/2023 (category Article 12(1) GDPR)under Article 12(1) GDPR and Article 14 GDPR, as the controller had failed to fulfill the informational obligations under Article 14 GDPR. The municipality52 KB (7,789 words) - 11:38, 11 October 2023
- BVwG - W256 2227693-1 (category Article 6(1)(a) GDPR)processing in accordance with Article 6 (4) GDPR. The legal basis of Article 6 (1) (f) GDPR and Article 6 (4) GDPR are out of the question because it contradicts51 KB (8,327 words) - 14:04, 14 December 2023
- BAG - 2 AZR 296/22 (category Article 17(1)(d) GDPR)17(1)(d) GDPR, personal data shall be deleted when they were unlawfully processed – in this case ‘collected’. However, Article 17(3)(e) GDPR provides for49 KB (8,060 words) - 13:00, 5 September 2023
- ICO (UK) - The Money Hive Limited (category Article 4(11) GDPR)her". 7. Recital 32 of the GDPR materiallstates that "When the processing has multiple purposes, consent should be given for all of them". Recital 42 materiallyprovides63 KB (8,280 words) - 14:53, 2 March 2022
- BVerwG - 6 C 7.20 (category Article 5(1)(d) GDPR)Administrative Court's application of Article 16 GDPR. The Administrative Court had correctly assumed that, while Article 16 GDPR was applicable, it could not be established64 KB (10,816 words) - 15:44, 22 June 2022
- VG Schwerin - 1 A 1254/20 SN (category Article 4(7) GDPR)Article 78(1) of the GDPR in conjunction with Article 57 of the GDPR. Article 57 of the GDPR. The scope of Article 57 of the GDPR is indeed open. Pursuant37 KB (6,156 words) - 10:12, 26 May 2021
- OVG Münster - 16 A 1582/21 (category Article 12(5) GDPR) (section Applicability of Articles 15(3)(1), 12(5)(1) GDPR)12(5)(1) GDPR apply. However, it leaves open whether the material scope of application of the GDPR is opened or not opened due to Article 2(2)(a) GDPR. In any123 KB (20,784 words) - 10:11, 26 November 2021
- BVwG - W274 2251055-1/5E (category Article 6(1)(f) GDPR)demonstrate compliance (“accountability”).” Art. 6 GDPR: Article 6, GDPR: According to Article 6 Paragraph 1 of the GDPR, processing is only lawful if at least one137 KB (21,991 words) - 12:01, 20 September 2023
- APD/GBA (Belgium) - 74/2020 (category Article 6(1)(f) GDPR)point b) GDPR and Article 100, §1, 5 ° WOG to be reprimanded for the infringement of Article 25 (1) GDPR; b. on the basis of Article 83 GDPR and Articles82 KB (12,100 words) - 17:01, 12 December 2023
- Commissioner (Cyprus) - 11.17.001.010.045 (category Article 5(1)(c) GDPR)publication was in violation of Article 5(1)(c) GDPR, Article 6(1)(f) GDPR, when read in line with Article 85 GDPR. Article 5(1)(c) outlines the principle of74 KB (12,375 words) - 10:07, 4 October 2023
- Garante per la protezione dei dati personali (Italy) - 9977020 (category Article 5(1)(a) GDPR)valid legal basis in line with Article 6(1)(e) GDPR, Article 6(2) and (3) GDPR nor with Article 9(2)(g) GDPR. Making reference to case law of the CJEU and315 KB (49,768 words) - 14:24, 8 February 2024
- UODO (Poland) - DKN.5130.3114.2020 (category Article 24(1) GDPR)initiation of administrative proceedings, he referred to recital 87 of Regulation 2016/679 and not to recital 85 of Regulation 2016/679, as indicated by the Company105 KB (16,833 words) - 13:48, 15 November 2021
- LG Köln - 28 O 328/21 (category Article 5(1)(f) GDPR)the defendant violated its obligation under Art. 32 GDPR and Art. 5 GDPR. According to Art. 32 GDPR, the person responsible and the processor have appropriate27 KB (4,134 words) - 09:28, 5 July 2022
- APD/GBA (Belgium) - 39/2024 (category Article 80(1) GDPR)company incorporated by French law, thus breaching Article 80(1) GDPR. Article 80(1) GDPR states that the data subject has the right to mandate (i) a non-for-profit32 KB (4,640 words) - 14:07, 6 March 2024
- Datatilsynet (Denmark) - 2021-31-4871 (category Article 6(1)(a) GDPR)lawful pursuant to Articles 6(1)(a) GDPR and 4(11) GDPR. Therefore, the controller violated Articles 5(2) and 5(1)(a) GDPR. The DPA ordered the controller29 KB (4,447 words) - 16:32, 3 November 2023
