Search results
From GDPRhub
- TS - 1039/2022 (category Article 18(1) GDPR)provided for in Article 18 GDPR. As explained by the Court, Article 18(1) GDPR, in particular in paragraph (d), is linked to Article 21(1) GDPR, which guarantees44 KB (6,561 words) - 14:24, 24 November 2022
- APD/GBA (Belgium) - 141/2021 (category Article 38(6) GDPR)therefore orders a discontinuation of proceedings pursuant to Article 100, §1, 2° WOG. Article 5.2 and 31 AVG 37. The report of the Inspectorate shows several90 KB (14,937 words) - 12:35, 3 August 2022
- Garante per la protezione dei dati personali (Italy) - 9445796 (category Article 5(1)(b) GDPR)protection of legally relevant interests in accordance with Article 5-bis" (Article 5, paragraph 2, Legislative Decree no. 33/2013). In relation to the profiles16 KB (2,430 words) - 15:51, 6 December 2023
- HDPA (Greece) - 53/2022 (category Article 6(1)(b) GDPR)violation of article 13 of Regulation (EU) 2016/679, in accordance with article 58 par. 2 i' of the GDPR in combination with article 83 par. 5 of the GDPR. The50 KB (8,004 words) - 04:49, 14 December 2022
- APD/GBA (Belgium) - 11/2019 (category Article 5(1)(b) GDPR)1(e) and 5.2 of the DGPS and Article 6 of the DGPS; 2.the defendant has not complied with the obligations imposed by sections 12.1. and 12.2. of the DGPS24 KB (3,844 words) - 16:51, 12 December 2023
- Court of Appeal of Brussels - 2020/AR/1160 (Second Interim Decision) (category Article 94(2) GDPR)the GDPR. Would judge otherwiseindeed contradict :o the wording of Article L2.2 in conjunction with Article 2.f) of the ePrivacy Directive,o Article 8 of67 KB (10,544 words) - 09:24, 10 September 2021
- NAIH (Hungary) - NAIH/2020/5553 (category Article 12(3) GDPR)request under Article 15 and with the one month deadline under Article 12(3). Was Google Ireland Ltd in breach of its obligations under GDPR Article 15(1) and27 KB (4,279 words) - 10:12, 17 November 2023
- AEPD (Spain) - PS/00332/2020 (category Article 7 GDPR)The Spanish DPA (AEPD) fined Borjamotor, S.A. for infringing Article 7 GDPR and Article Article 21(1) of the Spanish Law on Information Society Services (LSSI)45 KB (6,853 words) - 14:29, 13 December 2023
- hereinafter, “The person claimed”), by virtue of the complaint presented by D. *** B.B.B., (In addition lante, “the claimant”), and based on the following: BACKGROUND14 KB (2,070 words) - 13:43, 13 December 2023
- the terms required by article 22.2. ”, which may be sanctioned nothing with a fine of up to € 30,000, in accordance with article 39 of the aforementioned34 KB (5,222 words) - 12:58, 13 December 2023
- AEPD (Spain) - PS/00320/2020 (category Article 58(2)(i) GDPR)described violates article 6.1. of the RGPD and is subsumable in the sanctioning type of the article 83.5.a, of the RGPD. IV Article 72.1.b) of the LOPDGDD18 KB (2,736 words) - 14:28, 13 December 2023
- AEPD (Spain) - TD/00185/2019 (category Article 17 GDPR)processed; b) the data subject withdraws the consent on the basis of which the processing was carried out in accordance with Article 6(1)(a) or Article 9(2)(a)17 KB (2,620 words) - 14:51, 13 December 2023
- Datatilsynet (Norway)- 20/02254 (category Article 57(1)(a) GDPR)Communications Act § 2-7 b, which implement Article 5 (3) of the Communication Protection Directive, are lex specialis for the Privacy Regulation. Article 95 of the24 KB (3,498 words) - 16:14, 6 December 2023
- AEPD (Spain) - PS/00245/2019 (category Article 83(5)(b) GDPR)Articles 5(1)(a) GDPR and 13 GDPR. On the other hand, they disagreed with the infringement of Article 5(1)(a) GDPR in relation to Article 9(1) GDPR with regard116 KB (18,941 words) - 14:21, 13 December 2023
- AEPD (Spain) - EXP202315744 (category Article 17 GDPR)otherwise treated; b) the interested party withdraws the consent on which the treatment is based in accordance with Article 6(1)(a) or Article 9(2)(a) and this20 KB (3,052 words) - 08:17, 16 April 2024
- HDPA (Greece) - 11/2024 (category Article 17 GDPR)the GDPR does not apply established by the GDPR and, therefore, in accordance with the provisions of articles 55 para. 1, 2 para. 1 and 3 para. 2 GDPR36 KB (5,761 words) - 17:19, 22 April 2024
- Garante per la protezione dei dati personali (Italy) - 9445550 (category Article 83(2) GDPR)amount of the fine under Article 83(2) GDPR. The data subjects complains about the violation of its right of access (Article 15 GDPR) by the Istituto Nazionale22 KB (3,478 words) - 15:51, 6 December 2023
- NAIH (Hungary) - NAIH-2020/2204/8 (category Article 24(2) GDPR)statement of the Debtor [Article 83 (2) (k) GDPR]; - the processing did not affect specific categories of personal data [Article 83 (2) GDPR paragraph (g)]; -60 KB (9,820 words) - 10:08, 17 November 2023
- GHAL - 200.256.426 (category Article 4(2) GDPR)on legitimate interests according to Article 6(1)(f) GDPR and that Ziggo had to comply with Article 6(4)(d) GDPR. The Court found that DFW had a legitimate40 KB (6,777 words) - 16:28, 15 March 2022
- GHDHA - C/09/574422 / HA RK 19-368 (category Article 1 GDPR)obligation (Article 4:32 § 1 Wft). Therefore, Article 6(1)(c) GDPR was relevant. However, the Court highlighted that the phrase "at least on" in Article 6(1)43 KB (7,297 words) - 12:26, 4 October 2021
- CNIL (France) - SAN-2023-018 (category Article 31 GDPR)and to cooperate with the DPA, therefore violating Article 31 GDPR and Article 37(1)(a) GDPR. On 2 June 2021, the French DPA (“CNIL”) informed a French22 KB (3,384 words) - 13:25, 24 January 2024
- APD/GBA (Belgium) - 33/2020 (category Article 5 GDPR)by the defendant under Article 6(1) GDPR? Did the controller infringe the data minimisation principle under Article 5(1)(c) GDPR? Did the controller commit39 KB (6,551 words) - 16:56, 12 December 2023
- HDPA (Greece) - 2/2023 (category Article 58(2)(b) GDPR)protected by article 5 par. 1 item a) GDPR, in conjunction with Article 13 GDPR and b) directs a reprimand, according to article 58 par. 2 b) GDPR, to the complained31 KB (5,021 words) - 16:15, 18 July 2023
- AEPD (Spain) - PS/00120/2020 (category Article 13 GDPR)highest amount:b) the rights of the interested parties in accordance with articles 12 to 22;Without prejudice to the provisions of article 83 of the RGPD31 KB (4,808 words) - 14:01, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 8393/161/2019 (category Article 5(2) GDPR)with Article 5 (1) (a) and Article 6 (1) (f) GDPR. Thus, the controller failed to comply with the accountability principle under Article 5 (2) GDPR. Second111 KB (17,604 words) - 13:08, 3 March 2024
- BVerfG - 1 BvR 276/17 (category Article 17 GDPR)violation of the general right of personality under Article 1.1, Article 2.1 of the Basic Law (Article 7, Article 8 of the Basic Law) was to be taken into account127 KB (21,367 words) - 16:00, 22 March 2022
- AN - SAN 3073/2022 (category Article 5(1)(c) GDPR)union enshrined in Article 7 of the Spanish Constitution. Therefore, such processing would be lawful in accordance with Article 6(1) GDPR. Share your comments34 KB (5,374 words) - 14:21, 24 November 2022
- UODO (Poland) - ZSPR.421.7.2019 (category Article 12(2) GDPR)connection with Article 5 paragraph 1 point a, Article 5 paragraph 2, Article 6 paragraph 1, Article 7 paragraph 3, Article 12 paragraph 2, Article 17 paragraph60 KB (9,815 words) - 10:02, 17 November 2023
- Supreme Court - C.20.0323.N (category Article 4(11) GDPR)appeal judges Articles 2.1, 4 2), 5.1 c) and 57.1 a), f) and h) GDPR, to the extent necessary read in conjunction with Article 288(2) TFEU and Articles 443 KB (6,749 words) - 07:07, 28 October 2021
- AEPD (Spain) - 0098/2022 (category Article 9(2)(g) GDPR)under Article 36 GDPR) regarding the compliance of the envisaged processing with the GDPR. According to the Commission, the legal basis was Article 6(1)(e)56 KB (8,102 words) - 13:57, 1 February 2023
- AEPD (Spain) - EXP202205791 (category Article 17 GDPR)with the provisions of section 2 of article 56 in relation to section 1 f) of article 57, both of the RGPD; and in article 47 of the LOPDGDD. C/ Jorge Juan29 KB (4,648 words) - 12:38, 13 December 2023
- BVwG - W211 2230221-1 (category Article 15(1)(c) GDPR)revision is admissible according to Article 133 (4) B-VG. The statement must be briefly justified. According to Art. 133 para. 4 B-VG, the appeal is not permissible19 KB (2,825 words) - 09:42, 26 November 2021
- AEPD (Spain) - PS/00408/2019 (category Article 58(2) GDPR)thatestablishes article 83.2 of the RGPD, and with the provisions of article 76 of theLOPDGDD, regarding section k) of the aforementioned article 83.2 RGPD.In12 KB (1,812 words) - 14:35, 13 December 2023
- (cf. Article 36 (2) no. 7 lit. a DPA) for the purposes of military self-protection (cf. Article 36 (1) DPA in conjunction with Article 2 (1) no. 2 MBG)28 KB (3,418 words) - 13:49, 12 May 2023
- GHAL - 200.256.387 (category Article 6(2) GDPR)virtue of Article 17(3)(b) GDPR. Indeed, it further is justified that the task carried out in the public interest under Article 6(1)(e) GDPR does not constitute27 KB (4,289 words) - 07:57, 7 March 2022
- Datatilsynet (Norway) - 20/01627 (category Article 4(1) GDPR)treatment of personal data, cf. the Personal Data Act § 2 and the Privacy Ordinance article 2 no. 1. 4.2. Assessment of legal basis The next question is whether45 KB (6,973 words) - 05:12, 15 September 2022
- AEPD (Spain) - EXP202204492 (category Article 6(1) GDPR)2 of the GDPR, and with the provisions of article 76 of the LOPDGDD, with respect to section k) of the aforementioned article 83.2 GDPR. Article 83.2 of26 KB (3,867 words) - 10:44, 13 December 2023
- AEPD (Spain) - PS/00356/2020 (category Article 6(1) GDPR)for the alleged violation of article 6 of the RGPD typified in article 83.5.a) of the aforementioned RGPD. 2. APPOINT D. B.B.B. as instructor. and as secretary26 KB (3,848 words) - 14:31, 13 December 2023
- AP (The Netherlands) - 10.12.2020 (locatefamily.com) (category Article 27(1) GDPR)data within the meaning of Article 4, opening words and (1) of the AVG. Based on Article 2, paragraph 1 and Article 3, paragraph 2, of the AVG, the AVG applies38 KB (6,339 words) - 17:14, 12 December 2023
- AEPD (Spain) - E/00739/2021 (category Article 12(5) GDPR)exercising their rights in bad faith. The AEPD brought forward Article 12(5) GDPR, as well as Article 7 of the Spanish Civil Code, that states that rights must29 KB (4,607 words) - 13:38, 13 December 2023
- AEPD (Spain) - PS/00247/2020 (category Article 7 GDPR)Articles 13 GDPR and 7 GDPR respectively? To determine the amount of the penalty, the AEPD took into account three criteria in Article 83(2) GDPR: unintentional24 KB (3,893 words) - 14:22, 13 December 2023
- AEPD (Spain) - E/00113/2019 (category Article 17(1)(b) GDPR)***EMAIL.1,and (ii) the coordinator of ***LOCA-LIDAD.1 D.ª B.B.B., from the address ***EMAIL.2 (i) - Dated 04/06/2018, in which he addresses the complainant27 KB (4,497 words) - 13:38, 13 December 2023
- AEPD (Spain) - EXP202204515 (category Article 6(1)(a) GDPR)email without the required consent. SECOND: APPOINT: as Instructor Mrs. B.B.B. and Secretary, where appropriate, Mr. C.C.C., indicating that any of them20 KB (3,159 words) - 13:20, 13 December 2023
- AEPD (Spain) - PS/00450/2019 (category Article 5(1)(f) GDPR)identified significant (Article 83(2)(b)) Basic personal identifiers are affected (name, surname), in accordance with Article 83(2)(g) Therefore, in accordance17 KB (2,620 words) - 14:43, 13 December 2023
- CE - N° 430810 (category Article 6(1)(a) GDPR)---------- Article 1: The intervention of the PDU - What to choose is allowed. Article 2: The request of the company Google LLC is rejected. Article 3: This42 KB (6,800 words) - 09:50, 10 September 2021
- DVI (Latvia) - SIA "TET" (category Article 5(1)(b) GDPR)violation of Article 5(1)(a), (b), (d) and (e) GDPR. Furthermore, there was no legal basis for these processing operations under Article 6(1) GDPR. The DPA114 KB (17,942 words) - 15:46, 2 November 2022
- AEPD (Spain) - EXP202210237 (category Article 6(1)(b) GDPR)fact that the processing of the controller relied on Article (6)(1)(b) GDPR and Article 6(1)(c) GDPR as legal basis affects the holding of the DPA since32 KB (4,780 words) - 10:44, 13 December 2023
- AEPD (Spain) - PS/00235/2019 (category Article 6(1)(a) GDPR)thousand euros), under¬ Article 6.1 (a) and Article 5.1 (a) of the GDPR, under consideration as ‘very serious’, in¬ Article 71 (1) (a) and (b), respectively, of24 KB (4,074 words) - 14:21, 13 December 2023
- AEPD (Spain) - EXP202203956 (category Article 6(1) GDPR)” Regarding section k) of article 83.2 of the GDPR, the LOPDGDD, article 76, "Sanctions and corrective measures", provides: "2. In accordance with the provisions52 KB (8,323 words) - 13:17, 13 December 2023
- AEPD (Spain) - PS/00034/2020 (category Article 5(1)(f) GDPR)unintentional but significant negligent action (Article 83.2 b) Basic personal identifiers are affected, according to the 83.2g) Therefore, in accordance with the18 KB (2,727 words) - 13:50, 13 December 2023
- AZOP (Croatia) - Decision 05-10-2023 (category Article 5 GDPR)in the storage systems, which is contrary to Article 32 paragraph 1 point b) and paragraph 2 of the GDPR; 2. The controller processed the personal data13 KB (1,934 words) - 20:55, 1 November 2023
- Datatilsynet (Denmark) - 2019-441-1578 (category Article 34 GDPR)which also refers to Article 34 (1) of the Data Protection Regulation. 3 (b). The Data Inspectorate should note that Article 34 (2) does. 3, points to the21 KB (2,901 words) - 16:37, 6 December 2023
- Commissioner (Cyprus) - 11.17.001.010.201 (category Article 5(1)(a) GDPR)to whom the personal data was disclosed pursuant to article 17 paragraph 2 and article 19, [...]". 2.2 According to the Guidelines 5/2020 of the ESPD regarding23 KB (3,737 words) - 10:30, 7 June 2023
- AEPD (Spain) - PS/00102/2021 (category Article 6(1) GDPR)Madrid sedeagpd.gob.es 3/8 (…) " III Sections b), d) and i) of article 58.2 of the RGPD provide the following: “2 Each supervisory authority shall have all21 KB (3,099 words) - 13:59, 13 December 2023
- Personvernnemnda (Norway) - 2023-14 (21/01067) (category Article 57(1)(f) GDPR)subject's right to lodge a complaint as per Article 77 GDPR, in conjunction with Recital 141, and Article 57(1)(f) GDPR. The Board referenced an earlier decision16 KB (2,363 words) - 19:27, 13 November 2023
- LG Essen - 6 O 190/21 (category Article 33 GDPR)violated Article 34(2) GDPR, because he only informed the data subject of the alleged data loss. However, the information obligations of Article 34 GDPR provide28 KB (4,596 words) - 18:30, 18 November 2021
- AP (The Netherlands) - 24.02.2022 (category Article 13(1)(e) GDPR)data 9 2.1.1 Factual findings 9 2.1.2Legal assessment 9 2.2 Controller and processor(s) 10 2.2.1 Factual findings 10 2.2.2Legal assessment 12 2.3Security179 KB (22,957 words) - 17:07, 12 December 2023
- AEPD (Spain) - PS/00143/2020 (category Article 5(1)(f) GDPR)violation of Article 5.1.f) of the RGPD, typified in Article 83.5 of the RGPD. C / Jorge Juan, 6 www.aepd.es 28001 - Madrid sedeagpd.gob.es Page 2 2/6 FOURTH:17 KB (2,578 words) - 14:05, 13 December 2023
- AEPD (Spain) - PS/00221/2020 (category Article 14 GDPR)defendant has violated article 14 of the RGPD, the infringement of which is penalized with a warning, in accordance with article 58.2.b) of the RGPD, when29 KB (4,537 words) - 14:19, 13 December 2023
- AEPD (Spain) - EXP202100282 (category Article 6(1) GDPR)of personal data of clients or third parties (article 83.2.k, of the RGPD in relation to article 76.2.b, of the LOPDGDD) It is appropriate to graduate27 KB (4,108 words) - 13:32, 13 December 2023
- VG Regensburg - RN 9 K 19.1061 (category Article 2 GDPR)of personal data mentioned in Article 2 (2) GDPR are not relevant. Contrary to the plaintiff's view, Article 2(2)(d) GDPR does not apply in the present94 KB (15,537 words) - 09:09, 25 August 2020
- AEPD (Spain) - PS/00209/2019 (category Article 83(2) GDPR)relevant circumstances set out in Article 83.2 of the GDPR:(a) processing of the complainant’s data has been carried out locally;(b) There is no intention on the26 KB (4,212 words) - 14:10, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9451734 (category Article 6(2) GDPR)paragraph 2 and paragraph 3, letter b) of the Regulation; 9, paragraphs 1, 2, 4, of the Regulation, Articles 2-ter, paragraphs 1 and 3 and 2-septies, paragraph24 KB (3,697 words) - 15:52, 6 December 2023
