Search results
From GDPRhub
- APD/GBA (Belgium) - 145/2023 (category Article 4(1) GDPR)with Article 4 WOG. 17. First, it is clear that the content of the disputed e-mail messages constitute personal data within the meaning of Article 4.1. AVG39 KB (6,247 words) - 09:14, 15 November 2023
- AEPD (Spain) - PS/00315/2019 (category Article 13 GDPR)information provided was in breach of Article 13 GDPR. Therefore, the authority warned the controller (Article 83(5) GDPR) and requested to complete the notice17 KB (2,633 words) - 14:28, 13 December 2023
- CNIL (France) - SAN-2021-020 (category Article 28(4) GDPR) (section On the failure to comply with Article 28 GDPR)breach of Article 28 paragraphs 3 and 4 of the GDPR is clear. 2. On the breach of the obligation to ensure data security 49. According to Article 32 of the56 KB (9,069 words) - 17:02, 6 December 2023
- HDPA (Greece) - 65/2022 (category Article 12(4) GDPR)with a polling company, the controller, submitted an access request (Article 15 GDPR) to obtain a copy of the recorded conversation. The company did not5 KB (571 words) - 16:39, 28 February 2023
- APD/GBA (Belgium) - 05/2021 (category Article 5(1)(f) GDPR)of 25,000 euros (Article 83, paragraph 2 GDPR; Article 100, §1, 13 ° WOG and Article 101 WOG). 18 55. Taking into account article 83 GDPR and the case law60 KB (9,281 words) - 16:50, 12 December 2023
- AG Frankfurt am Main - 31 C 2043/22 (78) (category Article 4 GDPR)the meaning of Article 4 GDPR and that it had an interest in secrecy that justified its refusal to provide a copy under Article 15(4) GDPR. Unsatisfied,5 KB (498 words) - 07:16, 7 June 2023
- AEPD (Spain) - PS/00333/2019 (category Article 5 GDPR)infringement of article 5.1(b), as defined in Article 83(5)(a) and considered for the purposes of the statute of limitations in Article 72(1)(a), a fine16 KB (2,625 words) - 14:29, 13 December 2023
- CNIL (France) - SAN-2023-016 (category Article 5(1)(b) GDPR)breached Article 5(1)(b) GDPR. Therefore, the DPA handed down a 'call to order' against the joint controllers for breaching Article 5(1)(b) GDPR, and no27 KB (4,166 words) - 17:06, 6 December 2023
- LG Essen - 6 O 190/21 (category Article 33 GDPR)violated Article 34(2) GDPR, because he only informed the data subject of the alleged data loss. However, the information obligations of Article 34 GDPR provide28 KB (4,596 words) - 18:30, 18 November 2021
- AZOP (Croatia) - Decision 04-08-2022 (category Article 6 GDPR)legitimate interests under Article 6(1)(f) GDPR, they must still comply with data protection principles under Article 5 GDPR. In Croatia, many employers11 KB (1,655 words) - 13:32, 31 October 2023
- HDPA (Greece) - 31/2023 (category Article 5(1)(c) GDPR)with the principles of article 5 par. 1 GDPR. It is no coincidence that the GDPR includes accountability (see Article 5 para. 2 GDPR) in the regulation of61 KB (10,257 words) - 10:15, 1 November 2023
- Garante per la protezione dei dati personali (Italy) - 9361186 (category Article 5(1)(c) GDPR)powers delegated to the Guarantor. Pursuant to Article 78 of the RGPD, Article 152 of the Code and Article 10 of Legislative Decree no. 150/2011, an appeal31 KB (5,041 words) - 15:49, 6 December 2023
- APDCAT (Catalonia) - PS 49/2019 (category Article 5(1)(a) GDPR)out by the school). Article 9 GDPR, for having processed biometric data without any valid ground from Article 9(2). Article 13 GDPR, for not having informed38 KB (5,760 words) - 08:26, 8 September 2021
- OGH - 9Ob38/19g (category Article 4(11) GDPR)according to the introduction of Article 4, this only applies "where this Directive does not provide otherwise". Under Article 8(6) of the Directive, for distance200 KB (33,233 words) - 09:49, 14 December 2023
- GHAL - 200.256.426 (category Article 4(2) GDPR)on legitimate interests according to Article 6(1)(f) GDPR and that Ziggo had to comply with Article 6(4)(d) GDPR. The Court found that DFW had a legitimate40 KB (6,777 words) - 16:28, 15 March 2022
- Tietosuojavaltuutetun toimisto (Finland) - 6629/163/21 (category Article 12(2) GDPR)accordance with Article 15 GDPR. The DPA had asked the controller to explain how it facilitated the exercise of data subject rights under Article 15 GDPR in situations21 KB (3,204 words) - 13:37, 12 January 2024
- AEPD (Spain) - PS/00057/2020 (category Article 7 GDPR)Page 4 4/14Taking into account the above, ESLORA PROYECTOS is not subsumed innone of the cases of compulsory designation included (i) in article 37.1RGPD31 KB (4,757 words) - 13:52, 13 December 2023
- APD/GBA (Belgium) - 24/2021 (category Article 6 GDPR)and transparency (Article 5.1 a) GDPR), purpose limitation (Article 5.1 b) GDPR) and minimum data processing (Article 5.1 c) GDPR); 4) the legal basis for110 KB (18,238 words) - 16:56, 12 December 2023
- AEPD (Spain) - PS/00187/2019 (category Article 4(11) GDPR)deducted from inaction) and therefore contrary to the GDPR within the meaning of Article 4(11) GDPR. For all the above, the AEPD hold that HM HOSPITALES5 KB (497 words) - 14:08, 13 December 2023
- OLG Köln - 20 U 295/21 (category Article 4(1) GDPR)invoked the excessiveness of the request under Article 12(5) GDPR alleging that the data subject uses Article 15 GDPR only to verify the validity of the premium42 KB (6,689 words) - 08:30, 21 November 2022
- CNPD (Luxembourg) - Délibération n°37FR/2021 (category Article 37(7) GDPR)Protection Officer (DPO) under Section 4 of Chapter 4 of the GDPR (see in particular Article 37 GDPR to Article 39 GDPR). One of these audit proceedings concerned26 KB (3,862 words) - 17:41, 25 June 2022
- AEPD (Spain) - PS/00040/2020 (category Article 15 GDPR)the Law: "Article 36. Taxpayers 1. They are taxpayers, as taxpayers, natural or legal persons, and the entities referred to in article 35.4 of Law 58/200338 KB (6,303 words) - 13:50, 13 December 2023
- GHSHE (Netherlands) - 200.274.447 01 (category Article 5 GDPR)pay to [the employee] compensation/amount, pursuant to Article 7:683(4) in conjunction with Article 7:682(6) of the Dutch Civil Code, equal to the gross60 KB (10,118 words) - 15:12, 5 October 2021
- AEPD (Spain) - E/09353/2019 (category Article 5(1)(f) GDPR)integrity and confidentiality when processing personal data according to Article 5(1)(f) GDPR. The AEPD confirmed that there was no Facebook profile with the name8 KB (1,152 words) - 13:42, 13 December 2023
- Datatilsynet (Norway) - 20/02375 (category Article 6(1)(f) GDPR)rating, breaching Article 6(1) GDPR, and required the company to implement a policy for conducting credit ratings per Article 24 GDPR. A person lodged a40 KB (5,943 words) - 18:54, 5 March 2022
- AEPD (Spain) - EXP202206735 (category Article 6 GDPR)according to article 4.1 of the GDPR, is data personnel and their protection, therefore, is the subject of said Regulation. In article 4.2 of the GDPR defines75 KB (12,421 words) - 13:23, 13 December 2023
- CJEU - C‑479/22 - OC v Commission (category Article 4(1) GDPR)law to the GDPR, both regimes must be read in the same way. Second, identifiability is defined by Article 3(1) 2018/1725 (Article 4(1) GDPR). The use of6 KB (893 words) - 09:33, 19 April 2024
- CNIL (France) - SAN-2023-018 (category Article 31 GDPR)DPO and to cooperate with the DPA, therefore violating Article 31 GDPR and Article 37(1)(a) GDPR. On 2 June 2021, the French DPA (“CNIL”) informed a French22 KB (3,384 words) - 13:25, 24 January 2024
- AEPD (Spain) - EXP202200429 (category Article 5(1)(c) GDPR)infringement of the GDPR, articles: -12 of the GDPR, in accordance with article 83.5.b) of the GDPR and 72.1.k) of the LOPDGDD, and -5.1.c) of the GDPR, in accordance56 KB (9,356 words) - 10:43, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 3075/182/2018 (category Article 15(4) GDPR)applicant's wife. According to Article 15 (4) of the General Data Protection Regulation, the right to obtain the copy referred to in Article 3 (3) must not adversely7 KB (883 words) - 09:47, 17 November 2023
- AEPD (Spain) - EXP202104917 (category Article 4(11) GDPR)valid consent under Article 4(11) GDPR and Article 6(1) LOPDGDD (National data protection law aimed at the implementation of the GDPR). In both articles27 KB (4,356 words) - 12:41, 13 December 2023
- AEPD (Spain) - EXP202103039 (category Article 13 GDPR)pursuant to Article 13 GDPR. In the present case, the controller omitted this obligation. The DPA therefore held that the controller violated Article 13 GDPR22 KB (3,385 words) - 13:35, 13 December 2023
- AP (The Netherlands) - 31.05.2021 (category Article 32 GDPR)other things, article 4 paragraph 1 SUWI and the ZBO register of the Dutch central government. See article 2 paragraph 2 SUWI and article 4 paragraph 1 SUWI106 KB (14,502 words) - 17:09, 12 December 2023
- Norway, and not the GDPR. The DPA does, however, refer to corresponding Articles in the GDPR: Articles 5(1)(b) and (c), as well as Article 17. Share blogs43 KB (6,983 words) - 09:09, 21 August 2022
- AEPD (Spain) - PS/00151/2020 (category Article 5(1)(c) GDPR)of the duty of information as per article 13 GDPR. The DPA imposed thus a fine of €1000 for violating Article 13 GDPR. Share your comments here! Share blogs28 KB (4,525 words) - 14:06, 13 December 2023
- APD/GBA (Belgium) - 19/2020 (category Article 5(1)(b) GDPR)1 f) GDPR) (and the obligations arising from it – Article 32 GDPR) and the principle of purpose (Article 5 § 1 b) GDPR) which the principle of security39 KB (6,246 words) - 16:55, 12 December 2023