- CNPD (Luxembourg) - Délibération n°16FR/2021 (category Article 5(1)(c) GDPR)over 14See in particular Articles 5.1.a) and 12 of the GDPR, see also recital (39) of the GDPR. _____________________________________________________________51 KB (7,338 words) - 11:33, 16 June 2021
- Garante per la protezione dei dati personali (Italy) - 9864063 (category Article 5(1)(b) GDPR)in breach of Articles 5(1)(a) and 6 GDPR. Finally, the Italian DPA found a violation of Article 25(1) and (2) GDPR because the controller had not adopted152 KB (24,743 words) - 14:39, 21 March 2023
- NAIH (Hungary) - NAIH-4177-………./2021 (category Article 2(2)(c) GDPR)6 of Regulation (EU) 2016/679 (hereinafter: GDPR) repealing Directive And Article 13 (1) to (2) of the GDPR. II. The Authority instructs the Applicants43 KB (6,928 words) - 09:36, 26 November 2021
- Garante per la protezione dei dati personali (Italy) - 9993548 (category Article 5(1)(f) GDPR)integrity outlined in Article 5(1)(f) GDPR and Article 32 GDPR. Moreover, the DPA found that relying on Article 6(1)(f) GDPR as legal basis for processing notaries'42 KB (6,554 words) - 12:35, 27 March 2024
- ICO (UK) - LTH Holdings Limited (category Article 4(11) GDPR)10. Recital 32 of the GDPR materially states that "When the processing has multiple purposes, consent should be given for all of them". Recital 42 materially54 KB (6,922 words) - 11:45, 16 June 2021
- NAIH (Hungary) - NAIH-175-12/2022 (category Article 5(1)(b) GDPR)special category of personal data under Article 9(1) GDPR, explicit consent (Article 9(2)(a) GDPR) would have been necessary for part of the processing112 KB (17,918 words) - 08:55, 24 March 2022
- VG Karlsruhe - 7 K 2578/22 (category Article 15(1) GDPR)data within the meaning of Article 4(1) GDPR and thus cannot be object of an access request under Article 15(3) GDPR. Making reference to CJEU case C-434/1683 KB (13,935 words) - 10:24, 17 January 2024
- OLG Koblenz - 5 U 2141/21 (category Article 82 GDPR)Article 81 of the GDPR, but not the actually relevant Article 82 of the GDPR. The claims asserted in the counterclaim under Article 82 of the GDPR were confirmed81 KB (13,639 words) - 18:14, 7 June 2022
- OGH - 6Ob129/21w (category Article 4(1) GDPR)85 GDPR, so that Chapter II (including Art 6 GDPR) to VII and IX of the GDPR do not apply. The regulation of § 9 DSG, which is based on Art 85 GDPR, is60 KB (9,555 words) - 14:13, 2 March 2022
- Rb. Zeeland-West-Brabant - C/02/387229 (category Article 32 GDPR)pursuant to Recital 146. Furthermore, the importance of control over personal data and enforcement of the violated rule follows from the GDPR. The Court55 KB (9,226 words) - 08:11, 6 October 2022
- AEPD (Spain) - PS/00112/2020 (category Article 13 GDPR)infringement of Article 13 GDPR is considered a very serious breach and could be fined with the amounts established in Article 83(5) GDPR, in this case, the AEPD29 KB (4,402 words) - 14:00, 13 December 2023
- LG Magdeburg - 9 O 1571/20 (category Article 6(1) GDPR)Article 82 (1) and (2) GDPR, any person who has suffered material or non-material damage as a result of a violation of the GDPR is entitled to compensation27 KB (4,216 words) - 13:26, 8 January 2024
- CNPD (Luxembourg) - Délibération n°24FR/2021 (category Article 5(1)(c) GDPR)01"). 14 See in particular Articles 5.1.a) and 12 of the GDPR, see also recital (39) of the GDPR. _____________________________________________________________58 KB (8,226 words) - 07:35, 22 July 2021
- OGH - 6Ob48/21h (category Article 80 GDPR)infringement of Article 22 GDPR in connection with consumer credit ratings could in fact allow the association to take legal action under the GDPR. The court decided50 KB (8,140 words) - 12:09, 1 October 2021
- ICO (UK) - AMEX (category Article 4(11) GDPR)that is not necessary for the performance of that contract." 8. Recital 43 of the GDPR states: "Consent is presumed not to be freely given ... if the performance72 KB (8,623 words) - 10:38, 26 May 2021
- NAIH (Hungary) - NAIH-5114-35/2022 (category Article 5(1)(e) GDPR)interest. Based on Article 2 (1) of the GDPR, the GDPR must be applied to the data management in this case. GDPR Article 4, point 1: "personal data": for146 KB (22,679 words) - 15:52, 3 May 2023
