Search results
From GDPRhub
- DSB (Austria) - 2020-0.111.488 (category Article 5(1)(a) GDPR)Regulation, hereinafter : "GDPR"), OJ No. L 119 of 04.05.2016 S1, the following administrative offense (s) committed: In any case, from **. February 2020 until8 KB (1,048 words) - 13:50, 12 May 2023
- CNPD (Luxembourg) - Délibération n° 17FR/2021 (category Article 5(1)(c) GDPR)headquarters of [S1] and a second system is operated from the site of [S2]. The video surveillance system installed at the administrative headquarters of [S1] is composed44 KB (6,212 words) - 08:28, 16 June 2021
- ArbG Düsseldorf - 9 Ca 6557/18 (category Article 6(1)(c) GDPR)December 9, 2018 (Annex S1, pages 314 et seq. DA), the attorney-at-law sent the defendant's attorney-at-law to the plaintiff's attorney-at-law, a letter58 KB (9,364 words) - 13:51, 16 December 2021
- Article 6 GDPR (section (1) Legal basis for processing)concept of "explicit consent" in Articles 9(1)(a), 22(2)(c) and 49(1)(a) GDPR. See the commentary on Article 9(1)(a) GDPR for explicit consent. Generally108 KB (17,005 words) - 15:39, 18 March 2024
- Article 5 GDPR (section (1) Principles)Article 5(1)(b) does not foresee a certain form of documentation, but Articles 5(2) or 30(1)(a) GDPR require documentation and Articles 6(1)(a), 13(1)(c) and51 KB (6,355 words) - 08:25, 18 April 2024
- Article 58 GDPR (section (1) Investigative powers)controller’s (or processor’s) premises in accordance with Article 58(1)(f) GDPR. The search is not restricted to the business premises but a judge’s authorization46 KB (5,825 words) - 11:12, 7 November 2023
- Article 15 GDPR (section (1) The Right of Access)further details see Article 14(1)(d) GDPR. Similar to the ex-ante information in Article 13(1)(e) and 14(1)(e) GDPR, Article 15(1)(c) GDPR requires the controller73 KB (9,896 words) - 15:46, 18 March 2024
- Article 4 GDPR (section (1) Personal data)(Nomos 2018). Recital 70 GDPR. Recital 71 sentence 1 GDPR. Recital 71 sentence 1 GDPR. Recital 28 sentence 1 GDPR, such as Hansen, in Simitis, Hornung, Spieker125 KB (16,328 words) - 16:01, 8 March 2024
- alternative means of communication which suit the data subject's specific needs. Under Article 12(1) GDPR, information “shall be provided in writing, or by other76 KB (11,304 words) - 08:37, 4 March 2024
- Article 13 GDPR (section (1) Information the controller shall provide at the time personal data is obtained)GDPR embodies the principle of transparency in Article 5(1)(a) GDPR, outlining the controller's obligation to actively provide clear and comprehensive information71 KB (9,532 words) - 13:30, 6 March 2024
- Article 17 GDPR (section (1) Right to erasure)data subject’s private life, and second, the public’s interest in accessing the information, which may vary depending on the data subject’s role in public61 KB (8,488 words) - 15:47, 18 March 2024
- non-material damage. Article 32(1) GDPR reflects the principle of integrity and confidentiality enshrined in Article 5(1)(f) GDPR. The controller and the41 KB (5,197 words) - 12:17, 17 April 2024
- Article 9 GDPR (section (1) General prohibition of processing of special categories of personal data)subsume the corresponding legal basis contained in Article 6(1)(a) GDPR, 6(1)(d) GDPR and 6(1)(e) GDPR respectively, and would require no additional correlation44 KB (5,905 words) - 14:00, 24 October 2023
- Article 83 GDPR (section (1) Administrative fine)identification of sanctionable conduct(s) and infringment(s). For a detailed analysis we refer to paragraph (1). Determination of the starting point of55 KB (7,622 words) - 14:04, 7 November 2023
- public interest in the case of Article 6(1)(e) and the controller's legitimate interest in the case of Article 6(1)(f). In other words, there is a balancing49 KB (5,993 words) - 06:22, 16 June 2023
- Article 14 GDPR (section (1) Information the controller shall provide when personal data has not been obtained from the data subject)Article 13(1)(a) GDPR. Given the identical wording, see commentary on Article 13(1)(b) GDPR. Given the identical wording, see commentary on Article 13(1)(c) GDPR47 KB (5,644 words) - 17:49, 5 March 2024
- Article 25 (1) and (2), Article 28(1), Article 32(1) GDPR, Article 89(1) GDPR). These measures can also be regarded as measures under Article 24(1) since they30 KB (3,458 words) - 10:31, 25 April 2024
- Article 25 GDPR (section (1) Data protection by design)individual rights. These criteria have the same meaning as in Article 24(1) and Article 32(1). The "nature" of the processing consists of its “the inherent characteristics”43 KB (4,675 words) - 06:43, 16 June 2023
- Article 28 GDPR (section (e) Assisting with the controller's obligation to respond to data subject's requests)possible, for the fulfilment of the controller's obligation to respond to requests for exercising the data subject's rights laid down in Chapter III; (f) assists72 KB (9,140 words) - 13:12, 2 June 2023
- May 2020 (Version 1.1), pp. 7-8 (available here). EDPB, ‘Guidelines 05/2020 on consent under Regulation 2016/679’, 4 May 2020 (Version 1.1), pp. 8-9 (available31 KB (3,489 words) - 16:00, 8 March 2024
- Article 33 GDPR regulates the controller and processor's obligations in case of data breach. Pragraph 1 imposes an obligation on controllers to notify the54 KB (6,536 words) - 08:22, 16 June 2023
- enforcement of the GDPR are SA's main tasks. They summarise the core idea of SA's activities. All other tasks entailed in Article 57(1) GDPR can be understood60 KB (7,796 words) - 20:12, 1 April 2024
- Article 35 GDPR (section (1) Mandatory DPIA)legitimate purpose(s) (Article 5(1)(b)); lawfulness of processing (Article 6); adequate, relevant and limited to what is necessary data (Article 5(1)(c)); limited52 KB (7,297 words) - 08:05, 18 July 2023
- to Article 32(1) GDPR would be an example of such an obligation. It is also important to stress that, without prejudice to the processor's liability under33 KB (4,215 words) - 09:57, 19 March 2024
- ng provision of Article 56(1) GDPR. In such cases, the LSA, i.e. the SA of the place where the controller's or processor's main or sole establishment is35 KB (4,017 words) - 16:04, 18 March 2024
- Article 56 GDPR (section (1) Designation of the Lead Supervisory Authority (LSA) and the Cooperation Mechanism)processor’s lead supervisory authority, version 2.1, Section 2.2, available here. Guidelines 8/2022 on identifying a controller or processor’s lead supervisory55 KB (7,446 words) - 22:28, 1 April 2024
- Article 30(1)(a) states it should contain the name and contact details of the controller and, where applicable, the joint controller(s), the controller's representative31 KB (3,327 words) - 15:31, 5 June 2023
- with Article 33(1) GDPR. Thus, since the supervisory authority should be aware of the data breach, it can also be involved in the controller’s procedure for37 KB (3,962 words) - 15:20, 16 June 2023
- Article 2 GDPR (section (1) Material scope)information onto a form. The form is stored in the hospital's old paper filing system, where each patient's papers are stored according to surname and first name34 KB (4,652 words) - 12:07, 12 November 2023
- guide the reviewer’s decision. Otherwise, it would be completely impossible to express one's own point of view. Pursuant to Article 12(1), which expressly31 KB (4,768 words) - 06:24, 16 June 2023
- to include the DPO's 'contact details', i.e. exactly the same wording used in Article 13(1)(b) GDPR. If one were to follow Apple's suggested reading, after43 KB (4,904 words) - 12:59, 21 July 2023
- Article 23 GDPR (section (1) Restrictions)subject’s rights, but not deny them. The grounds for restrictions are exhaustively listed in Article 23(1) GDPR. These grounds, listed in Article 23(1)(a)-(c)44 KB (4,896 words) - 06:25, 16 June 2023
- subject’s data by the controller triggers a data subject’s right under Article 13 and 14 GDPR. We reject a strict literal interpretation of Article 79(1) GDPR31 KB (3,550 words) - 11:11, 29 November 2023
- CJEU: The CJEU has clarified in C-132/21 that "Article 77(1), Article 78(1) and Article 79(1) of Regulation (EU) 2016/679 [...] must be interpreted as33 KB (3,641 words) - 09:51, 19 March 2024
- exercise of a SA's investigative powers under Articles 58(1)(a), (b), (c), (e) and (f) GDPR; decisions following the exercise of a SA's corrective powers30 KB (3,874 words) - 10:46, 7 December 2023
- independence and expertise in data protection matters. Paragraph 1 ensures the DPO's timely and proper involvement in any data protection issues. Paragraph29 KB (2,951 words) - 14:19, 25 July 2023
- Article 46 GDPR (section (1) Scope)Article 46 - Transfers subject to appropriate safeguards 1. In the absence of a decision pursuant to Article 45(3), a controller or processor may transfer34 KB (3,646 words) - 08:53, 27 March 2023
- objection of a SA (Article 65(1)(a) GDPR), when there are different views on which SA is the lead SA (“LSA”) (Article 65(1)(b) GDPR), and where a SA is33 KB (4,185 words) - 16:09, 2 November 2023
- prior authorization, irrespective of the requirements of paragraph 1. Article 36(1) GDPR establishes an obligation for the controller to consult the DPA31 KB (3,646 words) - 08:51, 21 July 2023
- Article 39 GDPR (section (1) DPO's Tasks)to management or the appropriate authority. Articles 39(1)(d) and (e) GDPR lay down the DPO’s obligations in relation to the Data Protection Authorities23 KB (2,165 words) - 15:10, 27 July 2023
- restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment32 KB (3,730 words) - 08:43, 7 March 2024
- version=1.0 https://www.garanteprivacy.it/documents/10160/0/Bilancio+di+previsione+2019+-+Sintetico.xlsx/700e5df5-f7c3-6510-1bd5-ef90e9824f17?version=1.07 KB (808 words) - 08:17, 16 February 2023
- Act (Zakon o varstvu osebnih podatkov (ZVOP-1)) which stayed in force for more than 4 years after the GDPR’s entrance into force. Responding to requests10 KB (1,242 words) - 10:51, 6 February 2024
- Article 26 GDPR (section (1) Joint controllership)data on another party’s behalf and on this party’s documented instructions (you are a sub-processor). According to Article 26(1) of the GDPR, joint controllers37 KB (3,915 words) - 12:49, 24 May 2023
- Article 3 GDPR (section (1) Establishment in the Union)the Union. Whereas the mere accessibility of the controller's, processor's or an intermediary's website in the Union, of an email address or of other contact37 KB (4,635 words) - 13:29, 24 October 2023
- after IP completion day, the court is not bound (EUWA s 6(1)) but "may have regard" to them (EUWA s 6(2)). (4) The position is different in a "relevant court"18 KB (2,488 words) - 15:22, 14 December 2021
- However, Article 5(1)(d) GDPR gives the controller some leeway to continue processing inaccurate data - see more details under Article 5(1)(d) GDPR. Article23 KB (2,489 words) - 23:24, 6 March 2024
- necessary to protect an interest which is essential for the data subject's or another person's vital interests, including physical integrity or life, if the data29 KB (3,500 words) - 08:54, 27 March 2023
- an advisory role. Articles 70(1)(a) and 70(1)(t) GDPR grant the EDPB an important and new role regarding the Regulation’s consistency mechanism. In particular27 KB (3,038 words) - 12:19, 11 October 2023
- the territory of the European Union (in breach of Article 27(1) GDPR). In such situations s SA may ask the competent authorities of the country of the processor35 KB (3,971 words) - 21:34, 1 April 2024
- tie, the President's vote shall prevail. Decisions are published except for cases where there is impediment of a DPA's member. The DPA’s response or decision23 KB (2,039 words) - 08:15, 25 April 2024
- Article 8 GDPR (section (1) Material scope)May 2020 (Version 1.1), p. 28 (available here). EDPB, ‘Guidelines 05/2020 on consent under Regulation 2016/679’, 4 May 2020 (Version 1.1), p. 27 (available19 KB (1,335 words) - 13:56, 24 October 2023
- burdened by data protection rules. Article 85(1) GDPR sets out a legal framework to reconcile the data subject’s right to data protection with the performance33 KB (3,748 words) - 14:25, 7 November 2023
- of Article 88(1) GDPR. Therefore, for a comprehensive overview of the term ‘more specific’, please refer to section 2.1 below. Article 88(1) GDPR establishes32 KB (3,228 words) - 13:32, 30 November 2023
- organisation or association referred to in paragraph 1 of this Article, independently of a data subject’s mandate, has the right to lodge, in that Member State26 KB (2,575 words) - 15:50, 9 November 2023
- Article 20 GDPR (section (1) Right to data portability)pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and (b) the processing is carried40 KB (5,349 words) - 07:05, 1 June 2023
- referred to in paragraph 1 within the period referred to in paragraph 3. 7. The supervisory authority referred to in paragraph 1 shall take utmost account23 KB (2,079 words) - 16:07, 2 November 2023
- set out in Article 51(1) and 52 GDPR, Article 54(1)(a) GDPR repeats that these should be legislated for through a Member State's domestic law. Under the34 KB (3,649 words) - 13:19, 30 October 2023
- up. Indeed, the wording of Article 40(1) establishes that they “shall encourage” this (emphasis added). Article 40(1) GDPR clarifies that codes of conduct44 KB (5,008 words) - 14:50, 28 July 2023
- Article 75 GDPR (section (1) The Secretariat)outlines the secretariat's responsibilities, which take on a primarily administrative function. Including the secretariat within the GDPR's legislative rubric20 KB (1,347 words) - 14:21, 17 October 2023
- controller is subject, under Article 6(1)(c) GDPR. In line with the general objectives of the GDPR, as outlined in Article 1 GDPR Article 16 TFEU, SAs are also27 KB (2,604 words) - 14:24, 16 January 2024
- seconding supervisory authority's authorisation, confer powers, including investigative powers on the seconding supervisory authority's members or staff involved22 KB (1,915 words) - 13:46, 15 January 2024
- Article 41 GDPR (section (1) The monitoring body)the code of conduct. This is clear from the wording of Article 41(1) GDPR. Article 41(1) GDPR does not define accreditation. Nonetheless, Article 41(2) GDPR30 KB (2,720 words) - 14:02, 28 July 2023
- Article 68 GDPR (section (1) Legal personality)accordance with that Member State’s law, must act as representative to the Board. While the Commission may participate in the EDPB’s meetings and activities, it20 KB (1,632 words) - 10:01, 11 October 2023
- Article 47 GDPR (section (1) Binding Corporate Rules)the company’s internal complaint mechanism, cooperation duties with the DPAs, as well as liability and jurisdiction provisions (Articles 47(1)(b), 47(2)(d)29 KB (2,823 words) - 15:15, 28 April 2022
- (Article 24(1) RoP). This provision ensures the EDPB's flexibility and ability to act. The EDPB also made use of the authorisation in Article 76(1) GDPR and22 KB (2,266 words) - 08:26, 17 October 2023
- following their deliberations. Article 53(1) names four possible appointing bodies. These are a Member State's (i) parliament, (ii) government, (iii) head29 KB (2,894 words) - 23:06, 1 April 2024