- UODO (Poland) - DKN.5112.13.2020 (category Article 5(1)(a) GDPR)in line with the principle of lawfulness in Article 5(1)(a) GDPR, as none of the conditions of Article 6 GDPR were satisfied. The data disclosed in the land60 KB (9,755 words) - 09:58, 17 November 2023
- AZOP (Croatia) - Decision 29-06-2022 (bank) (category Article 5 GDPR)the principles of lawfulness and fairness of Article 5 GDPR and without a legal basis under Article 6 GDPR. A bank (the controller) organized prize games20 KB (3,166 words) - 15:36, 30 October 2023
- DSB (Austria) - D122.844/0006-DSB/2018 (category Article 12(5) GDPR)under Article 15 GDPR and demanded free access to the historic bank transaction data. The bank argued that this would be a misuse of Article 15 GDPR and19 KB (2,936 words) - 13:55, 12 May 2023
- RvS - 201906880/1/A3 (category Article 5 GDPR)on Article 6(1)(c) GDPR. In particular, the appellant argued that pursuant to Article 6(3) GDPR, a public interest task under Article 6(1)(c) GDPR must40 KB (6,464 words) - 09:58, 7 July 2021
- Datatilsynet (Norway) - 20/02274 (category Article 5(1)(a) GDPR)fundamental principles of the GDPR, notably Article 5(1)(a) and (e) GDPR. The DPA found violations of various provisions of the GDPR. It held that the controller47 KB (7,661 words) - 18:54, 5 March 2022
- APD/GBA (Belgium) - 42/2020 (category Article 4(7) GDPR)that regard on that article 2.1) GDPR read in conjunction with recital 15 of the GDPR, although an exclusion from the scope of the GDPR provides for files30 KB (4,871 words) - 16:58, 12 December 2023
- AP Barcelona - Auto 72/2021 (category Article 9 GDPR)also taken into account Article 5 GDPR, mainly the purpose limitation and data minimization principles, as well as Article 6 GDPR; the controller should34 KB (5,368 words) - 14:01, 20 September 2021
- AEPD (Spain) - EXP202201681 (category Article 13 GDPR)infringement of article 32.1 of the GDPR (LCEur 2016, 605), typified in the Article 83.4.a) of the GDPR, a warning sanction, in accordance with article 77 of the195 KB (30,495 words) - 12:40, 13 December 2023
- UODO (Poland) - DKN.5112.7.2020 (category Article 5(1)(a) GDPR)Justification . Pursuant to Article 78 paragraph 1, Article 79 paragraph 1 point 1 and Article 84 paragraph 1 point 1-4 of the Act of 10 May 2018 on the29 KB (4,687 words) - 09:56, 17 November 2023
- Commissioner (Cyprus) - 17.05.23 (category Article 5(1)(c) GDPR)perpetrator (Article 83(2) GDPR). Lastly, the amount of the fine shall not exceed the maximum amounts provided for in Articles 83(4) (5) and (6) GDPR. The quantification31 KB (4,973 words) - 16:50, 6 December 2023
- AEPD (Spain) - PS/00452/2019 (category Article 6(1)(a) GDPR)pursuant to Article 47(1) and 48.1 of Law 39/2015 of 1 October, on the limitation of the infringement of article 6.1 of the RGPD typified in article 83.5 a)25 KB (4,037 words) - 14:55, 13 December 2023
- AZOP (Croatia) - Decision 10-08-2023 (category Article 5 GDPR)this the AZOP held that the controller acted contrary to Article 5(1)(a) GDPR and Article 6 GDPR. Moreover, the AZOP reiterated the fact that the pictures19 KB (2,955 words) - 16:29, 5 December 2023
- GHAL - 200.307.462 (category Article 10 GDPR)assessment pursuant to Article 35 of the GDPR and, depending on the outcome, also have to consult the AP beforehand (Article 36 of the GDPR). In addition, as28 KB (4,573 words) - 10:04, 14 December 2023
- DVI (Latvia) - SIA "TET" (category Article 5(1)(a) GDPR)accordance with Article 132, Article 168 23 of the Law on Administrative Responsibility first part, Article 172 and Article 173, first part, paragraph 4, Article114 KB (17,942 words) - 15:46, 2 November 2022
- HDPA (Greece) - 12/2022 (category Article 5(1)(a) GDPR)lawfulness, fairness and transparency under Article 5(1)(a) GDPR, and the principle of accountability under Article 5(2) GDPR. Additionally, the HDPA held that the46 KB (7,390 words) - 08:07, 1 April 2022
- Court of Appeal of Brussels - 2022/AR/723 (category Article 21(4) GDPR)21(2) and 21(4) GDPR. Moreover, the DPA held that the controller violated Article 5(1)(a), 5(1)(c), 5(2), 6(1), 12(2), 21(2) and 21(4) GDPR. The controller8 KB (919 words) - 09:54, 14 December 2023
- basis under Article 6 GDPR to collect and process vehicle registration numbers. The legal basis is a statutory obligation prescribed by Article 229 of the16 KB (2,404 words) - 15:46, 30 October 2023
- Garante per la protezione dei dati personali (Italy) - 9542096 (category Article 12(3) GDPR)a violation of Article 12(3) in relation to Article 15 GDPR. The Garante hence applied an administrative fine as per Article 83(5) GDPR. The amount of21 KB (3,092 words) - 15:54, 6 December 2023
- GHAL - 200.186.790/01 (category Article 6(1)(b) GDPR)terminated, must be assessed in the light of Article 6 GDPR and not Article 10 GDPR. Article 6(1)(f) GDPR provides a sufficient basis for processing. The50 KB (8,219 words) - 12:42, 4 March 2022
- HDPA (Greece) - 24/2020 (category Article 4(2) GDPR)possibility of exercising their right to access (Article 15 GDPR), not mentioning any of the elements of Article 14 GDPR regarding the processing of data, but only8 KB (879 words) - 15:37, 6 December 2023
- AEPD (Spain) - EXP202203996 (category Article 15 GDPR)circulation of these data (hereinafter GDPR); and in article 47 of the LOPDGDD. SECOND: In accordance with the provisions of article 55 of the RGPD, the Agency Spanish26 KB (4,017 words) - 12:37, 13 December 2023
- GHDHA - 200.274.807 / 01 (category Article 6(1)(f) GDPR)her life. Her objection to processing follows from Article 21(1) GDPR. ING argues that Article 21(1) GDPR cannot be relied on in this case because it applies29 KB (4,710 words) - 12:25, 4 October 2021
- FG München - Auskunftsanspruch nach Art. 15 DSGVO (category Article 15(3) GDPR)"lifting". (4.2) Exclusions (4.2.1) GDPR and AO restrictions 145 According to Art. 15 Para. 1 GDPR, the person concerned (Art. 4 No. 1 GDPR) has a right97 KB (16,519 words) - 09:57, 22 February 2023
- APD/GBA (Belgium) - 74/2020 (category Article 6(1)(f) GDPR)the basis of Article 58, paragraph 2, point b) GDPR and Article 100, §1, 5 ° WOG to be reprimanded for the infringement of Article 25 (1) GDPR; b. on the82 KB (12,100 words) - 17:01, 12 December 2023
- AEPD (Spain) - PS/00285/2020 (category Article 13 GDPR)not having complied with Article 13 GDPR. A claimant filed a complaint with the DPA to report several infringements of the GDPR coming from the Asturian19 KB (2,923 words) - 14:26, 13 December 2023
- HDPA (Greece) - 50/2021 (category Article 5(1)(a) GDPR)information in accordance with Article 13 GDPR. In addition, the HDPA found that the Ministry violated the obligation of Article 35(9) GDPR in relation to the expression5 KB (548 words) - 09:23, 12 October 2022
- Gerechtshof Amsterdam - C/13/640898/HARK17-386 (category Article 6(1)(c) GDPR)The request was based on Article 46 of the Dutch Data Protection Act (Wet bescherming persoonsgegevens - Wbp), implementing GDPR. The Bank rejected the request26 KB (4,225 words) - 16:00, 15 March 2022
- AEPD (Spain) - PS/00245/2019 (category Article 5(1)(a) GDPR)Articles 5(1)(a) GDPR and 13 GDPR. On the other hand, they disagreed with the infringement of Article 5(1)(a) GDPR in relation to Article 9(1) GDPR with regard116 KB (18,941 words) - 14:21, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9445796 (category Article 5(1)(b) GDPR)in national law. By recalling the fundamental principles of the GDPR mentioned in Article 5, namely the limitation of purpose and the minimization of data16 KB (2,430 words) - 15:51, 6 December 2023
- Personvernnemnda (Norway) - PVN-2022-22 (category Article 9 GDPR)processing of sensitive personal data under Article 9 GDPR and their lack of valid consent to do so under Article 6(1) GDPR. In 2020, the Norwegian Consumer Council91 KB (14,440 words) - 10:06, 17 November 2023
- Personvernnemnda (Norway) - PVN-2023-04 (category Article 16 GDPR)data according with Article 16 GDPR as the information was not per se incorrect and thus the first condition under Article 16 GDPR was not met. Given that18 KB (2,845 words) - 10:07, 17 November 2023
- EWHC (UK) - Johnson v Eastlight Community Homes Ltd (category Article 82 GDPR)principles to the GDPR; (b) The effect (if any) of the remaining claims Article 5(1)(f) GDPR (the data security principle), the Article 8 claim and46 KB (7,676 words) - 10:45, 7 December 2021
- AKI (Estonia) - 2.1-3/20/172 (category Article 16 GDPR)Page 4 4 (7) On November 8, 2015, I filed a complaint with the Data Protection Inspectorate (AKI) and demanded that the AKI rapidly implement Article 5828 KB (4,711 words) - 10:30, 13 December 2023
- AEPD (Spain) - PS/00234/2020 (category Article 7 GDPR)AEPD concluded that the defendant could have breached Article 13 GDPR, Article 7 GDPR and Article 22(2) LSSI: there was no identification of the data controller47 KB (7,368 words) - 14:21, 13 December 2023
- GHAL - 200.278.124/01 (category Article 5(1)(c) GDPR)in Article 17 GDPR (cf. Article 17 (3) b GDPR). In that case, the data subject does not have the right to object as referred to in Article 21 GDPR, because35 KB (5,805 words) - 10:04, 14 December 2023
- AEPD (Spain) - PS/00051/2020 (category Article 6(1)(a) GDPR)withdrawal of consent under Article 7(3) GDPR. The Authority also considers the existence of a deletion request under Article 17 GDPR. The AEPD concludes that31 KB (4,853 words) - 13:52, 13 December 2023
- Rb. Den Haag - C/09/581706 / HA RK 19-593 (category Article 12(5) GDPR)the same search results on the basis of Article 12 (4) GDPR has been rejected by Google . Article 21 (1) of the GDPR provides that a data subject has the34 KB (5,811 words) - 09:44, 8 December 2020