- regarding Article 6(1) GDPR and consent requirements regulated previously to GDPR. The fact that the infringements related to Article 25 GDPR did not include440 KB (73,154 words) - 09:44, 12 May 2021
- CNIL (France) - SAN-2020-013 (category Article 6 GDPR)only investigating GDPR infringements but also breaches of the Directive ePrivacy, transcribed into French law. It reminded that GDPR and ePrivacy each82 KB (13,424 words) - 17:10, 6 December 2023
- FG München - 15 K 1212/19 (category Article 2(2)(d) GDPR)whether Art. 15 GDPR applies to the investigation files at all, since according to Art. 2 Para. 2 d GDPR, Section 2a Para. 4 AO, the GDPR does not apply98 KB (16,511 words) - 08:37, 9 May 2022
- LG Köln - 28 O 221/21 (category Article 6(1)(f) GDPR)under Article 17(1)(a), (c) or (d) GDPR, because the controller was processing the data lawfully under Article 6(1)(f) GDPR and the processing was still necessary30 KB (4,765 words) - 14:30, 29 June 2022
- VG Mainz - 1 K 473/19.MZ (category Article 15(1) GDPR)Informationsfreiheit Rheinland-Pfalz – LFDI). He had made requests under Art 15 GDPR to a number of regional public authorities - several courts, attorney general’s31 KB (4,898 words) - 11:49, 19 April 2021
- Datatilsynet (Denmark) - 2021-31-5553 (category Article 5(1)(a) GDPR)6(1)(a) GDPR and 4(11) GDPR and did therefore violate Articles 5(2) and 5(1)(a) GDPR. The DPA ordered the controller pursuant to Article 58(2)(d) GDPR to ensure32 KB (4,997 words) - 14:09, 22 February 2023
- APD/GBA (Belgium) - 149/2022 (category Article 5(1)(b) GDPR)Article 5(1)(a) GDPR and Article 6(1) GDPR The DPA held that the controller did not violate Article 5(1)(a) GDPR and Article 6(1) GDPR. The DPA stated89 KB (13,017 words) - 15:07, 2 November 2022
- Datatilsynet (Norway) - 0/02422 (category Article 5(1)(e) GDPR)Article 12(3) GDPR and Article 15 GDPR due to a failure to respond to an access request that was submitted around a month after the GDPR became applicable162 KB (24,007 words) - 19:41, 15 February 2023
- UODO (Poland) - DKN.5112.5.2021 (category Article 5(1)(a) GDPR)with GDPR provisions, this includes obtaining proof of consent in line with Article 7(1) GDPR. Especially in the context of Article 9(2)(a) GDPR, the explicit82 KB (13,363 words) - 14:11, 18 January 2023
- VG Köln - 6 K 3228/19 (category Article 6(1)(f) GDPR)found that GDPR does not prevent the claimant from exercising their basic right. In this regard the court referred to Article 6(1)(f) GDPR to highlight68 KB (11,146 words) - 17:16, 9 March 2022
- AEPD (Spain) - PS/00368/2021 (category Article 6(1) GDPR)required by Article 13 GDPR. Furthermore, the AEPD, highlighted that the RFEF did not provide the information required by Article 13(3) GDPR about further processing246 KB (41,139 words) - 14:25, 24 November 2022
- Datatilsynet (Norway) - 20/01772 (category Article 6(1)(c) GDPR)with Article 17(1)(d) GDPR, the controller was obliged to delete data processed unlawfully, unless the exception of Article 17(3) GDPR (fulfillment of a task53 KB (7,945 words) - 10:46, 24 January 2023
- CNPD (Luxembourg) - Délibération n° 11FR/2021 (category Article 5(1)(e) GDPR)the GDPR (see statement of objections, page 2, Ad.A.1.). 11See in particular articles 5,1, a) and 12 of the GDPR, see also recital (39) of the GDPR. 1260 KB (8,610 words) - 11:12, 16 June 2021
- AEPD (Spain) - EXP202204501 (category Article 5(1)(f) GDPR)access to said data.” III Violation of article 5.1 f) of the GDPR Article 5.1.f) of the GDPR, Principles relating to processing, states the following: "157 KB (8,604 words) - 15:40, 20 March 2024
- First-tier Tribunal - Clearview AI Inc. v ICO (category Article 3(2)(b) GDPR)persuasive weight. 82. Recital 24 of the GDPR is relevant to the construction of Article 3(2)(b) GDPR and Article 3(2)(b) UK GDPR, this reads as follows:99 KB (16,103 words) - 08:41, 25 October 2023
- DPC (Ireland) - WhatsApp Ireland Limited - IN-18-12-2 (category Article 4(1) GDPR) (section WhatsApp’s transparency obligations in the context of non-users under Articles 14 and 12(1) GDPR)4(1) of the GDPR. I further note that the text of the accompanying recital (Recital 26 of the Directive) is very similar to the text of Recital 26 of the830 KB (115,261 words) - 15:37, 22 February 2022