- AEPD (Spain) - PS/00366/2019 (category Article 5(1)(d) GDPR)complainant's written document dated 10/22/2019 stating that based on article 77.2 and 78.3 of the RGPD that state “2. The authority of control to which the29 KB (4,583 words) - 14:32, 13 December 2023
- AEPD (Spain) - PS/00173/2020 (category Article 5(1)(d) GDPR)6www.aepd.es28001 - Madridsedeagpd.gob.es Page 2 2/8THIRD: On 06/08/2020, in accordance with article 65 of the LOPDGDD, theDirector of the Spanish Data22 KB (3,424 words) - 14:06, 13 December 2023
- APD/GBA (Belgium) - 72/2020 (category Article 5(1)(b) GDPR)lawfulness (section 2.2 below) and purpose (section 2.3 below). Finally, it will address the issue of the sanction (section 2.4 below) 2.1 Applicable Law34 KB (5,677 words) - 17:00, 12 December 2023
- basis under Article 6 GDPR to collect and process vehicle registration numbers. The legal basis is a statutory obligation prescribed by Article 229 of the16 KB (2,404 words) - 15:46, 30 October 2023
- Gerechtshof Amsterdam - C/13/640898/HARK17-386 (category Article 6(1)(c) GDPR)decision has been further determined today. 2 Facts 2.1 In the contested decision under 2.1 up to and including 2.17, the court established the facts that26 KB (4,225 words) - 16:00, 15 March 2022
- CNIL (France) - SAN-2022-022 (category Article 12(3) GDPR)resulting from Article L. 34-5 of the CPCE and Article 7-1 of the GDPR. B. On the breaches relating to the exercise of rights 27. According to Article 12 of the59 KB (9,623 words) - 17:03, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9542071 (category Article 5(1)(a) GDPR)therefore lawful [also in the light of] Article 6(f) of the Regulation" (p. 21) - as regards the infringement of Article 9(2)(b) of the Regulation "it is clear25 KB (3,961 words) - 15:54, 6 December 2023
- HDPA (Greece) - 24/2022 (category Article 2 GDPR)principles of legality, transparency and security under Article 5(1)(a) and (f) GDPR, and Article 32(1)(2) GDPR, as well as failure to satisfy the right of access8 KB (1,087 words) - 16:32, 15 November 2022
- GHAL - 200.278.124/01 (category Article 5(1)(c) GDPR)in Article 17 GDPR (cf. Article 17 (3) b GDPR). In that case, the data subject does not have the right to object as referred to in Article 21 GDPR, because35 KB (5,805 words) - 10:04, 14 December 2023
- Datatilsynet (Norway) - 20/04401 (category Article 6(1) GDPR)in points 7.1 and 8.3 of the decision. 2. Decision on order and infringement fine 1. Pursuant to Article 58 (2) (2) of the Privacy Regulation, EAS / Elektro40 KB (5,988 words) - 19:04, 5 March 2022
- ICO (UK) - Chief Constable West Midlands Police (category Article 34(3) GDPR)with Schedule 13(2)(c) of the Data Protection Act 2018 (DPA 2018) in respect of certain infringements of the DPA 2018. The reprimand 1.2 The Commissioner18 KB (2,476 words) - 09:10, 14 May 2024
- AEPD (Spain) - PS/00280/2022 (category Article 5(1)(f) GDPR)following criteria established by article 83.2 of the RGPD, considering as aggravating circumstance according to article 76.2 b) LOPDGDD, the relationship of30 KB (4,551 words) - 11:51, 9 February 2023
- AEPD (Spain) - PS/00341/2020 (category Article 5 GDPR)principles are found under Article 5(1)(a) and Article 5(2) GDPR respectively]. The Spanish DPA even made reference to Recital 40 GDPR on the legality of processing32 KB (4,831 words) - 14:31, 13 December 2023
- AEPD (Spain) - EXP202104873 (category Article 5(1)(f) GDPR)for the alleged violation of Article 5.1.f) of the GDPR and Article 32 of the GDPR, typified in Article 83.5 of the GDPR. FIFTH: Notified of the aforementioned24 KB (3,512 words) - 10:43, 13 December 2023
- APD/GBA (Belgium) - 17/2020 (category Article 12(3) GDPR)a bank was subject to the GDPR in its capacity as a controller and should have answered access requests under Article 15 GDPR. The complainants are clients52 KB (8,603 words) - 16:55, 12 December 2023
- Datatilsynet (Norway) - 20/02191 (category Article 32(1)(b) GDPR)processing special categories of data, cf. Article 32(1)(b) GDPR, Article 32(1)(d), Article 24 and Article 35, cf. Article 5. In May 2019, a municipality reported38 KB (5,967 words) - 11:48, 7 May 2022
- Persónuvernd (Iceland) - 2020061951 (category Article 5(1) GDPR)defined in the first paragraph. Article 4 of the Act, cf. Points 2 and 4 Article 3 of the Act and points 1 and 2. Article 4 of the Regulation. According44 KB (7,044 words) - 08:42, 13 December 2021
- AEPD (Spain) - PS/00028/2022 (category Article 5(1)(f) GDPR)" Regarding section k) of article 83.2 of the GDPR, the LOPDGDD, article 76, "Sanctions and corrective measures", provides: "2. In accordance with the provisions58 KB (9,301 words) - 12:39, 13 December 2023
- AEPD (Spain) - EXP202103878 (category Article 6(1) GDPR)Articles 57(1) and 58(2) GDPR for the processing of personal data without the consent of the data subject, as foreseen in Article 6 GDPR. Firstly, the DPA20 KB (3,035 words) - 10:33, 13 December 2023
- CNPD (Portugal) - Deliberação 984/2018 (category Article 32(1)(b) GDPR)the combined provisions of article 32, paragraph 1, subparagraphs b) and d) and article 83, paragraph 4, al.a), of the GDPR, with a fine of € 0.00 to €40 KB (5,935 words) - 16:55, 6 December 2023
- AZOP (Croatia) - Decision 21-01-2022 (category Article 5(1)(a) GDPR)controller thus also violated Article 14 GDPR. However, the DPA did not use any of their corrective powers as listed in Article 58(2) GDPR. Share your comments18 KB (2,722 words) - 15:26, 30 October 2023
- AEPD (Spain) - PS/00009/2020 (category Article 6(1) GDPR)or negligence in the infringement (article 83.2 b).Basic personal identifiers (name, surname,address) (article 83.2 g).C / Jorge Juan, 6www.aepd.es2800127 KB (4,150 words) - 13:45, 13 December 2023
- IP - 0712-1/2020/1408 (category Article 15 GDPR)person, using Article 15 as their basis. The Slovenian DPA (IP) was asked for an opinion concerning the scope of GDPR Article 15. Within the GDPR, an individual10 KB (1,575 words) - 13:37, 10 August 2021
- AEPD (Spain) - PS/00291/2019 (category Article 6(1)(a) GDPR)statute of limitations, in Article 72.1.b) of the LOPDGDD. V Article 58.2 of the GPRS, under the heading "Powers", states that: "2 Each supervisory authority33 KB (5,396 words) - 14:26, 13 December 2023
- DSB (Austria) - 2020-0.816.655 (category Article 3 GDPR)pursuant to Article 14 - and not the right to information pursuant to Article 15 of the GDPR as alleged by the respondent - was alleged. However, Article 14 (1)28 KB (4,230 words) - 13:53, 12 May 2023
- Garante per la protezione dei dati personali (Italy) - 9856694 (category Article 5(1)(a) GDPR)(referred to in Article 9 of the GDPR) or of "personal data relating to criminal convictions and offenses" (referred to in Article 10 of the GDPR)" ( note cit49 KB (7,758 words) - 15:44, 6 December 2023
- Court of Appeal of Brussels - 2021/AR/163 (category Article 83 GDPR)have entered into a breacha / 'article 14.1-2 combined' article 12.3, article 6, article 5.1, c) and articles 5.2 and 24.1-2 of the RGPO. It is therefore72 KB (11,389 words) - 08:59, 20 August 2021
- Commissioner (Cyprus) - 17.05.23 (category Article 5(1)(c) GDPR)of the measures referred to points (a) to (h) of Article 58(2) and Article 58(2)(a) to (h) paragraph 2(j). When deciding on the imposition of administrative31 KB (4,973 words) - 16:50, 6 December 2023
- AEPD (Spain) - PS/00389/2019 (category Article 58(2) GDPR)The RGPD, without prejudice to the provisions of Article 83 thereof, provides in its Article 58(2)(b) the possibility of using the warning to correct treatment31 KB (4,819 words) - 14:34, 13 December 2023
- AEPD (Spain) - PS/00102/2020 (category Article 5(1)(f) GDPR)faced with unintentional negligent action, butsignificant identified (article 83.2 b)C / Jorge Juan, 6www.aepd.es28001 - Madridsedeagpd.gob.es Page 7 11/7Basic21 KB (3,082 words) - 13:59, 13 December 2023
- Datatilsynet (Norway) - 18/02579 (category Article 5(2) GDPR)subsequent violations of Article 32(1)(b) GDPR and Article 32(1)(d) GDPR and of the principle of accountability as foreseen in Article 5(2) GDPR read in conjunction41 KB (6,337 words) - 18:52, 5 March 2022
- AEPD (Spain) - PS/00365/2019 (category Article 31 GDPR)infringement of Article 31 GDPR in conjunction with Article 58(1)(e) GDPR. The AEPD, therefore, agreed to impose a penalty of € 20000 under Article 83(5)(e) GDPR86 KB (14,295 words) - 14:32, 13 December 2023
- AEPD (Spain) - EXP202202898 (category Article 6(1) GDPR)” Regarding section k) of article 83.2 of the GDPR, the LOPDGDD, article 76, "Sanctions and corrective measures", provides: "2. In accordance with the provisions34 KB (5,358 words) - 13:16, 13 December 2023
- AEPD (Spain) - TD/00005/2020 (category Article 17 GDPR)treated; (b) the data subject withdraws the consent on the basis of which the processing of in accordance with Article 6(1)(a) or Article 9(2)(a) (a), and23 KB (3,780 words) - 14:49, 13 December 2023
- AZOP (Croatia) - Decision 30-12-2021 (category Article 5(1)(a) GDPR)had a legal basis under Article 6(1) GDPR to publish the data subject’s personal data, and did not violate Article 5(1)(a) GDPR. In the decision, the Croatian16 KB (2,411 words) - 15:44, 30 October 2023
- AEPD (Spain) - TD/00277/2020 (category Article 17 GDPR)index of search the following urls: 1. *** URL.1 2. *** URL.2 3. *** URL.3 SECOND: In accordance with article 65.4 of the LOPDGDD, which has provided for a40 KB (6,518 words) - 13:29, 13 December 2023
- RvS - 201905319/1/A3 (category Article 12(6) GDPR)message insufficiently guaranteed. In the decision of 2 January 2018, it decided to set aside the request. 2.2. The [other party] has objected to that decision21 KB (3,337 words) - 10:08, 16 December 2020
- Rb. Amsterdam - C/13/696660/HA RK - 21-37 (category Article 79(2) GDPR)been stated nor has it been proven. 3.11. The GDPR also has a jurisdiction regulation. Article 79(2) of the GDPR provides that proceedings against a controller18 KB (2,617 words) - 08:23, 2 September 2021
- CNIL (France) - SAN-2021-003 (category Article 4(2) GDPR)personal data laid down by Article 4(1) and (2) GDPR. The DPA then quotes ECJ, 11 December 2014, Ryneš, case C-212/13 (point 22), EDPB Guidelines 3/201939 KB (6,015 words) - 17:11, 6 December 2023
- VGH München – 5 CS 19.2087 (category Article 4(1) GDPR)No. 1, No. 2, Art. 6 para. 1 sentence 1 lit. c, para. 3 sentence 1, Art. 86 GKG § 47 (1), § 52 (2), § 53 (2) no. 2, § 63 (3) sentence 1 no. 2, § 66 (3)40 KB (6,397 words) - 08:03, 21 March 2022
- HDPA (Greece) - 38/2022 (category Article 4 GDPR)processing personal data, in line with the definition of Article 4(1) GDPR. In accordance with Article 5(3) GDPR, the controller had an obligation to demonstrate9 KB (974 words) - 15:54, 20 December 2022
- Rb. Limburg - C/03/278775 / HA RK 20-119 (category Article 35 GDPR)Pursuant to Article 21(1) of the GDPR, persons such as [the claimant] can object to the processing of their personal data on the basis of Article 6(1)(e) or16 KB (2,580 words) - 10:43, 23 September 2020
- AEPD (Spain) - EXP202102778 (category Article 6(1)(f) GDPR)contemplated in article 83.2 of the GDPR and the Article 76.2 of the LOPDGDD, with respect to the offense committed by violating the established in article 6.1 of84 KB (13,036 words) - 13:26, 13 December 2023
- AKI (Estonia) - 18.02.2022 (category Article 5(1) GDPR)issues a reprimand under Article 58(2)(b) GDPR. After this, the DPA draws attention to the fact that pursuant of Article 5(1)(a) GDPR, data must be processed42 KB (5,838 words) - 10:27, 13 December 2023
- APD/GBA (Belgium) - 135/2022 (category Article 4(23) GDPR)held that the controller violated Article 12(1) GDPR, Article 12(2) GDPR, Article 15(1) GDPR and Article 15(3) GDPR. The controller had deleted the data39 KB (5,674 words) - 08:57, 29 June 2023
- APD/GBA (Belgium) - 37/2021 (category Article 5(1)(b) GDPR)condition of necessity is maintained under Article 6.1 b) to f) of the GDPR. The article 6.1 of the GDPR replaces Article 7 of the Directive, without the relevant45 KB (6,780 words) - 16:57, 12 December 2023
- Personvernnemnda (Norway) - 2021-09 & PVN-2021-15 (20/01790) (category Article 5(1)(a) GDPR)assessment pursuant to Article 83. On this basis, the tribunal has assessed whether a reprimand pursuant to Article 58 no. 2 letter b, cf. 83 no. 2 would have been40 KB (6,549 words) - 18:49, 5 March 2022
- Hämeenlinnan hallinto-oikeus (Finland) - 2548/2023 (category Article 85(2) GDPR)information in accordance with Article 85(2) GDPR. The Court held that the provisions on the security of processing in Article 32 GDPR are not intended to limit44 KB (6,893 words) - 10:28, 25 March 2024
- AEPD (Spain) - PS/00214/2022 (category Article 9(2) GDPR)legal bases of contract (Article 6(1)(b) GDPR), legal obligation (Article 6(1)(c) GDPR) and legitimate interest (Article 6(1)(f) GDPR) and determined that131 KB (20,916 words) - 12:38, 13 December 2023
- AP (The Netherlands) - 14.01.2022 (category Article 12(2) GDPR)articles 15 to 22 of the GDPR. upright access to personal data (article 15 of the AVG) and the right to erasure of personal data (article 17 of the AVG)50 KB (7,656 words) - 17:05, 12 December 2023
- Garante per la protezione dei dati personali (Italy) - 9361186 (category Article 6(2) GDPR)6, paragraph 1, letter c) and e); paragraph 2 and paragraph 3, letter b) of the RGPD, as well as Article 2-ter, paragraphs 1 and 3, of the Code in the31 KB (5,041 words) - 15:49, 6 December 2023
- CNPD (Luxembourg) - Délibération n° 6FR/2023 (category Article 31 GDPR)4(7) GDPR, and Company A was the processor for the purposes of Article 4(8) GDPR. The DPA found that both Companies A and B had breached Article 31 GDPR and55 KB (9,079 words) - 16:57, 6 December 2023
- AP (The Netherlands) - AWB-21 3909 (category Article 15(1) GDPR)possible. 1 Article 6:2, preamble and under b, in conjunction with Article 7:1, first paragraph, preamble and under f, of the Awb 2 Article 6:12, second19 KB (3,027 words) - 17:13, 12 December 2023
- Datatilsynet (Denmark) - 2020-31-4131 (category Article 2(2)(c) GDPR)the processing of personal data is not covered by the GDPR, according to Article 2(2)(c) of the GDPR. However, the DPA concluded that Orienteringsret.dk24 KB (3,651 words) - 16:38, 6 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 3843/163/20 (category Article 58(2)(f) GDPR)the DPA held that the controller had violated Article 5(1)(a) GDPR, Article 5(1)(c) GDPR, Article 6 GDPR and Section 3 of the Finnish Act on the Protection39 KB (6,038 words) - 17:39, 29 April 2024
- AEPD (Spain) - PS/00025/2019 (category Article 58(2)(d) GDPR)third parties (article 83.2.k, of the RGPD in relationwith article 76.2.b, of the LOPDGDD)SAWIn accordance with articles 58.2 and 83.2 of the RGPD, previously88 KB (14,301 words) - 13:48, 13 December 2023
- AEPD (Spain) - EXP202105693 (category Article 83(2) GDPR)the conduct object of this claim is undeniable (article 76.2.b) of the LOPDGDD in relation to article 83.2.k). - Although it cannot be argued that the defendant49 KB (7,579 words) - 13:15, 13 December 2023
- AEPD (Spain) - PS/00194/2020 (category Article 6 GDPR)assigned to the office signed by B.B.B .. Provided as (Doc. 9) Record of Treatment activities for clients with *** COMPANY. 2. All requests made to A.A.A.33 KB (5,338 words) - 14:09, 13 December 2023
- Datatilsynet (Norway) - 20/02225 (category Article 5(2) GDPR)dissuasive" as per Article 83(1). In addition to a breach of Article 6(1)(f), the lack of organisational measures pursuant to Article 5(2) was weighted when45 KB (7,286 words) - 18:55, 5 March 2022
- AEPD (Spain) - PS/00340/2019 (category Article 58(2) GDPR)as a data subject under Article 21(1) GDPR had been violated by the PAR. Did Mrs AAA have a right to object under Article 21 GDPR? Had the PAR infringed23 KB (3,554 words) - 14:31, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9698724 (category Article 5(1)(a) GDPR)n. 9698724] Injunction order against Roma Capitale - 22 July 2021 Record of measures n. 294 of 22 July 2021 THE GUARANTOR FOR THE PROTECTION OF PERSONAL83 KB (13,648 words) - 11:30, 16 August 2022
- DSB (Austria) - D123.921/0005-DSB/2019 (category Article 1(2) GDPR)Information about data categories (Art. 15 Para. 1 lit. b GDPR) According to Art. 15 Para. 1 lit b GDPR, there is a right to information about the categories42 KB (6,592 words) - 13:58, 12 May 2023
- CNIL (France) - SAN-2020-008 (category Article 13(2)(a) GDPR)violation of Article 12 GDPR ? Are the following practices an infringement on data subjects' information right as described in Article 12 GDPR ? Spreading104 KB (16,646 words) - 17:09, 6 December 2023