- AZOP (Croatia) - Decision 04-05-2023 (redirect from AZOP (Croatia) - Decision of 4 May 2023 - debt collection agency) (category Article 13(1) GDPR)about the processing and regarding the legal basis as required by Article 13(1) GDPR. This resulted in the non-transparent processing of the data subjects'12 KB (1,626 words) - 15:22, 30 October 2023
- VG Potsdam - VG 3 K 1458/19 (category Article 17 GDPR)the alert on the SIS system under Article 17(1)(d) GDPR. The reason for the data subject invoking the GDPR is that Article 53(1) Regulation (EU) 2018/186123 KB (3,560 words) - 14:17, 21 February 2024
- AZOP (Croatia) - Decision 18-12-2020 (category Article 5(1)(c) GDPR)information. Article 7 of said act, however, states that public figures cannot expect the same level of protection as other citizens. Article 8 also states21 KB (3,345 words) - 15:24, 30 October 2023
- that a valid legal basis would be either Article 6(1)(c) GDPR, or Article 6(1)(d) GDPR or Article 9(2)(b) GDPR. The Data protection authority (the UOOU)25 KB (3,096 words) - 17:48, 25 November 2021
- NAIH (Hungary) - NAIH/2020/6484 (category Article 15(1)(a) GDPR)the general rule of Article 15 (1) (a), c) and d) of the GDPR by not giving substantive, specific answers to the request under Article 15 and by sharing27 KB (4,159 words) - 10:13, 17 November 2023
- LG Münster I - ECLI:DE:LGMS:2023:0704.16O238.22.00 (category Article 6(1)(f) GDPR)Art. 4 No. 1 GDPR, is processed and stored here by the defendant as the person responsible in accordance with Art. 4 No. 7 GDPR. According to Art. 4 No.28 KB (4,215 words) - 15:09, 6 December 2023
- AEPD (Spain) - E/08452/2019 (category Article 4(12) GDPR)found that there had been a “personal data breach” pursuant to Article 4 (12) of the GDPR as a result of the publication on the municipal website regarding11 KB (1,651 words) - 13:42, 13 December 2023
- Datatilsynet (Norway) - 21/02873 (category Article 4(16) GDPR)in Article 12(5) GDPR, Article 15(4) GDPR or Article 16 of the Norwegian Personal Data Act were applicable. The DPA ordered the controller (Article 58(2)(d)13 KB (1,583 words) - 16:20, 6 December 2023
- with the provisions of article 85 of the LPACAP. SECOND: NOTIFY this resolution to B.B.B.. In accordance with the provisions of article 50 of the LOPDGDD,52 KB (7,564 words) - 12:41, 13 December 2023
- AKI (Estonia) - 18.02.2022 (category Article 5(1) GDPR)issues a reprimand under Article 58(2)(b) GDPR. After this, the DPA draws attention to the fact that pursuant of Article 5(1)(a) GDPR, data must be processed42 KB (5,838 words) - 10:27, 13 December 2023
- APD/GBA (Belgium) - 20/2023 (category Article 2(4) GDPR)objection for data processing under Article 21 GDPR and the principle of liability under Article 2(4) GDPR and Article 24 GDPR. The complainant, the data subject14 KB (1,883 words) - 16:59, 20 March 2023
- under Article 6(1)(f) GDPR is not a valid legal basis for the processing of cookies. The Italian DPA also held that the controller violated Article 122 of57 KB (9,084 words) - 15:11, 13 July 2022
- RvS - 201901006/1/A2 (category Article 79 GDPR)did not acknowledge that with the introduction of Title 8.4 in the Awb on the basis of Article 8:4, paragraph 1, opening words and under f of the Awb, the34 KB (5,179 words) - 07:10, 7 April 2020
- AEPD (Spain) - PS/00128/2020 (category Article 4(13) GDPR)with article 4.1 of the RGPD. As for the fingerprint, it is also data that must be qualified. two as biometric data and in accordance with article 4.14 of39 KB (5,912 words) - 14:02, 13 December 2023
- CNIL (France) - SAN-2022-020 (category Article 3(2)(a) GDPR)Failure to ensure data protection by default (Article 25(2) GDPR) The DPA also found a violation of Article 25(2) GDPR regarding the controllers “X” icon at the59 KB (9,566 words) - 17:03, 6 December 2023
- APD/GBA (Belgium) - 137/2022 (category Article 12(4) GDPR)the DPA held that it had violated Article 12(3) GDPR (the controller failed to answer within a month), Article 12(4) GDPR (The controller failed to provide14 KB (1,946 words) - 08:50, 29 June 2023
- "private life" in Article 8.1 ECHR (Wittwer in Schwimann, ABGB-Takom4 § 1328a Rz 3; Danzl in KBB5 § 1328a ABGB Rz 3; RV 173 BlgNR 22nd GP 17). 1.4 'Personal rights'24 KB (3,763 words) - 09:49, 14 December 2023
- LAG Berlin-Brandenburg - 10 Sa 443/21 (category Article 15 GDPR)meaning of Article 4 No. 7 GDPR. However, the defendant cannot be accused of violating an obligation to provide information under Art. 15, 12 GDPR. Paragraph28 KB (4,527 words) - 15:58, 26 April 2022
- AEPD (Spain) - EXP202200367 (category Article 5(1)(a) GDPR)in the article 57.1 and the powers granted in article 58.1 of the Regulation (EU) 2016/679 (General Data Protection Regulation, hereinafter GDPR), and in57 KB (8,117 words) - 10:35, 13 December 2023
- EDPB - Binding Decision 2/2022 - 'Instagram' (category Article 5(1)(c) GDPR)the performance of a contract (Article 6(1)(b) GDPR) and for legitimate interest (Article 6(1)(f) GDPR). Article 6(1)(b) GDPR In its original draft decision276 KB (38,206 words) - 09:46, 20 January 2023
- NAIH (Hungary) - NAIH/2020/3479 (category Article 5(1)(d) GDPR)proceedings Article 77 (1) and Article 22 (b) of the General Data Protection Regulation. may be submitted in the case provided for in Under Article 77 (1) of30 KB (4,563 words) - 10:12, 17 November 2023
- Rb. Gelderland - AWB - 18 3073 (category Article 6 GDPR)Section 49 of the Wbp has been met. 4.1 The next question to be answered is whether the claimant has suffered damage. 4.2 With reference to Section 6:106(1)(b)10 KB (1,424 words) - 12:09, 9 May 2022
- AEPD (Spain) - EXP202211953 (category Article 5(1)(a) GDPR)adequate information under Article 13 GDPR, and for the processing of personal data in a manner contrary to Article 5(1)(a) of the GDPR. A data subject submitted85 KB (13,042 words) - 12:42, 13 December 2023
- DSB (Austria) - D124.1177/0006-DSB/2019 (category Article 5(1)(e) GDPR) (section Article 17(1)(d) GDPR)17(1)(c) GDPR, by its logical and systematic context, also applies to the right to object under Article 21(6) GDPR. Pursuant to Article 21(6) GDPR, where personal31 KB (4,648 words) - 13:56, 12 May 2023
- AEPD (Spain) - PS/00127/2020 (category Article 13 GDPR)information duty included in Article 13 GDPR. Is this a violation of Article 13 GDPR? The AEPD held that there had been a violation of Article 13. According to the35 KB (5,363 words) - 14:02, 13 December 2023
- Personvernnemnda (Norway) - 2021-18 (20/02059) (category Article 5(1)(d) GDPR)around the processing of personal data subject to Article 10 GDPR. Pursuant to Article 6(1)(f) GDPR, the Privacy Appeals Board conducted a balancing test36 KB (5,859 words) - 06:40, 6 July 2022
- Personvernnemnda (Norway) - PVN-2023-05 (category Article 6(1) GDPR)municipality still breached Article 13 GDPR, they did have a valid legal basis for processing under Article 6(1)(c) GDPR. On October 14, 2019, a kindergarten34 KB (5,375 words) - 10:07, 17 November 2023
- AP (The Netherlands) - 10.12.2020 (locatefamily.com) (category Article 27(1) GDPR)personal data within the meaning of Article 4, opening words and (1) of the AVG. Based on Article 2, paragraph 1 and Article 3, paragraph 2, of the AVG, the38 KB (6,339 words) - 17:14, 12 December 2023
- publication of the press release of 17 June 2020 infringed Article 54(2) GDPR and Article 48(1) and Article 64(3) WOG. This press release described that the DPA206 KB (30,485 words) - 09:54, 14 December 2023
- NAIH (Hungary) - NAIH/2020/2729/15 (category Article 5(1)(b) GDPR)the existence or absence of a decision in accordance with Article 46, Article 47 or Article 49 (1). in the case of the transmission referred to in the58 KB (9,071 words) - 10:12, 17 November 2023
- AEPD (Spain) - EXP202306257 (category Article 44 GDPR)EDREAMS, S.L. was ordered for a violation of the Article 44 of the GDPR, typified in Article 83.5 of the GDPR, adapt the activity of data processing carried83 KB (12,999 words) - 15:30, 6 March 2024
- CNIL (France) - SAN-2022-022 (category Article 12(3) GDPR)requests for information according to Article 15(1) GDPR. The ‘Business secrecy’ exception only applied to Article 15(4) GDPR, where a data subject would request59 KB (9,623 words) - 17:03, 6 December 2023
- Court of Appeal of Brussels - 2020/AR/1160 (Second Interim Decision) (category Article 6(4) GDPR)consent by the data subject in accordance with Article 6 juncto Article 7 of the Regulation? 4° Must Article 17.2 of the General Data Protection Regulation67 KB (10,544 words) - 09:24, 10 September 2021
- HDPA (Greece) - Opinion 2/2020 (category Article 35(1) GDPR)of Article 6(1)(e) GDPR -public interest and exercise of official authority vested in it, which falls within the exception of Article 9(2)(j) GDPR. It33 KB (5,266 words) - 15:32, 6 December 2023
- Rb. Rotterdam - ROT 19/1393 (category Article 17(1) GDPR)information to be retained by the defendant any longer. 4. Pursuant to Article 17 (1) of the GDPR , a data subject has the right to obtain erasure of personal9 KB (1,203 words) - 16:30, 10 March 2022
- AEPD (Spain) - PS/00192/2022 (category Article 4(1) GDPR)each person and thus falls under the definition of personal data in Article 4(1)GDPR. Furthermore, a voice can reveal identifiers like age, sex, state of15 KB (2,257 words) - 13:02, 13 December 2023
- CE - 437808 (category Article 83 GDPR)Secondly, under Article 83 of the GDPR: "1. Each supervisory authority shall ensure that administrative fines imposed under this article for violations13 KB (1,928 words) - 09:51, 10 September 2021