- AP (The Netherlands) - Decision of 11 December 2023 imposing administrative fine on Uber (category Article 12(1) GDPR)rights within the meaning of Article 12, second member, GDPR. In accordance with recital 59 of the GDPR, arrangements must be in place to to enable the data80 KB (11,628 words) - 11:41, 23 February 2024
- Tietosuojavaltuutetun toimisto (Finland) - 5618/163/20 (category Article 5(1)(a) GDPR)5(1)(a) GDPR), the principle of data minimisation (Article 5(1)(c) GDPR) and the principle of integrity and confidentiality (Article 5(1)(f) GDPR) when making34 KB (5,187 words) - 07:49, 13 July 2023
- VGH München - BeckRS 2021, 36742 (category Article 9(2)(i) GDPR)9(2)(i) GDPR could not be applied in the present case. Rejecting the application, the Higher Administrative Court of Bavaria held that Art. 9(2)(i) GDPR applies33 KB (5,353 words) - 12:40, 26 January 2022
- APD/GBA (Belgium) - 101/2022 (category Article 5(1)(f) GDPR)proactive measures in accordance with Article 5.2 GDPR in order to ensure compliance with the provisions of the GDPR -including the above under 1 measures mentioned88 KB (13,264 words) - 09:09, 29 June 2022
- AEPD (Spain) - PS/00261/2020 (category Article 5(1)(c) GDPR)publication and the entry into force of the GDPR, and that therefore the controller had violated Article 12 GDPR, by not fulfilling their information obligations54 KB (8,837 words) - 13:34, 16 June 2021
- EDPB - Urgent Binding Decision 01/2023 (category Article 6(1)(f) GDPR)6(1)(f) GDPR, Recital 47 GDPR and the CJEU’s settled case-law 171, three cumulative conditions must be met to be able to rely on Article 6(1)(f) GDPR, ‘namely346 KB (48,181 words) - 16:39, 12 December 2023
- APD/GBA (Belgium) - 46/2022 (category Article 5(1)(a) GDPR)17 of the GDPR), the right to restriction (Article 18 GDPR), as well as the right of opposition (Article 21 GDPR) 91. Article 17 of the GDPR states: 186 KB (12,864 words) - 06:37, 23 February 2023
- OLG Köln - 15 U 108/23 (category Article 82 GDPR)several GDPR violations by the controller, and went on to assess whether they could give rise to the award of immaterial damages under Article 82 GDPR also81 KB (13,415 words) - 09:47, 15 February 2024
- AEPD (Spain) - EXP202210101 (category Article 6(1) GDPR)83.5.a) of the aforementioned Regulation 2016/679. In this sense, Recital 40 of the GDPR states: “(40) For the processing to be lawful, personal data must85 KB (13,823 words) - 12:51, 3 April 2024
- DPC - Health Service Executive - August 2020 (IN-19-9-1) (category Article 5(1)(f) GDPR)the Inquiry 2.1 The GDPR is the legal regime covering the processing of personal data in the European Union. As a regulation, the GDPR is directly applicable142 KB (23,134 words) - 15:51, 19 July 2021
- VfGH - G 287/2022-16, G 288/2022-14 (category Article 85 GDPR)Reference to Art. 79 GDPR does not justify any jurisdiction, since Art. 79 GDPR (like Art. 77 GDPR) only refers to violations of the GDPR but not on national202 KB (29,013 words) - 13:35, 12 January 2023
- VwGH - Ro 2019/04/0229 (category Article 4(7) GDPR)VwGH, this is because the fines under the GDPR and the BWG are "real administrative penalties" (see recital 150 GDPR), whereas the fines imposed by the European59 KB (8,848 words) - 12:41, 16 September 2021
- APD/GBA (Belgium) - 60/2023 (category Article 5(1)(a) GDPR)6(1) of the GDPR; Decision on the substance 60/2023 – 3/13 2. a breach of Article 5(2), Article 24(1) and Article 25(1) and (2) of the GDPR; and 3. an infringement39 KB (5,541 words) - 08:17, 6 June 2023
- BGH - I ZR 7/16 (category Article 4(11) GDPR)of 1 February 2020], Art. 4 GDPR marginal no. 125; Buchner/Kühling in Kühling/Buchner, DS-GVO BDSG, 2nd edition, Art. 4 GDPR marginal no. 8). In substance52 KB (8,575 words) - 15:55, 22 March 2022
- VG Wiesbaden - 6 L 738/21.WI (category Article 4(7) GDPR)to Art. 79 GDPR, is not an exhaustive list of further available remedies. This also does not follow from recitals 9, 11 and 13 of the GDPR, which speak35 KB (5,925 words) - 09:07, 22 December 2021