- secrecy are laid down in the EDPB's Rules of Procedure (“RoP”). Article 33(1) RoP stipulates that in “accordance with Art 76 (1) GDPR”, discussions of the Board15 KB (787 words) - 08:17, 19 October 2023
- concerning the interpretation of Article 28(1) of Directive 95/46/EC ("DPD"), the Regulation's predecessor. Article 28(1) DPD established the existence of supervisory47 KB (5,594 words) - 22:45, 1 April 2024
- Article 1 GDPR (section (1) Subject-matter)function as guiding principles to interpreting the GDPR. Article 1(1) establishes the GDPR's two main aims. First, it aims at protecting natural persons with28 KB (3,831 words) - 16:21, 14 March 2024
- processing of the data in question by the recipients. Indeed, under Article 5(1)(d) and 17(1) GDPR, each recipient is individually responsible for correcting, deleting19 KB (1,436 words) - 12:35, 12 May 2023
- require the data subject’s identification remain applicable, including, but not limited to, security of processing (Article 32(1) GDPR) and the general principles20 KB (1,854 words) - 16:32, 8 March 2024
- not apparent why the principle laid down in Article 72(1) GDPR should be deviated from. Article 72(1) GDPR stipulates that the Board shall take decisions19 KB (1,530 words) - 14:23, 12 October 2023
- itself does not impose any formal restrictions on the Article's applicability. Article 81(1) GDPR requires that the competent court of a Member State to27 KB (2,619 words) - 14:52, 16 November 2023
- bodies may not interfere in the EDPB's functioning. This arrangement stands in stark contrast to that of the Board's predecessor, the Article 29 Working18 KB (1,327 words) - 12:36, 14 December 2023
- just before the deadline of 1 month. That means that if you want to appeal a decision, you've only one month to do so as there's a delay of 2 month after8 KB (824 words) - 22:52, 27 February 2024
- Article 92 GDPR (section (1) Delegated acts)delegation of power. At first glance, Article 92 GDPR's wording seems to be in conflict with Article 290(1) TFEU, but in actuality it is not. Article 92(2)19 KB (1,525 words) - 08:18, 19 October 2023
- Article 71 - Reports 1. The Board shall draw up an annual report regarding the protection of natural persons with regard to processing in the Union and15 KB (1,196 words) - 08:15, 19 October 2023
- Article 45 GDPR (section (1) Adequacy Decision)take account of obligations arising from the third country's or international organisation's participation in multilateral or regional systems in particular43 KB (5,641 words) - 14:58, 28 April 2022
- Article 97 - Commission reports 1. By 25 May 2020 and every four years thereafter, the Commission shall submit a report on the evaluation and review of16 KB (778 words) - 08:24, 19 October 2023
- 91 - Existing data protection rules of churches and religious associations 1. Where in a Member State, churches and religious associations or communities25 KB (2,482 words) - 10:04, 19 March 2024
- Article 89 GDPR (section (1) Mandatory Appropriate Safeguards for Archiving Purposes in the Public Interest, Scientific or Historical Research Purposes,...)research. In addition, it should take into account the Union's objective under Article 179(1) TFEU of achieving a European Research Area. Scientific research29 KB (3,695 words) - 13:44, 21 March 2024
- supervisory authority’s request is to further the performance of its tasks. Following from this, the content and scope of a supervisory authority’s request is constricted22 KB (2,042 words) - 14:29, 20 November 2023
- Representatives of controllers or processors not established in the Union 1. Where Article 3(2) applies, the controller or the processor shall designate25 KB (2,418 words) - 14:11, 24 May 2023
- this section! You can help us filling this section! There are two options: 1) a "recurso de reposicion" to ask the AEPD to reconsider its decision or 2)4 KB (386 words) - 15:29, 3 September 2021
- Article 99(1) GDPR, which entered the Regulation into force on 25 May 2016, generating a two-year transition period between the Regulation's entry into13 KB (530 words) - 09:40, 3 October 2023
- and the EPD is to be found in Recital 10 and Article 1(2) EPD. Article 1(2) EPD provides that the EPD's provisions serve to "particularise and complement20 KB (1,539 words) - 08:21, 19 October 2023
- Article 74 GDPR (section (1) Tasks of the Chair)Article 74 - Tasks of the Chair 1. The Chair shall have the following tasks: (a) to convene the meetings of the Board and prepare its agenda; (b) to notify15 KB (808 words) - 09:44, 17 October 2023
- Article 99 - Entry into force and application 1. This Regulation shall enter into force on the twentieth day following that of its publication in the Official12 KB (295 words) - 08:25, 19 October 2023
- criminal convictions and offences or related security measures based on Article 6(1) shall be carried out only under the control of official authority or when17 KB (1,768 words) - 15:41, 18 March 2024
- Article 93 GDPR (section (1) Implementing acts)margin number 1 (C.H. Beck 2020, 3rd Edition). Ehmann, in Ehman, Selmayr, Datenschutz-Grundverordnung, Article 93 GDPR, margin number 1 (C. H. Beck 201817 KB (1,096 words) - 08:19, 19 October 2023
- Article 42 - Certification 1. The Member States, the supervisory authorities, the Board and the Commission shall encourage, in particular at Union level27 KB (2,452 words) - 14:26, 28 July 2023
- secrecy 1. Member States may adopt specific rules to set out the powers of the supervisory authorities laid down in points (e) and (f) of Article 58(1) in18 KB (1,599 words) - 12:26, 29 April 2022
- the adoption of final measures regarding Facebook Ireland Limited, p.42, s. 4.2.1(available here).15 KB (810 words) - 16:13, 2 November 2023
- processing of personal data (see Article 5(1)(a) GDPR), the need to limit the purpose of such processing (see Article 5(1)(b) GDPR), the requirement to have a48 KB (5,978 words) - 15:57, 1 February 2024
- Article 43 GDPR (section (1-5) The certification body)Article 43 - Certification bodies 1. Without prejudice to the tasks and powers of the competent supervisory authority under Articles 57 and 58, certification22 KB (1,634 words) - 14:40, 28 July 2023
- https://www.dsb.gv.at/dam/jcr:ee7b155a-0a1f-4d00-98e9-902314c7022d/Datenschutzbericht%202022.pdf Report: Europe’s governments are failing the GDPR by Brave11 KB (1,468 words) - 13:27, 14 May 2023
- Article 66 - Urgency procedure 1. In exceptional circumstances, where a supervisory authority concerned considers that there is an urgent need to act in20 KB (1,590 words) - 16:11, 2 November 2023
- engagement working on the DPA's guidance service over the phone. About 58% are women and 42% men. Historical numbers (Datatilsynet's annual report 2021): 2021:10 KB (1,078 words) - 06:40, 26 March 2023
- their work. The President shall exercise the employer’s rights over the public officials and the NAIH's employees. Based on constitutional provision, the Act7 KB (821 words) - 14:16, 7 March 2024
- its Member State in accordance with Article 55(1). In that case, the urgent need to act under Article 66(1) shall be presumed to be met and require an urgent24 KB (2,181 words) - 11:46, 15 January 2024
- Article 84 - Penalties 1. Member States shall lay down the rules on other penalties applicable to infringements of this Regulation in particular for infringements19 KB (1,477 words) - 14:12, 7 November 2023
- provision is aimed at reinforcing the processor’s obligations to only act in line with the controller’s instructions, as well as at clarifying that these13 KB (674 words) - 13:15, 2 June 2023
- that point, it is important to note that Article 13(1)(f) GDPR, Article 14(1)(f) GDPR, Article 15(1)(c) GDPR and Article 15(2) GDPR, make specific reference21 KB (1,831 words) - 08:51, 27 March 2023
- Article 6(1)(c) GDPR (i.e. processing is necessary for compliance with a legal obligation to which the controller is subject) or Article 6(1)(e) GDPR (i22 KB (2,177 words) - 10:01, 19 March 2024
- in the same sector, it may be a good idea to check the proccessing in one's own organisation in this regard as well. The activity reports usually also15 KB (718 words) - 15:31, 19 October 2023
- Saxony's procedural law, "Lower Saxony Administrative Procedure Act", is Niedersächsisches Verwaltungsverfahrensgesetz - NVwVfG. Corresponding § 1(1) NVwVfG5 KB (465 words) - 08:57, 9 January 2024
- Of the 1,046 complaints that were resolved from 1. 1. 2018 to 24. 5. 2018 the DPC has only made 12 formal decisions, which is equivalent to 1,1% of the8 KB (1,034 words) - 14:13, 20 August 2021
- for the companies in their compliance work. On 1 October 2020, it publishes a small report helping the SME's to implement correctly GDPR: Report in French9 KB (993 words) - 07:10, 28 July 2022
- the Act of 1 August 2018 on the organisation of the National Data Protection Commission and the general data protection framework; the Act of 1 August 201810 KB (1,199 words) - 10:14, 19 October 2022
- Acts relating to data protection in a manner which corresponds with the GDPR's regulatory framework. Given that data protection affects several different15 KB (943 words) - 09:58, 8 November 2023
- between them. This way, Article 50 GDPR expands the exhortation under Article 57(1)(g) GDPR that calls for cooperation between EU DPAs, across borders. This provision17 KB (1,142 words) - 15:41, 28 April 2022
- on the organisation and functioning of of support services for the CNPD [1]. Regulation n.º 301/2020, of March 31, on the value of fees to provide GDPR5 KB (531 words) - 13:25, 3 May 2023
- in three distinct circumstances, as outlined below. First, under Article 64(1) GDPR, the consistency mechanism is triggered when a supervisory authority15 KB (851 words) - 06:55, 29 April 2022
- The funding for 2022 is €1,486,803. Historical numbers: 2021: €1,226,404 2020: €1,053,392 The DVI has 33 employees as per 1st October 2022 out of totally6 KB (544 words) - 04:39, 11 October 2022
- Relationship with previously concluded Agreements → Chapter 1: General provisions Article 1: Subject-matter and objectives Article 2: Material scope Article13 KB (450 words) - 08:22, 19 October 2023
- Processing of the national identification number → Chapter 1: General provisions Article 1: Subject-matter and objectives Article 2: Material scope Article15 KB (660 words) - 09:37, 1 December 2023
- for example, the Commission's legal service. It therefore, has its own legal service who goes to Court in the institutions's behalf. The Supervision and8 KB (1,078 words) - 12:58, 10 May 2024
- Transfers or disclosures not authorised by Union law → Chapter 1: General provisions Article 1: Subject-matter and objectives Article 2: Material scope Article14 KB (716 words) - 15:19, 28 April 2022
- to § 25(1)(2) LDSG and § 40(1) BDSG for complaints in the private sector within Baden-Württemberg. Complaints can be filed online on the LfDI's website4 KB (275 words) - 11:13, 8 May 2022
- 209/83, 1 BvR 269/83, 1 BvR 362/83, 1 BvR 420/83, 1 BvR 440/83, 1 BvR 484/83 (in DE) (Abstract in EN) - ECLI:DE:BVerfG:1983:rs19831215.1bvr020983 Translated:18 KB (1,831 words) - 13:49, 3 November 2022
- https://www.uoou.cz/organizacni-struktura/ds-1063/archiv=0&p1=1059 Information about the law governing the DPA's activity can be found here. Complaints are governed5 KB (441 words) - 09:34, 17 September 2022
- your complaint which is being herewith attached for your record. Next Steps: 1. A preliminary assessment of your complaint will be conducted to determine4 KB (483 words) - 08:17, 12 July 2022
- to approve the Government's candidate for the position of the President. The Structure of the Slovak DPA: President President´s office Vice-President DPO9 KB (1,006 words) - 07:13, 7 July 2021
- help us by filling in this section! Annual reports are published on BayLDA's website.2 KB (174 words) - 13:49, 23 December 2021
- resides in Stockholm and is in charge of enforcing the GDPR in Sweden. On 1 January 2021, the Swedish data protection authority changed their name from4 KB (356 words) - 11:51, 20 October 2022
- 01008 Vitoria, Álava, Spain Webpage: https://www.avpd.euskadi.eus/s04-5213/es/ Email: [1] Phone: +34 945 016 230 Twitter: https://twitter.com/avpd_dbeb Official3 KB (195 words) - 13:21, 15 September 2021
- Article 57(1)(f) of the GDPR, each supervisory authority is required on its territory to handle complaints which, in accordance with Article 77(1) of that12 KB (1,780 words) - 17:22, 10 March 2022
- list of results displayed following a search made on the basis of a person’s name. In March 2010, Mario Costeja Gonzalez, a Spanish national, lodged a complaint16 KB (2,423 words) - 13:03, 1 June 2023
- the Union. Whereas the mere accessibility of the controller's, processor's or an intermediary's website in the Union, of an email address or of other contact182 KB (24,065 words) - 13:40, 9 July 2021
- DSB (Austria) - 2021-0.586.257 (category Article 4(1) GDPR)basis: Art. 4 (1), (2), (7) and (8), Art. 5, Art. 44, Art. 46 (1) and (2) (c), Art. 51 (1), Art. 57 (1) (d) and (f), Art. 77 (1), Art. 80 (1) and Art. 93108 KB (17,097 words) - 13:52, 12 May 2023
- CJEU - C-230/14 - Weltimmo (section Questions 1-6)State? Can Article 4(1)(a) of [Directive 95/46], read in conjunction with recitals 18 to 20 of its preamble and Articles 1(2) and 28(1) thereof, be interpreted13 KB (1,888 words) - 13:07, 1 June 2023
- possible here. Subparagraph (1)(b) therefore has to be written as #1b! Example: [[Article 6 GDPR#1b|Article 6(1)(b)]] becomes Article 6(1)(b) and links to Article17 KB (2,510 words) - 13:56, 24 April 2023
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 1) (category Article 5(1)(c) GDPR)and letter f., Article 5, paragraph Article 6 (1) (a) Article 32 (1), (1), (33) 1 and 35, para. 1. Below is a more detailed review of the case and a justification48 KB (7,442 words) - 10:24, 12 September 2022
- The civil procedure is mainly regulated in the Law 1/2000, of 7 January, on Civil Proceedings (Ley 1/2000, de 7 de enero, de Enjuiciamiento Civil). Spanish15 KB (1,875 words) - 16:18, 13 July 2022
- CJEU - C-154/21 - RW v Österreichische Post (category Article 5(1)(a) GDPR)of the controller's obligation to inform all recipients of the exercise of the rights that the data subject has under Articles 16, 17(1) and 18 GDPR. The8 KB (992 words) - 17:03, 4 February 2023
- CNIL (France) - SAN-2020-012 (category Article 26(1) GDPR) (section The Google’s partially flawed opposition mechanism)information stored in the user's terminal equipment or the recording of information in the user's terminal equipment: 1 ° Either, for the sole purpose93 KB (14,936 words) - 17:09, 6 December 2023
- balance of the controller’s interest and the fundamental rights and freedoms of users which call for protection under Article 1(1) Directive 95/46. Share9 KB (1,113 words) - 13:10, 1 June 2023
- Datatilsynet (Norway) - 20/02136 (category Article 6(1) GDPR)of its users. Also note the Spanish DPA's decision for Grindr, which contradicts several of the Norwegian DPA's findings. Share blogs or news articles here18 KB (2,375 words) - 16:17, 6 December 2023