- AP (The Netherlands) - 23.09.2021 (category Article 32(2) GDPR)which led to a (sensitive) data breach, in violation of Article 32(1) and Article 32(2) GDPR In Oktober 2019, a malicious third party gained unauthorized66 KB (8,861 words) - 17:08, 12 December 2023
- BAC (Bulgaria) - 2606/2021 (category Article 58(2)(d) GDPR)On 22 August 2019, CPDP issued NRA an order under Article 58(2)(d) supra Article 57(1)(a) and Article 83(2)(a), (c), (d), (f) and (g) of the GDPR for13 KB (1,761 words) - 09:58, 14 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 8235/154/18 (category Article 58(2)(c) GDPR)personal data was based on an agreement under Article 6 (b) and a legitimate interest of the controller under Article 6 (f) to continue processing the data in28 KB (4,501 words) - 13:07, 3 March 2024
- OLG Köln - 15 U 126/19 (category Article 17(1)(d) GDPR)relief only with regard to the motions under 2 a) and 2 b) and partially with regard to the motion under 2 d), so that the rest of the regional court decision121 KB (20,412 words) - 15:58, 10 March 2022
- EFTA Court - Joined Cases E-11/19 and E-12/19 (category Article 58(2)(e) GDPR)data within the meaning of Article 4(2) in the course of proceedings under both Articles 77 and 78 of the GDPR. Article 4(2) refers to disclosure as a59 KB (8,242 words) - 10:47, 17 March 2021
- CNIL (France) - SAN-2020-003 (category Article 5(1)(c) GDPR)of Article 5-1 c) of the GDPR is established for these facts. B. On the breach of the obligation to limit the retention period of data 43. Article 5-161 KB (10,028 words) - 17:09, 6 December 2023
- AZOP (Croatia) - Decision 10-08-2023 (category Article 5 GDPR)this the AZOP held that the controller acted contrary to Article 5(1)(a) GDPR and Article 6 GDPR. Moreover, the AZOP reiterated the fact that the pictures19 KB (2,955 words) - 16:29, 5 December 2023
- CNIL (France) - SAN-2020-018 (category Article 12 GDPR) (section Violations of the obligations to inform as prescribed by Article 12 and 13 GDPR:)to the criteria laid down by Article 83 paragraph 2 of the GDPR. With regard to the breach of Article L. 34-5 of the GDPR, the restricted committee considers69 KB (11,007 words) - 17:10, 6 December 2023
- APD/GBA (Belgium) - 12/2019 (category Article 4(11) GDPR)(EU) 2016/679, p. 41. 2.2.2 Obligations relating to consent ('opt-in') (Articles 5, 6(1)(a) and 4(11) in conjunction with Article 7 of the Data Protection107 KB (17,697 words) - 16:52, 12 December 2023
- GHAL - 200.307.462 (category Article 10 GDPR)to cooperate. 2.2. For an extensive overview of the facts and background to the case, the Court of Appeal refers to considerations 2.1 to 2.11 of the contested28 KB (4,573 words) - 10:04, 14 December 2023
- HDPA (Greece) - 51/2022 (category Article 4(1) GDPR)permitted without consent only under the conditions of paragraphs 2 and 3 of this article. 2. The data controller is obliged to transmit to the competent judicial13 KB (1,901 words) - 08:43, 9 November 2022
- AEPD (Spain) - PS/00005/2020 (category Article 5(1)(c) GDPR)possible non-compliance with the data minimisation principle, as per Article 5(1)(c) GDPR. The decision is the consequence of a complaint submitted by a Spanish13 KB (1,795 words) - 13:47, 13 December 2023
- AEPD (Spain) - EXP202208091 (category Article 5(1)(f) GDPR)for the alleged violation of Article 5.1.f) of the GDPR and Article 32 of the GDPR, typified in Article 83.5 of the GDPR. FIFTH: Notified of the aforementioned40 KB (6,014 words) - 13:24, 13 December 2023
- AEPD (Spain) - PS/00335/2019 (category Article 6(1)(a) GDPR)subjects infringes Article 6 (1) (a) GDPR. The AEPD fined the data processor in an amount of 4,000 Euro for the violation of Article 6 (1) (a) GDPR. Since the21 KB (3,281 words) - 14:30, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9685922 (category Article 5(1)(f) GDPR)processing carried out is in violation of Article 5(1)(f) GDPR, Article 25(1) GDPR, Article 32 GDPR and Article 35 GDPR. Especially, the controller cannot exclude119 KB (19,123 words) - 11:29, 16 August 2022
- Garante per la protezione dei dati personali (Italy) - 9570997 (category Article 5(2) GDPR)reasons the Italian DPA, with the power conferred by Article 58(2)(d) and (f) and Article 83(3) and (5) GDPR, imposed to Fastweb multiple corrective measures131 KB (21,014 words) - 15:55, 6 December 2023
- APD/GBA (Belgium) - 18/2020 (category Article 5 GDPR)therefore of the opinion that no breach of Article 5.2 of the GDPR, Article 24.1 of the GDPR and Article 33 of the GDPR can be established. - As regards the55 KB (8,810 words) - 16:55, 12 December 2023
- APD/GBA (Belgium) - XX/2021 (category Article 58(2)(c) GDPR)on the merits in accordance with Article 98 et seq. DPAA, to: - pursuant to Article 58.2(c) of the GDPR and Article 95(1)(5) of the DPAA , to order the17 KB (2,189 words) - 12:34, 3 August 2022
- APD/GBA (Belgium) - 04/2021 (category Article 5(1) GDPR)before May 25, 2018. 2.2. Consent and the lawfulness of the processing (Article 4, point 11, Article 6 (1) in conjunction with Article 7 GDPR) 121. With regard113 KB (18,732 words) - 16:50, 12 December 2023
- AEPD (Spain) - PS/00269/2019 (category Article 5(1)(f) GDPR)for violation of article 5.1.f) of the RGPD, typified in article 85.5.a) of the aforementioned RGPD, in accordance with article 77. 2 of the LOPDGDD. Once30 KB (4,761 words) - 14:24, 13 December 2023
- TGI Paris - N° 14/07224 (category Article 5(1)(b) GDPR)clauses n ° 1 and n ° 2 regarding - articles 6/2 ° and 32 / I / 2 ° & 5 ° of the Data Protection Act for all contracts, - Article L.111-2 of the Consumer Code392 KB (67,730 words) - 15:27, 17 March 2022
- Commissioner (Cyprus) - 11.17.001.007.220 (category Article 7(4) GDPR)provisions: (a) Articles 55 (1), 56 (2), 57 (1) (a) and 58 (2) (d) of General Regulation (EU) 2016/679; and (b) of article 19 (5) of Law 125 (I) / 2018, the56 KB (8,913 words) - 16:52, 6 December 2023
- AEPD (Spain) - PS/00417/2019 (category Article 37 GDPR)scalethe by the number of clients it has (article 83.2 a)Basic personal identifiers are affected (article 83.2 g)Therefore, in accordance with the applicable16 KB (2,298 words) - 14:36, 13 December 2023
- AEPD (Spain) - PS/00381/2019 (category Article 5(1)(f) GDPR)infringement of Article 5.1.f) of the RGPD, typified in Article 83.5 of the RGPD, a warning sanction in accordance with the provisions of Article 77.2 of the LOPDGDD22 KB (3,479 words) - 14:33, 13 December 2023
- NAIH (Hungary) - NAIH/2020/66/21 (category Article 25(2) GDPR)Customer 2. as a data processor 1) finds that Customer 2. has not complied with Article 32 (1) of the General Data Protection Regulation; paragraph (b) when67 KB (10,492 words) - 10:11, 17 November 2023
- Rb. Noord-Nederland - C/ 18/189406/HA ZA 19-6 (category Article 32(2) GDPR)content: [article quoted] [article quoted] [article quoted] [article quoted] [article quoted] [article quoted] [article quoted] [article quoted] [article quoted]105 KB (18,002 words) - 16:24, 10 March 2022
- Tietosuojavaltuutetun toimisto (Finland) - 4282/161/21 (category Article 58(2)(b) GDPR)controller had violated Article 5(1)(f) GDPR, Article 17(1) GDPR, Article 25(1) GDPR, Article 32(1) GDPR and Article 32(2) GDPR. As a result, the DPA issued56 KB (8,980 words) - 08:47, 4 March 2024
- UODO (Poland) - ZSPR.421.3.2018 (category Article 14 GDPR)pursuant to Art. 14 par. 5 lit. b GDPR? The President of UODO found that: 1) The applicable provision is the Art. 14 GDPR since the data controller collects52 KB (8,444 words) - 10:01, 17 November 2023
- Tietosuojavaltuutetun toimisto (Finland) - TSV/224/2023 (category Article 12(2) GDPR)violated Article 5(1)(c) GDPR, Article 5(1)(e) GDPR, Article 12(2) GDPR, Article 12(6) GDPR and Article 25(2) GDPR. In accordance with Article 58(2)(c) GDPR31 KB (4,693 words) - 11:50, 6 March 2024
- Garante per la protezione dei dati personali (Italy) - 9509558 (category Article 5(1)(a) GDPR)the Regulations, with the provisions of art. 2-quater, paragraphs 4, 137 and 139 of the Code and of arts. 2 and 6 of the Deontological Rules, as well as24 KB (3,667 words) - 15:53, 6 December 2023
- APD/GBA (Belgium) - 48/2021 (category Article 5(1)(a) GDPR)(listed in Article 57 of the GDPR) including that of dealing with complaints (article 57.1.f) of the GDPR) as well as a number of powers (article 58 of the43 KB (6,670 words) - 16:58, 12 December 2023
- AEPD (Spain) - EXP202204881 (category Article 6(1) GDPR)information”, article 83.2 f) of the GDPR. (IV) "The non-existence of benefits obtained through the infringement", article 83.2 k) of the GDPR and 76.2 c) of the55 KB (9,017 words) - 10:46, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9556625 (category Article 6(2) GDPR)violation of art. 2-ter, paragraphs 1 and 3, of the Code and art. 6, par. 1, lett. c) and e); par. 2 and par. 3, lett. b), of the GDPR; b) in a manner that57 KB (9,144 words) - 15:55, 6 December 2023
- Gerechtshof Amsterdam - 200.258.200/01 (category Article 6(1)(f) GDPR)companies. 2.2 On 19 November 2013, ING entered the [Appellant's] personal details in ING's internal referral register (IVR) for a period of eight years. 2.3 In16 KB (2,462 words) - 12:29, 4 October 2021
- AEPD (Spain) - PS/00315/2020 (category Article 28 GDPR)es 11/20 RGPD, and article 74.k) of the LOPDGDD, a fine of 100,000 euros, of in accordance with article 83.2.a) of the RGPD and 76.2.b) of the LOPDGDD.)62 KB (10,401 words) - 14:35, 21 November 2023
- CNIL (France) - SAN-2024-002 (category Article 5(1)(e) GDPR)breach of Article 13 (2) of the GDPR. 43. Consequently, the restricted panel considers that the company has committed a breach of Article 13 of the GDPR. It56 KB (8,757 words) - 14:12, 28 February 2024
- Commissioner (Cyprus) - 11.17.001.008.001 (category Article 5(2) GDPR)orrequest-related processing activities. ». 2.5. Article 32 - Processing security:2.5.1. In accordance with the provisions of Article 32 of the Rules of Procedure, which61 KB (9,412 words) - 16:52, 6 December 2023
- Council of State - 251.378 (category Article 28(1) GDPR)ruling and the GDPR; breach of Article 28 GDPR (the choice of a the processor does not provide sufficient guarantees); breach of Article 32 GDPR (lack of appropriate40 KB (6,324 words) - 15:34, 1 September 2021
- VSL (Slovenia) - 9267/2022 (category Article 12 GDPR)(ECHR) - Article 8 RS - Constitution, Laws, Agreements, Treaties Criminal Procedure Act (1994) - ZKP - Article 83, 83/2, 285e, 285e/1, 285e/2 Associated24 KB (3,757 words) - 16:27, 31 October 2023
- Garante per la protezione dei dati personali (Italy) - 9542155 (category Article 5(2) GDPR)Authority of Bologna for violation of Articles 5(2)(f) and 9 GDPR. On the basis of Articles 58(2)(i) and 83 GDPR, the Garante imposed a fine of € 18 000 on the26 KB (4,162 words) - 15:54, 6 December 2023
- DSB (Austria) - 2020-0.349.984 (category Article 4(2) GDPR)(Art. 6 Para. 1 lit. f GDPR). In this context, Art. 6 Para. 1 lit. c GDPR in conjunction with the PMG and Art. 6 Para. 1 lit. f GDPR relevant: The Respondent28 KB (4,228 words) - 14:00, 12 May 2023
- Personvernnemnda (Norway) - 2021-17 (20/02389) (category Article 6(1)(f) GDPR)legal basis for their processing in article 6(1)(f) GDPR. However, according to article 17(1)(c) and article 21(1) GDPR, upon receiving an erasure request45 KB (7,396 words) - 18:49, 5 March 2022
- UODO (Poland) - DKN.5131.31.2021 (category Article 34(2) GDPR)sec. 1 and art. 34 sec. 1 and 2 of Regulation 2016/679. 2) Intentional or unintentional nature of the breach (Article 83(2)(b) of Regulation 2016/679) - the105 KB (17,237 words) - 09:22, 10 May 2023
- GHSHE (Netherlands) - 200.270.589 01 and 200.270.589 02 (category Article 6(1)(c) GDPR)29 708, no. 19 (p. 523) Article 4:32 The obligation from this article is taken over from Article 52 of the Wfd. Under Section 14(2) of the Wck, participation91 KB (15,371 words) - 15:11, 5 October 2021
- Court of Appeal of Brussels - 2021/AR/205 (category Article 6 GDPR)subject of the present complaint; b. give notice to the second defendant, pursuant to Article 58(2)(a) AVG and Article 100(1)(5) WOG, that it will not take92 KB (14,873 words) - 09:03, 20 August 2021
- CNIL (France) - SAN-2020-013 (category Article 6 GDPR)derogant rule, based on the interpretation of Article 95 GDPR in the line of the Rec (173) GDPR and Article 1(2) and 15a of the ePrivacy Directive. The CNIL82 KB (13,424 words) - 17:10, 6 December 2023
- Norway, and not the GDPR. The DPA does, however, refer to corresponding Articles in the GDPR: Articles 5(1)(b) and (c), as well as Article 17. Share blogs43 KB (6,983 words) - 09:09, 21 August 2022
- CJEU - C-60/22 - Federal Republic of Germany (category Article 5(2) GDPR)activities (ROPA) pursuant to Article 30 GDPR and lacked an arrangement for joint procedure in accordance with Article 26 GDPR. (2) whether the fact that the5 KB (663 words) - 12:50, 28 June 2023
- AEPD (Spain) - PS/00274/2019 (category Article 5(1)(f) GDPR)thearticle 5.1.f), in relation to article 6.1 of the RGPD.The violation of article 5.1.f) of the RGPD is typified in article 83.5.a)of the RGPD. The LOPDGDD37 KB (5,700 words) - 14:24, 13 December 2023
- APD/GBA (Belgium) - 136/2022 (category Article 4(1) GDPR)right of access (Article 12(4) GDPR). The DPA held that data concerning the vehicle of the complainant is personal data (Article 4(1) GDPR), since the data19 KB (2,700 words) - 08:49, 29 June 2023
- Datatilsynet (Norway) - 20/01949 (category Article 6(2) GDPR)DPIA cf. Article 35 - clearly inform students cf. Article 12 that a) it's voluntary to participate in the survey cf. Article 13(2)(f), and b) that their49 KB (7,572 words) - 16:14, 6 December 2023
- DSB (Austria) - 2022-0.083.310 (category Article 2(2)(a) GDPR)Paragraph 2 TFEU and is therefore in accordance with Article 2 Paragraph 2 lit a GDPR is excluded from the material scope of application of the GDPR (VwGH December52 KB (8,272 words) - 16:33, 18 January 2024
- VGH München - 11 ZB 22.895 (category Article 17 GDPR)note 17; B.v. 10.9.2019 - 8 B 774/19 - VRS 137, 12 = juris marginal note 5; OVG SH, B.v. 26.3.2012 - 2 LA 21/12 - juris note 8 f.; SächsOVG, B.v. 10.1.202022 KB (3,613 words) - 13:20, 31 August 2022
- AEPD (Spain) - EXP202100897 (category Article 83(2) GDPR)basis for the processing (Article 21(1) GDPR). Finally, the DPA fined the controller €12,000 for a violation of Article 6(1) GDPR due to the lack of a valid72 KB (11,671 words) - 13:34, 13 December 2023
- BVwG - W252 2246581-1/6E (category Article 22(1) GDPR)pursuant to Article 22 GDPR, but only 'light profiling' under Article 4(4) GDPR. Therefore, the controller claimed that Article 15(1)(h) GDPR did not apply31 KB (4,838 words) - 09:11, 30 August 2023
- LArbG Nürnberg - 4 Sa 201 22 (category Article 83(5)(b) GDPR)ignores the wording of Article 82 GDPR. To put this into perspective: Other than Article 82 GDPR, Article 77 GDPR actually only mentions GDPR violations by processing19 KB (2,972 words) - 05:25, 9 May 2023
- VGW - VGW-101/042/791/2020-44 (category Article 22(3) GDPR)that Article 3, Article 5, Article 6, Article 7 paragraph 1, Article 8, Article 9 paragraph 1 subparagraph 2, Article 9 paragraphs 3 and 4, Article 10 paragraph90 KB (14,726 words) - 14:01, 23 October 2023
- Tietosuojavaltuutetun toimisto (Finland) - 2437/161/22 (category Article 58(2)(b) GDPR)comply with Article 33 GDPR and Article 34 GDPR. Consequently, it issued a reprimand to the controller in accordance with Article 58(2)(b) GDPR. First, the21 KB (3,220 words) - 17:44, 27 April 2022
- OLG Hamm - 20 U 146/22 (category Article 12(5)(b) GDPR)meaning of Article 4(1) GDPR. Nevertheless, in this case the controller had the right to disregard the request in light of Article 12(5)(b) GDPR, as the latter30 KB (4,784 words) - 08:39, 8 August 2023
- Garante per la protezione dei dati personali (Italy) - 9861827 (category Article 5(1)(a) GDPR)violated Article 12 GDPR, as it did not facilitate the data subject´s exercise of their rights, especially the right to erasure under Article 17 GDPR. In view87 KB (14,525 words) - 15:45, 6 December 2023
- OLG Brandenburg - 11 U 9/23 (category Article 2(1) GDPR)controller may refuse to comply with access requests under Article 15 GDPR pursuant to Article 12(5)(b) GDPR if they are aimed exclusively at achieving objectives27 KB (4,404 words) - 08:48, 12 July 2023
- Court of Appeal of Brussels - 2022/AR/556 (category Article 5(1)(b) GDPR)protection. /Article 6.1 c) Ju in combination with Article 6.3 of the GDPR. b) Violation of Articles 5.1.a}, 12.1, 13.lc}, 13.2.a}, 13.2.d}, and 13.2.e}, for83 KB (13,694 words) - 09:53, 14 December 2023