- Datatilsynet (Norway) - 21/02293 (category Article 6(1) GDPR)6(1)(f) GDPR, issued a €20,000 fine and ordered them to implement internal controls of their credit rating process in line with Article 24 GDPR. Despite39 KB (5,691 words) - 08:12, 14 September 2022
- CNPD (Luxembourg) - Délibération n° 17FR/2021 (category Article 5(1)(c) GDPR)fines as provided for in Article 83 of the GDPR, except against state or municipalities. 38. Article 83 of the GDPR provides that each supervisory authority44 KB (6,212 words) - 08:28, 16 June 2021
- APD/GBA (Belgium) - 104/2022 (category Article 17(1)(c) GDPR)defendant complies with the GDPR violated by refusing to comply with the request for anonymization in accordance with Article 17.1.c) GDPR of the complainant.39 KB (5,774 words) - 15:31, 29 June 2022
- EWCA - Soriano v Forensic News LLC & Ors (category Article 3(1) GDPR)Article 4(1)(a) of the GDPR's predecessor, the Data Protection Directive 95/46 ("the Directive"). And Recital (22) to the GDPR contains relevant wording122 KB (20,830 words) - 10:42, 12 January 2022
- regarding Article 6(1) GDPR and consent requirements regulated previously to GDPR. The fact that the infringements related to Article 25 GDPR did not include457 KB (75,575 words) - 09:36, 12 May 2021
- NAIH (Hungary) - NAIH-2857-20/2021 (category Article 5(1) GDPR)satisfaction surveys, because the necessary prerequisites explained in Recital (47) of the GDPR regarding reasonable expectations and other guarantees have not79 KB (12,495 words) - 11:03, 21 January 2022
- VG Cottbus - VG 4 K 1191/19 (category Article 4(2) GDPR)done using a water meter and its readout. Article 12(5) GDPR in conjunction with Article 18(1)(d) GDPR does not prevent the charging of an administrative fee75 KB (12,396 words) - 12:11, 30 March 2022
- CNIL (France) - SAN-2023-024 (category Article 6(1) GDPR)in directive 95/46/EC, which was replaced by the GDPR. 90. Thus, since the entry into force of the GDPR, the "consent" provided for in the aforementioned76 KB (12,140 words) - 13:55, 28 February 2024
- CNIL (France) - Deliberation SAN-2022-024 of December 20, 2022 (category Article 4(11) GDPR)within the meaning of consent as defined in Article 4(11) GDPR. As explained by recital 42 GDPR, "[c]onsent should not be regarded as freely given if the73 KB (11,822 words) - 11:58, 11 January 2023
- AEPD (Spain) - PS/00259/2020 (category Article 6(1)(f) GDPR)imposed, has limited himself to transcribing the Recital 148 of the RGPD since the aforementioned recital takes into consideration only two elements: that158 KB (25,857 words) - 13:56, 14 July 2021
- OLG Karlsruhe - 12 U 305/21 (category Article 12 GDPR)adjustment on Art. 15 (1) and (3) GDPR. 53 aa) According to Art. 15 (1) GDPR, the person responsible (Art. 4 No. 7 GDPR), i.e. the person who decides on38 KB (6,239 words) - 10:47, 15 February 2023
- AEPD (Spain) - PS/00140/2022 (category Article 13 GDPR)on a large scale. Despite The GDPR does not define what is meant by large-scale processing, both the recital 91 of the GDPR as the Working Party of article151 KB (23,196 words) - 05:40, 9 May 2023
- AEPD (Spain) - EXP202202960 (category Article 13 GDPR)for the alleged violation of Article 35 of the GDPR, Article 32 of the GDPR and Article 13 of the GDPR, typified in Articles 83.5 of the RGPD and Article149 KB (22,597 words) - 12:34, 3 April 2024
- ICO (UK) - Enforcement Notice and Warning Letter - Home Office (category Article 5(2) GDPR)accountability pursuant to Article 5(2) UK GDPR because it failed to demonstrate compliance with Article 5(1)(a) and (c) UK GDPR principles of lawfulness, fairness129 KB (17,281 words) - 14:57, 10 April 2024
- AEPD (Spain) - PS/00226/2020 (category Article 6 GDPR)of Article 7(4) GDPR. Based on these considerations, the AEPD issued a €2,000,000 fine against Caixabank for infringing Article 6 GDPR in relation to Article373 KB (61,959 words) - 14:17, 9 March 2022
- NAIH (Hungary) - NAIH/2020/32/4 (category Article 5(1) GDPR)procedure fall within the scope of the GDPR pursuant to Article 2(1) of the GDPR and consequently the rules of the GDPR apply to these processing. The Authority75 KB (12,586 words) - 10:10, 17 November 2023