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 2) (category Article 5(1)(a) GDPR)subsection 1, letters c and f, and Article 5, subsection 1, letter a, cf. Article 6, subsection 1, and Article 32, subsection 1, Article 33, subsection 1, and75 KB (11,733 words) - 16:33, 21 August 2022
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 3) (category Article 35(1) GDPR)subsection 1, letters c and f, and Article 5, subsection 1, letter a, cf. Article 6, subsection 1, and Article 32, subsection 1, Article 33, subsection 1, and117 KB (18,075 words) - 10:19, 12 September 2022
- accordance with clause 5.1.1 b of the terms of Google's processing of personal data for Google's advertising products and also Google's terms and conditions113 KB (12,773 words) - 15:20, 6 December 2023
- CJEU - Joined Cases C‑26/22 and C‑64/22 - SCHUFA (category Article 6(1) GDPR)Wiesbaden doubted the HBDI’s line of argument and referred the following questions to the CJEU under Article 267 TFEU: (1) Is Article 77(1) of [the GDPR], read15 KB (2,180 words) - 08:23, 13 December 2023
- 15 (3) sentence 1 of the GDPR (question 1). Is this also a specification or modification of the general right of access under Article 15(1) of the GDPR and51 KB (8,592 words) - 07:03, 2 November 2021
- defined in paragraph 39 of Part 4 Schedule 1. In particular, the policy document must (1) explain the controller's procedures for ensuring compliance with14 KB (2,011 words) - 15:42, 25 November 2020
- CJEU - C-13/16 - Rīgas satiksme (category Article 6(1)(f) GDPR)A minor passenger had suddenly opened the cab's door, which scraped the side of a tram. The taxi driver's insurer refused to pay out on the basis that the5 KB (749 words) - 12:58, 1 June 2023
- List of results List of results by case List of documents Search result: 1 case(s) 1 documents analysed Deutsche WohnenCase C-807/21 Reports of Cases Information7 KB (936 words) - 16:39, 12 December 2023
- Matters (1) Prosecutor’s offices Courts of appeal (15) Prosecutor’s offices High Court of Cassation and Justice Prosecutor’s Office Romania's judicial16 KB (2,260 words) - 19:26, 30 November 2021
- Court of Appeal of Brussels - 2019/AR/1600 (category Article 5(1)(c) GDPR)with the violation of article/and 5.1. c); 6.1.; 13.1. (c);13.1(e) and13.2(a)AVG: r PAGE 01-00001582885-0002-0033-01- □1-� r L _JCourt of Appeal Brussels60 KB (9,144 words) - 16:17, 22 March 2022
- violated the applicant's rights, 8&168Abs. 1S.1GWB. The invitee is to be excluded from the award procedure pursuant to section 57(1) no. 4 VgV because the62 KB (10,113 words) - 12:48, 17 August 2022
- LG Köln - 33 O 376/22 (category Article 6(1)(b) GDPR)application 1.b., from §§ 1, 3 para. 1 no. 1, 4 UKlag in conjunction with §§ 307 para. 1, para. 2 no.1 in conjunction with Art. 5 para. 1 lit. a), Art66 KB (9,990 words) - 12:30, 29 January 2024
- Personvernnemnda (Norway) - 2021-20 (20/01648) (category Article 5(1)(a) GDPR)Ordinance Article 5 No. 1 letter a and c, 6, 12 Nos. 1 and 13. " The reason for the reduction in the size of the fee was the company's difficult financial31 KB (5,018 words) - 18:44, 5 March 2022
- to Article 22(1) of the Labour Code, the employer requires from a person applying for employment to provide personal data including: name(s) and surname;9 KB (1,215 words) - 16:58, 18 May 2021
- Norges Høyesterett - 2021-2403-A (category Article 5(1)(a) GDPR)(2018) §1, GDPR A4, GDPR A5 (1) Judge Thyness: Questions and background of the case (2) The case concerns the validity of the Privacy Board's decision46 KB (7,024 words) - 06:18, 6 March 2022
- accordance with clause 5.1.1 b of the terms of Google's processing of personal data for Google's advertising products and also Google's terms and conditions115 KB (12,842 words) - 08:38, 5 July 2023
- How to add a new decision (section Applied Law(s))Article 6(1)(a) and 4(11) GDPR in a case concerning the requirements of consent). Always use the most specific sub-paragraph (e.g. Article 6(1)(a) GDPR17 KB (2,638 words) - 11:18, 19 February 2024
- accordance with clause 5.1.1 b of the terms of Google's processing of personal data for Google's advertising products and also Google's terms and conditions121 KB (13,722 words) - 15:16, 5 July 2023
- basis of Article 6(1)(b): “...there is a risk that the Draft Decision’s failure to establish Meta IE's infringement of Article 6(1)(b) GDPR, pursuant to53 KB (8,413 words) - 14:10, 30 January 2023
- processing by the defendant can only be Article 6 (1) sentence 1 lit e) DSGVO (see b) or Article 6 (1) sentence 1 lit f) DSGVO (see c), the requirements of which51 KB (8,215 words) - 09:55, 13 May 2022
- used. 30EDPB's Recommendations 01/2020, point 128; IMY's translation. 31 EDPB's Recommendations 01/2020, point 77; IMY's translation. 32EDPB's Recommendations131 KB (14,752 words) - 08:36, 5 July 2023
- Tietosuojavaltuutetun toimisto (Finland) - 4680/182/18 (category Article 9(1) GDPR)subsection 1 point 1 of the Data Protection Act. According to Section 6, Subsection 1, Clause 1 of the Data Protection Act, Article 9, Section 1 of the Data49 KB (7,496 words) - 14:44, 24 January 2024
- BVwG - W258 2217446-1 (category Article 4(1) GDPR)from the following assessment of the evidence: 2.1 The finding under 1.1 is based on the complainant's unobjectionable submissions and a consistent view79 KB (12,652 words) - 09:41, 10 September 2021
- Personvernnemnda (Norway) - 2018-14 (15/01355) (category Article 5(1)(a) GDPR) (section The Board's decision)that the website's legitimate interest is based on the public's interests in the choice of health personnel. The doctor's interest must be regarded as purely144 KB (23,058 words) - 18:48, 5 March 2022
- CJEU - C‑307/22 - Copies of Medical Records (category Article 15(1) GDPR)require the practitioner to provide a free copy of the patient's personal data when the patient's request is for a purpose other than those mentioned in the10 KB (1,478 words) - 11:17, 2 November 2023
- Delo, R (On the Application Of) v The Information Commissioner - 2023 EWCA Civ 1141 (category Article 57(1)(f) GDPR)Commissioner is not obliged to reach a decision on every complaint in light of Art 57(1)(f) UK GDPR. The data subject made an access request (DSAR) to Wise Payments9 KB (1,191 words) - 08:44, 23 January 2024
- Tietosuojavaltuutetun toimisto (Finland) - 6689/186/20 (category Article 5(1) GDPR)Finnish Data Protection Ombudsman's opinion on the lawfulness of the processing of their personal data by the City of Helsinki's Social services and healthcare41 KB (6,555 words) - 08:37, 4 March 2024
- CJEU - C-77/21 - Digi (category Article 5(1)(b) GDPR)The CJEU answered preliminary questions regarding Articles 5(1)(b) GDPR and 5(1)(e) GDPR and held that national courts had to determine, using the factors49 KB (7,800 words) - 09:22, 5 January 2024
- referred to as [applicant] and the State. 1 The procedure 1.1. An application dated 30 January 2019, with productions 1 to 10, was received at the Registry of14 KB (2,154 words) - 16:27, 10 March 2022
- prohibited those companies from 1) making – in the general terms of use – the use of Facebook subject to the processing the user’s ‘off-Facebook data’ and 2)8 KB (1,231 words) - 08:22, 6 July 2023
- exceptions in Article 9(1) GDPR, Article 15 GDPR, Article 16 GDPR, Article 18(1)(a) GDPR, Article 18(1)(b) GDPR, Article 18(1)(d) GDPR, Article 20 GDPR10 KB (1,037 words) - 14:52, 10 July 2020
- CJEU - C-132/21 - Nemzeti Adatvédelmi és Információszabadság Hatóság (category Article 77(1) GDPR)The CJEU held that the remdies in Articles 77(1), 78(1) and 79(1) GDPR can be exercised concurrently with and independently of each other, even when referring9 KB (1,308 words) - 12:54, 28 June 2023
- CNIL (France) - SAN-2019-005 (category Article 5(1)(e) GDPR)Éric PÉRÈS on February 1, 2019 as rapporteur on the basis of Article 47 of the Law of January 6, 1978. By letter dated February 1, 2019, the President of41 KB (6,558 words) - 17:09, 6 December 2023
- secured in Chapter 2 § 1 in the Instrument of Government and Chapter 2 § 1 of The Fundamental Law on Freedom of Expression, and Chapter 1 § 1 in the Fundamental7 KB (793 words) - 14:08, 1 October 2021
- before which the CNIL's decisions are challenged, pursuant to Article R 311-1, par. 4 of the Code of Administrative Justice. Any CNIL's decision can be challenged10 KB (1,108 words) - 09:37, 29 September 2021
- GDPR was caused by third parties outside of the controller's control? 5) Does Article 82(1) and (2) GDPR allow the anxiety caused by a hacking attack to13 KB (1,963 words) - 11:04, 5 January 2024
- AEPD (Spain) - PS/00240/2019 (category Article 5(1)(b) GDPR)fined Equifax, a credit ranking agency, €1,000,000 for failing to comply with Article 5(1)(a), 5(1)(b), 5(1)(c), 5(1)(d) and with Article 14 GDPR. The authority602 KB (102,229 words) - 14:21, 13 December 2023
- when it’s necessary for duties or rights under labour law following § 6. Personal data can be processed on the basis of Article 6(1)(e) if it’s needed for8 KB (1,064 words) - 12:53, 23 June 2023
- Act, ZDR-1) and in “Zakon o evidencah na področju dela in socialne varnosti (Labour and Social Security Registers Act, ZEPDSV). The employee's consent to4 KB (391 words) - 09:57, 17 May 2021
- The DSG 1978 introduced the Constitutional Right to Data Protection in § 1 DSG. Austria also gave the ECHR constitutional status, whereby the Right to8 KB (721 words) - 09:32, 24 April 2024
- защита на личните данни), promulgated with State Gazette No. 1/ 4.01.2002 and entered into force 1.01.2002). Bulgarian law does not define legal entities as10 KB (1,440 words) - 08:54, 17 January 2020
- processed by a social network through transmission from the company’s or individual’s website. Share blogs or news articles here!6 KB (492 words) - 13:09, 1 June 2023
- defendant: IAB Europe Interlocutory decision 01/2021 - 3/6 1. Facts and procedural history 1. Several complaints have been lodged against Interactive Advertising19 KB (2,707 words) - 16:50, 12 December 2023
- DSB (Austria) - Austrian Postal Service (category Article 6(1)(f) GDPR)business. The penalty imposed for the identified violations of Articles 5(1), 6(1) and (4) and 9 of the GDPR is not final, as the defendant has appealed against8 KB (611 words) - 16:12, 6 December 2023
- application of art. 5, paragraph 8, of Regulation no. 1/2000 on the organization and functioning of the Guarantor's office, which provides that «In cases of particular14 KB (2,049 words) - 07:46, 1 August 2023
- personal data, within the meaning of Directive 95/46? If the answer to Question 1 is that all or some of such information may be personal data within the meaning6 KB (766 words) - 21:17, 5 March 2024
- Freedom - La Ligue des Droits de l'Homme - the defendant: IAB Europe 1. Justification 2 1. Pursuant to the agreement concluded between the parties, as ratified8 KB (1,156 words) - 16:56, 12 December 2023
- us fill this section! In Luxembourg the GDPR is implemented by the Loi du 1er août 2018. You can help us fill this section! You can help us fill this section2 KB (121 words) - 23:46, 14 January 2020
- Helsingin hallinto-oikeus (Finland) - 116/2024 (category Article 5(1)(a) GDPR)Section 6(1)(1) of the Finnish Data Protection Act, according to which insurance institutions may, despite the general prohibition in Article 9(1) GDPR, process41 KB (6,133 words) - 10:29, 25 March 2024
- Tietosuojavaltuutetun toimisto (Finland) - 8493/161/21 (category Article 5(1)(a) GDPR)commissioner's office has responded to the doctor's clinic's message on the same day and pointed out that the data protection commissioner's office has not52 KB (7,936 words) - 22:32, 2 March 2024
- VGH Baden-Württemberg - 1 S 397/19 (category Article 5(1)(d) GDPR)treaties (1) or the national provisions of § 173 sentence 1 VwGO in conjunction with § 173 sentence 1 VwGO. § 328 ZPO or §§ 108 f. FamFG (2). 53 (1) The judgment112 KB (19,310 words) - 08:08, 23 June 2022
- Tietosuojavaltuutetun toimisto (Finland) - 3216/452/17 (category Article 5(1)(a) GDPR)subsection 1, point 1 of the Data Protection Act. According to Section 6, Subsection 1, Clause 1 of the Data Protection Act, Article 9, Section 1 of the Data60 KB (9,117 words) - 14:46, 24 January 2024
- Datatilsynet (Norway) - 21/03530 (category Article 6(1)(b) GDPR)consequence, Meta’s assessment of the elements of Article 6(1)(f) has been skewed correspondingly. 7.2.1.3. Necessity We find Meta’s assertion of necessity99 KB (14,431 words) - 16:20, 6 December 2023
- UODO (Poland) - ZSPR.421.2.2019 (category Article 5(1)(f) GDPR)Article 6(1), Article 7(1), Article 24(1), Article 25(1), Article 32(1)(b), Article 32(1)(c) and Article 32(1)(b), Article 32(1)(c) and Article 32(1)(d). d71 KB (11,304 words) - 10:01, 17 November 2023
- Helsingin hallinto-oikeus (Finland) - 3620/2023 (category Article 5(1)(a) GDPR)violated Article 5(1)(a) GDPR, Article 12 GDPR, Article 13 GDPR, Article 15 GDPR and Article 25(1) GDPR by not implementing the data subject's access request22 KB (3,193 words) - 10:34, 29 February 2024
- Personvernnemnda (Norway) - 2021-18 (20/02059) (category Article 5(1)(d) GDPR)8 (1) and (5) of Directive 95/46 or in Article 9 (1), Article 10 (1) and Article 10 of Regulation 2016/679, the infringement of the data subject's fundamental36 KB (5,859 words) - 06:40, 6 July 2022
- HDPA (Greece) - 30/2020 (category Article 4(1) GDPR)that the respondent's installed and operational video surveillance system (that includes two cameras, one at the entrance of the latter's property and one20 KB (2,519 words) - 15:36, 6 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 7285/183/18 (category Article 5(1)(a) GDPR)power of attorney to exercise the data subject's right of access. Next, the DPA held that Article 6(1)(1) of the Finnish Data Protection Act (Tietosuojalaki)73 KB (11,237 words) - 05:34, 21 July 2022
- protected by articles 10 (general right to privacy), 11 (inviolability of one's body), and 13 (secrecy of correspondence) of the constitution. Provisions of7 KB (764 words) - 07:50, 6 May 2024
- HDPA (Greece) - 34/2023 (category Article 5(1)(c) GDPR)data subject's personal data in violation of Article 5(1)(c) GDPR and Article 15(1) GDPR. Firstly, the DPA found a violation of Article 5(1)(c) GDPR, as6 KB (695 words) - 16:39, 9 January 2024
- Garante per la protezione dei dati personali (Italy) - 9485681 (category Article 15(1) GDPR)these facts, Italy’s DPA found Vodafone S.p.A in violation of the following GDPR provisions: Article 5(1) and Article 5(2) and Article 25(1): for failing to7 KB (810 words) - 15:52, 6 December 2023
- APD/GBA (Belgium) - 53/2020 (category Article 5(1)(a) GDPR)comply with section 5.1(b) of the MDR, and for failure to comply with section 5.1(a) of the MDR. and 5.1(b), 6.1, 25.1 and 25.2, 32.1 and 32.4 of the MDR35 KB (5,853 words) - 16:58, 12 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 8211/161/19 (category Article 5(1)(d) GDPR)companies use that information to determine the debtor’s creditworthiness, by assessing the debtor’s ability and/or willingness to pay, after which they can42 KB (6,579 words) - 08:46, 27 January 2022