- BVwG - W256 2234851-1 (category Article 4(4) GDPR)the Article that further information about the logic involved must be provided only when the conditions of Article 22(1) GDPR and Article 22(4) GDPR are43 KB (6,684 words) - 08:28, 9 November 2023
- AEPD (Spain) - PS/00554/2021 (category Article 5(1)(b) GDPR)for violation of Articles 5(1)(a), 5(1)(b), 5(1)(e), 13, 12(2), 30(1), 8 and 25 GDPR, as well as Article 22(2) LSSI. The Spanish DPA launched an investigation8 KB (928 words) - 15:15, 4 April 2023
- LG München I - 33 O 5976/22 (category Article 6(1)(b) GDPR)that Art. 80 (2) GDPR should be interpreted to the effect that consumer associations based on Section 2 (2) sentence 1 no. 11 GDPR against GDPR Violations65 KB (9,647 words) - 11:40, 4 October 2023
- BVwG - W108 2263948-1/4E (category Article 22(2) GDPR)to VwGH May 27, 2015, Ra 2015/19/0075). 3.2.2. In the matter: 3.2.2.1. Legal situation: 3.2.2.1.1. Art. 4 GDPR reads in part: - 10 - “Definitions For the44 KB (6,867 words) - 09:59, 3 January 2024
- LAG Schleswig-Holstein - 1 Sa 148/22 (category Article 4(1) GDPR)the data subject requested his personal information (Article 15 (1) GDPR and Article 15 (3) GDPR) from the controller. On the same day, the data subject51 KB (8,324 words) - 15:52, 18 January 2024
- OLG Hamm - 8 U 94/22 (category Article 6(1)(b) GDPR)principle of Fairness (Article 5(1)(a) GDPR), purpose limitation (Article 5(1)(b) GDPR) and data minimisation (Article 5(1)(c) GDPR) would not prevent the56 KB (9,184 words) - 15:04, 18 July 2023
- VG Frankfurt am Main - 5 L 1623/22.F (category Article 4(1) GDPR)transmission as a precautionary measure under Article 21 GDPR and requested a restriction of processing under Article 18 GDPR. Additionally, the data subject complained22 KB (3,418 words) - 10:05, 9 November 2022
- Garante per la protezione dei dati personali (Italy) - 9524175 (category Article 28(2) GDPR)as by Article 28(2) and (3) The obligation to adopt technical and organizational measures to ensure the security of the processing as by Article 32. The20 KB (3,133 words) - 15:53, 6 December 2023
- VwGH - Ro 2021/04/0010 (category Article 9(2)(g) GDPR)accordance with Article 57, paragraph one, letter h, in conjunction with Article 58, paragraph one, letter b and paragraph 2, Litera a, GDPR in conjunction190 KB (30,999 words) - 10:00, 21 February 2024
- Rb. Overijssel - ZWO 22/775 (category Article 4(1) GDPR)been awarded to [company 1] B.V., now [company 1]. This agency has appointed [company 2] B.V. for the technology. enabled. 1.2 On July 16, 2018, the AP received26 KB (4,142 words) - 15:30, 27 March 2024
- IP - 0610-376/2020/35 (category Article 13(2) GDPR)pursuant to Article 54 of ZVOP-1, points (a), (d) and (f) of Article 58 (2) of the General Regulation, Articles 29 and 32 of the ZIN and Article 221 ZUP,110 KB (17,995 words) - 11:15, 22 April 2021
- Rb. Gelderland - C/05/404505 / HA RK 22-99 (category Article 22 GDPR)applicability of Article 22 GDPR for this reason. The Court reiterated the importance of Article 13 GDPR, Article 14 GDPR and Article 15 GDPR. Since the controller35 KB (5,511 words) - 13:04, 16 November 2022
- VG Frankfurt am Main - 5 L1281/22.F (category Article 5(1)(f) GDPR)insufficiently secured; the legal requirements of Article 5 (1) (f) GDPR and Article 32 (1) (a) GDPR have been complied with. The German data protection25 KB (3,840 words) - 13:34, 4 August 2022
- Persónuvernd - 2020010601 (category Article 4(1) GDPR)within the meaning of point 2. Article 3 Act no. 90/2018, 1. tölul. Article 4 Regulation (EU) 2016/679 and point 1. Article 2 Act no. 75/2019. On the other39 KB (6,351 words) - 09:52, 6 May 2021
- LG Augsburg - 022 O 2669/22 (category Article 25(2) GDPR)13, 14 GDPR), also the defendant clearly and in ease language pointed to the default settings, so no breach of Article 25 GDPR or Article 32 GDPR either26 KB (4,101 words) - 10:24, 13 March 2024
- LG München I - 5 O 5853/22 (category Article 5(1)(f) GDPR)requirements of Article 34 (2) GDPR. If one sets too strict requirements for promptness within the framework of Article 34 Para. 1 GDPR, this would run31 KB (5,017 words) - 15:08, 20 October 2023
- Datatilsynet (Norway) - 20/02319 (category Article 13(2)(b) GDPR)and (2), 21(3) and (4) GDPR, Komplett Bank ASA is given a reprimand. We are competent to issue corrective measures pursuant to Article 58(2) GDPR. 2. Case36 KB (5,718 words) - 11:25, 22 February 2022
- Tietosuojavaltuutetun toimisto (Finland) - 7732/161/23 (2) (category Article 3(2) GDPR)data carried out through Yango app was contrary to Article 44 GDPR, Article 46 GDPR and Chapter V GDPR. Moreover, it found that the conditions set for the20 KB (2,928 words) - 11:58, 11 October 2023
- AEPD (Spain) - EXP202207199 (category Article 6 GDPR)data subject. For violating Article 6 GDPR, the DPA fined the controller €4,000 and ordered, in accordance with Article 58(2) GDPR, the removal of the device23 KB (3,550 words) - 10:03, 18 October 2023
- LG Bonn - 13 O 126/22 (category Article 82 GDPR)confidentiality of data pursuant to Article 5(1)(f) GDPR and violated the principle of privacy by default and by design (Article 24 GDPR). The controller was aware37 KB (5,954 words) - 13:58, 22 June 2023
- BVwG - W211 2234354-1 (category Article 22 GDPR)that Article 15(1)(h) GDPR is not limited to cases of Article 22 GDPR but also applies in other cases of purely automated processing, as Article 15(1)(h)33 KB (5,335 words) - 16:07, 26 January 2022
- CNIL (France) - SAN-2021-020 (category Article 28(3) GDPR) (section On the failure to comply with Article 28 GDPR)breach of Article 28 paragraphs 3 and 4 of the GDPR is clear. 2. On the breach of the obligation to ensure data security 49. According to Article 32 of the56 KB (9,069 words) - 17:02, 6 December 2023
- VG Ansbach - AN 14 K 22.00468 (category Article 2(2) GDPR)of the GDPR, which is a condition for a reprimand pursuant to Article 58(2)(b) GDPR. Material scope of the GDPR According to the court, the GDPR applies38 KB (6,226 words) - 15:30, 18 January 2023
- FG München - Auskunftsanspruch nach Art. 15 DSGVO (category Article 15(3) GDPR)whether Art. 15 GDPR applies to the investigation files at all, since according to Art. 2 Para. 2 d GDPR, Section 2a Para. 4 AO, the GDPR does not apply97 KB (16,519 words) - 09:57, 22 February 2023
- Garante per la protezione dei dati personali (Italy) - 9685947 (category Article 28 GDPR)associations even without legal personality" (see Article 2, Law 179/2017 which added paragraph 2-bis to Article 6 of Legislative Decree .lgs. 8 June 2001, n115 KB (18,595 words) - 11:30, 16 August 2022
- VwGH - Ro 2021/04/0010-11 (category Article 9(2)(g) GDPR)background of Article 22 GDPR. The Court found that the controller’s algorithmic process in itself is an automated decision under Article 22(1) GDPR, based on144 KB (21,026 words) - 14:50, 27 March 2024
- AEPD (Spain) - PS/00261/2021 (category Article 6(1) GDPR)violation of Article 6.1 of the RGPD, typified in Article 83.5 of the RGPD. FIFTH: Notification of the aforementioned start-up agreement, D. B.B.B., on behalf34 KB (5,536 words) - 19:04, 16 May 2022
- VG München - M 3 E 22.667 (category Article 6(2) GDPR)these purposes (Article 5 (1) (b) GDPR) and must be limited to what is necessary for the purposes of processing (Article 5 (1) (c) GDPR). The purposes of34 KB (5,550 words) - 14:38, 15 June 2022
- AEPD (Spain) - EXP202306257 (category Article 44 GDPR)EDREAMS, S.L. was ordered for a violation of the Article 44 of the GDPR, typified in Article 83.5 of the GDPR, adapt the activity of data processing carried83 KB (12,999 words) - 15:30, 6 March 2024
- ICO (UK) - Tempcover Ltd (category Article 4(11) GDPR)of Regulation 22(3)(a) and 22(3)(b) PECR. 48. However, it is clear that whilst Tempcover met the criteria of Regulation 22(3)(a) and 22(3)(b) PECR, it failed40 KB (5,684 words) - 18:42, 16 February 2022
- BGH - I ZR 2/21 (category Article 85(2) GDPR)relief neither on the KUG nor on the GDPR because the comprehensive weighing required by both Article 6(1)(f) GDPR and §§ 22, 23 KUG led to the same result.66 KB (11,440 words) - 15:55, 30 March 2022
- CNPD (Luxembourg) - Délibération n°16FR/2021 (category Article 5(1)(c) GDPR)elements provided for in Article 83.2 of the GDPR: As to the nature and seriousness of the violation (article 83.2.a) of the GDPR), the Restricted Training51 KB (7,338 words) - 11:33, 16 June 2021
- UODO (Poland) - DKN.5131.22.2021 (category Article 32(1)(b) GDPR)that the controller breached Article 5(1)(f), Article 24(1), Article 25(1), Article 32(1)(b) and (d), and Article 32(2) GDPR due to a lack of a reliably68 KB (10,909 words) - 14:47, 25 October 2021
- LAG Düsseldorf - 12 Sa 186/19 (category Article 9 GDPR)172 (4.2.) The processing of the health data in question here is lawful on the basis of Article 9 (2) (b) GDPR in conjunction with Article 9 (2) (h) GDPR120 KB (20,753 words) - 17:06, 7 March 2022
- AEPD (Spain) - PS-00393-2022 (category Article 13 GDPR)cookies. The Spanish DPA held the controller to have infringed Article 13 GDPR and Article 22.2 of the Law of Information Society Services and Electronic Commerce54 KB (8,094 words) - 10:51, 10 January 2024
- BVwG - W252 2237416-1 (category Article 15(1)(g) GDPR)according to Article 22, Paragraphs 1 and 4 GDPR, i.e. the exception provision of Article 22, Paragraph 2, GDPR does not apply (see Article 22, GDPR), the data37 KB (5,924 words) - 08:42, 2 August 2023
- BVwG - W252 2246883-1 (category Article 77 GDPR)decision date 06/12/2023 standard B-VG Art133 Para.4 DSG §24 paragraph 4 GDPR Art58 GDPR Art77 B-VG Art. 133 today B-VG Art. 133 valid from 01.01.201921 KB (3,361 words) - 09:58, 13 July 2023
- AEPD (Spain) - PS/00027/2022 (category Article 5(1)(c) GDPR)for the alleged infringement of Article 5.1.c) of the GDPR, typified in Article 83.5 of the GDPR. FIFTH: On 03/21/22, collaboration is requested from18 KB (2,701 words) - 11:04, 24 May 2023
- BVwG - W252 2248013-1 (category Article 15 GDPR)for more details. decision date 01/26/2023 standard B-VG Art133 Para.4 GDPR Art15 B-VG Art. 133 today B-VG Art. 133 valid from 01.01.2019 to 24.05.2018 last23 KB (3,639 words) - 08:38, 10 March 2023
- CNIL (France) - SAN-2022-020 (category Article 3(2)(a) GDPR)are subject to the GDPR pursuant to Article 3(2)(a) of this Regulation. B. On the competence of the CNIL 22. Article 55(1) of the GDPR provides that "each59 KB (9,566 words) - 17:03, 6 December 2023
- Personvernnemnda (Norway) - 2022-13 (21/00481) (category Article 58(2)(d) GDPR)controller) about €352,555 (NOK 4,000,000) for violating Article 5(1)(f) GDPR, Article 24 GDPR and Article 32 GDPR after a serious ransomware attack led to highly45 KB (6,913 words) - 12:13, 15 March 2023
- DPC - C-19-X-XXX Ryanair DAC - November 2020 (category Article 58(2)(b) GDPR)and (4) GDPR.” 32. Article 32 of the GDPR relates to the security of processing of personal data. More specifically, Article 32(1) of the GDPR states that35 KB (4,975 words) - 20:43, 5 May 2021
- BVwG - W214 2224204-1 (category Article 22 GDPR)complaint (Article 18(1)(b) GDPR). Moreover, since the controller did not violate Article 21 GDPR, the court found that the requirements of Article 18(1)(d)96 KB (15,762 words) - 11:58, 21 April 2022
- (“the GDPR”): regulation 8(2) of the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019. Article 4(11)31 KB (4,210 words) - 15:26, 20 June 2023
- ICO (UK) - We Buy Any Car Limited (category Article 4(11) GDPR)Communications (EC Directive) Regulations 2003 by the person, and (b) subsection (2) or (3) applies. 3 (2) This subsection applies if the contravention was deliberate41 KB (5,743 words) - 11:44, 21 September 2021
- AP (The Netherlands) - z2021-13185 / z2022-07180 (category Article 6 GDPR)Jigler Payroll B.V. infringed on GDPR article 6, but infringement of GDPR article 28 and 46 could not be established. The AP decided not to take any enforcement33 KB (5,239 words) - 10:19, 28 May 2023
- Personvernnemnda (Norway) - 2020-14 (19/00110) (category Article 6(1)(f) GDPR)Ordinance, cf. Article 4 no. 2. The search engine provider is responsible for the processing of personal data this connection, cf. Article 4 no. 7. This32 KB (5,120 words) - 18:48, 5 March 2022
- CNIL (France) - SAN-2021-024 (section The material competence of the CNIL and the non-application of the "one-stop shop" mechanism provided for by the GDPR)provided for in Article 2, h) of Directive 95/46/EC. In particular, under these new requirements, article 4, paragraph 11 of the GDPR requires that the82 KB (13,428 words) - 17:02, 6 December 2023
- IMY (Sweden) - DI-2019-4062 (category Article 13(2)(b) GDPR)under Article 21 GDPR, in violation of Article 13(2)(b) GDPR. As to automated decision-making, including profiling under Articles 22(1) and (4) GDPR, the118 KB (13,497 words) - 16:24, 6 April 2022
- DSB (Austria) - DSB-D770.1336 (category Article 6(1)(e) GDPR)with § 750(1a) and (2) ASVG, this justified a restriction of the right to data protection under §1(2) DSG, in compliance with Article 8(2) of the Charter of31 KB (4,841 words) - 16:21, 19 December 2023
- BVwG - W176 2255954-1 (category Article 1 GDPR)even if Article 77 GDPR were considered to be applicable, there would be no incompatibility between Article 24 DSG and Article 77 GDPR: the GDPR does not27 KB (4,362 words) - 14:08, 5 July 2023
- BAG - 2 AZR 296/22 (category Article 17(1)(d) GDPR)according to Article 4 No. 2 GDPR, also includes their unlawful collection. However, according to Article 17 Paragraph 3 Letter e of the GDPR, there is an49 KB (8,060 words) - 13:00, 5 September 2023
- VG Frankfurt am Main - 5 L 623/21.F (category Article 23 GDPR)according to Article 23 GDPR, restrictions of obligations and rights under Article 12 GDPR - Article 22 GDPR Article 34 GDPR and Article 5 GDPR, insofar as30 KB (4,766 words) - 15:12, 8 September 2021
- AEPD (Spain) - 00027-2022 (category Article 24(2) GDPR)party, for the alleged violation of Article 5.1.c) of the GDPR, typified in Article 83.5 of the GDPR. FIFTH: On 03/21/22, collaboration was requested from16 KB (2,612 words) - 15:47, 6 December 2022
- Datatilsynet (Denmark) - 2021-31-5085 (category Article 12(5)(b) GDPR)reference to the exemptions following from GDPR article 15(4) and the Danish Data Protection Act section 22 (2), no. 9 and 10. However, the conditions for79 KB (12,839 words) - 10:21, 5 October 2022
- ICO (UK) - AMEX (category Article 4(11) GDPR)Communications (EC Directive) Regulations 2003 by the person, (b) subsection (2) or (3) applies. (2) This subsection applies if the contraventwas deliberate72 KB (8,623 words) - 10:38, 26 May 2021
- GHAMS - 200.295.747/01 (category Article 15(1)(h) GDPR)under Article 6(1)(a) or Article 9(2)(a) or on an agreement under Article 6(1)(b); and the processing is carried out through automated processes. 2. When80 KB (13,304 words) - 13:05, 12 April 2023
- IDPC (Malta) - CDP/IMI/LSA/22/2021 (category Article 15(2) GDPR)subject with the information as required under Article 15(1) from letter (a) to (h) GDPR and Article 15(2) GDPR, and to provide the data subject with a copy18 KB (2,190 words) - 09:57, 23 May 2023
- DSB (Austria) - 2023-0.789.858 (category Article 83(2)(b) GDPR)to Article 58 Paragraph 2 Letter i and Article 83 Paragraph 1 to 6 GDPR Article 58 Paragraph 2 Litera i and Article 83 Paragraph One , up to 6 GDPR are57 KB (9,442 words) - 08:55, 17 January 2024
- LG Duisburg - 10 O 126/22 (category Article 82 GDPR)report under Article 33 GDPR and the obligation to provide information under Article 34 GDPR does not fall within the scope of Article 82 GDPR (see above)63 KB (10,478 words) - 09:40, 15 February 2024
- AG München - 178 C 13527/22 (category Article 82 GDPR)follows from Art. 18 Para. 1 Alt. 2 EuGVVO and Art. 79 Para. 2 S. 2 DSGVO, the plaintiff is a consumer from Munich. 16 2. The Local Court of Munich has local21 KB (3,243 words) - 15:04, 18 April 2023
- Garante per la protezione dei dati personali (Italy) - 9578184 (category Article 5 GDPR) (section 2. Unsuitability of the legal basis)essential elements required by the GDPR (Articles 6(2) and 9) and by the Personal Data Protection Code (Articles 2(b) and 2(e)).” This is due to the fact that33 KB (5,141 words) - 10:30, 19 May 2021
- purposes of direct marketing contrary to regulation 22 of PECR. 4. Regulation 22 of PECR states: 2 “(1) This regulation applies to the transmission of32 KB (5,066 words) - 09:04, 14 February 2022