- OLG Köln - 6 U 58/23 (category Article 44 GDPR)consent regulated in Chapter II of the GDPR (Articles 6, 7 GDPR) (cf. Pauly, in: Paal/Pauly, GDPR/BDSG, a.a.O., Art. 44 GDPR no. 2). 122This is missing in the118 KB (19,824 words) - 10:49, 6 February 2024
- CNPD (Luxembourg) - Délibération n° 35FR/2021 (category Article 5(1)(c) GDPR)over 15See in particular Articles 5.1.a) and 12 of the GDPR, see also recital (39) of the GDPR. _____________________________________________________________81 KB (11,748 words) - 10:59, 17 November 2021
- DVI (Latvia) - SIA "TET" (category Article 5(1)(a) GDPR)5(1)(a), (b), (d) and (e) GDPR. Furthermore, there was no legal basis for these processing operations under Article 6(1) GDPR. The DPA took into account114 KB (17,942 words) - 15:46, 2 November 2022
- CNIL (France) - SAN-2022-017 (category Article 12(1) GDPR)consent, not respecting GDPR rights of its customers and using weak passwords, in violation of Articles 12, 13, 15, 21 and 32 GDPR. The controller, Accor59 KB (8,323 words) - 11:51, 31 August 2022
- CNIL (France) - SAN-2024-003 (category Article 4(11) GDPR)Article 6 GDPR was constituted. Secondly, the CNIL also pointed out that a simple contractual commitment by a data broker to comply with the GDPR as well52 KB (8,208 words) - 10:44, 13 March 2024
- AEPD (Spain) - PS-00393-2022 (category Article 13 GDPR)us using the form at the bottom. II.-1 Administrative violation Recital 61) of the GDPR indicates that: “Information on the treatment of their personal54 KB (8,094 words) - 10:51, 10 January 2024
- IP (Slovenia) - 0611-10/2021/11 (category Article 6(1)(f) GDPR)data (Article 4(2) GDPR) and the operator of video surveillance is responsible for complying with the principles set out in Article 5 GDPR, including data53 KB (8,475 words) - 11:00, 7 July 2021
- OLG Stuttgart - 4 U 484/20 (category Article 16 GDPR)in: Plath, GDPR/BDSG, 3rd edition 2018, Article 82 GDPR, para. 4c). In particular, the reference to "full and effective compensation" in recital 146 of the75 KB (12,567 words) - 10:37, 14 November 2022
- CNIL (France) - SAN-2023-021 (category Article 5(1)(c) GDPR)intrusive and therefore could not be based on Article 6(1)(f) GDPR. Secondly, Article 5(1)(c) GDPR indicates that personal data should be adequate, relevant115 KB (18,607 words) - 11:00, 6 February 2024
- Tietosuojavaltuutetun toimisto (Finland) - 8492/163/20 (category Article 5(1)(d) GDPR)5(1)(d) GDPR and data protection by design of Article 25(1) GDPR. In addition, the DPA held that the controller violated Articles 5(1)(a) and 13 GDPR by not149 KB (24,224 words) - 12:20, 2 January 2023
- AEPD (Spain) - PS/00120/2021 (category Article 5(1)(c) GDPR) (section On Articles 6, 9 and 5(1)(c) GDPR)alleged violation of Article 5.1.c) of the GDPR, Article 6 of the GDPR, Article 9 of the GDPR, Article 12 of the GDPR, Article 35 of the RGPD, Article 13 of337 KB (50,591 words) - 15:29, 5 August 2021
- EDPB - Urgent Binding Decision 1/2021 - 'WhatsApp' (category Article 5(1)(a) GDPR)Articles 63 to 66 GDPR. The GDPR also established a cooperation mechanism between the supervisory authorities. It follows from Article 60 GDPR that the lead188 KB (31,298 words) - 12:31, 20 January 2023
- CNIL (France) - SAN-2021-012 (category Article 14 GDPR)of their others rights guaranteed under the GDPR. The DPA found that the company had violated Article 28 GDPR. As a controller, Monsanto had to lead by a55 KB (8,897 words) - 13:56, 21 November 2023
- Same principles concerning fair data processing exist in the GDPR Article 5 and Recital 39 and the Irish DPA 2018. Share blogs or news articles here!64 KB (9,589 words) - 16:15, 1 June 2022
- AEPD (Spain) - EXP202213792 (category Article 5(1)(c) GDPR)violations of Article 5(1)(c), 8, 9, 13 and 35 GDPR. The AEPD found a likely violation of Article 35 GDPR. Article 35 GPDR requires that a data protection178 KB (27,656 words) - 12:28, 7 May 2024
- AEPD (Spain) - EXP202213323 (category Article 5(1)(c) GDPR)Article 27 GDPR. Finally, the AEPD found that the controller did not notify the AEPD of the breach within the time frame envisioned by Article 33 GDPR. The controller176 KB (27,432 words) - 16:20, 7 May 2024