- LG Magdeburg - 9 O 1571/20 (category Article 6(1) GDPR)6 Para. 1 S.1 f) GDPR are not met. Legally, the Authorization to transmit data from debtors to credit agencies, according to Art. 6 Para. 1 S. 1 f and Para27 KB (4,216 words) - 13:26, 8 January 2024
- HDPA (Greece) - 23/2020 (category Article 4(1) GDPR)Audiovisual Media and Communication S.A. [NCAM S.A.]. The HEDNO S.A. denied the issuing of such a certificate. The company's response to the application focused9 KB (1,089 words) - 15:35, 6 December 2023
- Helsingin hallinto-oikeus (Finland) - 117/2024 (category Article 9(1) GDPR)Section 6(1)(1) of the Finnish Data Protection Act, according to which insurance institutions may, despite the general prohibition in Article 9(1) GDPR, process22 KB (3,290 words) - 10:29, 25 March 2024
- Authority (APO below}, what it does on June 17, 2020 » 1• 1 Impugned Decision, Exhibit 36, §§ 1 - 24. 1 PAGE 01-00003026497-0006-0025-02-01-� L_JCourt of Appeal37 KB (5,765 words) - 09:53, 14 December 2023
- Datatilsynet (Denmark) - 2018-32-0357 (category Article 5(1)(a) GDPR) (section 2.1. The complainant's remarks)complainant prior to DMI's change of the institute's procedure for obtaining consent has been justified, as well as whether the institute's current processing65 KB (9,767 words) - 16:22, 6 December 2023
- OGH - 6Ob35/21x (category Article 4(1) GDPR)processing the claimant's data. Do data on the "affinity for a political party" qualify constitute personal data under Article 4(1) GDPR? If so, do they27 KB (4,090 words) - 09:54, 10 September 2021
- Datatilsynet (Norway) - 20/02178 (category Article 5(1)(a) GDPR)000 only because of the DPA's long case processing time. In 2019, a company enabled automatic forwarding of an employee's emails during a sick leave, because7 KB (802 words) - 18:53, 17 May 2022
- ANSPDCP (Romania) - Fine against Telekom Romania mobile communications S.A. 2 (category Article 32(1) GDPR)controller TELEKOM ROMANIA MOBILE COMMUNICATIONS S.A. and found a violation of the provisions of art. 32 para. (1) and para. (2) of the General Regulation on7 KB (900 words) - 15:18, 13 December 2023
- BVwG - W211 2210458-1/10 (category Article 2(1) GDPR)according to To 1): € 1.200,00 To 2): € 300,00 To 3): € 300,00 . . . In total: € 1.800 To 1): 3 days To 2): 1 day To 3): 1 day ... In total: 5 days Ad 1): Art.92 KB (15,435 words) - 16:00, 22 March 2022
- LAG Hessen - 9 Sa 1431/19 (category Article 15(1) GDPR)employed by the defendant from February 1, 2015 under an oral employment contract for a net amount of EUR 1,100.00 (EUR 1,475.00 gross) with a working time of32 KB (5,093 words) - 16:07, 11 September 2022
- DSB (Austria) - D124.1177/0006-DSB/2019 (category Article 5(1)(e) GDPR) (section Article 17(1)(d) GDPR)complainant. Specifically, the DSB cites Articles 5(1)(b) and (e), 9(2)(j), 89(1) GDPR and Section 7(1)(1) and (2)(1) GDPR. In particular, it follows from Article31 KB (4,648 words) - 13:56, 12 May 2023
- CJEU - C-667/21 - Krankenversicherung Nordrhein (category Article 5(1)(f) GDPR)information from the data subject's doctor in the form of a medical report, which was then distributed to the data subject's coworkers. The data subject believed14 KB (1,916 words) - 16:03, 2 February 2024
- OLG Nürnberg - 8 U 2907/21 (category Article 15(1) GDPR)paragraph 1 sentence 1, 818 paragraph 1 and 2 BGB and the defendant owes neither the surrender of uses nor the reimbursement of pre-court attorney's fees.24 KB (3,847 words) - 15:19, 11 September 2022
- Tietosuojavaltuutetun toimisto (Finland) - 4356/532/19 (category Article 5(1)(a) GDPR)controller's credit register because of three cases, requested the DPA to order controller to delete their personal data from the controller’s credit information43 KB (6,671 words) - 08:49, 27 January 2022
- Tietosuojavaltuutetun toimisto (Finland) - 834/532/18 (category Article 5(1)(a) GDPR)controller's credit register because of four cases, requested the DPA to order controller to delete their personal data from the controller’s credit information43 KB (6,677 words) - 08:47, 27 January 2022
- HDPA (Greece) - 32/2020 (category Article 5(1) GDPR)pertaining to human dignity (Article 2(1) Greek Constitution) and to the right to freely form one's personality (Article 5(1) Greek Constitution). The HDPA focused12 KB (1,464 words) - 15:37, 6 December 2023
- Administrative Court. 3. Legal Assessment 3.1. To dismiss the complaint 3.1.1. In accordance with Art. 15 Para. 1 GDPR, the data subject has the right to request48 KB (7,816 words) - 11:04, 29 July 2022
- HDPA (Greece) - 4/2020 (category Article 15(1) GDPR)The controller also ignored HDPA's previous order to comply with the parent's request, thus violating Article 15(1) and (4) GDPR as well as the principle18 KB (2,865 words) - 15:33, 6 December 2023
- AEPD (Spain) - EXP202203969 (category Article 6(1) GDPR)ESPAÑA, S.A.U. 02/08/2023 DEUTSCHE requirement to DEUTSCHE BANK, S.A.E. 02/08/2023 Request TELEFÓNICA MOVILES to TELEFÓNICA MÓVILES ESPA- ÑA, S.A.U. 02/09/202345 KB (7,135 words) - 13:08, 13 December 2023
- Datatilsynet (Norway) - 20/02375 (category Article 6(1)(f) GDPR)legal grounds for this in Article 6(1)(f) GDPR, pursuing a third party's legitimate interest. After receiving the DPA's notification of a fine, the company40 KB (5,943 words) - 18:54, 5 March 2022
- subject has objected to its processing pursuant to Article 21(1) of the GDPR (Article 17(1)(a), (c)(1) and (d) of the GDPR). A request for erasure would therefore39 KB (6,244 words) - 09:40, 10 September 2021
- HDPA (Greece) - 18/2020 (category Article 5(1)(a) GDPR)Article 5(1) GDPR. 5. In the present case, New York College S.A. is the controller since it is proven that it has processed the complainant’s personal data12 KB (1,733 words) - 15:34, 6 December 2023
- Personvernnemnda (Norway) - 2021-03 (category Article 5(1)(a) GDPR)close A's external access to the employer's server, as well as initiated forwarding of all incoming e-mails from A's e-mail box to the department head's e-mail25 KB (4,046 words) - 18:37, 5 March 2022
- HDPA (Greece) - 25/2023 (category Article 5(1) GDPR)Article 15(1) GDPR. For the above reasons, the Hellenic DPA issued a total fine of €210.000 and instruct (the controller) to satisfy the complainant's right6 KB (694 words) - 14:25, 20 January 2024
- the transmitted data (see point II.1.3 or II.1.3.1) at least in combination, personal data according to Art. 4 Z 1 DSGVO. For the lack of an appropriate158 KB (26,392 words) - 08:25, 7 June 2023
- HDPA (Greece) - 31/2023 (category Article 5(1)(c) GDPR)DEYA X violated GDPR's data minimization principle Article 5(1)(c) by sharing an employee's personal and health data with multiple recipients without proper61 KB (10,257 words) - 10:15, 1 November 2023
- Datatilsynet (Norway) - 20/01790 (category Article 5(1)(a) GDPR)the public: 0117 OSLO Offl §13 cf. Fvl §13 no. 1 Their reference Our reference Date 9135764/1 20 / 01790-1 (19/01267) / EHN 22.12.2020 Decision on the imposition49 KB (7,646 words) - 07:56, 7 March 2022
- AP (The Netherlands) - 26.11.2020 (category Article 32(1) GDPR)Chapter 5 contains the operative part and the legal remedies clause. 1. Introduction 1.1 Legal entities involved and reason for investigation OLVG is a foundation67 KB (11,415 words) - 17:15, 12 December 2023
- APD/GBA (Belgium) - 31/2020 (category Article 5(1)(c) GDPR)infringement of Article 5.1 c) AVG has been proven. f)Transparent information (Article 5.1(a); Article 12.1. and Article 13.1. and 13.2. AVG) 43.The complainant48 KB (7,926 words) - 16:56, 12 December 2023
- third-party action (1.). On the complainant's side, his general right of personality (Article 2.1 in conjunction with Article 1.1 of the Basic Law) in133 KB (21,944 words) - 15:59, 22 March 2022
- OLG Dresden - 4 U 1905/21 (category Article 15(1) GDPR)April 1st, 2017 to March 1st, 2020, a total of €1,438.56 28 - in the statutory contribution surcharge G...: 36 monthly payments of €4.00 from April 1st, 201740 KB (6,325 words) - 16:12, 18 May 2022
- UODO (Poland) - ZSPU.421.3.2019 (category Article 5(1)(a) GDPR)Article 57(1)(a), Article 58(2)(d) and (i) in connection with Article 5(1)(a), (e) and (f) and (2), Article 24(1) and (2), Article 28, Article 30(1)(d) and58 KB (9,357 words) - 10:02, 17 November 2023
- BVwG - W214 2233132-1/13E (category Article 15(1)(c) GDPR)the relevant court act and are undisputed. 3. Legal Assessment 3.1. To I to A) 3.1.1. Legal situation: Art. 12 of Regulation (EU) 2016/679 of the European47 KB (7,519 words) - 09:28, 13 February 2024
- offer of services of the Information Society. Without prejudice to Article 8(1) GDPR, for child under the age of fourteen, consent is only valid if provided6 KB (757 words) - 13:53, 16 August 2022
- APD/GBA (Belgium) - 06/2019 (category Article 5(1)(c) GDPR)concerning the violation of Articles 5.1. c); 6.1. ; 13.1. c); 13.1. e) and 13.2. a) of the GDR:- pursuant to Article 100, § 1, 9° of the ICA, to order the respondent20 KB (3,137 words) - 16:51, 12 December 2023
- HDPA (Greece) - 11/2024 (category Article 17(1) GDPR)June 2017, Satakunnan M a r k k i n a p ö r s s i O y k a i S a t a m e d i a O y k a t a F i n l a n d i a s § 165). Also, in the same recent decision,36 KB (5,761 words) - 17:19, 22 April 2024
- AEPD (Spain) - PS/00451/2019 (category Article 6(1)(f) GDPR)respondent dated January 3, 2019. On April 1, 2019, the Director of the Spanish Data Protection Agency, granted the claimant's appeal for reconsideration. SECOND:26 KB (4,231 words) - 14:44, 13 December 2023
- OVG Sachsen-Anhalt - 1 M 49/23 (category Article 53(1) GDPR)be issued, Art. 33 Para. 1 M 158/10 -, resolution of September 14, 2012 - 1 M 94/12 - and resolution of October 25, 2012 - 1 M 103/12 -, each juris). The14 KB (1,999 words) - 14:20, 18 July 2023
- AEPD (Spain) - EXP202105644 (category Article 5(1)(f) GDPR)against the company COMERCIALIZADORA REGULADA GAS & POWER, S.A., belonging to NATURGY ENERGY GROUP, S.A. with NIF A08015497 (hereinafter, the claimed party)27 KB (4,121 words) - 15:06, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - TSV/26/2020 (category Article 5(1)(e) GDPR)com Oyj's customers can actually be considerably long. 14. According to the controller's view, it is good customer service and in the customer's interest77 KB (12,352 words) - 07:20, 23 April 2024
- Datatilsynet (Norway) - 20/01648 (category Article 5(1)(a) GDPR)(Datatilsynet) held that the controller had breached Articles 5(1)(a) and (c), 6, 12(1) and 13 GDPR and for this fined the controller NOK 100,000 (approximately7 KB (801 words) - 06:28, 6 March 2022
- AEPD (Spain) - EXP202201721 (category Article 6(1) GDPR)the defendant's office located in the ***ADDRESS.1, in ***LOCALITY.2 (***LOCALITY.1) requesting the withdrawal of funds from the claimant's account, failing79 KB (12,408 words) - 13:24, 13 December 2023
- contents Nos. 1, 3, 4, 5 and 83, as well as content No. 64. 1 SPMT-ARISTA is an external service for prevention and protection at work, which since 1 January131 KB (22,429 words) - 16:57, 12 December 2023
- VG Wiesbaden - 6 K 788/20.WI (category Article 15(1)(h) GDPR)wording of Articles 21 (1) sentence 1, 22 (1) and 4 no. 4 of the GDPR as well as recitals 71 p. 1, 2 and 72 can be interpreted as follows. 1, 2 and 72 can be52 KB (8,534 words) - 12:58, 15 December 2021
- AEPD (Spain) - EXP202202164 (category Article 5(1) GDPR)of the GDPR. SECOND: APPOINT R.R.R. as instructor. and, as secretary, to S.S.S. indicating that any of them may be challenged, if applicable, in accordance29 KB (4,482 words) - 14:06, 5 March 2024
- AEPD (Spain) - EXP202209511 (category Article 6(1) GDPR)***NIF.1, for a violation of Article 6.1 and another of article 13 of the RGPD, typified in Article 83.5 letters a) and b) of the RGPD, a fine of €1,500 (€122 KB (3,257 words) - 13:28, 13 December 2023
- for 1: 1,000 euros 74 Application for 2: 1,000 euros 75 application for 3a: 3,000 euros 76 Application for 3b: 1,000 euros 77 Application for 4: 1,00039 KB (6,362 words) - 14:01, 22 June 2023
- AEPD (Spain) - EXP202209001 (category Article 5(1)(c) GDPR)focused beyond the private property of the controller's, violating Article 5(1)(c) and 13 GDPR. On 1st of August 2022, the data subject submitted a complaint22 KB (3,303 words) - 13:28, 13 December 2023
- AEPD (Spain) - PS/00188/2019 (category Article 5(1)(f) GDPR)000 for a violation of Article 5(1)(f) of the GDPR. A customer of a gas distribution company (Madrileña Red De Gas, S.A.U) complained to the AEPD claiming39 KB (6,623 words) - 14:08, 13 December 2023
- OLG Köln - 15 U 126/19 (category Article 17(1)(d) GDPR)to injunctive relief from § 29 para. 1 sentence 1 no. 2 BDSG old version, but from § 29 para. 1 sentence 1 no. 1 BDSG old version, although the "basic121 KB (20,412 words) - 15:58, 10 March 2022
- AEPD (Spain) - EXP202206626 (category Article 5(1)(c) GDPR)***NIF.1 (hereinafter, the part claimed), for the installation of a video surveillance system located in URBANIZATION ***URBANIZATION.1, ***LOCALITY.1, LLEIDA35 KB (5,475 words) - 13:21, 13 December 2023
- Hoge Raad - 21/00241 (category Article 6(1)(c) GDPR)with the provisions of Article 6(1)(c), Article 6(1)(f) GDPR, or both provisions? 2. Does the answer to Question 1 mean: a) that the person whose29 KB (4,605 words) - 17:00, 15 December 2021
- APD/GBA (Belgium) - 21/2022 (category Article 5(1)(f) GDPR) (section Lawfulness and fairness of processing - Article 5(1)(a) and 6 GDPR)Exchange's cookie. ▪ The user identification of a DSP, often derived from the Ad Exchange's cookie that is synchronised with a cookie from the DSP's domain429 KB (58,279 words) - 09:12, 2 November 2022
- APD/GBA (Belgium) - 81/2020 (category Article 5(1)(c) GDPR)breach of Articles 14.1-2 combined in Article 12.1 and 12.3, 15.1 combined with Article 12.3 and 12.2., 5.1 c) and 5.2. and 24.1-2 of the GDPR, justify127 KB (21,484 words) - 17:01, 12 December 2023
- the applicant’s personal file.13 Thirdly, the DPO stated that that officer’s legal obligation to retain personal data in the applicant’s personal file61 KB (9,971 words) - 14:28, 4 January 2024
- AEPD (Spain) - EXP202205104 (category Article 6(1) GDPR)***LOCATION.1, dated November 29, 2021, Verbal Trial XXX/2020, in which ruling dismissed fully the claim filed by Fusiona Soluciones Energéticas, S.A, against26 KB (4,147 words) - 13:27, 13 December 2023
- AEPD (Spain) - EXP202205932 (category Article 6(1) GDPR)functions assigned to the control authorities in the article 57.1 and the powers granted in article 58.1 of the Regulation (EU) 2016/679 (General Data Protection32 KB (4,952 words) - 13:11, 13 December 2023
- referred to as [applicant] and the State. 1 The procedure 1.1. An application dated 30 January 2019 with productions 1 to 7 was received at the Registry of15 KB (2,504 words) - 16:27, 10 March 2022
- HDPA (Greece) - 20/2020 (category Article 6(1)(e) GDPR)for the Authority to deal with L’s complaint against 401 GWN, pursuant to Articles 57(1), point (g) of GDPR and 13 par. 1 point g. 4624/2019, and to exercise29 KB (4,578 words) - 15:35, 6 December 2023