- Tietosuojavaltuutetun toimisto (Finland) - 8235/154/18 (category Article 5(1)(c) GDPR)personal data was based on an agreement under Article 6 (b) and a legitimate interest of the controller under Article 6 (f) to continue processing the data in28 KB (4,501 words) - 13:07, 3 March 2024
- Datatilsynet (Denmark) - 2019-812-0035 (category Article 15 GDPR)basis of Article 12 (1) of the Law Enforcement Directive. 4, which states: 'Member States shall provide that information provided pursuant to Article 13 and35 KB (5,628 words) - 16:38, 6 December 2023
- Datatilsynet (Norway) - 20/01516 (category Article 5 GDPR)to the public, violating Article 24 GDPR. The decision discusses as well, the relationship between directive 95/46/EC and GDPR. The DPA highlighted that26 KB (3,885 words) - 08:43, 7 May 2022
- Datatilsynet (Denmark) - 2023-432-0016 (category Article 4(11) GDPR)explicit consent was needed under Article 9(2) GDPR and the conditions for consent pursuant to Article 4(11) GDPR had to be assessed in light of the relevant46 KB (7,192 words) - 12:37, 19 December 2023
- APD/GBA (Belgium) - 42/2022 (category Article 6(1)(f) GDPR)Chamber. Decision 42/2022 - 4/5 therefore to be regarded as manifestly unfounded within the meaning of Article 57.4 of the GDPR. 12. Finally, and in a subordinate13 KB (1,908 words) - 08:54, 29 June 2023
- UODO (Poland) - ZSPR.421.7.2019 (category Article 7(3) GDPR)connection with Article 5 paragraph 1 point a, Article 5 paragraph 2, Article 6 paragraph 1, Article 7 paragraph 3, Article 12 paragraph 2, Article 17 paragraph60 KB (9,815 words) - 10:02, 17 November 2023
- CNIL (France) - SAN-2020-003 (category Article 5(1)(c) GDPR)disregarded the provisions of Article 5-1 e) of the GDPR. C. On the breach of the obligation to inform people 65. Article 13 of the GDPR requires the data controller61 KB (10,028 words) - 17:09, 6 December 2023
- AEPD (Spain) - PS/00273/2020 (category Article 17 GDPR)DPA (AEPD) imposed a €1000 fine on a beauty salon for breaching Article 17 GDPR and Article 21 LSSI. The salon sent a marketing SMS to a client months after15 KB (2,337 words) - 14:24, 13 December 2023
- Council of State - 251.378 (category Article 28(1) GDPR)ruling and the GDPR; breach of Article 28 GDPR (the choice of a the processor does not provide sufficient guarantees); breach of Article 32 GDPR (lack of appropriate40 KB (6,324 words) - 15:34, 1 September 2021
- the data subject's consent in Article 4(11), and the basic principle of legality, reasonableness and transparency in Article 5(1)(a). Furthermore, Datatilsynet65 KB (9,767 words) - 16:22, 6 December 2023
- Datatilsynet (Denmark) - 2019-431-0037 (category Article 28(1) GDPR)publicly available on the Internet. However, it follows from Article 28(1) GDPR and Article 28(3)(f) GDPR that the data processor (in this instance Kombit A/S)18 KB (2,710 words) - 16:34, 6 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 8393/161/2019 (category Article 5(1)(c) GDPR)with Article 5 (1) (a) and Article 6 (1) (f) GDPR. Thus, the controller failed to comply with the accountability principle under Article 5 (2) GDPR. Second111 KB (17,604 words) - 13:08, 3 March 2024
- AEPD (Spain) - PS/00003/2020 (category Article 5(1)(c) GDPR)of public space respect Article 5 (1) (c) GDPR? The AEPD held that the installation of a video surveillance system under Article 22 LOPDGDD must always50 KB (7,524 words) - 13:44, 13 December 2023
- AEPD (Spain) - PS/00269/2019 (category Article 5(1)(f) GDPR)infringement of article 5.1.f), in relation to article 6.1, of the RGPD. The infringement of article 5.1.f) of the RGPD is typified in article 83.5.a) of the30 KB (4,761 words) - 14:24, 13 December 2023
- CE - N° 430810 (category Article 6(1)(a) GDPR)to in Article 9 of the GDMPR in order to infer that such consent would not be necessary for data not referred to in that Article, since Article 4 of the42 KB (6,800 words) - 09:50, 10 September 2021
- UODO (Poland) - DKN.5130.2024.2020 (category Article 5(1)(f) GDPR)more details. DECISION DKN.5130.2024.2020 Based on Article. 104 § 1 and art. 105 § 1 of the Act of 14 June 1960 Code of Administrative Procedure (Journal75 KB (12,104 words) - 09:58, 17 November 2023
- Rb. Rotterdam - 9436020 \ CV EXPL 21-30289 (category Article 4(2) GDPR)data is a form of processing as referred to in the GDPR (article 4 sub 2 GDPR). Article 6 of the GDPR provides that the processing of personal data is only19 KB (2,828 words) - 10:09, 18 March 2022
- AEPD (Spain) - PS/00334/2020 (category Article 6(1) GDPR)legitimate basis a violation of GDPR? The Spanish DPA considered that the processing of personal data was in breach of Article 6(1) GDPR, as the worker had processed16 KB (2,328 words) - 14:30, 13 December 2023
- DSB (Austria) - 2020-0.743.659 (category Article 4(15) GDPR)requirements of Article 9 GDPR. In the DSB held that the processing violated Articles 5, 6 and 9 GDPR: Consent under Articles 6(1)(a), 7 and 9(2)(a) GDPR cannot50 KB (8,015 words) - 13:52, 12 May 2023
- Datatilsynet (Norway) - 20/02225 (category Article 5(2) GDPR)dissuasive" as per Article 83(1). In addition to a breach of Article 6(1)(f), the lack of organisational measures pursuant to Article 5(2) was weighted45 KB (7,286 words) - 18:55, 5 March 2022
- AEPD (Spain) - PS/00274/2019 (category Article 5(1)(f) GDPR)thearticle 5.1.f), in relation to article 6.1 of the RGPD.The violation of article 5.1.f) of the RGPD is typified in article 83.5.a)of the RGPD. The LOPDGDD37 KB (5,700 words) - 14:24, 13 December 2023
- where, after a data subject makes a complaint under section 165 or Article 77 of the GDPR, the Commissioner- (a) fails to take appropriate steps to respond12 KB (1,722 words) - 14:39, 21 December 2023
- CNPD (Portugal) - Deliberação 2022/140 (category Article 5(1)(e) GDPR)violation of Article 5(1)(f) GDPR and a fine of €100,000 for the violation of Article 37 GDPR. The DPA issued a reprimand for the violations of Article 5(1)(e)75 KB (12,306 words) - 10:02, 21 December 2022
- AEPD (Spain) - PS/00044/2020 (category Article 13 GDPR)of article Article 24.1, and in relation to the obligations referred to in the previous section, The information obligation provided for in Article 5 of39 KB (6,270 words) - 13:51, 13 December 2023
- AEPD (Spain) - E/03003/2020 (category Article 32(1) GDPR)this data breach a violation of Article 32(1) GDPR? The AEPD concluded that there was no violation of Article 32(1) GDPR, because the company had implemented21 KB (3,039 words) - 13:39, 13 December 2023
- Datatilsynet (Norway) - 20/01865 (category Article 4(1) GDPR)under Article 4(1) GDPR. These statistics even included health data which qualify as a special category of personal data under Article 9(1) GDPR. The Datatilsynet19 KB (2,942 words) - 09:03, 14 September 2023
- Tietosuojavaltuutetun toimisto (Finland) - 8205/154/18 (category Article 5 GDPR)is not sufficient. Article 87 GDPR regulates the processing of a national identity number. This is also regulated with Section 29.4 of the National Data12 KB (1,810 words) - 13:07, 3 March 2024
- LfDI (Baden-Württemberg) - O 1018/115 (category Article 32(1)(a) GDPR)for indirect determinability: BeckOK Datenschutzrecht Wolff/Brink, DSGVO Article 4 marginal no. 17). Contrary to its obligation as the responsible body, Knuddels13 KB (1,926 words) - 10:22, 17 November 2023
- Gerechtshof Amsterdam - 200.258.200/01 (category Article 6(1)(f) GDPR)based are contested by [the appellant]. 3.4 The Court of Appeal will first jointly discuss grievances 1, 2 and 4 with which [the appellant] challenges the16 KB (2,462 words) - 12:29, 4 October 2021
- Commissioner (Cyprus) - 11.17.001.009.232 (category Article 12(3) GDPR)breaching Article 12(3) GDPR, since it failed to notify the data subject that her erasure request was satisfied, as well as Article 24(1) GDPR, given that17 KB (2,515 words) - 11:17, 6 February 2024
- Garante per la protezione dei dati personali (Italy) - 9685947 (category Article 28 GDPR)this specific profile, see provision of April 4 2019, n.83, web doc. 9101974, and of 14 January 2021, n. 4, web doc. 9582744). More generally, although115 KB (18,595 words) - 11:30, 16 August 2022
- Personvernnemnda (Norway) - 2021-05 (20/02912) (category Article 17(1)(c) GDPR)cf. Article 4 no. 2. The search engine provider is responsible for the processing of personal data that takes place in that connection, cf. Article 4 no26 KB (4,299 words) - 18:49, 5 March 2022
- UODO (Poland) - DKE.561.2.2020 (category Article 58(1)(e) GDPR)connection with Article 31, Article 58(1)(e) in connection with Article 83(1-3) and Article 83(5)(e) of Regulation 2016/679 of the European Parliament and of27 KB (4,390 words) - 09:50, 17 November 2023
- UODO (Poland) - DKE.561.11.2020 (category Article 34(4) GDPR)(2), Article 60, Article 101, Article 101a and Article 103 of the Act of 10 May 2018 on personal data protection (Journal of Laws of 2019, item 1781) and46 KB (7,322 words) - 09:51, 17 November 2023
- Datatilsynet (Denmark) - 2019-431-0045 (category Article 6(1) GDPR)(1)(a) - (f) GDPR. An answer to a question can be regarded as personal data, as defined in Article 4(1) GDPR, cf. Directive 95/45. It therefore follows from14 KB (2,119 words) - 16:36, 6 December 2023
- AEPD (Spain) - EXP202204806 (category Article 5(1)(b) GDPR)does with the recorded images” (folio nº 1). SECOND: In accordance with article 65.4 of Organic Law 3/2018, of 5 December, of Protection of Personal Data15 KB (2,313 words) - 10:35, 13 December 2023