- FG Nürnberg - 3 K 596/22 (category Article 6(2) GDPR)legislator used the open clause of Article 6(1)(c) and (e) GDPR, in combination with Article 6(2) and Article 6(3) GDPR, to create a legal basis for the38 KB (6,277 words) - 08:12, 18 May 2023
- Tietosuojavaltuutetun toimisto (Finland) - 310/161/23 (category Article 83(6) GDPR)accordance with Article 58, paragraph 2, subparagraph b of the General Data Protection Regulation, and an order pursuant to Article 58, paragraph 2, subparagraph71 KB (11,552 words) - 13:40, 12 January 2024
- CNPD (Luxembourg) - Délibération n°18FR/2021 (category Article 38(2) GDPR)analyzes the criteria set by Article 83.2 of the GDPR: - As to the nature and seriousness of the violation (article 83.2 a) of the GDPR), with regard to concerns57 KB (8,374 words) - 08:31, 16 June 2021
- AEPD (Spain) - E/02666/2020 (category Article 14 GDPR)fulfilled the duty of information in accordance with GDPR. The Spanish DPA considered that Article 35 GDPR applies in this case and thus a DPIA is necessary24 KB (3,690 words) - 13:39, 13 December 2023
- AEPD (Spain) - PS/00261/2020 (category Article 5(1)(c) GDPR)RGPD); as he points out Article 83.5 a) of the RGPD. -12 of the RGPD, in relation to 22 of the LOPDGDD, as indicated in article 83.5.b) of the RGPD. " FOURTH:54 KB (8,837 words) - 13:34, 16 June 2021
- ANSPDCP (Romania) - Fine against VODAFONE România S.A. 5 (category Article 32(1)(b) GDPR)measures: Article 32 of the GDPR and Article 3 of Law no. 506/2004. The latter is the transposition of the E-Privacy Directive's Article 4. (2) This is8 KB (976 words) - 11:53, 19 November 2021
- Garante per la protezione dei dati personali (Italy) - 9435807 (category Article 58(2)(d) GDPR)of Article 83(2) and recital 148 of the Rules of Procedure and that, therefore, it may be sufficient to admonish Iliad, pursuant to Article 58(2)(b) of58 KB (9,448 words) - 15:50, 6 December 2023
- Rb. Amsterdam - C/13/721372 / KG ZA 22-710 (category Article 6(1)(f) GDPR)to object to processing under Article 21 GDPR and have his personal data deleted from the registry under Article 17 GDPR so long as these legitimate interests15 KB (2,363 words) - 15:03, 28 September 2022
- DSB (Austria) - D130.073/0008-DSB/2019 (category Article 32 GDPR)process for user registrations, the respondent violated Article 5 GDPR, Article 6 GDPR, and Article 32 GDPR, and § 1 para 1 DSG (the Austrian Data Protection25 KB (3,605 words) - 13:59, 12 May 2023
- ICO (UK) - The Money Hive Limited (category Article 4(11) GDPR)("the GDPR"): regulation 8(2) of the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019. Article 4(11)63 KB (8,280 words) - 14:53, 2 March 2022
- DSB (Austria) - 2023-0.420.407 (category Article 5(1)(b) GDPR)(Art. 6 para. 1 lit. b) (cf. Article 9, paragraph 2, GDPR stipulates exceptions to the processing ban of Article 9, paragraph one, GDPR and limits the admissibility35 KB (5,572 words) - 14:56, 27 March 2024
- BVwG - W256 2235360-1 (category Article 22 GDPR)case law of the highest courts on Article 6(1)(e) of the GDPR, Article 9(2)(g) of the GDPR and Article 22 of the GDPR in connection with profiling. It was67 KB (10,431 words) - 08:39, 21 February 2024
- Rb. Amsterdam - AMS 22/5458 (category Article 12(2) GDPR)Articles 15 to 22." The Court interpreted "facilitation" in the context of Article 12(2) GDPR, in connection with Recitals 59 to 64 GDPR, concluding that27 KB (4,200 words) - 11:57, 13 September 2023
- AEPD (Spain) - EXP202103983 (category Article 4(2) GDPR)specified period of time - Article 58.2 (i). According to Article 83(2) of the GDPR, the measure provided for in Article 58(2)(d) of the GDPR is compatible with28 KB (4,427 words) - 10:02, 16 June 2023
- Rb. Overijssel - 9965129 \ CV EXPL 22-2279 (category Article 4(1) GDPR)what has been advanced more or otherwise. 2 The grounds of the decision In convention and in counterclaim 2.1. There was an employment contract between9 KB (1,268 words) - 15:27, 24 August 2022
- messages. Therefore, Global One breached Article 22 PECR. The ICO also held that Global One breached Article 23(b) PECR as it did not provide a valid contact42 KB (5,271 words) - 13:44, 23 June 2021
- AEPD (Spain) - PS/00603/2021 (category Article 6(1) GDPR)online store had violated Article 6(1) GDPR. The AEPD also held that the online store had violated its obligation under Article 13 GDPR to provide data subjects41 KB (6,588 words) - 16:47, 27 April 2022
- APD/GBA (Belgium) - 61/2020 (category Article 5(1)(d) GDPR)this regard within the meaning of Article 2 (2) point d) GDPR. Whichcertain officials of the defendant under Article 5, §2 of the Second Ordinanceare appointed41 KB (6,354 words) - 16:59, 12 December 2023
- ICO (UK) - Royal Mail Group Limited (category Article 4(11) GDPR)Communications (EC Directive) Regulations 2003 by the person, (b) subsection (2) or (3) applies. (2) This subsection applies if the contravention was deliberate41 KB (5,879 words) - 12:39, 23 March 2022
- AEPD (Spain) - PS/00267/2021 (category Article 83(2)(e) GDPR)involve a breach of the provisions of Article 6 of the GDPR, in relation to Article 22 of the LOPDGDD. Article 6 of the GDPR has four paragraphs, which in turn193 KB (32,580 words) - 11:16, 15 June 2022
- OLG Karlsruhe - 15 Verg 8/22 (category Article 5 GDPR)agreement between the third party and A. S.à.r.l. in implementation Article 28 GDPR allowed A. S.à.r.l. to disclose personal data processed on behalf of50 KB (8,086 words) - 09:05, 6 October 2022
- AEPD (Spain) - PS/00276/2021 (category Article 6(1)(b) GDPR)this sense, article 22.2 of the LSSI, which establishes the Rights of the recipients of information society services, it is indicated that: "2. Service providers40 KB (6,381 words) - 10:12, 7 December 2021
- APD/GBA (Belgium) - 28/2020 (category Article 21(2) GDPR)be erased and thus also violates Article 17.1(c) AVG. 3.2. With regard to the infringement of Article 6.1 and Article 21.4 of the AVG 29. In its statement27 KB (4,363 words) - 16:56, 12 December 2023
- (“the GDPR”): regulation 8(2) of the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019. Article 4(11)39 KB (5,404 words) - 11:56, 21 September 2021
- OGH - 6Ob56/21k (request for preliminary ruling under Article 267 TFEU) (category Article 6(1)(b) GDPR)requirements of Article 6(1)(a) in conjunction with Article 7 GDPR, which cannot be superseded by relying on Article 6(1)(b) GDPR? Is Article 5(1)(c) GDPR (data122 KB (20,253 words) - 08:17, 19 August 2021
- BVwG - W256 2275675-1 (category Article 12(3) GDPR)accuracy set out in Article 5, paragraph one, letter d of the GDPR? 2. If question 1 is answered in the affirmative: Should Article 16 GDPR be interpreted as53 KB (8,644 words) - 12:53, 9 January 2024
- AEPD (Spain) - E/00647/2019 - CO/00198/2020 (category Article 4(22) GDPR)in accordance to Article 4(23) GDPR. According to the AEPD, there are other concerned DPAs in this case, as defined in Article 4(22) GDPR: Spain, Belgium17 KB (2,419 words) - 14:27, 24 November 2022
- Tietosuojavaltuutetun toimisto (Finland) - 3895/83/22 (category Article 22(1) GDPR)to the controller under Article 58(2)(a) GDPR and stated that the envisaged processing would violate Articles 6, 9 and 22 GDPR. Share your comments here41 KB (6,305 words) - 11:34, 28 October 2022
- LG Ravensburg - 2 O 228/22 (category Article 15 GDPR)jurisdiction pursuant to Article 18 paragraph 1 Alt. 2 of the Brussels I Regulation and Article 79 paragraph 2 sentence 2 of the GDPR. The claim under 1 and26 KB (4,057 words) - 13:39, 11 April 2024
- APD/GBA (Belgium) - 84-2022 (category Article 5(1)(b) GDPR)processing of the personal data (Article 5(1) GDPR). The controller did not demonstrate a contractual relationship (Article 6(1)(b)) with the lawyers concerned14 KB (2,020 words) - 16:07, 22 June 2022
- Datatilsynet (Norway) - 20/02165 (category Article 32(1)(b) GDPR)municipality had breached § 22 of the Norwegian Health Records Act (pasientjournalloven) and Article 32(1)(b) and (d) GDPR (cf. Article 5 GDPR). The DPA fined Moss24 KB (3,436 words) - 07:38, 4 October 2021
- LG München - 31 O 16606/20 (category Article 5(1)(f) GDPR)pursuant to Article 82(1) GDPR, because controller violated Article 32(1) GDPR. The Court upheld the appeal and ordered the controller to pay € 2,500, - as25 KB (4,028 words) - 07:10, 8 February 2022
- BVwG - W101 2218962-2 (category Article 4 GDPR)standard B-VG Art133 Para.4 DSG §1 DSG §24 DSG §24 paragraph 1 DSG §24 paragraph 5 DSG §7 GDPR Art4 GDPR Art5 GDPR Art6 VwGVG §28 paragraph 2 B-VG Art.49 KB (7,872 words) - 08:40, 10 March 2023
- BVwG - W245 2247035-1/8E and W245 2251274-1/6E (category Article 12 GDPR)Clause 1 GDPR) to the "How" (Article 15 Paragraph 1 Clause 2 lit. a-h, Paragraph 2 GDPR) to the "What" ( Art 15 para. 1 clause 2, para. 3 GDPR). If the51 KB (8,535 words) - 09:16, 1 February 2023
- PHR - 22/01253 (category Article 15 GDPR)personal data in that assessment pursuant to Article 15(1) GDPR. However, Article 23(1)(i) GDPR and Article 41 UAVG provide the possibility of a restriction241 KB (42,617 words) - 14:14, 13 September 2022
- UODO (Poland) - ZSOŚS.421.25.2019 (category Article 5(2) GDPR)5 sec. 2, art. 25 sec. 1, art. 32 sec. 1 lit. b, art. 32 sec. 1 lit. d, art. 32 sec. 2, art. 38 sec. 1, art. 39 sec. 1 lit. b and art. 39 sec. 2 of the156 KB (25,012 words) - 10:01, 17 November 2023
- Garante per la protezione dei dati personali (Italy) - 9751362 (category Article 5(1)(b) GDPR)violated Article 5(1)(b) GDPR which “provides for compliance with the principle of purpose limitation.” Clearview violated Article 5(1)(e) GDPR which “provides134 KB (21,856 words) - 05:16, 25 May 2022
- AEPD (Spain) - PS/00151/2021 (category Article 28(3) GDPR)clients. - Infringement of article 22.2) of the LSSI, regarding the cookie policy in its Web page. APPOINT: instructor to D. B.B.B. and, as secretary, to Dª53 KB (8,628 words) - 15:44, 13 July 2022
- HDPA (Greece) - 47/2023 (category Article 12(2) GDPR)meaning of article 4 par. 2) and 6) GDPR, under processing under the regulatory scope of articles 2 par. 1 of the GDPR and 2 of Law 4624/2019. 4 2) Since,36 KB (6,028 words) - 07:43, 20 March 2024
- Tietosuojavaltuutetun toimisto (Finland) - 7684/171/22 (category Article 35 GDPR)legal remedies. Sections 2 and 3 of the article describe what appropriate protective measures can be. According to Article 2, appropriate safeguards may27 KB (4,068 words) - 10:13, 7 June 2023
- Rb. Amsterdam - C/13/696010 / HA ZA 21-81 (category Article 22 GDPR)against the defendant. 1.2. Finally, verdict has been determined. 2 The assessment 2.1. The claimed penalty will be limited as follows. 2.2. The claim does not11 KB (1,518 words) - 09:26, 29 April 2021
- RVS - 202004314/1/A3 (category Article 4(1) GDPR)referred to in Articles 15 to 22 of the GDPR. This follows from Article 34 of the GDPR Implementation Act. Article 21 of the GDPR is entitled to object. That46 KB (7,313 words) - 11:27, 3 March 2022
- BVwG - W252 2247092-1 (category Article 58(6) GDPR)August 22, 2023 standard B-VG Art 133 Paragraph 4 DSG §24 Paragraph 1 DSG §24 Paragraph 5 DSG §24 Paragraph 6 GDPR Art 17 B-VG Art. 133 today B-VG Art22 KB (3,496 words) - 14:10, 12 September 2023
- Garante per la protezione dei dati personali (Italy) - 0007060 (category Article 21(2) GDPR)data for these purposes under Article 21(2) GDPR. Additionally, the data subject filed an access request under Article 15 GDPR. The data subject did not receive94 KB (14,814 words) - 14:42, 30 April 2024
- OLG Innsbruck - 1 R 182/19b (category Article 99(2) GDPR)representative within 14 days the amount of EUR 2.500,-- plus 4% interest since 2.3.2019 is hereby rejected. 2. the plaintiff is obliged to reimburse the defendant54 KB (7,916 words) - 12:06, 9 May 2022
- VG Neustadt an der Weinstraße - 3 L 763/22.NW (category Article 6(1)(e) GDPR)court upheld Article 6(1)(e) GDPR as the legal basis for the processing of personal data. Furthermore, according to the court, Article 9(2)(j) GDPR states that54 KB (8,511 words) - 09:03, 16 December 2022
- AEPD (Spain) - PS/00161/2021 (category Article 17(1) GDPR)MEDIAADVERTISING S.L., with CIF .: B87781795, for the violation of the article Violation of the article of article 17.1 of the RGPD, a penalty of 10,00024 KB (3,756 words) - 11:38, 14 September 2021
- AEPD (Spain) - PS/00483/2021 (category Article 13 GDPR)infringement of article 22.2 of the LSSI, regarding the cookie policy made on the website in question. On the other hand, and in accordance with article 58.2 of the41 KB (6,620 words) - 16:19, 20 April 2022
- BlnBDI (Berlin) - 631.457.4 521.14765.10 (category Article 58(2)(b) GDPR)specific e-mail address, pursuant to Article 15(3) GDPR. The DPA reprimanded the controller pursuant to Article 58(2)(b) GDPR. It is not entirely clear from13 KB (1,865 words) - 08:45, 16 February 2023
- OLG Celle - 8 U 165/22 (category Article 12(5) GDPR)/ 2020 852.30 +15.55 2.800% 2.025 0.00 867.85 08 / 2020 867.85 +15.55 2.800% 2.061 0.00 883.40 09 / 2020 883.40 +15.55 2.800% 2.098 0.00 898.95 10 / 202062 KB (10,852 words) - 14:08, 7 January 2023
- ANSPDCP (Romania) - Fine against Bitfactor SRL (category Article 32(1)(b) GDPR)laid down in Article 5(1)(f) GDPR. In this context, the DPA referred to Article 25(1) GDPR (data protection by design) and Recital 78 GDPR. As a result6 KB (708 words) - 08:12, 6 October 2022
- VG Karlsruhe - 7 K 2578/22 (category Article 15(1) GDPR)personal data within the meaning of Article 4(1) GDPR and thus cannot be object of an access request under Article 15(3) GDPR. Making reference to CJEU case83 KB (13,935 words) - 10:24, 17 January 2024
- DSB (Austria) - 2020-0.436.002 (category Article 22(1) GDPR)access under Article 15(1)(h) GDPR applies to all kinds of profiling rather than only to automated decision making under Article 22(1) and (4) GDPR. The DPA28 KB (4,091 words) - 05:23, 14 August 2021
- Datatilsynet (Norway) - 19/02450 (category Article 5(1)(b) GDPR)to be fulfilled since the GDPR itself outlines the needs for information, cf. Article 57(1)(b). 2) The DPA violated Article 13(1)(d) because they failed46 KB (7,180 words) - 17:22, 9 March 2022
- BVwG - W252 2249734-1 (category Article 58 GDPR)within the meaning of Article 58, Paragraph 2, GDPR or the possible illegality of the processing operation in question. Article 58, GDPR does not contain an16 KB (2,426 words) - 15:24, 26 November 2023
- ANSPDCP (Romania) - Fine against Societatea Civilă Profesională de Avocați „Sabou, Burz & Cuc” (category Article 5(1)(b) GDPR)with other lawyers, in breach of Articles 6, 5(1)(a), 5(1)(b), 5(1)(c), 5(1)(f) and 5(2) GDPR. A client of the “Sabou, Burz & Cuc" law firm filed a complaint6 KB (669 words) - 15:49, 2 March 2022
- VG Berlin - 2 K 98/20 (category Article 4(1) GDPR)prohibited unless one of the conditions of Article 9(2) GDPR, such as explicit consent, is met. According to Article 4(15) GDPR, health data are personal data relating44 KB (7,148 words) - 14:45, 16 November 2022
- NAIH (Hungary) - NAIH-5377-12/2023 (category Article 6(1)(b) GDPR)the basis of Article 2 (1) of the GDPR, the GDPR shall apply to the data processing in this case apply. (19) Article 5 (1) point c) GDPR: Personal data39 KB (5,747 words) - 14:31, 6 November 2023
- Förvaltningsrätten - Mål nr 11453-22 (category Article 5(1)(a) GDPR)principles are respected. This follows from Article 5(2) of the GDPR. According to Article 15(1)(c) of the GDPR, the data subject shall have the right to14 KB (2,092 words) - 09:48, 11 January 2023
- DSB (Austria) - DSB 2023-0.404.421 (category Article 83(2)(b) GDPR)limitation of Article 5(1)(b) GDPR and against the provisions of Article 5(1)(a) GDPR and Article 6(1)(f) GDPR in conjunction with Article 6(4) GDPR. Further40 KB (6,348 words) - 09:05, 16 November 2023
- BVwG - W101 2218962-1 (category Article 4(1) GDPR)07/28/2022 standard B-VG Art133 Para.4 DSG §24 paragraph 1 DSG §24 paragraph 5 GDPR Art12 GDPR Art15 GDPR Art4 VwGVG §28 paragraph 2 WTBG 2017 §80 saying42 KB (6,586 words) - 09:33, 17 September 2022
- ICO (UK) - Cabinet Office (category Article 5(1)(f) GDPR)the GDPR and DPA 2018. They are obliged by Article 5(2) of the GDPR to adhere to the data processing principle set out in Article 5(1). 8. Article 5(1)(f)79 KB (10,566 words) - 10:48, 7 December 2021
- APD/GBA (Belgium) - 170/2022 (category Article 5(1)(b) GDPR)service questioned compliance with Article 5(1)(b) GDPR). Additionally, the provisions of Articles 12(2), 21 and 25 GDPR did not appear to be satisfied because31 KB (4,450 words) - 11:01, 7 December 2022