- CNPD (Luxembourg) - Délibération n° 20FR/2021 (category Article 38(1) GDPR)violation of articles 38.1, 38.3, 39.1 a) and 39.1 b) of the GDPR; - to issue an injunction against Company A to comply with Article 38.1 of the GDPR, within66 KB (9,458 words) - 19:42, 4 September 2021
- CJEU - C-175/20 - SIA ‘SS’ (Opinion of AG Bobek) (category Article 4(1) GDPR)defendant asked the applicant to renew the defendant's access to information, and in particular information on (1) the telephone numbers of advertisers ; (2) the8 KB (1,081 words) - 13:13, 1 June 2023
- com/resources/assets/slt3lc6tev37/1M1j5uuFDuLTYiZJJDPBag/bda8d591447971b3df2bccf5aa4e0916/Customer_DPA_v.3_1_-_en_1_Oct_2020.pdf https://edpb.europa.e30 KB (4,708 words) - 16:56, 6 December 2023
- Helsingin hallinto-oikeus (Finland) - H6072/2021 (category Article 6(1)(f) GDPR)applicant's international wanted notice. In addition to the applicant's name and age, the news contains public information about the applicant's crime and61 KB (9,876 words) - 21:38, 24 March 2024
- LG Krefeld - 2 O 448/20 (category Article 15(1) GDPR)91 Paragraph 1, 709 S. 1, S. 2 ZPO. 44 The amount in dispute is set at a total of 16,000.00 EUR. The determination is based on §§ 48 Abs. 1 GKG, 3 ZPO.17 KB (2,758 words) - 14:10, 15 December 2021
- HDPA (Greece) - 33/2020 (category Article 57(1)(f) GDPR)complaint against the complainant regarding the latter's posts on social media that violated the College's Code of Conduct due to their homophobic and racist20 KB (2,270 words) - 15:37, 6 December 2023
- (c)), C/EX/2332-1/14-05-2019 (for the complaint under (b) and (c)) and C/EX/2332-1/14-05-2019 (for the complaint under (d)). d'), C/EX/3218- 1/06-06-2019 (for54 KB (8,916 words) - 15:22, 22 February 2022
- CNPD (Portugal) - Deliberação 2022/1072 (category Article 9(1) GDPR)this data and had therefore violated Articles 9(1) GDPR out of negligence. The DPA fined the controller €1,600,000 pursuant of Article 83(5)(a) GDPR and163 KB (27,222 words) - 16:54, 6 December 2023
- with Art. 2 para. 1, Art. 1 para. 1 GG, Art. 17 para. 1 lit. d) DSGVO, because her personal data is stored according to Art. 6 para. 1 lit. f. DSGVO had143 KB (24,273 words) - 15:59, 10 March 2022
- GDPR), grants each control authority and as established in articles 47, 48.1 and 64.1 of the Law Organic 3/2018, of December 5, Protection of Personal Data20 KB (3,078 words) - 13:05, 13 December 2023
- CNIL (France) - SAN-2019-010 (category Article 5(1)(c) GDPR)minimization, Article 5(1)(c) GDPR: inadequate and offensive comments or irrelevant comments related to people's health were found in the company's customer file;62 KB (10,001 words) - 17:09, 6 December 2023
- Datatilsynet (Norway) - 15/01355 (category Article 5(1)(a) GDPR)healthcare personnel: Article 6(1)(f), legitimate interest. For the subjective personal data about healthcare personnel: Article 6(1)(f), legitimate interest16 KB (2,111 words) - 06:21, 6 March 2022
- HDPA (Greece) - 6/2020 (category Article 17(1) GDPR)”According to the insurance company’s claims, the retention of the complainant’s data was necessary, in accordance with Article 17 (1) (a) of the GDPR, to meet the29 KB (4,557 words) - 15:33, 6 December 2023
- Datatilsynet (Norway) - 20/01868 (category Article 5(1)(d) GDPR)Furthermore, the DPA found the bank’s proposal, of correcting the complainant’s name in the online banking website but not in the bank's underlying systems, to be26 KB (4,150 words) - 16:14, 6 December 2023
- e7141c720c53441c2483c; has_js=1; _gid=GA1.2.1837808855.1597415922; _gat=1 Upgrade-Insecure-Requests 1 If-None-Match" 1597405902-1" Cache-Control max-age=0”44 KB (6,642 words) - 10:34, 13 December 2023
- the employee’s wrongful acts and his employment has changed in such a way as to distinguish it from the employer’s liability. The employee’s activities must87 KB (14,773 words) - 09:28, 1 March 2022
- HDPA (Greece) - 31/2020 (category Article 4(1) GDPR)also a reference to that decision. Relative highlights of the Greek DPA's Directive 1/2011 is that the CCTV (i) shall be used as a supervising tool only when6 KB (719 words) - 15:36, 6 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 918/154/2019 (category Article 17(1) GDPR)a data subject's arrest warrant, as this information was outdated and was no longer of importance to society. Pursuant to Article 17(1) GDPR, the data26 KB (4,072 words) - 12:18, 27 March 2024
- AEPD (Spain) - EXP202201746 (category Article 5(1)(f) GDPR)the claimant's medical data to unauthorized persons constitutes a violation of article 5.1.f) of the GDPR SAW The violation of article 5.1.f) of the RGPD62 KB (9,703 words) - 13:05, 13 December 2023
- UODO (Poland) - DKN.5131.6.2020 (category Article 33(1) GDPR)Article 102 (1) (1) and (3) of the Act of 10 May 2018 on the protection of personal data (Journal of Laws of 2019. item 1781), as well as Article 57 (1) (a),66 KB (10,785 words) - 10:00, 17 November 2023
- AEPD (Spain) - EXP202100764 (category Article 5(1)(f) GDPR)respectively. III Article 5.1.f) of the GDPR Article 5.1.f) “Principles relating to processing” of the GDPR establishes: "1. The personal data will be:34 KB (5,184 words) - 13:22, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9852214 (category Article 58(1) GDPR)of children’s personal data. The DPA held that the legal basis for the processing activities could hardly be determined from the controller's privacy policy36 KB (5,598 words) - 10:15, 8 February 2023
- AEPD (Spain) - EXP202210525 (category Article 6(1) GDPR)grants each control authority and as established in articles 47, 48.1, 64.2 and 68.1 of the Organic Law 3/2018, of December 5, Protection of Personal Data22 KB (3,427 words) - 13:26, 13 December 2023
- APD/GBA (Belgium) - 149/2023 (category Article 5(1)(a) GDPR)be/content/ECLI:BE:CASS:2021:ARR.20211007.1N.4/FR?HiLi=eNpLtDK2qs60MrAutjI2sFJKT01PLUvNK05K LU7OSC3KzcxLL04sLckvyixJzSxRss60MoSqdHd1dw1z9Qt2cg129nAN8vX0cw92DA3xD/IM113 KB (17,325 words) - 08:50, 19 March 2024
- wording, approved by the 1st Commission on July 27, 2017 , which consisted of the splitting of article 1 into two articles - 1 and 2 - with consequent remuneration233 KB (37,080 words) - 20:01, 31 March 2021
- CJEU - C‑634/21 - SCHUFA (category Article 22(1) GDPR)Schufa’s processing was compliant with domestic law. The data subject then appealed to the Administrative Court of Wiesbaden, under Article 78(1) GDPR.6 KB (783 words) - 16:05, 12 December 2023
- HDPA (Greece) - 26/2021 (category Article 15(1) GDPR)that the physician violated also art. 12 par. 1 GDPR obligation to facilitate the exercise of applicant’s right of access by imposing as the unique way3 KB (293 words) - 17:15, 3 March 2022
- AEPD (Spain) - PS/00001/2021 (category Article 5(1)(f) GDPR)***LOCALIDAD.1 (***PROVINCIA.1), on August 7, 2019, with identification number certified ***ATESTADO.1` and the invoice number ***FACTURA.1 issued by VDF270 KB (43,335 words) - 12:39, 13 December 2023
- Recipient Interim opening practicability H o w F o f b o a r d s Treatment round: 27/01/2021,(1 B ru ssel Section Market Court room 19A Judgment Offered on25 KB (3,812 words) - 10:03, 20 August 2021
- reported a data breach on city council X's website, because citizens' personal data was easily accessible on the controller's website by modifying the last five9 KB (1,211 words) - 20:32, 8 January 2024
- violating Article 5(1)(c) and Article 5(1)(e) GDPR. The DPA of Berlin fined Deutsche Wohnen SE for violating Article 5(1)(c) and Article 5(1)(e) GDPR, because36 KB (5,810 words) - 13:09, 21 January 2022
- company’s letter of 04-01¬ 2019 under the name ‘Zariropoulos S.A.’, which we attach.’It is apparent from that letter that the company Zariropoulos S.A. carried19 KB (3,034 words) - 15:33, 6 December 2023
- AEPD (Spain) - EXP202205353 (category Article 5(1)(f) GDPR)administrative procedures." II Article 5.1.f) of the GDPR Article 5.1.f) "Principles relating to processing" of the GDPR establishes: "1. Personal data will be: (…)22 KB (3,386 words) - 16:05, 13 December 2023
- BVwG - W214 2228164-1 (category Article 4(1) GDPR) (section Lawfulness According to Article 6(1)(f) GDPR)processing data for credit scoring purposes in light of Articles 5(1)(c), 5(1)(e) and 6(1)(f) GDPR and held that financial data may be stored for more than8 KB (987 words) - 10:01, 12 May 2022
- AEPD (Spain) - PS/00070/2019 (category Article 5(1)(a) GDPR)complainant outlined that they sent an email to BBVA’s data protection officer outlining that BBVA’s application did not provide the possibility to refuse422 KB (70,184 words) - 13:56, 13 December 2023
- controller’s privacy policy did not mention any legal basis, and the DPA determined that the legal grounds of Article 6(1)(b), 6(1)(c), Article 6(1)(d) and11 KB (1,452 words) - 17:03, 6 December 2023
- Supreme Administrative Court (Portugal) - 0856/20.0BELRA (category Article 4(1) GDPR)exception to the duty of confidentiality in Portuguese tax law, an individual's National Tax Number and associated home address are both considered personal6 KB (657 words) - 10:02, 6 October 2021
- Tietosuojavaltuutetun toimisto (Finland) - 6633/182/2018, 6707/154/2018 and 7685/152/2020 (category Article 15(1) GDPR)subject's personal data. Even then, the company should have responded to the request and said that the company no longer processes the data subject's personal7 KB (858 words) - 15:55, 11 December 2023
- to Article 58 ( 1) of the Data Protection Regulation [1] . 2 (e) . However, all affected data subjects who are specifically Intervare's customers must be24 KB (3,365 words) - 16:37, 6 December 2023
- need to monitor those places and even people's belongings workers. This should lead us, in the appellant's opinion, to apply in this case the principle75 KB (12,421 words) - 13:23, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9524194 (category Article 66(1) GDPR)case, the collection of children's personal data takes place when using services provided directly to them; - Article 25(1) of the Regulation, which requires9 KB (1,280 words) - 15:53, 6 December 2023
- AEPD (Spain) - EXP202203617 (category Article 5(1)(c) GDPR)considered the low number of affected data subjects (1); the fact that the controller is a small company (only 1 employee); and the low volume of data processed74 KB (11,726 words) - 13:02, 13 December 2023
- functions assigned to the control authorities in the article 57.1 and the powers granted in article 58.1 of the Regulation (EU) C/ Jorge Juan, 6 www.aepd.es 2800133 KB (4,835 words) - 13:26, 13 December 2023
- CNIL (France) - SAN-2020-009 (category Article 5(1)(a) GDPR)lorsque les données à caractère personnel sont collectées auprès d’elles. 1. S’agissant de l’accessibilité de l’information 41. '''En premier lieu''', le48 KB (7,404 words) - 17:09, 6 December 2023
- HDPA (Greece) - 20/2023 (category Article 25(1) GDPR)Articles 15(1) and 12(2), (3) and (4) as the controller did not respond to the access request and did not facilitate the exercise of the data subject's rights;6 KB (634 words) - 17:48, 17 July 2023
- défendeurs", tous deux représentés par Mme Caroline Curtis. 1. Champ d'application de la procédure 1. L'affaire a été portée devant la Chambre du contentieux96 KB (15,396 words) - 16:50, 12 December 2023
- telephone number of the complainant’s office indicates that, if the recipient so wishes, they are excluded. The applicant’s collaborators had been specifically14 KB (2,127 words) - 15:37, 6 December 2023
- such actions of Article 25 of the Code of Civil Procedure1. 1 See, by way of example, the Authority's Decision No 73/2018. 5 3. As is clear from the content14 KB (2,181 words) - 11:27, 13 September 2023
- communication and that he did not obtain the recipient's consent. Moreover, he initially collected the complainant's contact details for different purposes. However14 KB (2,070 words) - 15:38, 6 December 2023
- EDPB - Binding Decision 1/2021 - 'WhatsApp' (category Article 5(1)(a) GDPR)national DPAs with an “endeavour to reach consensus” (Article 60(1) GDPR). In its binding decision 1/2021, the EDPB added that, even in case of an own-volition29 KB (4,384 words) - 16:00, 6 December 2023
- Data Protection Code, health data can be processed without the data subject´s consent provided that the controller complies with the principle of essentiality16 KB (2,354 words) - 15:45, 6 December 2023
- of article 16 par. 1 and 2 of law 3917/2011, par. 1 and 2 of article 11 of law 3471/2006 were amended, so that with article 11 par. 1 of law 3471/2006 "The45 KB (7,165 words) - 15:22, 22 February 2022
- article 72.1.e) of the LOPDGDD. -13, in accordance with article 83.5.a) of the RGPD and for the purposes of prescription in the article 72.1.h) of the LOPDGDD66 KB (10,558 words) - 13:14, 13 December 2023
- CNIL (France) - SAN-2019-001 (category Article 6(1)(a) GDPR)extensive investigation. Google's main arguments were that the complaints are inadmissible and there was a violation of the company's right to a fair trial (art90 KB (14,556 words) - 17:08, 6 December 2023
- authority initiated proceedings for the alleged infringement of Article 5(1)(d) GDPR against the political party aforementioned. The Political party acknowledged26 KB (4,032 words) - 14:31, 13 December 2023
- sent (a) on ... and at ..., with the apparent sender's number "..." and (b) on ... at ..., with 1 Ave. 1-3 Kifissia Street, 11523 Athens, Greece T: 210 647511 KB (1,492 words) - 13:09, 23 November 2022
- HDPA (Greece) - 48/2021 (category Article 6(1)(f) GDPR)(definition) Article 5.2: Principle of accountability Article 6.1.a: Legal basis of consent Article 6.1.f: Legal basis of overriding legal interest Article 6.4:8 KB (1,028 words) - 12:49, 24 November 2021
- AEPD (Spain) - E/03276/2021 (category Article 6(1)(a) GDPR)the administrative procedure as prescribed by the art. 114.1.c) of Law 39/2015, of October 1, on Administrative Procedure Common of Public Administrations10 KB (1,288 words) - 13:39, 13 December 2023
- information stored in the user's terminal equipment or the writing of information in the user's terminal equipment : 1° Either, has the sole purpose of73 KB (11,864 words) - 17:03, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9574709 (category Article 66(1) GDPR)Regulation No. 1/2000; REPORTER Attorney Guido Scorza; WHEREAS, THE GUARANTOR: a) pursuant to art. 58, par. 2, lett. d) and f) and 66, par. 1 of the Regulation:17 KB (2,519 words) - 15:55, 6 December 2023
- to data subject's right to access. The HDPA highlighted that even when the data controller does not keep any record of the data subject's personal data,12 KB (1,773 words) - 15:33, 6 December 2023
- promotion and sale of advertising space to make the provider's services profitable, when the provider's processing was carried out on the territory of a member82 KB (13,463 words) - 17:03, 6 December 2023
- AEPD (Spain) - EXP202105344 (category Article 6(1) GDPR)publishing a blog for some time under the pseudonym ***PSEUDONYM.1, which is titled “***BLOG.1” (***URL.1 in which he makes assertions such as that the complaining22 KB (3,319 words) - 13:00, 13 December 2023