- DPC (Ireland) - IN-21-3-1 (category Article 4 GDPR)UC (the controller); an access request under Article 15 GDPR and an erasure request under Article 17 GDPR. Regarding the erasure request specifically,20 KB (3,069 words) - 18:48, 24 January 2023
- RvS - 202100789/1/A3 (category Article 5(1)(b) GDPR)in accordance with Article 5, paragraph 1, preamble and under b, of the GDPR. 4.4. Article 6, paragraph 1, opening words, of the GDPR stipulates that processing20 KB (2,965 words) - 12:52, 28 June 2023
- CJEU - C-507/17 - Google LLC v CNIL (category Article 3(1) GDPR)safeguards of Directive 95/46 and Regulation 2016/679 (GDPR). The Court explained that the Directive and GDPR do not indicate that EU legislature has chosen to6 KB (747 words) - 13:42, 11 August 2022
- Tietosuojavaltuutetun toimisto (Finland) - 9885/157/19 (category Article 12(1) GDPR)subject's rights, such as the right to object according to Article 21 GDPR. Pursuant to Article 58(2)(d) GDPR, the DPA ordered the controller to ensure that data21 KB (3,097 words) - 13:40, 12 January 2024
- UODO (Poland) - DKN.5131.5.2020 (category Article 83(4)(a) GDPR)subjects, according to Article 33(1) GDPR and Article 34(1) GDPR? The PUODO held that the insurance company infringed the GDPR provisions, failing to notify47 KB (7,608 words) - 10:00, 17 November 2023
- Gerechtshof Amsterdam - 200.280.852/01 (category Article 6(1)(e) GDPR) (section Was the introduction of Proctorio compliant with the GDPR?)writing or in another way. (…) 2.14 The FEB's education and examination regulations include the following. (…) Article 4.2 Form of examination (…) 6. The53 KB (8,177 words) - 12:30, 4 October 2021
- LAG Mecklenburg-Western Pomerania - 5 Sa 108/19 (category Article 37 GDPR)2019, GDPR Art. 37, para. 1; Döpfler , EU-GDPR and BDSG, 2nd edition 2020, GDPR Art. 37, marginal 1; Paal / Pauly, DS-GVO BDSG, 2nd ed. 2018, GDPR Art.48 KB (7,320 words) - 12:44, 4 October 2021
- Court of Appeal of Brussels - 2020/AR/329 (category Article 57(1)(f) GDPR)he assessment: violation of Article 57.4 AVG (third plea in law from X). X submits that the decision violates Article 57.4 of the AVG where this provision48 KB (7,560 words) - 09:03, 20 August 2021
- AEPD (Spain) - EXP202203956 (category Article 6(1) GDPR)hereinafter, LPACAP), for the alleged infringement of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR. FIFTH: Notified of the aforementioned start-up52 KB (8,323 words) - 13:17, 13 December 2023
- IP - 0610-376/2020/35 (category Article 13(1) GDPR)should comply with the criteria set out in Article 6. (4) General Regulations. The application of Article 6 (4) of the General Regulation to a change in110 KB (17,995 words) - 11:15, 22 April 2021
- CNIL (France) - SAN-2024-002 (category Article 5(1)(e) GDPR)purpose constituted a breach of Article 5(1)(e) GDPR. Secondly, the CNIL indicated that the controller breached Article 13 GDPR by failing to include the right56 KB (8,757 words) - 14:12, 28 February 2024
- Tietosuojavaltuutetun toimisto (Finland) - 9209/157/2019 (category Article 12(4) GDPR)Data Protection Regulation (2016/679) Article 12 (4), Article 17 (3), Article 21 (2) and (3), Article 25 (2), Article 58 (2) (b) Section 2 of the Health Care20 KB (3,108 words) - 13:02, 3 March 2024
- CNIL (France) - SAN-2021-024 (section The material competence of the CNIL and the non-application of the "one-stop shop" mechanism provided for by the GDPR)According to Article 94 of the GDPR "references to the repealed directive must be understood as references to the [GDPR]". 84. Under Article 4, paragraph82 KB (13,428 words) - 17:02, 6 December 2023
- Korkein hallinto-oikeus (Finland) - KHO:2021:125 (category Article 51 GDPR)Constitution, Article 19 TFEU and Article 47 CFR. As Mr A's mandate and termination had not been assessed in the light of the provisions of the GDPR, the Supreme46 KB (7,394 words) - 14:08, 21 March 2024
- AEPD (Spain) - PS/00239/2022 (category Article 15 GDPR)of article 17 of the GDPR. X Classification of the infringement of article 17 of the GDPR The aforementioned infringement of article 17 of the GDPR supposes60 KB (9,630 words) - 12:34, 13 December 2023
- Commissioner (Cyprus) - 11.17.001.008.222 (category Article 12(3) GDPR)timely manner. 14. Moreover, following an infringement of Article 12(3) GDPR, as explained above, under the provisions of Article 83 of the GDPR, I take into16 KB (2,438 words) - 09:07, 9 June 2023
- AEPD (Spain) - PS/00388/2020 (category Article 7 GDPR)regards to a violation of Article 7 GDPR, for gathering consent in a generic way. To fine the controller €3000 for infringing Article 22(2) LSSI, for installing52 KB (8,471 words) - 14:33, 13 December 2023
- OLG München - 3 U 2906/20 (category Article 4(1) GDPR)a claim under Article 15 GDPR entitles the data subject to be provided with copies of their personal data and whether Article 15(3) GDPR contains an independent21 KB (3,450 words) - 10:33, 8 February 2022
- AEPD (Spain) - PS/00212/2019 (category Article 32 GDPR)typified in article 83.4 of the RGPD and is qualified as serious in article 73.1 g) of the LOPDPGDD for prescription purposes.III Article 58.Article 58.2 of17 KB (2,518 words) - 14:11, 13 December 2023
- AEPD (Spain) - PS/00385/2020 (category Article 6(1)(a) GDPR)their privacy policy in line with Article 6(1)(a) GDPR within a month. The AEPD also held that URLs 1-4 breached Article 22(2) of the Law 34/2002 (LSSI)55 KB (8,967 words) - 14:33, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9435753 (category Article 83(4)(a) GDPR)administrative fines provided for by Article 83, paragraphs 4 and 5, of the Regulation and Article 166, paragraph 1 of the Code. 4.4. On the publication of the data129 KB (21,020 words) - 15:49, 6 December 2023
- DSB (Austria) - 2020-0.605.768 (category Article 40 GDPR)context of Articles 40 and 41 GDPR, in particular from Article 40 Paragraph 4 in conjunction with Article 41 Paragraph 2 lit. c) GDPR, namely further that a monitoring19 KB (2,799 words) - 13:52, 12 May 2023
- AEPD (Spain) - PS/00279/2020 (category Article 6 GDPR)for the violation of Article 6 GDPR and € 4 000 for the violation of article 13, under the power conferred by Article 83(5) GDPR. Share your comments here21 KB (3,123 words) - 14:25, 13 December 2023
- AEPD (Spain) - PS/00036/2020 (category Article 13 GDPR)based comply with Article 13 of the GDPR? The Spanish DPA found that the facts constituted an infringement for violation of Article 13 of the RGPD, and16 KB (2,587 words) - 13:50, 13 December 2023
- AEPD (Spain) - PS/00062/2020 (category Article 13 GDPR)breach Article 13 GDPR even if the contact form is not operational? The Spanish DPA (AEPD) held that the defendant, PSI, violated Article 13 GDPR by failing44 KB (7,162 words) - 13:53, 13 December 2023
- AEPD (Spain) - PS/00268/2020 (category Article 13 GDPR)Policy on their website (Article 13 GDPR) and for the absence of a reject button on the second layer of their Cookie Policy (Article 22(2) LSSI). The claimant17 KB (2,700 words) - 14:23, 13 December 2023
- Court of Appeal of Brussels - 2019/AR/1006 (category Article 16 GDPR)accordance with Article 4(1) GDPR, according to the DPA. The Court of Appeal of Brussels held that, in accordance with Article 16 GDPR, the data subject59 KB (9,290 words) - 09:10, 5 May 2024
- AEPD (Spain) - EXP202200999 (category Article 6(1) GDPR)processing is based on consent under Article 6(1)(a) GDPR, the consent must meet the requirements of, among others, Article 7 GDPR. The DPA observed deficiencies51 KB (7,867 words) - 13:10, 13 December 2023
- OGH - 6Ob56/21k (request for preliminary ruling under Article 267 TFEU) (category Article 5(1)(c) GDPR)requirements of Article 6(1)(a) in conjunction with Article 7 GDPR, which cannot be superseded by relying on Article 6(1)(b) GDPR? Is Article 5(1)(c) GDPR (data122 KB (20,253 words) - 08:17, 19 August 2021
- AEPD (Spain) - TD/00071/2020 (category Article 17 GDPR)6www.aepd.es28001 - Madridsedeagpd.gob.es Page 4 4/7with Article 6, paragraph 1, letter a), or Article 9, paragraph 2, letter a), and this is notbased19 KB (2,948 words) - 14:50, 13 December 2023
- DSB (Austria) - 2021-0.024.862 (category Article 6(1)(f) GDPR)that Article 36(1) GDPR provides for a duty to consult if two conditions are met. First, a data protection impact assessment under Article 35 GDPR must38 KB (5,821 words) - 13:39, 12 May 2023
- AEPD (Spain) - PS/00448/2020 (category Article 5(1)(f) GDPR)for infringing the following provisions: -Article 17 GDPR – Right to Erasure - €50000 fine -Article 32 GDPR – Failure to implement appropriate technical45 KB (7,217 words) - 14:40, 13 December 2023
- AEPD (Spain) - PS/00449/2019 (category Article 5(1)(b) GDPR)with NIF G08564379, an infringement of article 5.1.b) GDPR, typified in Article 83.5 GDPR, in relation to Article 72.1 a) of the LOPDGDD, a fine of 500019 KB (2,862 words) - 14:43, 13 December 2023
- APD/GBA (Belgium) - 17/2020 (category Article 12(3) GDPR)way of a finding under article 15 of the GDR instead of the provisions of article 15 of the GDR. 36, § 4 and § 5 as well as Article 38, § 1 of the Law of52 KB (8,603 words) - 16:55, 12 December 2023
- Commissioner (Cyprus) - 11.17.001.010.007 (category Article 5(1)(c) GDPR)intention to infringe either article 5(1)( c) or article 34(1) of the GDPR. Legal framework 8.1. Pursuant to Article 5(1)(c) of the GDPR “Personal Data shall be:20 KB (3,082 words) - 13:42, 31 January 2024