- NAIH (Hungary) - NAIH-5802-9/2022. (category Article 5(1)(a) GDPR)Article 14(1) and (2) GDPR. Because it failed to provide clear and transparent information, the controller also violated Article 12(1) GDPR. The DPA imposed120 KB (19,907 words) - 10:48, 9 November 2022
- CNIL (France) - SAN-2023-015 (category Article 7(1) GDPR)breaches of Article 12 GDPR, Article 13 GDPR, Article 14 GDPR, Article 15 GDPR, Article 28 GDPR, Article 32 GDPR and Article 33 GDPR, as well as of Article67 KB (10,546 words) - 13:55, 25 October 2023
- NAIH (Hungary) - NAIH-4667-10/2022 (category Article 10 GDPR)modifications of the grades in the system could not be tracked was compliant with the GDPR. A minor student (the data subject) alleged that his grade had been amended62 KB (9,999 words) - 10:21, 7 December 2022
- EDPS - 2020-1013 (category Article 6 GDPR)the notices referred instead to the GDPR and in particular mention legitimate interest under Article 6(1)(f) GDPR as the legal basis for the processing66 KB (10,349 words) - 08:54, 19 January 2022
- AEPD (Spain) - EXP202305587 (category Article 5(1)(f) GDPR)and 32 GDPR in this case would constitute a double violation of the GDPR, when in fact Article 5(1)(f) GDPR is merely a concretion of Article 32 GDPR. The285 KB (44,507 words) - 11:21, 30 April 2024
- Rb. Amsterdam - C/13/683377 / HA ZA 20-468 (category Article 5(1)(a) GDPR)predecessor of the GDPR) was applicable. From May 25, 2018, the GDPR applies. This distinction between the application of the Wbp and the GDPR is not relevant243 KB (40,160 words) - 11:54, 5 April 2023
- NAIH (Hungary) - NAIH-85-3/2022 (category Article 5(1)(a) GDPR) (section Fine and order to comply with GDPR)within the meaning of Article 9(1) GDPR in certain cases. However, the NAIH held that in this specific case Article 9(1) GDPR did not apply to the processing147 KB (23,028 words) - 13:36, 28 February 2023
- LAG Düsseldorf - 12 Sa 186/19 (category Article 9 GDPR)/ Weichert / Sommer, EU-GDPR and BDSG, 2nd edition 2020, Art. 9 GDPR marginal 3).9 GDPR does not allow recourse to Art. 6 GDPR (Albers / Veit in Wolff120 KB (20,753 words) - 17:06, 7 March 2022
- CNIL (France) - SAN-2024-004 (category Article 4(11) GDPR)Article 60(3) GDPR. None of the authorities raised any relevant and reasoned objection to the draft decision sent. Thus, under Article 60(6) GDPR they were69 KB (10,971 words) - 11:00, 17 April 2024
- AEPD (Spain) - PS/00388/2022 (category Article 32(1) GDPR)violated the article 15 of the GDPR, infringement typified in article 83.5 a) of the GDPR. IV. Secondly, article 32 of the GDPR "Security of treatment", states72 KB (11,730 words) - 08:54, 19 July 2023
- VGH Baden-Württemberg - 1 S 1739/20 (category Article 5 GDPR)purpose to process special categories of data according to Article 9 (1) GDPR is not proportional and necessary, as there are less restrictive measures66 KB (10,911 words) - 08:49, 21 June 2022
- LG Frankfurt am Main - 2-03 O 48/19 (category Article 16 GDPR)Presserecht, 6. 2019, § 20 marginal 9a; Löffler/Steffen, loc. cit, § 6 recital 190). These conditions are not met here. The context of the statement, also66 KB (10,899 words) - 08:33, 8 September 2021
- AEPD (Spain) - EXP202205206 (category Article 5(1)(f) GDPR)1.f) of the RGPD and Article 32 of the GDPR, typified in Article 83.5 of the GDPR and Article 83.4 of the GDPR. C/ Jorge Juan, 6 www.aepd.es 28001 – Madrid263 KB (41,516 words) - 09:29, 24 April 2024
- LG München - 3 O 17493/20 (category Article 6(1)(f) GDPR)that the term "damages" in Article 82(1) GDPR is to be understood broadly according to sentence 3 of Recital 146 GDPR. The interpretation of the term must12 KB (1,837 words) - 17:35, 23 February 2022
- AEPD (Spain) - EXP202104693 (category Article 6(1) GDPR)by article 9 of the GDPR -with- recital 51 of the GDPR- and, in addition, many other data not regulated in that precept- to. Recital 75 mentions in detail143 KB (23,267 words) - 08:54, 16 May 2023
- APD/GBA (Belgium) - 105/2023 (category Article 5(1)(a) GDPR)((articles 5. 1, a) GDPR , 12.1 GDPR and 14.1 a) and c) GDPR) and how the accountability obligation was fulfilled (art 5.2 GDPR and 24 GDPR). The parties are102 KB (15,787 words) - 07:39, 6 September 2023