- CJEU - C-61/19 - Orange Romania (category Article 6(1)(a) GDPR)against the ANSPDCP's decision before the Tribunalul Bucureşti (Regional Court, Bucharest, Romania) which then requested the CJEU'S preliminar ruling on8 KB (1,074 words) - 13:50, 11 August 2022
- Details see CNPD (Portugal) Tribunal da Relação de Lisboa - 842/16.5T8ALQ.L1-3 on the monitoring the speed of vehicles through radar and the use of photographic3 KB (332 words) - 13:31, 3 May 2023
- within the scope of the GDPR. Furthermore, pursuant to Article 70(1)(u) GDPR, one of the EDPS's tasks is to promote cooperation and the effective bilateral and120 KB (19,650 words) - 09:00, 6 April 2022
- personal data outside the "metadata" of the videoconference. Furthermore, Annex 1 of the draft decree covers how to access to the electronic file and consultation16 KB (2,492 words) - 15:59, 6 December 2023
- Articles 15 to 22 of the RGPD, regulated in article 64.1 of the LOPDGDD, according to the which: "1. When the procedure refers exclusively to the lack of20 KB (3,087 words) - 13:30, 13 December 2023
- Scope of Directive 95/46 Processing for solely journalistic purposes 1. Article 3(1) of Directive 95/46/EC is to be interpreted as meaning that an activity5 KB (663 words) - 08:15, 27 April 2023
- First law on processing of personal data in Cyprus was L. 138(1)/2001 for the harmonisation of national law with the Directive 95/46/EC. This law was amended6 KB (580 words) - 23:49, 18 January 2020
- - Does the fact that the data breach was brought to the doctor's attention by the CNIL's control department relieve the doctor of his obligation to notify26 KB (4,050 words) - 17:10, 6 December 2023
- against complainant’s arguments for the following reasons: 1) Article 78(2) GDPR defines the applicable time frame in line with Article 4:13(1) of the Dutch25 KB (3,954 words) - 13:39, 16 November 2020
- personal data by the Jehovah’s Witnesses Community for a period of six months unless those conditions were observed. The Jehovah’s Witnesses Community appealed10 KB (1,282 words) - 14:38, 7 June 2023
- The CJEU ruled that personal data collected on the basis of Article 6(1)(e) may be used in legal proceedings, but the judge has to consider the principle9 KB (1,372 words) - 10:12, 7 June 2023
- Articles 15 to 22 of the RGPD, regulated in article 64.1 of the LOPDGDD, according to the which: "1. When the procedure refers exclusively to the lack of16 KB (2,362 words) - 13:37, 13 December 2023
- consistent with the fundamental right to respect for private life. The individual’s legal interest was grounded to the imposition of penalty points after some12 KB (1,792 words) - 18:13, 1 February 2023
- from Telmore A / S's website and Yousee A / S's website that Nuuday A / S is the data controller for Telmore A / S 'and Yousee A / S' processing of personal33 KB (5,177 words) - 16:23, 6 December 2023
- RvS - 202100789/1/A3 (category RvS (Netherlands))not exceed what is necessary, established under Articles 8 (1), 5 (4, 5), 6 (1), and 11 (1) of the Covenant ICOV, comply with the requirement of collection20 KB (2,965 words) - 12:52, 28 June 2023
- Datatilsynet (Denmark) - 2019-32-0639 (category Article 5(1)(a) GDPR)Articles 12(1), 14(1)(c), 14(2) and 14(3) GDPR. In addition, Datatilsynet also issued criticism in relation to Article 5(1)(a) GDPR for the controller’s attempt26 KB (4,157 words) - 16:23, 6 December 2023
- Datatilsynet (Denmark) - 2019-32-0709 (category Article 5(1)(a) GDPR)with Article 6 (1). 1, letter b, if the processing is necessary to comply with a legal obligation in accordance with Article 6 (1). 1, letter c, if the24 KB (3,763 words) - 16:23, 6 December 2023
- RvS - 201907720/1/A3 (category RvS (Netherlands))details. 201907720/1/A3. Date of judgment: 9 December 2020 SECTION ADMINISTRATIVE LAW Judgment on the appeals of: 1. [appellant under 1], residing at [place19 KB (3,135 words) - 12:38, 16 September 2021
- DPC (Ireland) - Inquiry into Airbnb Ireland UC - 28 September 2023 (category Article 5(1)(c) GDPR)follows: Article 5(1)(c) , Article 5(1)(e) and Article 6(1)(f) of the GDPR The DPC found that Airbnb did not validly rely on Article 6(1)(f) of the GDPR as17 KB (2,411 words) - 09:25, 27 November 2023
- APD/GBA (Belgium) - 136/2023 (category Article 5(1)(f) GDPR)GDPR. II.2.1. Article 5. 1.f) GDPR II.2.1.1. Findings in the Inspection Report 5. The first element that is the subject of the Inspectorate's investigation58 KB (9,184 words) - 16:49, 12 December 2023
- AKI (Estonia) - 2.1.-1/22/1396 (category Article 5(1)(f) GDPR)comply with XXX: 1. to stop filming outside one's own property (either by dismantling the camera(s) or directing it so that only one's own property remains);34 KB (5,305 words) - 08:40, 29 June 2023
- Datatilsynet (Denmark) - 2020-32-1733 (category Article 5(1)(d) GDPR)Statistics Denmark's internal list. Justification for the Danish Data Protection Agency's decision 3.1 It is clear from Article 6 (1) of the Data Protection16 KB (2,377 words) - 16:39, 6 December 2023
- Datatilsynet (Denmark) - 2020-432-0034 (category Article 5(1)(f) GDPR)Protection Agency's decision 3.1. Processing of personal data using ProctorExam 3.1.1. It follows from Article 2 (1) of the Data Protection Regulation 1, that the40 KB (6,369 words) - 16:39, 6 December 2023
- by theEDPBareset forthinArticle 60(4) andArticle 65(1)(a)GDPR 1. 3.1 Objection(s) expressed by CSA(s) in relationto a draft decision 17. The EDPBnotes thatseveralCSAs289 KB (33,568 words) - 15:00, 1 February 2023
- NAIH (Hungary) - NAIH/2020/193/8 (category Article 5(1)(d) GDPR)Applicant's personal data 1. According to the Applicant's declaration, the Applicant forwarded his name, tax identification number, mother's name, place58 KB (9,413 words) - 10:11, 17 November 2023
- Datatilsynet (Denmark) - 2018-32-0232 (category Article 5(1)(c) GDPR)municipality's filing system, which had been created on the basis of the complainant's request of 17 January 2018 about the municipality's subscription13 KB (1,990 words) - 16:22, 6 December 2023
- GHAL - 200.254.914 (category Article 6(1)(f) GDPR)Appeal confirmed the District Court's assessment that Google's interest, and the public's right, outweigh complainant's interest, especially considering a20 KB (2,722 words) - 10:04, 14 December 2023
- Datatilsynet (Denmark) - 2019-41-0043 (category Article 5(1)(a) GDPR)Gruppen A / S 'observance of the duty to provide information complied with the regulation's basic principle of transparency. SIF Gruppen A / S has informed26 KB (3,931 words) - 16:25, 6 December 2023
- RvS - 201906880/1/A3 (category RvS (Netherlands))on Article 6(1)(c) GDPR. In particular, the appellant argued that pursuant to Article 6(3) GDPR, a public interest task under Article 6(1)(c) GDPR must40 KB (6,464 words) - 09:58, 7 July 2021
- DSB (Austria) - 2020-0.349.984 (category Article 5(1)(f) GDPR)no. 2, Art. 5 para. 1 lit. f, Art. 6 Para. 1 lit. c and lit. f, Art. 13, Art. 51 Para. 1, Art. 57 Para. 1 lit. f and Art. 77 Para. 1 of Regulation (EU)28 KB (4,228 words) - 14:00, 12 May 2023
- RvS - 201905347/1/A3 (category RvS (Netherlands))By decision of 7 May 2018, the Minister rejected [the applicant's] and [the appellant's] request for the deletion ('erasure') of their personal data. By25 KB (3,824 words) - 22:46, 10 October 2020
- Datatilsynet (Denmark) - 2019-431-0052 (category Article 5(1)(e) GDPR)protection rules. 4.1. The legal basis for the treatment 4.1.1. It is clear from Article 6 (1) of the Data Protection Regulation 1, letter a, that the27 KB (4,300 words) - 16:36, 6 December 2023
- NAIH (Hungary) - NAIH/2020/2555 (category Article 4(1) GDPR)to the Debtor's telephone number, as there is no reference to the Applicant's name, only a registration number to identify his client's case. According33 KB (5,033 words) - 10:12, 17 November 2023
- FiS - 7679-22 (category FiS (Sweden)) (section Detailed Summary of the Court's Assessment of IMY's Findings)disagreed with the IMY's findings of GDPR breaches in two instances, holding that the controller did not breach Articles 12(1) and 13(1)(e) GDPR. On the other13 KB (1,616 words) - 09:14, 2 May 2024
- NAIH (Hungary) - NAIH-373-31/2023 (category Article 5(1)(b) GDPR)the postal inquiries of Customer 1, the Authority determines that Customer 1 has violated Article 12 (1) and Article 14 (1) points a) and c) of the General140 KB (23,189 words) - 08:25, 20 February 2024
- RvS - 201905319/1/A3 (category RvS (Netherlands))The Dutch Council of State (RvS) ruled that a data subject's search for evidence that the Municipal Executive unlawfully processed personal data does not21 KB (3,337 words) - 10:08, 16 December 2020
- UODO (Poland) - DKE.561.1.2020 (category Article 58(1)(e) GDPR)complainant's personal data. At the same time, the President of the company's Management Board stated that "the Company obtained the Complainant's personal31 KB (5,101 words) - 09:52, 17 November 2023
- Datatilsynet (Denmark) - 2023-432-0016 (category Article 5(1) GDPR)EDBP's guidelines 5/2020 regarding consent in accordance with regulation 2016/679, section 3.1, pp. 7-14 and the Danish Data Protection Authority's guidance46 KB (7,192 words) - 12:37, 19 December 2023
- Datatilsynet (Denmark) - 2019-32-0988 (category Article 5(1)(e) GDPR)Protection Agency's decision 3.1. Authorization to record telephone conversations 3.1.1. Pursuant to Article 9 (1) of the Data Protection Regulation 1, there is45 KB (7,151 words) - 16:24, 6 December 2023
- Datatilsynet (Denmark) - 2020-442-8866 (category Article 4(1) GDPR)mandated by Article 33(1). Did the secretariat of the DPA breach its data security obligations under Articles 32(1), 33(1), and 34(1)? The Datatilsynet found20 KB (3,045 words) - 16:40, 6 December 2023
- ANSPDCP (Romania) - Sanatatea Press Group S.R.L. (category Article 5(1)(f) GDPR)Articles 5(1)(f), as well as 32(1) and (2). As a consequence, the ANSPDCP issued an administrative fine of €2000 against Sanatatea Press Group S.R.L. Share4 KB (422 words) - 15:20, 13 December 2023
- ANSPDCP (Romania) - Fine to DADA CREATION S.R.L. (category Article 32(1) GDPR)of a document containing customers personal data. On the DADA CREATION S.R.L.'s website, the following personal data were made available: e-mail addresses5 KB (547 words) - 15:18, 13 December 2023
- NAIH (Hungary) - NAIH-1091-10/2022 (NAIH-6936/2021) (category Article 6(1) GDPR)12 (1) of the GDPR, as it did not provide transparent and understandable information, - Article 15 (1) and Article 17 (1) of the GDPR, Article 12 (1) -69 KB (11,255 words) - 10:08, 17 November 2023
- Gazette I No. 165/1999 as amended; §§ 2 Z 1, Z 6 and Z 15, 5 Z 4, 6 Para. 1 and Para. 2, 11 Para. 1 and 21 Para. 1 Z 1 of the Financial Market Money Laundering33 KB (5,254 words) - 13:33, 12 May 2023
- Korkein hallinto-oikeus (Finland) - KHO:2023:56 (category Article 5(1)(c) GDPR)CiAgImkxOG4uaW1wb3J0LmNvbnRlbnQiIDogIlR1byBzaXPDpGx0w7YiLAogICJidXR0b24uYm9sZCIgOiAidHJ1ZSIsCiAgImkxOG4uc21hbGwuaW1hZ2UiIDogIlBpZW5pIGt1dmEiLAogICJpMT45 KB (5,016 words) - 14:14, 21 March 2024
- AKI (Estonia) - 2.1.-1/19/126 (category Article 12(1) GDPR)re-examined complaint about financial service provider’s incomplete response to data subject’s access request after appeal. The appellant complained that3 KB (195 words) - 10:30, 13 December 2023
- Court of Appeal of Brussels - 2022/AR/556 (category Article 5(1)(b) GDPR)requirement of Articles 5.1.a, 5.1.b, 6.1.c), 6.3, 9.2.i), 12.1, 13.1.c), 13.2.a), 13.2.d), 13.2.e), 30.1.a) and 30.1.d), 35.1 and 35.7 of the GDPR 9. The83 KB (13,694 words) - 09:53, 14 December 2023
- Garante per la protezione dei dati personali (Italy) - 9518890 (category Article 5(1)(a) GDPR)imposed a fine of €20000 on Gaypa s.r.l. for checking its employee's professional email account in order to protect the company's interests. The Garante found4 KB (460 words) - 15:53, 6 December 2023
- Korkein hallinto-oikeus (Finland) - KHO:2021:125 (category Article 54(1) GDPR)section 1, subsection 1, section 14, subsections 1–2, section 15, subsections 1 and 3. and subsection 4, 3 points, section 16, subsection 1, section 1846 KB (7,394 words) - 14:08, 21 March 2024
- EDPB - Binding Decision 1/2020 - 'Twitter' (category Article 5(1)(f) GDPR)the DE SA’s objections on Article 5(1)(f), Article 24 and 32 GDPR, as well the IT SA’s objection on Article 5(2) GDPR - as well as the LSA’s response to183 KB (30,819 words) - 09:50, 20 January 2023
- DSB (Austria) - 2020-0.303.727 (category Article 17(1) GDPR)at/presse/news/201*/berichteneu*3*1*8*.php from May 11, 2017 reads as follows (formatting not 1: 1 reproduced, accessed on August 31, 2020): [Editor's note: The article21 KB (3,266 words) - 13:51, 12 May 2023
- HDPA (Greece) - 48/2023 (category Article 5(1)(a) GDPR)accountant had processed the data subject's personal data in violation of Article 5(1)(a) GDPR, Article 6(1) GDPR, Article 12(3) GDPR, Article 12(4) GDPR6 KB (685 words) - 14:58, 21 March 2024
- RvS - 202000948/1/A3 (category RvS (Netherlands))impose additional requirements. This decision should be compared to: RvS - 201907720/1/A3 Share blogs or news articles here! The decision below is a machine12 KB (1,870 words) - 12:37, 16 September 2021
- BVwG - W211 2230221-1 (category Article 15(1)(c) GDPR)procedure until the CJEU's decision on the Austrian Supreme Court's request for preliminary ruling regarding the interpretation of Article 15(1)(c) GDPR is published19 KB (2,825 words) - 09:42, 26 November 2021
- AZOP (Croatia) - Decision 28-08-2019 (category Article 4(1) GDPR)financial statements for the period from 1.1.2018 to 31.12.2018". This document was publicly available on the controller's website. The controller refused to16 KB (2,373 words) - 15:31, 30 October 2023
- NAIH (Hungary) - NAIH/2020/66/21 (category Article 25(1) GDPR)under one year). 1On the IP address […] identified by Client 1, the Authority's acting administrator found that it was the Authority's Internet the IP address67 KB (10,492 words) - 10:11, 17 November 2023
- APD/GBA (Belgium) - 11/2019 (category Article 5(1)(b) GDPR)imposed by sections 24.1., 28.1. and 30.1. of the DGPS ; -On 11 June 2019, the Disputes Chamber decides, pursuant to Article 95, § 1, 1° and 98 of the ICA24 KB (3,844 words) - 16:51, 12 December 2023
- re-examined complaint about financial service provider’s incomplete response to data subject’s access request after appeal The DPA examined appeal against4 KB (423 words) - 10:30, 13 December 2023
- ANSPDCP (Romania) - S.C. Tip Top Food Industry S.R.L (category Article 5(1)(c) GDPR)investigation of the controller S.C. Type Top Food Industry S.R.L and found a violation of the provisions of art. 5 par. (1) lit. b) and c) and par. (2),6 KB (688 words) - 15:20, 13 December 2023
- DSB (Austria) - 2020-0.191.240 (category Article 4(1) GDPR)secrecy (Section 1 (1) DSG) as follows The appeal is dismissed as unfounded. Legal basis: Article 51(1), Article 57(1)(f) and Article 77(1) of Regulation66 KB (10,546 words) - 13:50, 12 May 2023