- AEPD (Spain) - PS/00030/2020 (category Article 12 GDPR)sedeagpd.gob.es 4/7 Article 22 section 4 LOPDGDD (LO 3/2018, December 5) provides the following: “The duty of information provided for in article 12 of Regulation19 KB (2,965 words) - 13:49, 13 December 2023
- Personvernnemnda (Norway) - 2021-09 & PVN-2021-15 (20/01790) (category Article 5(1)(a) GDPR)of personal data from a surveillance footage, thus breaching Article 5(1)(a) GDPR and Article 6. The complainant argued that the size of the administrative40 KB (6,549 words) - 18:49, 5 March 2022
- AEPD (Spain) - PS/00479/2019 (category Article 5(1)(c) GDPR)minimisation principle related, as per Article 5(1)(c) GDPR, and the lack of transparent information, as per Article 12 GDPR. The decision is the consequence17 KB (2,541 words) - 14:43, 13 December 2023
- AEPD (Spain) - PS/00402/2019 (category Article 6 GDPR)second complaint alleging the ongoing violation of Article 6 GDPR. The AEPD finds the violation of Article 6 quite apparent and focuses on the criteria to15 KB (2,327 words) - 14:34, 13 December 2023
- AZOP (Croatia) - Decision 29-06-2022 (Center for Social Welfare) (category Article 5 GDPR)under a legal obligation to process these data. Article 29 of the Croatian Labour Act and Article 5(4) of the Labour Law Rulebook (Official Gazette, no17 KB (2,660 words) - 15:35, 30 October 2023
- Rb. Amsterdam - C/13/696660/HA RK - 21-37 (category Article 79(2) GDPR)been stated nor has it been proven. 3.11. The GDPR also has a jurisdiction regulation. Article 79(2) of the GDPR provides that proceedings against a controller18 KB (2,617 words) - 08:23, 2 September 2021
- APD/GBA (Belgium) - 08/2019 (category Article 12(4) GDPR)violated Articles 12(3), (4), 13(2)(b), 30(1)(d) and (g) of the GDPR and issued a warning by virtue of Article 58(2)(b) of the GDPR. Due to the anonimisation24 KB (3,843 words) - 16:51, 12 December 2023
- AEPD (Spain) - TD/00185/2019 (category Article 17 GDPR)accessible in the URL: ***URL. SECOND: Dated May 20, 2019, in accordance with Article 65.4 of the Organic Law 3/2018 of December 5, Protection of Personal Data17 KB (2,620 words) - 14:51, 13 December 2023
- AEPD (Spain) - PS/00335/2019 (category Article 6(1)(a) GDPR)subjects infringes Article 6 (1) (a) GDPR. The AEPD fined the data processor in an amount of 4,000 Euro for the violation of Article 6 (1) (a) GDPR. Since the21 KB (3,281 words) - 14:30, 13 December 2023
- APD/GBA (Belgium) - 11/2019 (category Article 6(4) GDPR)thereof pursuant to Article 61 of the ICA and the complaint is forwarded to the Disputes Chamber pursuant to Article 62, §1er of the ICA.-On 14 November 201824 KB (3,844 words) - 16:51, 12 December 2023
- AEPD (Spain) - PS/00028/2022 (category Article 5(1)(f) GDPR)confidentiality. Second, the DPA found a violation of Article 32 GDPR. The DPA held Article 32 GDPR requires the controller to have a complete protocol that58 KB (9,301 words) - 12:39, 13 December 2023
- AEPD (Spain) - PS/00135/2020 (category Article 13 GDPR)person about the treatment of his/her personal data in accordance with Article 13 GDPR. The gym center had already been required by the Spanish DPA to make47 KB (7,756 words) - 14:04, 13 December 2023
- AEPD (Spain) - EXP202202889 (category Article 12 GDPR)with the provisions of section 2 of article 56 in relation to section 1 f) of article 57, both of the GDPR; and in article 47 of the LOPDGDD. SECOND: In accordance20 KB (3,077 words) - 10:46, 13 December 2023
- DSB (Austria) - D122.970/0004-DSB/2019 (category Article 17 GDPR)executed. Legal basis: Article 4 lines 1, 2 and 5, Article 11 paragraphs 1 and 2, Article 12 paragraph 2, Article 17 paragraph 1 and Article 58 paragraph 2 lit23 KB (3,622 words) - 13:57, 12 May 2023
- AEPD (Spain) - EXP202203617 (category Article 5(1)(c) GDPR)according to article 4.1 of the GDPR, are a Personal data and its protection, therefore, is the subject of said Regulation. In the article 4.2 of the GDPR defines74 KB (11,726 words) - 13:02, 13 December 2023
- APD/GBA (Belgium) - 18/2020 (category Article 5 GDPR)therefore of the opinion that no breach of Article 5.2 of the GDPR, Article 24.1 of the GDPR and Article 33 of the GDPR can be established. - As regards the55 KB (8,810 words) - 16:55, 12 December 2023
- AEPD (Spain) - PS/00206/2020 (category Article 6 GDPR)6www.aepd.es28001 - Madridsedeagpd.gob.es Page 4 4/8FOUNDATIONS OF LAWIBy virtue of the powers that article 58.2 of the RGPD recognizes to eachcontrol authority20 KB (3,078 words) - 14:10, 13 December 2023
- AEPD (Spain) - TD/00251/2021 (category Article 15 GDPR)of these data (hereinafter, GDPR); and in article 47 of the LOPDGDD. SECOND: In accordance with the provisions of article 55 of the RGPD, the Agency Spanish20 KB (3,142 words) - 13:31, 13 December 2023
- AEPD (Spain) - EXP202200399 (category Article 5(1)(f) GDPR)the database of the controller. Therefore, the controller violated Article 5(1)(f) GDPR. The DPA considered several aggravating factors, such as the fact10 KB (1,343 words) - 13:13, 13 December 2023
- AEPD (Spain) - PS/00006/2022 (category Article 12 GDPR)violation of the Article 12 of the GDPR, in conjunction with Article 17 of the GDPR. V Classification of the infringement of article 12 of the GDPR The aforementioned54 KB (8,870 words) - 10:43, 13 December 2023
- NAIH (Hungary) - NAIH/2020/5911/7 (category Article 12 GDPR)on the basis of the notification, Article 57 (1) f) of the General Data Protection Regulation and Article 38. § Article 1Regulation (EU) 2016/679 of the9 KB (1,337 words) - 10:13, 17 November 2023
- AEPD (Spain) - PS/00423/2019 (category Article 13 GDPR)information under Article 13 GDPR is illegal. Consequently, the APED decided to issue a fine of €1.500 for the violation of Article 13 GDPR. Share your comments23 KB (3,636 words) - 14:38, 13 December 2023
- UODO (Poland) - DKE.561.1.2020 (category Article 31 GDPR)and the Council in the context of Article 31, Article 58(1)(e) in conjunction with Article 83(1) to (3) and Article 83(5)(e) of Regulation 2016/679 of31 KB (5,101 words) - 09:52, 17 November 2023
- AEPD (Spain) - PS/00446/2021 (category Article 5(1)(c) GDPR)constitute of a breach of Article 5(1)(c) GDPR. Second, the AEPD recalled that, compliant with Article 13(1) and (2) GDPR, and Article 22(4) of the Law on the24 KB (3,717 words) - 13:04, 13 December 2023
- GHAL - 200.256.387 (category Article 6(1)(c) GDPR)certain data to be delete. It brought a legal action based on Article 17 GDPR and Article 21 GDPR, read in conjunction with the Dutch Data Protection Act (Wet27 KB (4,289 words) - 07:57, 7 March 2022
- AEPD (Spain) - PS/00214/2022 (category Article 6(1) GDPR)legal bases of contract (Article 6(1)(b) GDPR), legal obligation (Article 6(1)(c) GDPR) and legitimate interest (Article 6(1)(f) GDPR) and determined that131 KB (20,916 words) - 12:38, 13 December 2023
- AEPD (Spain) - PS/00491/2020 (category Article 6(1) GDPR)violation of Article 13 GDPR and issued a warning to the controller. The AEPD took into account the following aggravating factors (Article 83 (2) GDPR) to determine19 KB (2,957 words) - 14:45, 13 December 2023
- AEPD (Spain) - EXP202103878 (category Article 6(1) GDPR)Articles 57(1) and 58(2) GDPR for the processing of personal data without the consent of the data subject, as foreseen in Article 6 GDPR. Firstly, the DPA found20 KB (3,035 words) - 10:33, 13 December 2023
- ICO (UK) - Chief Constable West Midlands Police (category Article 34(3) GDPR)purpose.” 1.3 The reasons for the Commissioner’s findings are set out below. 1.4 This case relates to two individuals with the same name and date of birth,18 KB (2,476 words) - 09:10, 14 May 2024
- relation to contraventions of the UK-GDPR, section 168 DPA 2018 provides that "non-material damage" in Article 82 GDPR includes distress. In relation to breaches61 KB (8,986 words) - 08:40, 22 February 2022
- Datatilsynet (Denmark) - 2018-7320-0166 (category Article 5(1)(c) GDPR)accordance with Article 12 (2) of the Data Protection Regulation. 6 and Article 5 (2). 1 (c). The Data Inspectorate has hereby emphasized that Article 12 (2) of18 KB (2,773 words) - 16:22, 6 December 2023
- Rb. Gelderland - AWB 19/2901 (category Article 5 GDPR)whether Article 6 GDPR provides a legal basis for processing credit cards details and whether the processing is compliant with Article 5 GDPR. It also17 KB (2,610 words) - 16:18, 10 March 2022
- AEPD (Spain) - PS/00374/2018 (category Article 5(1)(c) GDPR)the defendant, for violation of Article 6.1, of the RGPD, which states that: "in accordance with the provisions of Article 4.11 of Regulation (EU) 2016/67918 KB (2,711 words) - 13:43, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9445567 (category Article 5(1)(a) GDPR)commensurate with the circumstances of the specific case (Article 58, paragraph 2, letter i) of the Regulation). 4. Injunction order. Pursuant to art. 58, par. 216 KB (2,471 words) - 15:51, 6 December 2023
- AEPD (Spain) - PS/00059/2020 (category Article 28 GDPR)the definitions of the legal concepts that the RGPD indicates in article 4: Article 4 GDPR. Definitions For the purposes of this Regulation, the following287 KB (48,336 words) - 13:53, 13 December 2023
- AEPD (Spain) - PS/00197/2020 (category Article 5(1)(b) GDPR)6(1)(b), 5(1)(b) and 5(1)(c) GDPR? The Spanish DPA (AEPD) deemed itself competent under Article 58(2) GDPR in conjunction with Article 47 of the Spanish Data129 KB (21,793 words) - 14:09, 13 December 2023