- AEPD (Spain) - PS/00475/2021 (category Article 13 GDPR)of Article 6 GDPR, nor of Article 8 GDPR. There was also no violation of Article 9 GDPR, since the exception for explicit consent from Article 9(2)(a)64 KB (10,187 words) - 14:26, 24 November 2022
- DSB (Austria) - 2023-0.603.142 (category Article 31 GDPR)accordance with Article 31 of the GDPR, Article 31, due to the security breach , GDPR. According to Article 83 Paragraph 4 Letter a of the GDPR, these two provisions76 KB (12,550 words) - 09:24, 28 February 2024
- Persónuvernd - 2020010628 (category Article 9(2)(b) GDPR)first paragraph. Article 11 of the Act, cf. Paragraphs 1 and 2 Article 9 of the Regulation. According to point b of point 3. Article 3 of the Act, health24 KB (3,675 words) - 09:19, 28 October 2020
- AEPD (Spain) - PS/00393/2021 (category Article 5(1) GDPR)11/02/21 a Local Police Report (Marbella-Málaga) was received in where Don B.B.B., responsible for the Shop (...) and Restaurant (...). The reasons for the20 KB (2,998 words) - 14:20, 15 June 2022
- NAIH (Hungary) - 7286-1/2023 (category Article 4(7) GDPR)Respondent 2 on the basis of GDPR Article 58 (2) point b), because it violated Article 15 (1) of the GDPR. (40) In accordance with Article 58 (2) point d)33 KB (4,956 words) - 15:55, 20 March 2024
- AEPD (Spain) - PS/00209/2021 (category Article 83(2)(b) GDPR)with the criteria established in Article 83(2)(b) GDPR: negligent character of the infringement, and Article 83(2)(g) GDPR: categories of personal data affected19 KB (2,809 words) - 09:21, 1 September 2021
- APD/GBA (Belgium) - 07/2024 (category Article 5(1)(c) GDPR)the GDPR: i. Articles 5.1.a) and 5.2, as well as Article 6.1 GDPR; ii. Articles 12.1 and 12.2, Article 15.1, Article 5.2, Article 24.1, and Article 25.1350 KB (51,369 words) - 09:25, 31 January 2024
- KamR Stockholm - 2829-23 (category Article 13(2)(b) GDPR)the requirements on how it should be provided under Article 12 GDPR, Article 13 GDPR and Article 14 GDPR. The court of appeal disagreed with the court of9 KB (1,112 words) - 11:55, 15 May 2024
- Garante per la protezione dei dati personali (Italy) - 9991064 (category Article 28(2) GDPR)Articles 32 to 36 GDPR, including those regarding the notification of personal data breaches. In particular, pursuant to Article 33(2) GDPR in the event of52 KB (8,196 words) - 15:46, 27 March 2024
- Rb. Noord-Holland - 20/3831 (category Article 5(1)(e) GDPR)base the processing of personal data on Article 6(1)(e) GDPR. The court held that pursuant to Article 17(3) GDPR there is no obligation for a government30 KB (4,206 words) - 08:37, 14 October 2021
- Datatilsynet (Norway) - 20/01772 (category Article 58(2)(b) GDPR)line with Article 17(1)(d) GDPR, the controller was obliged to delete data processed unlawfully, unless the exception of Article 17(3) GDPR (fulfillment53 KB (7,945 words) - 10:46, 24 January 2023
- Garante per la protezione dei dati personali (Italy) - 9932951 (category Article 22 GDPR)to exercise her rights provided for from Article 15 GDPR to Article 22 GDPR but did not receive feedback. On 2 March 2023, the Italian DPA requested the39 KB (6,150 words) - 07:57, 4 October 2023
- BVwG - W292 2248134-1 (category Article 15 GDPR)an alleged violation of Article 15 GDPR by one of the controllers. The DPA dismissed the claim on the basis of Article 57(4) GDPR. According to such provision28 KB (4,409 words) - 09:54, 25 April 2023
- AEPD (Spain) - PS/00259/2020 (category Article 22(1) GDPR)guarantee expressly included in article 63.1 of the LPACAP and indirectly in article 53.2.a, of the LPACAP; Article 134.2 of the repealed Law 30/1992 and158 KB (25,857 words) - 13:56, 14 July 2021
- AEPD (Spain) - PS/00140/2020 (category Article 58(2)(d) GDPR)follows: “B.B.B.” (link 9), “B.B.B.” (link 10), “B.B.B.” (links 11) and “B.B.B.” (link 12). The link address shows “B.B.B.” (link 9), “B.B.B.” (links 10390 KB (63,154 words) - 07:08, 9 June 2022
- Tietosuojavaltuutetun toimisto (Finland) - 2889/161/21 (category Article 58(2)(b) GDPR)presented the matter Applicable law Article 4 (7) and (8), Article 28 (3), Article 58 (2) (b) and (i), Article 83 (1), (2), (4) (a) of the EU General Data40 KB (6,315 words) - 11:13, 22 September 2021
- BVwG - W298 2252644-1 (category Article 5 GDPR)paragraph 2. (4) Restrictions on the rights under paragraph 3 are only permitted under the conditions specified in paragraph 2. 2.2. § 4 DSG reads: 2.2. Paragraph59 KB (9,918 words) - 11:29, 21 June 2023
- Garante per la protezione dei dati personali (Italy) - 9920942 (category Article 5(1)(b) GDPR)fairness and transparency, as stipulated by Article 5(1)(a) GDPR, Article 12(1) GDPR, as well as Article 13(2) GDPR due to the lack of information on the period111 KB (17,635 words) - 13:18, 13 September 2023
- the parties concerned (Art. 13(1) of Directive 2002/58/EC). b) Based on Article 13, part 2, in the context of a sale of a good or service, an organization25 KB (3,740 words) - 13:31, 16 October 2023
- Garante per la protezione dei dati personali (Italy) - 9909235 (category Article 5(1)(b) GDPR)principle of purpose limitation under Article 5(1)(b) GDPR and the principle of data minimisation pursuant to Article 5(1)(c) GDPR. Further, the DPA found that90 KB (14,258 words) - 14:14, 3 January 2024
- a bank €2.500 for installing non-strictly necessary cookies in the user's terminal equipment without prior consent in violation of Article 22(2) LSSI. A44 KB (7,020 words) - 15:53, 14 March 2023
- Garante per la protezione dei dati personali (Italy) - 10009296 (category Article 12(3) GDPR)as an heir to her deceased father. The request was based on Article 15 GDPR and Article 2-terdecies of the Italian Data Protection Code which makes a special25 KB (3,777 words) - 07:58, 8 May 2024
- DPC (Ireland) - 20.07.2023 (case number redacted) (category Article 5(1)(c) GDPR)constituted a violation of Article 15(1) GDPR. Issue 2: Whether Airbnb’s handling of the Complainant’s access request was compliant with the GDPR insofar as the information14 KB (2,023 words) - 14:34, 5 September 2023
- AEPD (Spain) - PS/00140/2022 (category Article 13 GDPR)000 for the violation of Article 13 GDPR. With regard to the appointment of a DPO, the DPA recalled that Article 37(1)(b) GDPR provides for 3 elements that151 KB (23,196 words) - 05:40, 9 May 2023
- DVI (Latvia) - SIA "Fitsypro" (category Article 58(1)(b) GDPR)on FPDAL Article 5, Part One, Clause 2, Article 23, GDPR Article 58, Clause 2, subparagraph i), AAL, Article 115, Part One, Clause 4, Article 151 Paragraph29 KB (4,404 words) - 07:53, 23 August 2023
- FG Berlin-Brandenburg - 16 K 16155/21 (category Article 79(2) GDPR)ordinary courts (Article 34 GG, Article 40(2) VwGO). Moreover, the Court considered the reference to Article 79(2) GDPR from Article 82(6) GDPR, and the fact19 KB (2,925 words) - 11:09, 27 July 2022
- Garante per la protezione dei dati personali (Italy) - 9894662 (category Article 5(2) GDPR)According to the DPA, the accountability principle provided for by Article 5(2) GDPR implies that the controller must be proactive and constantly monitor245 KB (40,390 words) - 14:30, 21 June 2023
- Rb. Gelderland - C/05/400739 / KG ZA 22-54 (category Article 5 GDPR)himself, this principle is elaborated in Article 14 of the GDPR. It follows from Article 14(1)(d) of the GDPR that the controller must inform the data21 KB (3,270 words) - 15:32, 11 May 2022
- Garante per la protezione dei dati personali (Italy) - 9827446 (category Article 5(1)(b) GDPR)accesses) (Article 83(2)(a) GDPR and Article 83(2)(g) GDPR). It also considered the cooperation of the controller to remedy the infringement (Article 83(2)(f)70 KB (11,425 words) - 13:47, 7 December 2022
- LG Gießen - 5 O 195/22 (category Article 82(1) GDPR)damages under Article 82(1) GDPR were awarded for the web-scraping of publicly accessible personal data as the mere infringement of the GDPR is not sufficient11 KB (1,678 words) - 14:32, 15 November 2022
- APD/GBA (Belgium) - 77/2023 (category Article 5(1)(b) GDPR)storage (Article 5.1.b, 5.1.c, 5.1.d and 5.1.e of the GDPR); - Violation of the principle of legality (article 5.1.a of the GDPR); - Violation of Article 10150 KB (22,339 words) - 09:50, 21 June 2023
- AEPD (Spain) - PS/00177/2021 (category Article 13 GDPR)with NIF B99514218, in accordance with the provisions of article 58.2.b) of the RGPD, for the alleged infraction 13 of the RGPD, typified in article 83.5.b)29 KB (4,484 words) - 12:28, 7 July 2021
- Garante per la protezione dei dati personali (Italy) - 9776444 (category Article 9(2)(b) GDPR)based on Articles 6(c) and 9(2)(b). The school did not specify the source of the legal obligation under Article 6(1)(c) GDPR, nor the source of the obligations24 KB (3,752 words) - 11:47, 9 November 2022
- AEPD (Spain) - PS/00003/2021 (category Article 12(2) GDPR)pursuant to Article 58(2) GDPR. Moreover, it ordered the controller to bring its processing operations into compliance pursuant to Article 58(2)(d) GDPR. On sharing115 KB (18,312 words) - 11:58, 16 March 2022
- ICO (UK) - Colour Car Sales Limited (category Article 4(11) GDPR)the definition of consent as defined by Article 4(11) of the GDPR. It also outlined the rules under Regulation 22 PECR which address consent. Analysing the22 KB (2,764 words) - 16:07, 19 September 2021
- IP (Slovenia) - 0611-182/2021/23 (category Article 5(1)(b) GDPR)not correspond to the legal purposes from Article 77 of ZVOP-2, Paragraph 1 of Article 78 of ZVOP-2 and Article 6 of the General Regulation. With video surveillance53 KB (8,251 words) - 08:30, 27 September 2023
- AEPD (Spain) - PS/00377/2021 (category Article 5(1)(c) GDPR)sedeagpd.gob.es 2/9 alleged violation of Article 5.1.c) of the RGPD, typified in Article 83.5 of the GDPR. FIFTH: In accordance with article 73.1 of the LPCAP26 KB (3,949 words) - 12:44, 20 October 2021
- BVwG - W298 2266986 -1/20E (category Article 9(2)(f) GDPR)01/04/2024 standard B-VG Art 133 Paragraph 4 GDPR Art4 Z1 GDPR Art5 Paragraph 1 litc GDPR Art51 Paragraph 1 GDPR Art57 Paragraph 1 litf GDPR Art6 Paragraph63 KB (10,365 words) - 12:54, 31 January 2024
- Garante per la protezione dei dati personali (Italy) - 9782890 (category Article 5(2) GDPR)to Article 143 of the Code and Article 58(2)(b) of the Regulation, for having carried out processing in breach of Article 5(1)(a) and (2), Article 13(1)(f)47 KB (7,604 words) - 07:01, 20 July 2022
- OLG Köln - 20 U 295/21 (category Article 4(1) GDPR)invoked the excessiveness of the request under Article 12(5) GDPR alleging that the data subject uses Article 15 GDPR only to verify the validity of the premium42 KB (6,689 words) - 08:30, 21 November 2022
- incomplete and misleading. The AEPD concluded that Iberia had infringed Article 22(2) of the Spanish law on cookies (LSSI), as transposed from the e-Privacy62 KB (10,275 words) - 14:58, 13 December 2023
- Commissioner (Cyprus) - 11.17.001.009.048 (category Article 58(2)(b) GDPR)data under Article 9 GDPR, which can only be lawful if one of the exceptions of Article 9(2) GDPR apply. With respect to Article 9(2)(h) GDPR, the DPC held44 KB (7,042 words) - 13:53, 31 January 2024
- CNIL (France) - SAN-2020-056 (category Article 9(2)(i) GDPR)is based on Article 9(2)(i) of the GDPR as mentioned above. 34. However, certain data referred to in the PIA are not mentioned in Article 2 of the draft43 KB (6,847 words) - 17:11, 6 December 2023
- DSB (Austria) - DSB-D213.1759 (category Article 5(1)(c) GDPR)1.: Article 4, Article 5 Paragraph 1 Letter c, Article 6, Article 12 Paragraph 3, Article 51 Paragraph 1, Article 57 Paragraph 1 Letter f, Article 58 Paragraph72 KB (11,993 words) - 14:21, 10 April 2024
- Datatilsynet (Denmark) - 2020-832-0028 (category Article 5 GDPR)controller was. Article 22 of the Danish Data Protection Act serves as a restriction of Article 15 GDPR based on Article 23 GDPR. However, Article 22 of the Danish31 KB (4,887 words) - 13:45, 14 July 2022
- Rb. Den Haag - C/09/585239/ KG ZA 19/1221 (category Article 22 GDPR)satisfoactory answers. Thus, Article 15 GDPR was not violated. Furthermore, the judge ruled that the e-screener did not infringed Article 22 GDPR. Indeed, the judge77 KB (12,441 words) - 12:12, 4 October 2021
- Tietosuojavaltuutetun toimisto (Finland) - 6482/186/2020 (category Article 22 GDPR)issued a warning to the controller under Article 58(2)(a) GDPR as the envisioned processing would violate Article 22 GDPR. The Finnish DPA reached an identical30 KB (4,561 words) - 13:55, 2 November 2022
- First-tier Tribunal - Dennerlein v The Information Commissioner (2023) UKFTT 942 (GRC) (category Article 77 GDPR)under section 165 or Article 77 of the UK GDPR, the Commissioner (a) fails to take appropriate steps to respond to the complaint, (b) fails to provide the26 KB (3,926 words) - 09:58, 14 December 2023
- CNPD (Luxembourg) - Délibération n° 42FR/2021 (category Article 37(1) GDPR)in Article 37.1.b) and c) of the GDPR as well as concerning the notion of "regular and systematic monitoring" found in Article 37.1.b) of the GDPR. 1335 KB (4,974 words) - 10:52, 2 December 2021
- Rb. Den Haag - EJ VERZ 21-85504 (category Article 5(1)(b) GDPR)thus remain in the middle. 2.13 On the basis of the foregoing, the requests referred to above in legal considerations 2.1.2 and 2.1.4 will be granted in a37 KB (5,874 words) - 17:20, 23 February 2022
- LG Baden-Baden - 3 O 277/22 (category Article 6(1)(a) GDPR)the data processing there in accordance with Article 6(1)(1)(a) of the GDPR (cf. Frenzel in Paal/Paulick , GDPR, 3rd edition 2021 Art. 6 para. 11). This results19 KB (2,957 words) - 07:52, 31 May 2023
- AP (The Netherlands) - 25.11.2021 (category Article 58(2)(i) GDPR)fairness principle, violating Article 5(1)(a) in conjunction with Article 6(1)(e) GDPR, and Article 6 in conjunction with Article 8 Personal Data Protection87 KB (11,601 words) - 17:08, 12 December 2023
- AEPD (Spain) - EXP202204836 (category Article 15 GDPR)established in article 58.2 of the GDPR. Between They have the power to impose an administrative fine in accordance with the article 83 of the RGPD -article 58.252 KB (8,320 words) - 13:18, 14 February 2024
- Datatilsynet (Norway) - 21/03126 (category Article 58(2)(i) GDPR)currently pending. Pursuant to Article 58(2)(i) GDPR and Article 83(4)(a) GDPR, the DPA imposed an administrative fine of €220,337 (NOK 2 500 000) against Argon133 KB (19,309 words) - 05:16, 24 March 2023
- AEPD (Spain) - PS/00322/2021 (category Article 6(1)(a) GDPR)000 for the breach of Article 6 GDPR, €100,000 for the breach of Article 17 GDPR and €100,000 for the breach of Article 28 GDPR). Share your comments here52 KB (8,192 words) - 20:47, 22 February 2022
- Garante per la protezione dei dati personali (Italy) - 9899914 (category Article 12 GDPR)accountability principle, to facilitate the exercise of this right (Article 5(2) and Article 12(2) GDPR). For these reasons, the DPA found that the mere mention of52 KB (8,442 words) - 10:31, 27 June 2023
- GHAMS - 200.295.742/01 (category Article 22 GDPR)information under Article 15(1)(h) GDPR (information on the existence of automated decision-making within the meaning of Article 22 GDPR) after their accounts3 KB (190 words) - 10:49, 5 April 2023
- Datatilsynet (Norway) - 20/01813 (category Article 5(2) GDPR)personal data under Article 32 GDPR, Article 24, Article 5(1)(f) and Article 5(2), as well as § 26(1) of the Personal Data Act and §§ 22 and 23 of the Health36 KB (5,150 words) - 17:58, 31 October 2021
- BVwG - W214 2228346-1 (category Article 4(2) GDPR)its decision on the following legal bases: Article 12, Article 15, Article 57(1)(f), Article 58(2)(c) and Article 77(1) of the Basic Data Protection Regulation65 KB (10,246 words) - 09:42, 10 September 2021
- NAIH (Hungary) - NAIH-4667-10/2022 (category Article 10 GDPR)Authority act in accordance with points b), d), h) of Article 58 (2) of the General Data Protection Regulation, i.e. b) condemn the data controller or data62 KB (9,999 words) - 10:21, 7 December 2022
- DSB (Austria) - 2023-0.592.319 (category Article 58(2)(c) GDPR)of the GDPR by the controller, the DPA issued a fine of €12.100 in accordance with Article 83(4) GDPR, Article 83(5) GDPR and Article 83(6) GDPR. Both the80 KB (13,210 words) - 09:09, 21 May 2024
- NAIH (Hungary) - NAIH-6484-2-2022 (category Article 12(3) GDPR)redress. Therefore, the DPA declared an infringement of Article 12(3) GDPR and Article 12(4) GDPR. Additionally, the DPA held that the controller, whether66 KB (10,501 words) - 14:46, 12 October 2022