- BVwG - W214 2233132-1/27E (category Article 15(1)(c) GDPR)follows: "§ 26b paragraph 1 (1) trade secret is information that" § 26b paragraph one, (1) trade secret is information that 1. is secret because it is neither87 KB (14,194 words) - 10:07, 15 February 2024
- HDPA (Greece) - 35/2023 (category Article 5(1) GDPR)disclosure of personal data by bank to the data subject's wife under Article 5 (1) (a) GDPR and Article 5 (1) (f) GDPR. An additional €50,000 was added for the52 KB (8,460 words) - 10:54, 10 January 2024
- Datatilsynet (Norway) - 20/02274 (category Article 5(1)(a) GDPR)breach of Article 6(1)(f) GDPR, as the controller did not discontinue the data subject's email. Finally, the right under Article 17(1)(e) GDPR was infringed47 KB (7,661 words) - 18:54, 5 March 2022
- Datatilsynet (Norway) - 20/02059 (category Article 5(1)(d) GDPR)The DPA noted that the lawful basis was Article 6(1)(f) GDPR and referred to the Article 29 Group's guidelines WP225 relating to search engine results5 KB (532 words) - 06:53, 6 March 2022
- RvS - 201902417/1/A2 (category RvS (Netherlands))legislation) was legitimate and allowed under Article 6 (1) (e) of the GDPR. However, the Council of State (CoS) rules that the municipality did not inform the37 KB (5,721 words) - 12:41, 16 September 2021
- Datatilsynet (Denmark) - 2019-32-0910 (category Article 5(1)(c) GDPR)audit of Y Municipality's processing of personal data on complaints in connection with a search function on Y Municipality's website. 1. Decision After a review10 KB (1,528 words) - 16:23, 6 December 2023
- BVwG - W101 2132183-1 and W101 2132039-1 (category Article 4(1) GDPR) (section Google's appeal against the DSB's decision)Paragraph 24(1) and (1) and (2) of the B-VG. 5 DSG as amended, with the provisos that part 1. of the ruling concerning the data protection complaint of 1 February107 KB (17,615 words) - 09:42, 10 September 2021
- Commissioner (Cyprus) - 11.17.001.010.201 (category Article 5(1)(a) GDPR)Board and, therefore, issue this Decision. 1. Facts of the Case 1.1 Allegations included in the complaint 1.1.1 On 26/09/2022, a complaint was submitted23 KB (3,737 words) - 10:30, 7 June 2023
- VGH München – 5 CS 19.2087 (category Article 4(1) GDPR)Paragraph 1 S. 1, § 99 Paragraph 2, § 108 Paragraph 1 S. 1, § 146 Paragraph 4 S. 1, S. 6, § 152 Paragraph 1, § 154 Paragraph 2, Paragraph 3, § 162 Paragraph 340 KB (6,397 words) - 08:03, 21 March 2022
- Tietosuojavaltuutetun toimisto (Finland) - 3021/452/2017 (category Article 5(1)(a) GDPR)Article 5 (1) (a), Article 12 (1), (2) and (6) , Article 13, Article 15 (1) (h), (3) and (4), Article 58 (2) (c) and (d) subparagraphs Article 34 (1) (2), Article41 KB (6,220 words) - 09:48, 17 November 2023
- GHDHA - C/09/574422 / HA RK 19-368 (category Article 1 GDPR)data subject's name of the register. The Court balanced Hoist's interest against the data subject's. On that basis, it held that Hoist's interest outweighed43 KB (7,297 words) - 12:26, 4 October 2021
- EDPB - Binding Decision 2/2022 - 'Instagram' (category Article 5(1)(c) GDPR)3. The Draft Decision concerned Meta IE’s compliance with Article 5(1)(a) and (c), Article 6(1), Article 12(1), Articles 13, 24, 25 and 35 GDPR in respect276 KB (38,206 words) - 09:46, 20 January 2023
- Tietosuojavaltuutetun toimisto (Finland) - 4282/161/21 (category Article 5(1)(f) GDPR)that the controller had violated Article 5(1)(f) GDPR, Article 17(1) GDPR, Article 25(1) GDPR, Article 32(1) GDPR and Article 32(2) GDPR. As a result,56 KB (8,980 words) - 08:47, 4 March 2024
- Datatilsynet (Denmark) - 2019-431-0037 (category Article 28(1) GDPR)information. These are the companies KMD A / S, Fujitsu A / S, LIFA A / S and INSPARI A / S. Kombit A / S has stated that no data has been publicly available18 KB (2,710 words) - 16:34, 6 December 2023
- ICO (UK) - Chief Constable West Midlands Police (category Article 38(1) GDPR)the safeguards necessary for that purpose.” 1.3 The reasons for the Commissioner’s findings are set out below. 1.4 This case relates to two individuals with18 KB (2,476 words) - 09:10, 14 May 2024
- AKI (Estonia) - 2.1.-3/20/4479 (category Article 5(1)(c) GDPR)The appellant's claim that the injunction was not enforceable is devoid of purpose because the appellant's representative sent December 1AKI-lease confirmation:28 KB (4,474 words) - 10:31, 13 December 2023
- Datatilsynet (Denmark) - 2019-441-3399 (category Article 34(1) GDPR)Justification for the Danish Data Protection Agency's decision 3.1 Article 32 (1) of the Data Protection Regulation. 1 The Data Inspectorate assumes that BroBizz27 KB (4,231 words) - 16:38, 6 December 2023
- Persónuvernd (Island) - 2022020363 (category Article 28(1) GDPR)addition, the controller attached Google's terms and Google's privacy policy concerning its cloud services. Google’s terms specify the information that google142 KB (22,881 words) - 12:42, 16 January 2024
- AEPD (Spain) - PS/00010/2020 (category Article 6(1)(a) GDPR)person? The AEPD held that the telecoms company 's actions were a breach of Article 6(1) GDPR. Article 6(1) does not apply here because they failed to prove22 KB (3,523 words) - 13:45, 13 December 2023
- documents relating to the data subject's debt, and if so, have these been received by the controller? Was the insolvency file's accuracy verified before transfer22 KB (3,237 words) - 12:25, 17 June 2022
- RvS - 202002066/1/A3 (category RvS (Netherlands))this interpretation follows the CJEU’s logic as expressed in paragraph 46 of their judgment of the of 17 July 2014, Y.S. The Council stated that “although22 KB (3,354 words) - 09:23, 18 February 2022
- ICO - Monetary Penalty on Ticketmaster UK Limited (category Article 5(1)(f) GDPR)Ticketmaster UK Limited, 30 St. John Street, London, EC1M 4-AY 13 November 2020 1 INTRODUCTION & SUMMARY 1.1 This Penalty Notice is given to Ticketmaster (UK)130 KB (21,195 words) - 13:52, 25 April 2021
- DSB (Austria) - 2020-0.605.768 (category Article 41(1) GDPR)Federal Law Gazette No. 51/1991 as amended, in conjunction with §§ 1, 3 Paragraph 1 and TP 1 Federal Administrative Fees Ordinance 1983, BGBl No. 24 as amended19 KB (2,799 words) - 13:52, 12 May 2023
- Datatilsynet (Denmark) - 2019-431-0018 (category Article 5(1)(b) GDPR)Protection1) Article 6 (Regulation. 1, as well as Articles 13 and 14. Below is a detailed examination of the case and a justification for the Authority's decision18 KB (2,667 words) - 16:29, 6 December 2023
- Datatilsynet (Norway) - 20/01949 (category Article 5(1)(d) GDPR)Article 17(1)(d). The DPA also found that the municipality were in breach of the principles of lawfulness, fairness and transparency, cf. Article 5(1)(a), and49 KB (7,572 words) - 16:14, 6 December 2023
- Datatilsynet (Norway) - 20/01627 (category Article 4(1) GDPR)the controller's interest. Consequently, the DPA held that the camera surveillance and livestreaming violated Article 6(1) and Article 5(1)(a) and fined45 KB (6,973 words) - 05:12, 15 September 2022
- UODO (Poland) - DKN.5130.1354.2020 (category Article 5(1)(f) GDPR)sec. 1, art. 25 sec. 1, art. art. 28 sec. 1, art. 28 sec. 3 lit. h, 32 sec. 1 lit. b and lit. d, art. 32 sec. 2, art. 33 paragraph. 1, art. 34 sec. 1 Regulation74 KB (11,513 words) - 09:58, 17 November 2023
- Datatilsynet (Norway) - 21/01057 (category Article 57(1) GDPR)that the controller had a legal basis for processing children's health data under Article 6(1)(e) GDPR (exercise of official authority) and Article 9(2)(b)17 KB (2,399 words) - 16:20, 6 December 2023
- AEPD (Spain) - PS/00139/2020 (category Article 5(1)(a) GDPR)client's data. After making a change of address in her telephone company, in the company's systems it still appeared as joint holder the complainant's ex-husband20 KB (3,086 words) - 14:04, 13 December 2023
- AEPD (Spain) - PS/00365/2019 (category Article 58(1)(e) GDPR)Mr. *** NAME.1 ***LASTNAME 1; born on 08/05/1985, in *** LOCALIDAD.2 (*** COUNTRY.1); son of Gabriel and Viorica. Nationality: *** COUNTRY. 1. Address: street86 KB (14,295 words) - 14:32, 13 December 2023
- Datatilsynet (Denmark) - 2018-423-0018 (category Article 5(1) GDPR)Regulation [1] and the Data Protection Act [2]. The Data Inspectorate's planned inspection of Varde Municipality focused on the municipality's compliance21 KB (3,119 words) - 16:22, 6 December 2023
- ANSDPCP (Romania) - Raiffeisen Bank S.A. and Vreau Credit S.R.L. (category Article 32(1) GDPR)Raiffeisen Bank S.A. and Vreau Credit S.R.L. and fined the two data controllers for violation of Article 32(1), (2) and (4) GDPR. On the 1st of October 20195 KB (568 words) - 15:10, 13 December 2023
- Datatilsynet (Denmark) - 2019-432-0024 (category Article 6(1)(c) GDPR)rules ofof the Data Protection Regulation1)[1] Article 6 (. 1 and1) of the Data Protection Act[2] section 11 (. 1. However, the Data Inspectorate finds that13 KB (1,936 words) - 16:37, 6 December 2023
- APD/GBA (Belgium) - 08/2019 (category Article 30(1)(g) GDPR)imposed by sections 24.1., 28.1. and 30.1. of the DGPS ; -On 11 June 2019, the Disputes Chamber decides, pursuant to Article 95, § 1, 1° and 98 of the ICA24 KB (3,843 words) - 16:51, 12 December 2023
- DSB (Austria) - D123.921/0005-DSB/2019 (category Article 1(2) GDPR)years according to Section 98 (1) WTBG or seven years according to Section 132 (1) Federal Fiscal Code ("BAO") or Section 212 (1) Corporate Code (“UGB”). -42 KB (6,592 words) - 13:58, 12 May 2023
- bytheEDPBareset forthinArticle60(4) andArticle 65(1)(a)GDPR 1. 3.1 Objection(s) expressed by several CSA(s) in relationto a DraftDecision 19. The EDPB notes468 KB (51,340 words) - 14:10, 30 January 2023
- NAIH (Hungary) - NAIH-2020/2204/8 (category Article 15(1) GDPR)25 / N. §, 51 / A. § (1), Articles 52-54. §- in Section 55 (1) - (2), Sections 56-60. §, 60 / A. § (1) - (3) and (6), § 61 (1) paragraph 61 (a) and (c)60 KB (9,820 words) - 10:08, 17 November 2023
- AEPD (Spain) - PS/00219/2019 (category Article 5(1)(d) GDPR)data without the accuracy required according to Article 5(1)(d) GDPR. BBVA sent the claimant's personal data to a collection agency. The claimant had no37 KB (5,785 words) - 14:11, 13 December 2023
- Datatilsynet (Norway)- 20/02254 (category Article 57(1)(a) GDPR)generalis, cf. the Ordinance's Proposition 173. The Ordinance's rules on principles, basis for processing, information, the data subject's rights, the data controllers'24 KB (3,498 words) - 16:14, 6 December 2023
- NAIH (Hungary) - NAIH/2020/974/4 (category Article 5(1)(a) GDPR)Article 1 (1). b) Lack of adequate information on the purpose of data processingThe General Data Protection Regulation5. According to Article 1 (1) (a),67 KB (10,815 words) - 10:11, 17 November 2023
- Garante per la protezione dei dati personali (Italy) - 9509515 (category Article 5(1)(a) GDPR)General pursuant to Article 15 of the Garante's Regulation No. 1/2000; Dr Agostino Ghiglia as rapporteur; WHEREAS 1. The report against the company and the preliminary33 KB (5,342 words) - 15:52, 6 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 137/161/20 (category Article 5(1)(a) GDPR)in Working Life and Article 5(1)(a) and (c), 6(1) and 9(1) GDPR? The Finnish DPA held that the collection of applicant’s religious beliefs, health status3 KB (249 words) - 13:04, 3 March 2024
- Datatilsynet (Norway) - 20/01777 (category Article 5(1)(a) GDPR)for the disclosure to the data subjects's employer and was therefore in violation of Articles 5(1)(a) and 6(1) GDPR. The recordings had already been handed7 KB (676 words) - 18:53, 5 March 2022
- obtained from the school's website, where the BF's data can still be found today. The assessment relates to the BF's professional and not private activities30 KB (4,834 words) - 13:14, 10 November 2021
- Datatilsynet (Norway) - 20/01626 (category Article 5(1)(a) GDPR)personal data follow from Article 5 (1) of the Privacy Regulation. We refer to Article 5 (1) (a), (b), (c) and (f): «1. Personal information must (...) (a)50 KB (8,081 words) - 18:52, 5 March 2022
- Ubels in Amsterdam. 1Process 1.1 Appellants are hereinafter jointly referred to as [Appellants] and separately as [Appellant sub 1] and [Appellant sub41 KB (7,150 words) - 12:30, 4 October 2021
- AEPD (Spain) - PS/00415/2020 (category Article 5(1)(d) GDPR)complainant ’s basic personal data such as name and address. Vodafone España, S.A.U. acknowledged its responsibility in accordance with Article 85 (1) LPACAP30 KB (4,436 words) - 14:36, 13 December 2023
- VG Hannover - 10 A 502/19 (category Article 5(1)(a) GDPR)from Art. 2 Para. 1 in conjunction with Art. 1 Para. 1 GG.42 III. The decision on costs is a mixed cost decision (Section 155 (1) Sentence 1 VwGO) on the one41 KB (6,779 words) - 12:35, 24 November 2021
- AEPD (Spain) - PS/00006/2019 (category Article 6(1)(a) GDPR)articles 6.1.a in relation to article 8.1- and the LOPDGD -Article 7-, the information provided on the website ***URL.1, for which GRUP BC, S.L. was responsible27 KB (4,517 words) - 13:44, 13 December 2023
- DSB (Austria) - 2021-0.347.702 (category Article 6(1)(f) GDPR)hereinafter: GDPR), OJ No. L 119 of 4.5.2016 p. 1; § 1 paragraph 1 and 2, § 18 paragraph 1 and § 24 paragraph 1 and paragraph 5 of the Data Protection Act (DSG)25 KB (3,875 words) - 10:36, 11 January 2024
- Art. 82 Para. 1, Para. 2, Art. 5 Para. 1 lit. a Var. 1, Article 6 paragraph 1 subparagraph. 1 lit. 1, Article 6 paragraph 1 subparagraph. 1 lit. a, Art.130 KB (21,874 words) - 09:43, 15 February 2024
- them by e-mail on 1 4 January 2021. 1.2. In the petition, Y2 and Y1 ask: Declare this appeal admissible, admissible and well-founded; 1}-before doing reconsideration92 KB (14,873 words) - 09:03, 20 August 2021
- VG Mainz - 1 K 584/19.MZ (category Article 9(1) GDPR)items 1, 3, 5, 6 and 7 of the defendant's decision of 23 November 2018 are lawful and do not infringe the plaintiff's rights (§ 113.1 sentence 1 VwGO)58 KB (9,665 words) - 08:51, 25 November 2020
- Datatilsynet (Norway) - 18/02579 (category Article 5(1)(f) GDPR)OrdinanceArticle 5 No. 1 letter f, and the Privacy Regulation 32 No. 1. letter book d The background and reasons for the decision follow below. 1. The case 1.1. Description41 KB (6,337 words) - 18:52, 5 March 2022
- OGH - 6Ob127/20z (category Article 4(1) GDPR)14 days. D e s c r i p t i o n s : [1] The Respondent is the nation's leading Logistics and postal service provider, whose The defendant's main business34 KB (5,408 words) - 13:57, 20 September 2021
- AEPD (Spain) - PS/00187/2019 (category Article 5(1)(a) GDPR)For all the above, the AEPD hold that HM HOSPITALES 1989, S.A. breached Articles 5(1)(a) and 6(1)(a) GDPR and therefore, imposed a fine of €48,000 pursuant5 KB (497 words) - 14:08, 13 December 2023
- Rb. Overijssel - AK 20 1535 (category Article 17(1)(a) GDPR)N. Boers. Considerations 1. The court assumes the following facts and circumstances. 1.1. On October 14, 2019, the plaintiff's representative submitted23 KB (3,225 words) - 11:52, 4 October 2021
- APD/GBA (Belgium) - 55/2021 (category Article 6(1)(e) GDPR)retroacts1) History1. The complainant lodges a complaint with the DPA about a request for erasure ofpersonal data processed by Y1 (hereinafter Y1). In his81 KB (13,211 words) - 16:59, 12 December 2023