- NAIH (Hungary) - NAIH/2020/34/3 (category Article 12(2) GDPR)right of access under Article 15 GDPR? By denying the complainant access, did the respondent infringe Articles 12(1) or 12(2) GDPR? The NAIH that the complainant's48 KB (7,727 words) - 10:11, 17 November 2023
- AEPD (Spain) - PS/00014/2020 (category Article 6(1) GDPR)SIXTH: On March 4, 2020, a motion for a resolution was formulated, A78923125, for a violation of article 6 of the RGPD, typified in article 83.5 of the RGPD21 KB (3,441 words) - 13:46, 13 December 2023
- AEPD (Spain) - EXP202202000 (category Article 17 GDPR)the Court of Justice of the European Union at paragraph 99: "Article 12(b) and Article 14(a) of Directive 95/46 must be interpreted as meaning that, when20 KB (3,107 words) - 10:49, 13 December 2023
- AEPD (Spain) - PS/00422/2018 (category Article 2 GDPR)RETAIL S.L. for alleged infringement of Article 5.1 f) of the GDPR, in accordance with Article 83.5.a) of the GDPR- Initiate sanctioning procedure against25 KB (3,933 words) - 14:37, 13 December 2023
- AEPD (Spain) - PS/00134/2019 (category Article 5(1)(a) GDPR)receipt of the claim, on 12/14/2018, the General Sub-Directorate ofData Inspection proceeded, in accordance with article 65.4 of Organic Law 3/2018,of 5/1226 KB (4,034 words) - 14:04, 13 December 2023
- DSB (Austria) - 2021-0.347.702 (category Article 6(1)(f) GDPR)or by a third party. The court used Article 9(2)(f) GDPR to interpret legitimate interests under Article 6(1)(f) GDPR as including the establishment, exercise25 KB (3,875 words) - 10:36, 11 January 2024
- Tietosuojavaltuutetun toimisto (Finland) - TSV/26/2020 (category Article 5(1)(e) GDPR)violated Article 5(1)(e) GDPR and Article 25(2) GDPR. As a result, the DPA issued a reprimand to the controller in accordance with Article 58(2)(b) GDPR. Pursuant77 KB (12,352 words) - 07:20, 23 April 2024
- NAIH (Hungary) - NAIH-1091-10/2022 (NAIH-6936/2021) (category Article 12(4) GDPR)the GDPR, 16 - Article 5 (2) of the GDPR, - Article 7 (1) of the GDPR, - Paragraphs (1) – (4) of Article 12 of the GDPR and - Article 15 (1) and Article69 KB (11,255 words) - 10:08, 17 November 2023
- NAIH (Hungary) - NAIH/2020/974/4 (category Article 5(1)(a) GDPR)breach of the General Data Protection Regulation5. Article 5 (1) (a), Article 5 (2) and Article 13 Article 1 (1) to (2). III.3. JogkövetkezményekIII.3.1. The67 KB (10,815 words) - 10:11, 17 November 2023
- AEPD (Spain) - EXP202102778 (category Article 6(1)(f) GDPR)controller had violated Article 6(1) GDPR since the legitimate interest assessment on which the processing was based (Article 6(1)(f) GDPR) was understood as84 KB (13,036 words) - 13:26, 13 December 2023
- AEPD (Spain) - EXP202204461 (category Article 5(1)(f) GDPR)Therefore, Article 5(1)(f) GDPR was considered violated by the community of owners as a whole and a fine according to Article 83(5) GDPR was imposed.24 KB (3,631 words) - 13:20, 13 December 2023
- HDPA (Greece) - 47/2022 (category Article 28(3) GDPR)data subject (Article 26 GDPR). The processing by the processor must, in accordance with the provisions of article 28 paragraph 3 of the GDPR, be governed25 KB (3,943 words) - 14:32, 28 September 2022
- AEPD (Spain) - TD/00263/2020 (category Article 13 GDPR)officer, article 39 of the RGPD attributes to him the function of cooperate with said authority. Similarly, the domestic legal system, in article 65.4 of the22 KB (3,544 words) - 14:48, 13 December 2023
- AEPD (Spain) - EXP202102088 (category Article 13 GDPR)provisions in article 13 of the RGPD, despite the fact that personal data is collected through various forms. SECOND: In accordance with article 65.4 of Organic26 KB (3,881 words) - 13:35, 13 December 2023
- HDPA (Greece) - 20/2022 (category Article 12(3) GDPR)violation of article 17 in combination with article 21 par. 3 and article 12 paragraph 3 of the GDPR and article 25 paragraph 1 of the GDPR. For its judgment16 KB (2,374 words) - 11:46, 18 August 2022
- EWHC (UK)- QB- Soriano v Forensic News LLC (category Article 3(1) GDPR)conferred by article 79(2) of the GDPR. This is the relevant provision for the purposes of para 3.1(20) of CPR Practice Direction 3B. Article 79(2) provides:108 KB (18,178 words) - 11:57, 29 November 2021
- AEPD (Spain) - PS/00043/2020 (category Article 13 GDPR)specified period - article 58. 2 d) -. According to the provisions of article 83.2 of the RGPD, the measure provided for in article 58.2 d) of the aforementioned24 KB (3,838 words) - 13:51, 13 December 2023
- Datatilsynet (Denmark) - 2019-431-0044 (category Article 5(1)(f) GDPR)data breaches from more than twenty Danish banks in accordance with Article 33 GDPR. The reported data breaches concern the accidental disclosure of personal16 KB (2,399 words) - 16:34, 6 December 2023
- AEPD (Spain) - E/03624/2021 (category Article 5(1)(a) GDPR) (section DPA mutual assistance under Article 61 GDPR)data subject’s consent under Article 6(1)(a) GDPR, which in turn meets the conditions for consent laid out in Article 7 GDPR. The AEPD highlighted that this58 KB (8,665 words) - 16:10, 1 February 2022
- UODO (Poland) - DKN.5101.25.2020 (category Article 5(1)(f) GDPR)Warsaw, November 12, 2020 DECISION DKN.5101.25.2020 Based on Article. 104 § 1 of the Act of 14 June 1960 Code of Administrative Procedure (Journal of Laws63 KB (10,088 words) - 09:52, 17 November 2023
- AEPD (Spain) - EXP202202183 (category Article 6(1) GDPR)provided for in Article 15 GDPR and Article 13 LOPDGDD was exercised. Secondly, the DPA noted that a valid legal basis under Article 6(1) GDPR is required22 KB (3,432 words) - 12:37, 13 December 2023
- AEPD (Spain) - PS/00324/2019 (category Article 13 GDPR)found that the El Maestro Cerrajero SL’s privacy policy complied with Article 13 GDPR, after the page was updated by the controller during the procedure.22 KB (3,480 words) - 14:28, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 6652/154/19 (category Article 17(3)(b) GDPR)necessary according to Article 17(3)(b) GDPR and Article 17(3)(e) GDPR. The controller stated that, according to Chapter 8 Section 1(2)(4) of the Finnish Criminal19 KB (2,951 words) - 12:30, 23 April 2024
- DSB (Austria) - D123.768/0004-DSB/2019 (category Article 4(4) GDPR)CFR Art8 para 11 CFR Art11 para 1 ECHR Art10 para 1 GDPR Art4 no 2 GDPR Art4 no 7 GDPR Art85 para 1 GDPR Art85 para 2 Text GZ: DSB-D123.768/0004-DSB/201929 KB (4,637 words) - 13:57, 12 May 2023
- AP (The Netherlands) - AWB-21 3909 (category Article 15(1) GDPR)possible. 1 Article 6:2, preamble and under b, in conjunction with Article 7:1, first paragraph, preamble and under f, of the Awb 2 Article 6:12, second19 KB (3,027 words) - 17:13, 12 December 2023
- AEPD (Spain) - EXP202202937 (category Article 12 GDPR)(hereinafter referred to as GDPR); and in article 47 of the LOPDGDD. SECOND: In accordance with the provisions of article 55 of the RGPD, the Agency Spanish26 KB (3,997 words) - 18:59, 26 February 2024
- VG Hannover - 10 A 502/19 (category Article 5(1)(a) GDPR)principle is specified in Art. 12 GDPR, which in turn refers to Art. 13, 14 and 15-22 as well as Art. 34 GDPR. Article 13 (1) GDPR provides in lit. c to the effect41 KB (6,779 words) - 12:35, 24 November 2021
- Datatilsynet (Norway) - 20/01896 (category Article 5(2) GDPR)rating without a legal basis under Article 6(1)(f) GDPR and for not adhering to the accountability principle as per Article 5(2). The DPA also requires that28 KB (4,387 words) - 18:58, 5 March 2022
- DSB (Austria) - D130.073/0008-DSB/2019 (category Article 32 GDPR)process for user registrations, the respondent violated Article 5 GDPR, Article 6 GDPR, and Article 32 GDPR, and § 1 para 1 DSG (the Austrian Data Protection25 KB (3,605 words) - 13:59, 12 May 2023
- NAIH (Hungary) - NAIH/2020/32/4 (category Article 5(1) GDPR)pursuant to Article 4(2) of the GDPR, and the applicant operating and managing the Facebook page is a controller pursuant to Article 4(7) of the GDPR, given75 KB (12,586 words) - 10:10, 17 November 2023
- APD/GBA (Belgium) - 28/2020 (category Article 6(1)(f) GDPR)erased and thus also violates Article 17.1(c) AVG. 3.2. With regard to the infringement of Article 6.1 and Article 21.4 of the AVG 29. In its statement27 KB (4,363 words) - 16:56, 12 December 2023
- EDPB - Binding Decision 4/2022 - 'Meta (Instagram)' (category Article 4 GDPR)accordance with Article 60(3) GDPR. Ten DPAs (AT, DE, ES, FI, FR, HU, IT, NL, NO, SE) raised objections, in accordance with Article 60(4) GDPR, to the Draft468 KB (51,340 words) - 14:10, 30 January 2023
- AEPD (Spain) - PS/00247/2020 (category Article 7 GDPR)L. for the infringement of Article 13 GDPR (data privacy policy) and a warning penalty for the infringement of Article 7 GDPR regarding the collection of24 KB (3,893 words) - 14:22, 13 December 2023
- AEPD (Spain) - PS/00025/2019 (category Article 6(1) GDPR)qualifies in its article 72.1.b) as a very serious offense “ TreatmentC / Jorge Juan, 6www.aepd.es28001 - Madridsedeagpd.gob.es Page 14 14/30of personal data88 KB (14,301 words) - 13:48, 13 December 2023
- decision stated: - Pursuant to Article 100, §1, 9 WOG, to order processing in accordance with with Articles 5.1.f, 5.2, 24 and 32 GDPR, in which in particular24 KB (3,393 words) - 09:25, 10 September 2021
- AEPD (Spain) - E/07796/2020 (category Article 32(1) GDPR)certain level of security. Therefore, they did not find a violation of Article 32(1) and decided not to fine the controller. Share your comments here!18 KB (2,698 words) - 13:41, 13 December 2023
- OLG Linz - 6R49/19x (category Article 4(2) GDPR)protection, the DSGVO had come into force during the proceedings. Pursuant to Article 69 (4) of the DSG, proceedings pending before the ordinary courts under the33 KB (5,113 words) - 09:50, 14 December 2023