- CNIL (France) - SAN-2023-009 (category Article 7(1) GDPR)26 GDPR. The agreements between Criteo and its commercial partners did not contain specific obligations in relation to the requirements of the GDPR, such78 KB (12,701 words) - 10:11, 28 June 2023
- EWHC (UK)- QB- Soriano v Forensic News LLC (category Article 3(1) GDPR)represented a breach of the GDPR and several other laws. As preliminary point of law, the court considered the question whether GDPR is applicable to the situation108 KB (18,178 words) - 11:57, 29 November 2021
- Datatilsynet (Norway) - 23-114365TVI-TOSL/08 and 23-114359TVI-TOSL/08 (category Article 6(1)(b) GDPR)because, under the GDPR, Facebook Norway could not be considered a data controller under Article 4(7) GDPR and Articles 66(1) and 61(8) GDPR were used incorrectly113 KB (18,098 words) - 11:57, 13 September 2023
- OLG München - 18 U 5493/19 Pre (category Article 99(2) GDPR)under the GDPR. Literature and data protection authorities therefore agree that Section 13 (6) TMG expired with the introduction of the GDPR. Even if one58 KB (9,657 words) - 14:01, 20 September 2021
- VG Schwerin - 1 A 1343/19 SN (category Article 4(1) GDPR) (section Recital 62 Sentence 1 GDPR Does Not Preclude the Claim to a Copy)of the GDPR. The scope of application of the GDPR is opened pursuant to Art. 2 and Art. 3 of the GDPR. Recital21 Pursuant to Art. 2(1) of the GDPR, the Regulation61 KB (10,071 words) - 14:28, 14 July 2021
- Garante per la protezione dei dati personali (Italy) - 10002324 (category Article 5(1)(f) GDPR)those envisaged by Article 42 GDPR. The certification can be used as an element to demonstrate compliance with the GDPR obligations and show that an organization129 KB (20,678 words) - 08:25, 8 May 2024
- AEPD (Spain) - PS/00331/2022 (category Article 25 GDPR)of the GDPR. The mechanisms for the protection of the rights and freedoms of citizens and would be contrary to the spirit of the GDPR. The GDPR is endowed240 KB (38,122 words) - 13:54, 28 February 2024
- LG Essen - 18 O 204/21 (category Article 4(1) GDPR)under Article 4(1) GDPR. Moreover the court found that the controller can refuse to act on the request according to Article 12(5)(b) GDPR, because the request24 KB (3,694 words) - 10:56, 15 June 2022
- AEPD (Spain) - PS/00267/2020 (category Article 6(1) GDPR)data transfers would not be valid in accordance with Article 49(1) GDPR and Article 7 GDPR, given that consent was required within the contract without an208 KB (33,882 words) - 14:25, 24 November 2022
- LG Bielefeld - 19 O 147/22 (category Article 24 GDPR)(1) GDPR. 64According to the recitals of the European Charter of Fundamental Rights, the concept of damage is to be interpreted broadly (see Recital No37 KB (5,986 words) - 14:50, 9 May 2023
- BVwG - W214 2224204-1 (category Article 4(1) GDPR)13 and 14 GDPR, objected to the processing pursuant to Article 21 GDPR and requested the restriction of the processing under Article 18 GDPR. The controller96 KB (15,762 words) - 11:58, 21 April 2022
- AEPD (Spain) - PS/00267/2021 (category Article 6 GDPR)expressly stated in the GDPR, that supervisory authorities should monitor and enforce the GDPR, and with the provision in the GDPR that 'breaches' of data193 KB (32,580 words) - 11:16, 15 June 2022
- LG Augsburg - 022 O 2669/22 (category Article 5(1)(f) GDPR)13, 14 GDPR), also the defendant clearly and in ease language pointed to the default settings, so no breach of Article 25 GDPR or Article 32 GDPR either26 KB (4,101 words) - 10:24, 13 March 2024
- AEPD (Spain) - PS/00140/2020 (category Article 6(1)(a) GDPR)Article 58(2)(d) GDPR. First, the AEPD established that the GDPR was applicable under Article 3(1) GPDR or, if not, at least Article 3(2)(a) GDPR would apply390 KB (63,154 words) - 07:08, 9 June 2022
- AEPD (Spain) - PS/00500/2020 (category Article 4(4) GDPR)consent was not valid as a legitimate basis from Article 6(1) GDPR, in relation to Article 7 GDPR, and thus processing was unlawful. On these grounds, the AEPD408 KB (64,616 words) - 14:28, 24 November 2022