- decree has not changed the content of Article 11.5 1 invoked, now replaced by Article 1-9 § 5. 1Article 1-9 § 5: Correction of an error made in an act, an73 KB (11,604 words) - 16:57, 12 December 2023
- appeal is admissible; however, it is not justified. Legal assessment 1.1 Paragraph 1328a(1) of the ABGB states Anyone who unlawfully and culpably encroaches24 KB (3,763 words) - 09:49, 14 December 2023
- particular in Art. 5 Para. 1 lit. f, Art. 24 Para. 1 sentence 1, Art. 25 Para. 1 and Para. 2 sentence 1, Art. 28 Para. 1 and Art. 89 Para. 1 sentence 2 (...). The25 KB (3,605 words) - 13:59, 12 May 2023
- UODO (Poland) - ZSPR.421.7.2019 (category Article 5(1)(a) GDPR)EXAMPLE On [...] February 2019, pursuant to Article 78(1), Article 79(1)(1) and Article 84(1)(1-4) of the Act of 10 May 2018 on the protection of personal60 KB (9,815 words) - 10:02, 17 November 2023
- ANSPDCP (Romania) - Fina against NN Pensii Societate de Administrare a unui Fond de Pensii Administrat Privat S.A. and NN Asigurări de Viață S.A. (category Article 32(1)(b) GDPR)Societate de Administrare a unui Fond de Pensii Administrat Privat S.A. and NN Asigurări de Viață S.A., two insurance providers (controllers) owned by the same8 KB (1,064 words) - 08:35, 31 May 2023
- 2,500.00 s.A, on the appeals of the plaintiff party (appeal interest EUR 1,700.-- s.A.) and the defendant party (appeal interest EUR 800.-- s.A.) against54 KB (7,916 words) - 12:06, 9 May 2022
- KamR Göteborg - 2232-21 (category Article 5(1)(a) GDPR) (section Google's practice of informing webmasters)upheld the FiS decision that Google's practice to regularly inform webmasters of the removal of search results was contrary to Article 5(1)(a) GDPR (principle8 KB (1,119 words) - 11:52, 9 December 2021
- AKI (Estonia) - 2.1.-1/23/2891-5 (category Article 6(1)(a) GDPR)§ 56 subsection 1, subsection 2 point 8, § 58 subsection 1, § 10 of the Personal Data Protection Act (IKS) and Article 58 paragraph 1 point d and paragraph23 KB (3,657 words) - 11:23, 17 April 2024
- AEPD (Spain) - PS/00348/2020 (category Article 5(1)(a) GDPR)discovered that the claimant’s signature was missing from the section “signature of old owner”. Did Vodafone’s failure to get the claimant’s signature constitute38 KB (5,648 words) - 14:31, 13 December 2023
- VDAI (Lithuania) - VDAI vs UAB Prime Leasing (category Article 32(1)(a) GDPR)measures to ensure security of processing under Article 32(1)(a), Article 32(1)(b), and Article 32(1)(d) GDPR, which led to a data breach. The Controller is37 KB (4,319 words) - 09:20, 17 November 2023
- Datatilsynet (Denmark) - 2019-421-0028 (category Article 15(1)(h) GDPR)Protection Agency's decision. 2. Payment Denmark's guidelines and procedures Payment Denmark, prior to the audit visit, sent a copy of the authority's procedures17 KB (2,639 words) - 16:27, 6 December 2023
- deadline for the operator's decision is one month from the receipt of the request. An appeal is possible against the operator's silence or against his refusal10 KB (1,575 words) - 13:37, 10 August 2021
- LG Münster I - ECLI:DE:LGMS:2023:0704.16O238.22.00 (category Article 6(1)(f) GDPR)for more details. 1T a t b e s t a n d 2The parties are in dispute over the deletion of the plaintiff's personal data from the defendant's credit agency.28 KB (4,215 words) - 15:09, 6 December 2023
- 24, 28 and 31 October and 1 November 2019 THIRD: On 25/03/20, the entity DIGITAL VIRGO ESPAÑA, S.A., refers to this Agency's written reply, attaching to25 KB (4,100 words) - 14:05, 13 December 2023
- AEPD (Spain) - PS/00406/2020 (category Article 6(1)(f) GDPR)to this contract. " 1. That "Requests are not sent by TESTA RESIDENCIAL SOCIMI, S.A. directly but by a third entity EQUIFAX IBERICA S.L. " 2. In response36 KB (5,582 words) - 14:35, 13 December 2023
- DSB (Austria) - D130.206/0006-DSB/2019 (category Article 5(1)(a) GDPR)2 lit. a, Art. 5 para. 1 lit. a, Art. 12 para. 1, para. 2 and para. 3, Art. 13, Art. 27, Art. 57 para. 1 lit. f, Art. 58 para. 1 lit. b and para. 2 lit40 KB (6,007 words) - 13:59, 12 May 2023
- AEPD (Spain) - E/00113/2019 (category Article 17(1)(b) GDPR)salary payments subject to contribution to the S.S., to the determination of the bases of contribution to the S.S. and to the concepts of joint collection and27 KB (4,497 words) - 13:38, 13 December 2023
- Datatilsynet (Norway) - 20/02225 (category Article 6(1)(f) GDPR)basis under Article 6, paragraph 1, letter f to obtain the complainant's credit information. 7. Infringement fee 7.1. General information about infringement45 KB (7,286 words) - 18:55, 5 March 2022
- Tietosuojavaltuutetun toimisto (Finland) - TSV/35/2022 (category Article 5(1)(a) GDPR)the controller's processing. In this case, however, the DPA appears to merge the employee's unauthorised processing with the controller's processing. Share20 KB (2,859 words) - 13:11, 13 March 2024
- Personvernnemnda (Norway) - 2022-14 (20/02368) (category Article 6(1)(f) GDPR)company's finances are then sufficiently taken into account. The fee of NOK 100,000 constitutes 2.0% of the company's turnover in 2019 and 2.1% of the26 KB (4,039 words) - 09:08, 20 January 2023
- Personvernnemnda (Norway) - 2021-13 (20/01874) (category Article 6(1) GDPR)the restaurant's wine room (zone 1). The second camera was located in the restaurant's lounge area and covered the staircase from the 1st floor (main floor)48 KB (7,804 words) - 18:49, 5 March 2022
- Personvernnemnda (Norway) - PVN-2022-19 (category Article 17(1)(a) GDPR)deletion of information about the father's ethnicity in accordance with the privacy regulation article 17 no. 1. As's view of the case in brief They have several23 KB (3,547 words) - 10:05, 17 November 2023
- AG Pankow - 4 C 199/21 (category Article 18(1)(c) GDPR)same reasons, the defendant's failure to prevent automatic erasure does not violate Art. 18(1) GDPR. According to Article 18(1)(c) of the GDPR, a data subject17 KB (2,569 words) - 07:15, 17 May 2022
- DSB (Austria) - 2021-0.101.211 (category Article 6(1)(c) GDPR)DSG), Federal Law Gazette I no. 165/1999 as amended; Sections 1(1)(1) and (2), 2(1), 3(1)(1), (1a) and (2) and 4 of the Epidemics Act 1950 (hereinafter: EpiG)37 KB (5,745 words) - 13:53, 12 May 2023
- APD/GBA (Belgium) - 145/2023 (category Article 4(1) GDPR)college's communication of the reasons for dismissal of one of its former teachers to their colleagues and students was in violation of Article 6(1)(f) GDPR39 KB (6,247 words) - 09:14, 15 November 2023
- VDAI - N/A (category Article 5(1)(d) GDPR)changes of applicant's email? The DPA held that the Administration did not have a right under the GDPR to unilaterally change the applicant's email address according8 KB (1,065 words) - 09:19, 17 November 2023
- Datatilsynet (Norway) - 20/02172 (category Article 6(1)(f) GDPR)outside of the company's area of business. Consequently, Lindstrand Trading did not have a legal basis for such processing as per Article 6(1)(f) GDPR. Did Lindstrand28 KB (4,155 words) - 18:57, 5 March 2022
- Datatilsynet (Denmark) - 2020-441-4364 (category Article 5(1)(a) GDPR)implemented. Regular evaluation of measures Article 32 (1) of the Data Protection Regulation Article 1 (1) (d) states that in order to ensure a level of security33 KB (5,347 words) - 16:39, 6 December 2023
- AEPD (Spain) - PS/00235/2019 (category Article 6(1)(a) GDPR)violated Articles 6(1)(a) and 5(1)(a) GDPR. Moreover, the AEPD stated that apart from the unlawful processing of the complainant’s personal data Vodafone24 KB (4,074 words) - 14:21, 13 December 2023
- GDPR, Articles 5(1)(a), 12(1) and 13(1)(c) have been infringed.” Issue 4 (Additional Issue) – Whether Facebook Infringed the Article 5(1)(a) GDPR Principle21 KB (3,005 words) - 14:16, 1 February 2023
- hereinafter “the complainant” - Y1, hereinafter “defendant 1” - Mr Y2, hereinafter “Respondent 2” 1. Facts and procedure 1. On December 11, 2019, the complainant72 KB (11,208 words) - 16:51, 12 December 2023
- VDAI (Lithuania) - UAB vs FITNESS (category Article 5(1)(c) GDPR)violation of Article 5(1)(c) GDPR; It violated Article 13(1) and (1) GDPR, and Article 5(1) GDPR by failing to adequately inform data subject's about the processing53 KB (2,523 words) - 09:19, 17 November 2023
- LG Bonn - 29 OWi 1/20 (category Article 32(1) GDPR)proceedings, so that the defence's motion to discontinue the proceedings did not have to be granted. 1. (1) The BfDI's penalty notice sets out the data58 KB (9,577 words) - 08:06, 16 September 2021
- Rb. Gelderland - C/05/391171 / HA RK 21-135 (category Article 5(1)(c) GDPR)credit registry office's (BKR) processing of a data subject’s personal data was lawful, the data subject’s interests overrode the office’s legitimate interest56 KB (9,287 words) - 16:00, 26 January 2022
- GHSHE (Netherlands) - 200.270.589 01 and 200.270.589 02 (redirect from Hof 's-Hertogenbosch - 200.270.589 01 and 200.270.589 02) (category Article 6(1)(c) GDPR)for a preliminary ruling. In ground 1, [the appellant] states that his request is based on Articles 1, 6 paragraph 1 (f) and 21 of the AVG and therefore91 KB (15,371 words) - 15:11, 5 October 2021
- AZOP (Croatia) - Decision 21-01-2022 (category Article 5(1)(a) GDPR)the data subject’s interests, rights and freedoms, pursuant to Article 6(1)(f) GDPR. In this regard, the DPA found that the data subject’s phone number was18 KB (2,722 words) - 15:26, 30 October 2023
- Garante per la protezione dei dati personali (Italy) - 9861249 (category Article 5(1)(a) GDPR)company´s employee. The controller (Giessegi Industria Mobili S.p.A.) was in a contractual relationship with a processor (Verizon Connect Italy S.p.A.) providing87 KB (14,104 words) - 15:45, 6 December 2023
- challenge 1/23/2020 The contested administrative act or operation Procedure of the Data Protection Inspectorate 22.01.2020 Decision No 2.1-1 / 19/462716 KB (2,456 words) - 10:29, 13 December 2023
- AEPD (Spain) - PS/00232/2020 (category Article 6(1) GDPR)Energy) infringed Article 6(1) of the GDPR as it processed the complainant's data without a legal basis. The data subject's personal data were incorporated29 KB (4,386 words) - 14:20, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9861827 (category Article 5(1)(a) GDPR)Reweb s.r.l. [...] as well as for the protection of the rights of Reweb s.r.l. in court" (note 12/3/2020 cited. p. 1); - “the dispute between Reweb s.r.l87 KB (14,525 words) - 15:45, 6 December 2023
- Commissioner (Cyprus) - 11.17.001.009.232 (category Article 24(1) GDPR)this case. Description of the case 3.1. The complaint involved the Controller’s failure to comply with the complainant’s erasure request (article 17 of the17 KB (2,515 words) - 11:17, 6 February 2024
- From a legal point of view, it follows that D.1 The legal situation: D.1.1. infringement of Article 1(1) of the DSG 2000: A decision on this part of the28 KB (3,418 words) - 13:49, 12 May 2023
- Article 6(1) GDPR, in addition to violating the principle of data minimisation in Article 5(1)(c) GDPR. Concerning the second issue of the controller’s handling20 KB (3,069 words) - 18:48, 24 January 2023
- BlnBDI (Berlin) - 711.412.1 (category Article 25(1) GDPR)Wohnen SE € 14.5 million for violation of Article 5(1)(e) and Article 25(1) GDPR as the company's archive system was structurally unable to delete unnecessary8 KB (965 words) - 16:38, 12 December 2023
- AKI (Estonia) - 2.1.-3/19/4304 (category Article 15(1) GDPR)Information Case No. 2.1.-3/19/4304 RESOLUTION: Pursuant to Section 85(2) of the Administrative Procedure Act (HMS) I decide: 1) uphold the request for13 KB (2,032 words) - 10:30, 13 December 2023
- NAIH (Hungary) - NAIH/2020/32/4 (category Article 5(1) GDPR)minimisation. 1.1. The Authority finds ex officio that the applicant has infringed the applicant’s right to exercise the data subject’s rights and the75 KB (12,586 words) - 10:10, 17 November 2023
- Court of Appeal of Brussels - 2020/AR/813 (category Article 5(1)(c) GDPR)applicable legal basis in art. 6.1AVG." With regard to the requirement of transparent information (art. 5.1.a), art. 12.1 and art. 13.1 and 13.2 GDPR}, the Disputes85 KB (12,340 words) - 15:30, 19 August 2022
- Tietosuojavaltuutetun toimisto (Finland) - TSV/224/2023 (category Article 5(1)(e) GDPR)request for the registered person's right of inspection and confirming the registered person's identity to comply with Article 5(1)(c) and Article 12(2) and (6)31 KB (4,693 words) - 11:50, 6 March 2024
- secret search of the complainant's office on XXXX.2020. When processing the BF's personal data, the respondent violated the BF's fundamental right to secrecy75 KB (12,118 words) - 15:46, 14 February 2024
- AEPD (Spain) - PS/00079/2020 (category Article 6(1) GDPR)Article 6(1) GDPR? The Spanish DPA held that the documentation in the file provides evidence that G.L.P. Instalaciones 86, S.L violated Article 6(1) GDPR,20 KB (3,301 words) - 13:57, 13 December 2023
- Korkein hallinto-oikeus (Finland) - KHO:2024:34 (category Article 17(1) GDPR)Regulation) Article 1, paragraph 2, Article 5, Article 6, paragraph 1, subparagraph f, Article 17(1)(a), (c) and (d), Article 17(3)(a), Article 21(1) Judgments60 KB (9,713 words) - 13:07, 26 March 2024
- Garante per la protezione dei dati personali (Italy) - 9446730 (category Article 5(1)(e) GDPR)Garante Regulation No 1/2000; REPORTER Dr. Antonello Soro; PRESENTED 1. The complaint against the company and the investigation activity. 1.1 By complaint of34 KB (5,420 words) - 15:51, 6 December 2023
- IMY (Sweden) - DI-2021-5595 (category Article 5(1)(f) GDPR)fine of approximately €150,000 (1,600,000 SEK) on the University Hospital Board for the violation of Articles 5(1)(f) and 32(1) GDPR. The data breach notification47 KB (5,207 words) - 18:51, 21 March 2022
- Personvernnemnda (Norway) - PVN-2022-22 (category Article 6(1) GDPR)allowed such sharing in the device's operating system. These the users had further agreed to Grindr's terms of use, Grindr's privacy policy, and decided not91 KB (14,440 words) - 10:06, 17 November 2023
- AEPD (Spain) - PS/00090/2020 (category Article 57(1) GDPR)Spanish DPA found a company in breach of Article 58(1) GDPR for failing to comply with a DPA's request for access to information in the course of an investigation16 KB (2,462 words) - 13:58, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 128/182/19 (category Article 9(1) GDPR)stressed that one's personal identification number is often known to several other people. Thus, the DPA considered that the controller's appointment booking17 KB (2,339 words) - 13:39, 12 January 2024
- DVI (Latvia) - SIA "TET" (category Article 5(1)(a) GDPR)service provider €1,200,000 for disclosing unverified personal data of customers to debt recovery services against Articles 5(1) and 6(1) GDPR. Tet (the114 KB (17,942 words) - 15:46, 2 November 2022
- Datatilsynet (Denmark) - 2021-442-12425 (category Article 32(1) GDPR)Agency's processing of personal data has not taken place in accordance with the rules in the Data Protection Regulation [1], Article 32 (1). 1. Below is15 KB (2,304 words) - 15:24, 24 March 2022