- Garante per la protezione dei dati personali (Italy) - 9938463 (category Article 5(1)(d) GDPR)invitation to comply, breaching Article 12 GDPR, Article 15 GDPR, Article 16 GDPR, Article 17 GDPR and Article 18 GDPR. Thus, due to the aformentioned73 KB (11,856 words) - 13:54, 25 October 2023
- NAIH (Hungary) - NAIH-5361-1/2022 (category Article 12(3) GDPR)pursuant to Article 58 (2) (b) GDPR condemns the Applicant as data controller for violating Article 12 of the GDPR. and Article 15 (1) and (3) of the GDPR. The50 KB (8,064 words) - 14:42, 29 June 2022
- CNIL (France) - SAN-2022-024 (category Article 3 GDPR)offer services to data subjects in the EU (Article 3(2)(a) GDPR). The DPA concluded that Article 3(2)(b) GDPR was also not applicable. The DPA mentioned30 KB (4,714 words) - 10:34, 4 January 2023
- BGH - VI ZR 15/23 (category Article 15(1) GDPR)reasoning of the Court of Appeal. Article 15 GDPR and the GDPR as such are applicable, even if the processing occurred before the GDPR came into force in 2018.17 KB (2,646 words) - 09:00, 28 March 2024
- DSB (Austria) - 2020-0.743.659 (category Article 9(2) GDPR)requirements of Article 9 GDPR. In the DSB held that the processing violated Articles 5, 6 and 9 GDPR: Consent under Articles 6(1)(a), 7 and 9(2)(a) GDPR cannot50 KB (8,015 words) - 13:52, 12 May 2023
- AP (The Netherlands) - z2018-02009 (category Article 32 GDPR)in the event of a violation of Article 32, first paragraph of the GDPR. Pursuant to Article 5: 2, first paragraph, under b, of the Awb, the order may be33 KB (5,112 words) - 17:10, 12 December 2023
- AEPD (Spain) - EXP202213792 (category Article 5(1)(c) GDPR)finding likely violations of Article 5(1)(c), 8, 9, 13 and 35 GDPR. The AEPD found a likely violation of Article 35 GDPR. Article 35 GPDR requires that a data178 KB (27,656 words) - 12:28, 7 May 2024
- Rb. Den Haag - C-09-608582-HA RK 21-101 (category Article 6(1)(f) GDPR)paragraphs 1 and 2 GDPR). In this context, Defam is the controller (Article 4(7) of the GDPR). Article 6(1) of the GDPR provides that processing of personal data31 KB (4,916 words) - 10:19, 25 January 2022
- Garante per la protezione dei dati personali (Italy) - 9827119 (category Article 12(2) GDPR)within the foreseen deadlines, under Article 12(1) GDPR, Article 12(2) GDPR, Article 12(3) GDPR and Article 12(4) GDPR. The DPA further stated that regarding42 KB (6,583 words) - 10:13, 13 October 2023
- APD/GBA (Belgium) - 141-2023 (category Article 5(2) GDPR)reply to the data subject within the time limit imposed by Article 12(3) GDPR and Article 12(4) GDPR. Therefore, the DPA concluded that the grievance raised25 KB (3,494 words) - 13:27, 20 December 2023
- Rb. Den Haag - C/09/550982/HA ZA 18/388 (category Article 5(1)(b) GDPR)account the purpose of limitation principle (Article 5(1)(b) GDPR) and data minimization (Article 5(1)(c) GDPR). For example, the Court noticed that the data128 KB (21,722 words) - 16:14, 10 March 2022
- Datatilsynet (Norway) - 21/03656 (category Article 12(2) GDPR)out in Article 14(5)(a) and Article 14(5)(c) GDPR. The DPA rejected the controller's views as it argued that the exceptions in Article 14(5) GDPR should63 KB (8,745 words) - 13:33, 27 April 2022
- Garante per la protezione dei dati personali (Italy) - 9461168 (category Article 5(1)(f) GDPR)guarantees ”(Article 9, paragraph 2, letter b), of the Regulation). In any case, the dissemination of data relating to health is prohibited (art. 2-septies50 KB (8,001 words) - 15:52, 6 December 2023
- CNPD (Luxembourg) - Délibération n° 35FR/2021 (category Article 5(1)(c) GDPR)elements provided for in Article 83.2 of the GDPR: As to the nature and seriousness of the violation (article 83.2.a) of the GDPR), the Restricted Training81 KB (11,748 words) - 10:59, 17 November 2021
- IP (Slovenia) - 0603-47/2022/7 (category Article 5(1)(b) GDPR)second paragraph of Article 2 of ZP-1 and the first paragraph of Article 119 of ZVOP-2, based on the second paragraph of Article 97 of ZVOP-2 in connection with14 KB (2,134 words) - 15:18, 26 April 2023
- RvS (Netherlands) - 202004638/1/A3 (category Article 6(1)(e) GDPR)purpose limitation principle of Article 5, first paragraph, preamble. and under b of the GDPR. Article 6(4) of the GDPR states that further processing for31 KB (4,763 words) - 09:04, 29 September 2021
- the obligations under Article 6, §2, al. 5 and Article 9 of the Camera Act 1 2. there is a serious indication that article 6, § 2, al. 4 of the aforementioned35 KB (5,303 words) - 17:01, 12 December 2023
- CNPD (Luxembourg) - Délibération n°13FR/2021 (category Article 12 GDPR)can get information at the following address: ... " 35. Under Article 58.2.b) of the GDPR, the CNPD may call to order a controller or a processor when the30 KB (4,164 words) - 11:12, 16 June 2021
- Garante per la protezione dei dati personali (Italy) - 9704032 (category Article 12 GDPR).] communications referred to in articles 15 to 22 [...]" (Article 12, par. 1, of the Regulation). 3.2 Failure to respond to the request to exercise the64 KB (10,464 words) - 08:22, 14 October 2021
- personal data violates the previous search term GDPR next search term or Section 1 or Article 2, Chapter 1. (2) The complaint must contain: 1. the designation46 KB (7,140 words) - 13:24, 13 March 2023
- APD/GBA (Belgium) - 159/2022 (category Article 4(2) GDPR)constitutes processing within the meaning of Article 4.2. of the GDPR. 8. Pursuant to Article 5.1.b) of the GDPR, all processing must pursue a purpose determined28 KB (4,300 words) - 15:48, 16 November 2022
- OLG Köln - 15 U 108/23 (category Article 82 GDPR)constitute a violation of Article 33 Paragraph 1 and Article 34 Paragraph 1 of the GDPR. 35dd. Whether and which violations of the GDPR the defendant can be81 KB (13,415 words) - 09:47, 15 February 2024
- Datatilsynet (Norway) - 18/02140 (category Article 32(1)(b) GDPR)security are set out in Chapter IV, Section 2. Here is Article 32 central. Article 32 (1) (a) and (b) states: Article 32. Safety of treatment 1. Taking into54 KB (8,041 words) - 12:50, 26 January 2022
- AEPD (Spain) - PS/00467/2020 (category Article 5(1)(d) GDPR)In its article 67 LOPDGDD, it indicates in its section 2 that: “2. Previous actions investigation will be subject to the provisions of Section 2 of Chapter149 KB (24,924 words) - 10:55, 11 August 2021
- BVwG - W258 2243523-1/9E (category Article 6(1)(f) GDPR)accordance with Art. 17 GDPR:3.1. On the right to deletion according to Article 17, GDPR: 3.1.1. According to Article 17 Paragraph 1 of the GDPR, a data subject27 KB (4,315 words) - 09:28, 23 February 2024
- BVwG - W137 2255764-1 (category Article 44 GDPR)06/30/2023 standard B-VG Art133 Para.4 DSG §1 DSG §24 GDPR Art4 GDPR Art44 GDPR Art5 GDPR Art6 VwGVG §28 paragraph 2 B-VG Art. 133 today B-VG Art. 133 valid72 KB (11,712 words) - 06:56, 31 August 2023
- Rb. Zeeland-West-Brabant - 10072897 AZ VERZ 22-61 (category Article 4(2) GDPR)of data within the meaning of Article 4(2) GDPR, hence the lawfulness of the observation was tested directly against Article 8 ECHR. The requirement by the30 KB (4,770 words) - 12:39, 10 November 2022
- AEPD (Spain) - PS/00509/2021 (category Article 32 GDPR)protection by its article 2.2, without prejudice to the provisions of the sections 3 and 4 of this article. In this sense, article 2.2.d) of Regulation80 KB (11,947 words) - 14:51, 4 October 2022
- NAIH (Hungary) - NAIH-4137- 8/2022 (category Article 5(2) GDPR)the basis of Article 58 (2) point b) of the GDPR, the Applicant is condemned for having violated it Article 5 (1) point a), Article 12 (2) of the General75 KB (11,860 words) - 13:16, 19 October 2022
- BVwG - W292 2267784-1 (category Article 56(1) GDPR)December 18, 2023 standard B-VG Art 130 Paragraph 1 Z1 B-VG Art 133 Paragraph 4 GDPR Art4 GDPR Art51 GDPR Art56 GDPR Art60 GDPR Art65 GDPR Art77 VwGVG §28 Paragraph67 KB (10,619 words) - 10:40, 22 January 2024
- AEPD (Spain) - PS/00224/2021 (category Article 5(1)(c) GDPR)specified period -article 58. 2 d)-. According to the provisions of article 83.2 of the RGPD, the measure provided for in article 58.2 d) of the aforementioned27 KB (4,172 words) - 16:37, 25 January 2022
- TA Luxembourg - N° 46416 (category Article 96 GDPR)which is, in accordance with its article 99 (2), “applicable from 25 May 2018”. It also follows from Article 96 GDPR that "International agreements involving64 KB (10,128 words) - 08:51, 24 November 2021
- Rb. Gelderland - AWB-22/4722 (category Article 22 GDPR)access to this information. 8.2. This ground of appeal fails. The court explains that judgment below under 8.2.1 to 8.2.4. 8.2.1. Even though the investigation35 KB (5,609 words) - 06:56, 18 October 2023
- NAIH (Hungary) - NAIH-180-16/2022 (category Article 5(2) GDPR)case (Article 83(2)(b)); as well as that the NAIH had already warned the controller about its processing activities previously (Article 83(2)(b)). However57 KB (9,033 words) - 16:35, 27 April 2022
- DSB (Austria) - W108 2273800-1 (category Article 4(7) GDPR)in accordance with Section 28 Para. 2 VwGVG. B) The appeal is not admissible in accordance with Art. 133 Para. 4 B-VG. Reasons for the decision: I. Course47 KB (7,632 words) - 21:00, 10 May 2024
- AEPD (Spain) - EXP202213323 (category Article 5(1)(c) GDPR)Violation of article 35 of the GDPR................................................ ...................36 8.2. Violation of article 9 of the GDPR.........176 KB (27,432 words) - 07:43, 10 May 2024
- GHDHA - 200.291.947/01 (category Article 6(1)(f) GDPR)considered Article 35(2) of the Implementing Act of the GDPR (UAVG), which follows from the right to object, Article 21 GDPR. Article 35(2) UAVG stipulates41 KB (6,941 words) - 10:56, 17 November 2021
- BVwG - W252 2248630-1 (category Article 4(11) GDPR)grounds for processing under Article 6, paragraph one, GDPR (see Article 6, paragraph one, litera a, GDPR; and recital 43 GDPR). In particular, consent is28 KB (4,614 words) - 08:06, 4 August 2023
- OVG Rheinland-Pfalz - 10 A 10302/21 (category Article 4(2) GDPR) (section No Authorisation Under Article 58(2)(f) GDPR)effective beyond the processing prohibition in Article 58 (2) (f) of the GDPR. Article 58 of the GDPR replaced Article 28(3) of Directive 95/46/EC on the protection31 KB (4,797 words) - 10:46, 27 July 2021
- AEPD (Spain) - PS/00178/2022 (category Article 4(2) GDPR)pursuent to Article 6 GDPR. In determining the amount of the fine, the DPA considered aggravating factors, as stipulated in Article 83(2)(a) GDPR, and mitigating59 KB (9,122 words) - 14:48, 22 September 2022
- Garante per la protezione dei dati personali (Italy) - 10007895 (category Article 5(2) GDPR)accountability pursuant to Article 5(1)(a) and (2) GDPR and its responsibility as a controller under Article 24(1) and 25(1) GDPR. In addition to that, the68 KB (10,773 words) - 09:49, 15 May 2024
- BfDI (Germany) - 16-536/007 (category Article 58(2)(b) GDPR)g. device identifiers, session lDs}. Unlawful and a violation of Art. 44 GDPR. Share your comments here! Share blogs or news articles here! The decision2 KB (174 words) - 17:17, 1 July 2023
- Rb. Amsterdam - AMS 22/1414 (category Article 17 GDPR)regarded as a request under the General Data Protection Regulation (GDPR). Article 34 of the Gdpr Implementation Act states that a decision on such a request by12 KB (1,857 words) - 14:27, 20 April 2022
- Rb. Noord-Nederland - C/18/194754 / HA RK 19-64 and C/18/197707 / HA RK 20-22 (category Article 17(1)(c) GDPR)[plaintiff 1] , - Google's pleadings. 1.2. Finally, judgment has been given today. 2 The proceedings in Case 20-22 2.1. The course of the procedure is evident:33 KB (5,593 words) - 08:22, 24 November 2020
- CJEU - C-118/22 - Direktor na Glavna direktsia "Natsionalna politsia" pri MVR - Sofia (category Article 5(1)(e) GDPR)data subject argued that Article 5,13 and 14 LED (the roughly equivalent GDPR articles would be Article 5(1)(e), 13 and 15 GDPR) do not permit the police8 KB (1,080 words) - 10:11, 15 February 2024
- CJEU - C-205/21 - Ministerstvo na vatreshnite raboti (category Article 9 GDPR)listed in Article 2(3) of that directive and Article 2(2) of that regulation, apply. 62 In particular, it should be noted that Article 9 of the GDPR and Article110 KB (18,000 words) - 08:01, 5 June 2023
- Rb. Gelderland - C/05/404834 / HA ZA 22-245 (category Article 15(3) GDPR)rejected the claim under Article 15 GDPR on this point. Regarding the residual recordings, the Court pointed out that Article 15(3) GDPR gives the data subject36 KB (5,830 words) - 09:54, 23 November 2022
- CNPD (Luxembourg) - Délibération n° 17FR/2021 (category Article 5(1)(c) GDPR)elements provided for in Article 83.2 of the GDPR: As to the nature and seriousness of the violation (article 83.2.a) of the GDPR), the Restricted Training44 KB (6,212 words) - 08:28, 16 June 2021
- BVwG - W211 2223243-1 (category Article 13 GDPR)or § 1 or Article 2 1st main section violates. (2) The complaint must contain: 1. the designation of the right considered to be infringed, 2. insofar as39 KB (6,244 words) - 11:47, 19 January 2021
- AEPD (Spain) - PS/00119/2021 (category Article 6(1) GDPR)criteria established in the section 2 of the aforementioned article. 2. In accordance with the provisions of article 83.2.k) of Regulation (EU) 2016/679 also28 KB (4,459 words) - 14:26, 24 November 2022
- OGH - 9Ob38/19g (category Article 4(11) GDPR)Conditions of 22. 2. and 2. 11. 2016 states: 'If the external technical and/or licensing costs, taxes and/or fees referred to in point 10.2. are reduced200 KB (33,233 words) - 09:49, 14 December 2023
- LAG Schleswig-Holstein - 6 Ta 49/22 (category Article 82(1) GDPR)details. State Labor Court of Schleswig-Holstein File number: 6 Ta 49/22 2 Ca 82 e/22 ArbG Kiel Decision of 06/01/2022 In the litigation pp said the 6th Chamber13 KB (1,981 words) - 10:19, 14 July 2022
- APD/GBA (Belgium) - 149/2022 (category Article 5(1)(b) GDPR)of Article 5(1)(a) and (2) GDPR, Article 6(1) GDPR with regard to the principle of legality; 2. there is an infringement of Article 5 GDPR, Article 2489 KB (13,017 words) - 15:07, 2 November 2022
- APD/GBA (Belgium) - 63/2024 (category Article 4(7) GDPR)would thus have acted in violation of article 4.7) GDPR, articles 12.3 and 12.4 GDPR in conjunction Article 15.1 GDPR. 3. On February 16, 2023, the complaint33 KB (4,817 words) - 09:49, 15 May 2024
- APD/GBA (Belgium) - 51/2024 (category Article 5(1)(b) GDPR)principle of purpose limitation under Article 5(1)(b) GDPR. The APD therefore found a possible violation of Article 5(1)(b) GDPR. Finally, the APD also noted that19 KB (2,807 words) - 11:02, 17 April 2024
- OLG Köln - 6 U 58/23 (category Article 44 GDPR)plaintiff derives his legitimacy from Section 2 Paragraph 2 Sentence 1 No. 11 UKlaG or from Article 80 Paragraph 2 GDPR and only has to show that it concerns data118 KB (19,824 words) - 10:49, 6 February 2024
- DSB (Austria) - 2022-0.585.764 (category Article 2(2)(c) GDPR)Comment², Article 5, margin no. 8f). 3.3.2. The principle according to Art. 5 Para. 1 lit. b GDPR Article 5, paragraph one, litera b, GDPR standardizes77 KB (13,004 words) - 14:44, 9 May 2023
- Rb. Noord-Holland - C/15/314345 / KG ZA 21-145 (category Article 6(1) GDPR)judgment 10 Article 5 paragraph 1, under a General Data Protection Regulation 11 Article 5, paragraph 2, letter b GDPR 12 Article 4, under 1 GDPR 13 Marginal52 KB (7,412 words) - 10:12, 2 June 2021
- IMY (Sweden) - IMY-2022-9109 (category Article 12(2) GDPR)DPA issued a reprimand to the controller for breaching Article 12(2) GDPR and Article 12(6) GDPR. Share your comments here! Share blogs or news articles65 KB (7,759 words) - 10:10, 30 April 2024
- Garante per la protezione dei dati personali (Italy) - 9779098 (category Article 9(1) GDPR)the violation of Article 52 of the Code, for which an administrative sanction is provided for (Article 166, para 2 of the Code and Article 83(3) of the Regulation);30 KB (4,446 words) - 14:47, 13 June 2022
- AEPD (Spain) - PS/00372/2021 (category Article 12 GDPR)Sanction for the infringement of Article 12 GDPR Without prejudice to Article 83 of the GDPR, Article 58 (2) (b) of the GDPR provides as follows: ‘Each supervisory81 KB (13,337 words) - 14:55, 22 February 2023
- LG Frankfurt am Main - 2-03 O 48/19 (category Article 16 GDPR)conditions on 24.04.2018 (Annex B 41). On 23.12.2018 at 19.03 hrs, the following article (Annex B 41) was posted on page "M" at F (Annex B 19): "M" will boycott66 KB (10,899 words) - 08:33, 8 September 2021
- Garante per la protezione dei dati personali (Italy) - 9856345 (category Article 5(2) GDPR)controller. Pursuant to Article 5(2) GDPR, it was the controller's responsibility to make sure that measures were adopted to ensure GDPR compliance, which was133 KB (21,637 words) - 07:03, 7 March 2023
- Rb. Rotterdam - ROT 19/4649 (category Article 15 GDPR)the data subject be included in an access request based on Article 15 GDPR? Does Article 15 GDPR require that (copies of) the original documents are provided18 KB (2,884 words) - 10:26, 6 July 2021
- AZOP (Croatia) - Decision 23-03-2023 (category Article 12(2) GDPR)an access request under Article 15 GDPR to the office and also requested her personal data to be deleted under Article 17 GDPR. The data subject also claimed24 KB (3,725 words) - 16:01, 28 November 2023
- APDCAT (Catalonia) - PS 28/2021 (category Article 5(1)(f) GDPR)city council had violated Article 13 GDPR and Article 25(1) GDPR. However, since the deficiencies regarding Article 13 GDPR were corrected before the end42 KB (6,526 words) - 14:26, 24 November 2022
- Garante per la protezione dei dati personali (Italy) - 9675440 (category Article 22 GDPR)obtain information on the processing of their personal data” (cit. Note, p. 22). 2.2. The company has also attached the following documentation to the defense180 KB (29,599 words) - 13:51, 28 July 2021
- APD/GBA (Belgium) - 40/2023 (category Article 12(2) GDPR)the defendant. II.3. Right of access (Article 15 GDPR) 43. In accordance with Article 58(2)(c) of the GDPR and Article 95(1)(5) WOG, the Litigation Chamber49 KB (7,595 words) - 10:23, 12 April 2023
- HDPA (Greece) - 4/2023 (category Article 5(1)(a) GDPR)data Article 9.2.a: Express consent Article 9.2.b: Fulfillment of labor law obligations, etc. Article 9.2.c: Protection of vital interests Article 9.2.d:10 KB (1,249 words) - 12:16, 8 May 2023
- AEPD (Spain) - PS/00301/2020 (category Article 5(1)(d) GDPR)troversies between those and any interested party. " Article 83.2.k) of the RGPD concurs, specified in article 76.2 b) of the LOPDGDD, for the usual treatment of28 KB (4,554 words) - 11:33, 30 June 2021
- Datatilsynet (Denmark) - 2022-32-2939 (category Article 5(1)(b) GDPR)principles in Article 5 of the Data Protection Regulation are observed. Of the data protection regulation, article 5, subsection 1, letter b, states that19 KB (2,847 words) - 20:56, 20 May 2023
- ICO (UK) - LTH Holdings Limited (category Article 4(11) GDPR)("the GDPR"): regulation 8(2) of the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019. Article 4(11)54 KB (6,922 words) - 11:45, 16 June 2021
- Garante per la protezione dei dati personali (Italy) - 9991020 (category Article 32(2) GDPR)pursuant to Article 77 GDPR. The DPA did not consider the processor’s actions in determining that the controller violated Article 5(1)(f) and Article 32 GDPR62 KB (9,678 words) - 10:45, 13 March 2024
- Garante per la protezione dei dati personali (Italy) - 9988614 (category Article 9(2)(a) GDPR)provided to the interested parties based on Article 13 GDPR and to non-contactable persons based on Article 14 GDPR. The information notice includes the right115 KB (18,087 words) - 14:11, 17 April 2024
- EDPB - Urgent Binding Decision 01/2023 (category Article 6(1)(b) GDPR)advertising purposes on the basis of Article 6(1)(b) GDPR and Article 6(1)(f) GDPR, pursuant to Article 58(2)(f) GDPR, to be effective one week after notification346 KB (48,181 words) - 16:39, 12 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 7732/161/23 (category Article 58(2)(f) GDPR)referred to in paragraphs 2 and 3 of this article shall be confirmed, deviating from Article 64 paragraph 3 and Article 65 paragraph 2, within two weeks by32 KB (4,844 words) - 11:44, 11 October 2023
- Rb. Rotterdam - ROT 19/5030 (category Article 4(7) GDPR)processor to the controller. 5.2. In view of the purpose of the GDPR, as laid down in Article 1, second paragraph, of the GDPR, namely to protect the right28 KB (4,560 words) - 15:01, 10 August 2021
- Tallinna Halduskohus - 3-19-579 (category Article 58(3)(b) GDPR)terms of Article 77(1) GDPR. The complainant, however, expected the submission to be processed as a complaint within the meaning of Article 77(1) GDPR. The16 KB (2,518 words) - 14:09, 24 March 2022
- APD/GBA (Belgium) - 73/2024 (category Article 6 GDPR)stated in Article 95, § 2, as well as those in Article 98WOG. Also they are informed of the deadlines for their payment on the basis of Article 99 of the25 KB (3,583 words) - 07:57, 21 May 2024
- AEPD (Spain) - PS/00188/2021 (category Article 6(1) GDPR)of personal data of clients or third parties (article 83.2.k, of the RGPD in relation to article 76.2.b, of the LOPDGDD) It is appropriate to graduate33 KB (5,242 words) - 11:42, 11 August 2021
- CNPD (Luxembourg) - Délibération n° 11FR/2021 (category Article 5(1)(e) GDPR)the violation (article 83.2.a) of the GDPR), the Restricted Training notes that with regard to the breach of Article 5.1.e) of the GDPR, it constitutes60 KB (8,610 words) - 11:12, 16 June 2021
- CNPD (Luxembourg) - Délibération n°24FR/2021 (category Article 5(1)(c) GDPR)the violation (article 83.2.a) of the GDPR), the Restricted Training notes that with regard to the breach of Article 5.1.c) of the GDPR, it constitutes58 KB (8,226 words) - 07:35, 22 July 2021
- FG Berlin-Brandenburg - 16 K 2059/21 (category Article 14(5)(b) GDPR)own data (cf. recital 7, sentence 2 to the GDPR). To this end, Article 8 (2) sentence 2 CFR and Article 15 (1) GDPR granted the data subject a right to117 KB (19,778 words) - 14:27, 13 April 2022
- Garante per la protezione dei dati personali (Italy) - 9993105 (category Article 5(1)(c) GDPR)methods. As a result, the DPA found violations of Article 5(1)(c) GDPR, Article 12 GDPR and Article 17 GDPR. The controller was fined €15,000. Regarding the35 KB (5,495 words) - 15:17, 19 March 2024
- Rb. Midden-Nederland - UTR 21/2729 (category Article 16 GDPR)be classified as a request within the meaning of Article 16 GDPR. The court stated that Article 16 GDPR is limited to rectifying incorrect personal data8 KB (1,134 words) - 10:21, 7 December 2022
- LG Baden-Baden - 3 S 13/23 (category Article 4(9) GDPR)private capacity should be considered recipients as per Article 4(9) GDPR and Article 15(1)(c) GDPR. A data subject bought a TV and a wall mount from an electronics29 KB (4,664 words) - 13:48, 20 September 2023
- BGH - VI ZB 39/18 (category Article 6(1)(c) GDPR)democratic society as required under Article 23(1)(j) GDPR. Moreover, the exception provided for under Article 6(4) GDPR which allows processing for different53 KB (8,894 words) - 15:56, 22 March 2022
- VG Mainz - 1 K 473/19.MZ (category Article 15(1) GDPR)processed. This was particularly relevant since courts (Article 55 (3) GDPR) and a parliamentary body (§ 2 (3) Datenschutzgesetz Rheinland-Pfalz - DSG RP) were31 KB (4,898 words) - 11:49, 19 April 2021
- Garante per la protezione dei dati personali (Italy) - 9995808 (category Article 5(1)(e) GDPR)the GDPR by the time the Regulation came into force on 25 May 2018. TPER. Therefore, breached principle of accountability pursuant to Article 5(2) GDPR140 KB (23,084 words) - 09:22, 30 April 2024
- Garante per la protezione dei dati personali (Italy) - 9685994 (category Article 22(3) GDPR)processing, in violation of Article 32 GDPR, and failed to undertake a data protection impact assessment, in violation of Article 35. For the above reasons235 KB (38,572 words) - 10:19, 20 July 2022
- Tietosuojavaltuutetun toimisto (Finland) - 10048/182/20 (category Article 12(5) GDPR)is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) or on an agreement pursuant to Article 6(1)(b); and b) the processing is carried out19 KB (2,881 words) - 14:45, 5 July 2023
- Rb. Zeeland-West-Brabant - AWB- 20 9345 (category Article 15 GDPR)administrative body acting on the basis of a public law. Furthermore, Article 6:2(b) of the AwB stipulates that if an administrative body fails to respond to an15 KB (1,886 words) - 15:03, 21 July 2021
- Garante per la protezione dei dati personali (Italy) - 9815947 (category Article 12 GDPR)subject was unlawful, violating Article 12 in connection with Article 17. The DPA held that, with reference to Recital 148 GDPR, the infringement cannot be63 KB (10,108 words) - 14:38, 25 October 2022
- Rb. Amsterdam - ECLI:NL:RBAMS:2323:6530 (category Article 6(1)(a) GDPR)Meijer. Meijer. 1.3. 1.3. The judgment is determined today. 2. 2. The facts 2.1. . . 2.2. 2.2. Criteo places so-called tracking cookies (including in any47 KB (7,636 words) - 13:42, 6 November 2023
- Datatilsynet (Norway) - 0/02422 (category Article 58(2)(i) GDPR)violation of Article 12(3) GDPR and Article 15 GDPR due to a failure to respond to an access request that was submitted around a month after the GDPR became162 KB (24,007 words) - 19:41, 15 February 2023
- NAIH (Hungary) - NAIH-85-3/2022 (category Article 5(2) GDPR) (section Fine and order to comply with GDPR)(EU) No Article 5 (1) (a) and (b), Article 6 (1), Article 6 (4) Article 12 (1), Article 13, Article 21 (1) and (2), Article 24 (1), Article 25 Article 1 (1)147 KB (23,028 words) - 13:36, 28 February 2023
- CNPD (Portugal) - Deliberaçao 2024/137 (category Article 13(2)(c) GDPR)provisions of Article 3o , Article 4(2) and Article 6(1)(b), all of the GDPR Implementing Law. 57. Under the terms of Article 55(1) of the GDPR, supervisory49 KB (7,923 words) - 14:36, 3 April 2024
- Garante per la protezione dei dati personali (Italy) - 9893718 (category Article 5(2) GDPR)force of the Regulation; 2) as an aggravating factor, the intentional nature of the conduct (Article 83, paragraph 2, letter b) of the Regulation) put in141 KB (23,423 words) - 08:10, 14 June 2023
- OLG Nürnberg - 4 U 347/21 (category Article 12(5) GDPR)copy under Article 15(3) GDPR, as interpreted by the CJEU in case C-487/21, is part of the right to access of data subjects under Article 15 GDPR, which is35 KB (5,672 words) - 08:48, 30 January 2024
- Garante per la protezione dei dati personali (Italy) - 9825667 (category Article 5(1)(b) GDPR)violated Articles 5(2), 24 and 25(1) GDPR. At last, the DPA established a violation of Article 5(2), Article 24 and Article 13 GDPR, for failing to provide131 KB (21,176 words) - 12:52, 20 December 2022
- OLG Stuttgart - 2 U 257/19 (category Article 13 GDPR)circumstances are present (Article 13 paragraph 1 lit. a (2nd alternative), lit. b, d, e, f, Article 13 paragraph 2 lit. c, f and Article 13 paragraph 3). Since52 KB (8,574 words) - 16:03, 10 March 2022
- DVI (Latvia) - Nacionālajam veselības dienestam (category Article 32(1)(b) GDPR)based on Article 3, paragraph 2, Article 5, paragraph 1 a), f) of GDPR subsection, Article 6(1), Article 9(2), Article 58(2)(d), GDPR Article 23 and Article22 KB (3,276 words) - 11:46, 26 July 2023
- HDPA (Greece) - 39/2021 (category Article 5(1) GDPR)DPA found that RODA had breached Article 5(1) GDPR (principle of data minimisation), as well as Article 12(3) and 15 GDPR (right of access by the data subject16 KB (2,337 words) - 09:08, 22 September 2021
- Rb. Rotterdam - ROT 22/2125 (category Article 13(4) GDPR)personal data. Last, the controller generally referred to Article 13(4), Article 14(5) and Article 23 GDPR for possible non-disclosure. The data subject found18 KB (2,609 words) - 15:20, 21 March 2023
- HDPA (Greece) - 13/2024 (category Article 22 GDPR)occurred for identification purposes, the controller cited Article 9(2)(b), (c), (g) and (j) GDPR as its legal basis. In a later communication, it clarified12 KB (1,511 words) - 16:01, 10 April 2024
- IP (Slovenia) - 07141-9/2023/10 (category Article 17(3)(b) GDPR)deletion request of the data in question, breaching Article 17(1) GDPR. Pursuant to Article 58(2)(d) GDPR, the DPA ordered the controller to remedy the irregularities6 KB (553 words) - 14:57, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9697724 (category Article 5(1)(a) GDPR)Region Lombardia violated Article 5(1)(a)(c) GDPR due to the dissemination not being necessary as well as Article 6(1)(c)(e) GDPR due to the absence of suitable77 KB (12,455 words) - 09:35, 15 September 2021
- VwGH - 2021/04/0030-4 (category Article 5 GDPR)access under Article 15 GDPR and for violating the principles of data minimisation (Article 5(1)(c) GDPR), confidentiality (Article 5(1)(f) GDPR) and the controller’s92 KB (15,328 words) - 09:18, 14 May 2024
- APD/GBA (Belgium) - 39/2022 (category Article 12(3) GDPR)that their right to erasure (Article 17(1) GDPR) and their right to access (Article 15(1)(b) GDPR and Article 15(1)(d) GDPR) had been violated. In February33 KB (4,904 words) - 15:58, 23 March 2022
- ICO (UK) - HIV Scotland (category Article 32(2) GDPR)under the GDPR. 14. By Article 57(1) of the GDPR, it is the Commissioner'task to monitor and enforce the application of the GDPR. 15. By Article 58(2)(d)of55 KB (6,916 words) - 07:27, 26 October 2021
- BVwG - W274 2237071-1 (category Article 12(2) GDPR)justification within the meaning of Article 6 (1) b to f or Article 9 (2) b to j need not be dealt with. This means that Article 17 (1) (b) is relevant for deletion43 KB (7,315 words) - 08:29, 29 September 2021
- APD/GBA (Belgium) - 172/2022 (category Article 58(2) GDPR)controller and processor in the GDPR”, adopted on July 7, 2021. 6 GDPR, Art. 12. 7GDPR, Art. 12.2 and 12.3. 8 GDPR, Art. 12.3. 9 GDPR, art. 12.3. Decision 172/202243 KB (6,300 words) - 11:35, 20 December 2022
- NAIH (Hungary) - NAIH-2501-10/2022 (category Article 5(1)(b) GDPR)point (c). Article 13 (2) point (c) of the General Data Protection Regulation General Data Protection Regulation Article 13 (1) (b), (e), (2) (b), (d), (e)90 KB (14,299 words) - 13:52, 2 February 2023
- LG Feldkirch - 57 Cg 30/19b - 15 (category Article 9(1) GDPR)the GDPR, as the data falls under Article 9 GDPR and awarded € 800 in emotional damages. The Austrian Business Code cannot override Article 9 GDPR. There69 KB (11,077 words) - 16:48, 7 March 2022
- AEPD (Spain) - PS/00268/2022 (category Article 5(1)(f) GDPR)infringement of Article 5.1.f) of the RGPD, Article 33 of the RGPD, Article 25 of the RGPD and Article 32 of the RGPD, typified in Article 83.5 of the RGPD63 KB (9,551 words) - 12:33, 13 December 2023
- EWHC (UK)- QB- Soriano v Forensic News LLC (category Article 3(2) GDPR)conferred by article 79(2) of the GDPR. This is the relevant provision for the purposes of para 3.1(20) of CPR Practice Direction 3B. Article 79(2) provides:108 KB (18,178 words) - 11:57, 29 November 2021
- Rb. Oost-Brabant - C/01/371762 / EX RK 21-90 (interim decision) (category Article 26(2) GDPR)information from you – in accordance with Article 26 (2) of the GDPR but also, insofar as necessary, Articles 12 to 15 of the GDPR – in any case about: the processing39 KB (6,439 words) - 06:19, 23 August 2022
- APD/GBA (Belgium) - 74/2024 (category Article 6 GDPR)breached Article 6(1)(a) GDPR as well as Article 13(1) ePrivacy directive. The DPA examined the possibility of invoking legitimate interest under Article 6(1)(f)27 KB (3,962 words) - 08:59, 21 May 2024
- HDPA (Greece) - 6/2024 (category Article 5(2) GDPR)processing according to art 5 par. 1 a) of the GDPR. B. Addresses, based on article by article 58 par. 2 item II GDPR, reprimand, at "X", as controller for the19 KB (3,000 words) - 13:44, 6 March 2024
- IDPC (Malta) - EDPBI:MT:OSS:D:2022:341 (category Article 58(2)(b) GDPR)access request (Article 15 GDPR). Therefore, the controller violated Article 12(2) GDPR. The DPA reprimanded the controller (Article 58(2)(b) GDPR) and ordered8 KB (958 words) - 13:00, 9 November 2022
- OLG Karlsruhe - 12 U 305/21 (category Article 12 GDPR)among other things, on Article 15 GDPR. The court of first instance decided to reject the claim and argued that Article 15 GDPR only provides data subjects38 KB (6,239 words) - 10:47, 15 February 2023
- BVwG - W176 2248585-1 (category Article 15 GDPR)01/19/2023 standard B-VG Art133 Para.4 DSG §24 paragraph 6 GDPR Art15 VwGG §33 VwGVG §28 para VwGVG §31 para B-VG Art. 133 today B-VG Art. 133 valid from25 KB (4,053 words) - 11:11, 10 March 2023
- BVwG - W256 2226003-1/5E (category Article 4 GDPR)decision date 03/08/2022 standard B-VG Art133 Para.4 DSG §36 DSG §45 GDPR Art16 DSGVO Art4 Z1 B-VG Art. 133 today B-VG Art. 133 valid from 01.01.2019 to27 KB (4,141 words) - 09:12, 6 October 2022
- DSB (Austria) - 2023-0.594.826 (category Article 2(1) GDPR)up the material scope of application of Article 2 paragraph 1 GDPR; an exception under Article 2 paragraphs 2 to 4 is not apparent.Within the official56 KB (8,692 words) - 14:58, 10 April 2024