- CJEU - C-205/21 - Ministerstvo na vatreshnite raboti (category Article 9 GDPR)provided for in Article 9 of the GDPR or Article 51 of the ZZLD. 30 Under Article 27 of the ZMVR, data recorded by the police pursuant to Article 68 of that110 KB (18,000 words) - 08:01, 5 June 2023
- AEPD (Spain) - PS/00266/2019 (category Article 13 GDPR)refers to older national laws, instead of GDPR. Does an non-updated privacy policy infringe Article 13 GDPR? Shoud the AEPD calculate the fine by taking28 KB (4,459 words) - 14:23, 13 December 2023
- AEPD (Spain) - PS/00268/2019 (category Article 13 GDPR)specific enough and did not comply with Article 13 GDPR. Does the lack of precision enough to infrige Article 13 GDPR? The AEPD found that the information28 KB (4,435 words) - 14:23, 13 December 2023
- AEPD (Spain) - PS/00010/2020 (category Article 6(1)(a) GDPR)AEPD held that the telecoms company 's actions were a breach of Article 6(1) GDPR. Article 6(1) does not apply here because they failed to prove that they22 KB (3,523 words) - 13:45, 13 December 2023
- Personvernnemnda (Norway) - PVN-2022-19 (category Article 17(1)(a) GDPR)services did not violate the data subject's right to erasure under Article 17 GDPR when refused to delete information on the data subject's ethnicity,23 KB (3,547 words) - 10:05, 17 November 2023
- AEPD (Spain) - PS/00085/2021 (category Article 6(1)(a) GDPR)S.A.U., with NIF A80907397, for the alleged violation of article 6.1. GDPR typified in article 83.5.a) of the aforementioned RGPD. 1. APPOINT Mr. D.D.D28 KB (4,350 words) - 13:57, 13 December 2023
- AEPD (Spain) - EXP202100639 (category Article 5(1)(c) GDPR)person under article 4.1 of the RGPD is personal data and its protection, therefore, is the subject of said Regulation. Article 4.2 of the GDPR defines the32 KB (4,945 words) - 13:25, 13 December 2023
- AEPD (Spain) - EXP202105923 (category Article 5(1)(d) GDPR)controller violated Article 5(1)(d) GDPR ("accuracy"), but a more natural conclusion would be to find a violation of Article 32(1)(d) GDPR ("adoption of adequate26 KB (3,846 words) - 12:42, 13 December 2023
- AEPD (Spain) - PS/00369/2019 (category Article 5(1)(c) GDPR)inform the affected parties as provided for in Article 12 GDPR and Article 13 GDPR. According to Article 30(1) GDPR a record must be kept by the responsible28 KB (4,371 words) - 14:33, 13 December 2023
- APD/GBA (Belgium) - 10/2019 (category Article 6(4) GDPR)of identified personal data as defined in Article 4(1) and (2) of the General Data Protection Regulations (GDPR). 1 Hof van beroep Brussel, sectie Marktenhof32 KB (5,190 words) - 16:51, 12 December 2023
- APD/GBA (Belgium) - 170/2023 (category Article 24 GDPR)accordance with Article 33 GDPR to the Belgian DPA. Nonetheless, there were suspicions that the controller did not comply with Article 32 GDPR. Especially24 KB (3,525 words) - 15:29, 26 January 2024
- APD/GBA (Belgium) - 03/2021 (category Article 6(4) GDPR)fulfilled. The school breaches Article 6(1)(b) in combination with Article 6(4) and Article 6(1) Articles 24 and 25 GDPR Furthermore, as the school continued32 KB (4,880 words) - 16:50, 12 December 2023
- AEPD (Spain) - PS/00092/2020 (category Article 13 GDPR)reprimand to the company for not complying with Article 13 GDPR, since it failed to even mention the GDPR in its Privacy Policy. Share your comments here22 KB (3,514 words) - 13:58, 13 December 2023
- AEPD (Spain) - PS/00381/2019 (category Article 5(1)(f) GDPR)breach of Article 5(1)(f) GDPR. Was the publication of the census copies a breach of the data integrity and confidentiality principle under Article 5(1)(f)22 KB (3,479 words) - 14:33, 13 December 2023
- AEPD (Spain) - PS/00075/2020 (category Article 6(1)(a) GDPR)moreover, without informing them of their rights under Article 13 of the GDPR. Article 58 of the GDPR, Powers, states: "Each supervisory authority shall have31 KB (4,909 words) - 13:56, 13 December 2023
- CNIL (France) - SAN-2019-001 (category Article 4(11) GDPR)comprehensible character, within the meaning of Article 12 of the GDPR, of the information provided for in Article 13 of the Regulation must be assessed. The90 KB (14,556 words) - 17:08, 6 December 2023
- UODO (Poland) - DKN.5130.1354.2020 (category Article 83(4)(a) GDPR)expressed in Article 5 (1 ) (a)) f, and reflected in the obligations set out in Article 24 (1), Article 25 (1), Article 32 (1 ) (b ) and (d) and Article 32 (2)74 KB (11,513 words) - 09:58, 17 November 2023
- Garante per la protezione dei dati personali (Italy) - 9542071 (category Article 5(1)(a) GDPR)Garante for the protection of personal data, approved by resolution No. 98 of 4/4/2019, published in G.U. No. 106 of 8/5/2019 and in www.gpdp.it, web doc. No25 KB (3,961 words) - 15:54, 6 December 2023
- AEPD (Spain) - EXP202206825 (category Article 6(1) GDPR)regulated in article 6 of the GDPR. The assumptions that allow the processing of personal data to be considered lawful listed in article 6.1 of the GDPR: 1. Treatment31 KB (4,864 words) - 13:27, 13 December 2023
- AEPD (Spain) - PS/00232/2020 (category Article 6(1) GDPR)- Madrid sedeagpd.gob.es 4/9 punish the complained party for an infraction of article 6.1 of the RGPD, typified in the Article 83. 5) of the RGPD, with29 KB (4,386 words) - 14:20, 13 December 2023
- AEPD (Spain) - PS/00026/2021 (category Article 21 GDPR)processor, Vamavi Phone SL, had violated Article 48(1) LGT, Article 21 GDPR in link with Article 23 LOPDGDD and Article 28 GDPR by making a commercial call on behalf33 KB (5,185 words) - 13:48, 13 December 2023
- ANSPDCP (Romania) - Fine against a natural person (category Article 14(4) GDPR)violating Article 14(1)-(4) GDPR. The natural person was fined: approximately €100 for violating Article 5(1)(a) and (b), Article 5(2), and Article 6(1) GDPR;5 KB (639 words) - 13:56, 4 August 2021
- AEPD (Spain) - PS/00365/2019 (category Article 31 GDPR)infringement of Article 31 GDPR in conjunction with Article 58(1)(e) GDPR. The AEPD, therefore, agreed to impose a penalty of € 20000 under Article 83(5)(e) GDPR86 KB (14,295 words) - 14:32, 13 December 2023
- DVI (Latvia) - SIA “Lursoft IT” (category Article 5(1)(a) GDPR)law “On Latvia 10 15 Article 4, Eleventh Part, Article 4, Paragraph one, Clause 3 Point (a) and the fourth paragraph of Article 4 Documents in the register90 KB (14,351 words) - 16:10, 6 December 2023
- Datatilsynet (Denmark) - 2021-432-0070 (category Article 14(1) GDPR)fulfill its information obligations under Article 14(1) and (4) GDPR with reference to Article 14(5)(b) GDPR. Following a citizen’s inquiry, the Danish39 KB (6,054 words) - 15:54, 10 May 2023
- BAC (Bulgaria) - № 6515 (category Article 6(1)(a) GDPR)property information (all relating to identified natural persons per Article 4(1) GDPR), and the controller processed that data initially by collecting it20 KB (3,093 words) - 09:56, 14 December 2023
- Datatilsynet (Norway) - 21/03656 (category Article 14 GDPR)out in Article 14(5)(a) and Article 14(5)(c) GDPR. The DPA rejected the controller's views as it argued that the exceptions in Article 14(5) GDPR should63 KB (8,745 words) - 13:33, 27 April 2022
- Tietosuojavaltuutetun toimisto (Finland) - 4282/161/21 (category Article 5(1)(f) GDPR)controller had violated Article 5(1)(f) GDPR, Article 17(1) GDPR, Article 25(1) GDPR, Article 32(1) GDPR and Article 32(2) GDPR. As a result, the DPA issued56 KB (8,980 words) - 08:47, 4 March 2024
- AEPD (Spain) - PS/00348/2020 (category Article 5(1)(a) GDPR)claimant’s signature constitute a breach under the GDPR? The AEPD held that Vodafone violated Article 6(1) GDPR, as they had processed the claimant’s data without38 KB (5,648 words) - 14:31, 13 December 2023
- AEPD (Spain) - PS/00200/2020 (category Article 6(1) GDPR)punishable under Article 83(4)(a) GDPR. Assessing the circumstances that modify the responsibility contemplated in Article 83(2) GDPR, in this case, the30 KB (4,833 words) - 14:10, 13 December 2023
- obligations under Article 6, §2, al. 5 and Article 9 of the Camera Act 1 2. there is a serious indication that article 6, § 2, al. 4 of the aforementioned35 KB (5,303 words) - 17:01, 12 December 2023
- NAIH (Hungary) - NAIH/2020/5553 (category Article 12(3) GDPR)request under Article 15 and with the one month deadline under Article 12(3). Was Google Ireland Ltd in breach of its obligations under GDPR Article 15(1) and27 KB (4,279 words) - 10:12, 17 November 2023
- BGH - VI ZB 39/18 (category Article 6(4) GDPR)account, inter alia, the criteria referred to in Article 6(4)(a) to (e) of the DPO (Article 6(4) DPO). Article 6 (4) of the DPA therefore permits further processing53 KB (8,894 words) - 15:56, 22 March 2022
- DPC (Ireland) - Inquiry into Airbnb Ireland UC - 14 September 2023 (category Article 12(4) GDPR)too. In the controller’s view this is allowed under Article 17(3)(b) GDPR and Article 17(3)(e) GDPR, as the information was kept for legal compliance purposes10 KB (1,221 words) - 09:38, 30 October 2023
- VwGH - 2021/04/0030-4 (category Article 14 GDPR)protection complaint solely on Article 5 GDPR under Article 77 GDPR. Regarding the information obligation under Article 14 GDPR, the Court reaffirmed that92 KB (15,328 words) - 09:18, 14 May 2024
- AEPD (Spain) - EXP202200471 (category Article 5(1)(f) GDPR)the violation of Article 5(1)(f) GDPR and €30,000 for the violation of Article 32 GDPR. According to the national legislation (Article 76(2)(b) LOPDGDDon40 KB (6,014 words) - 13:21, 13 December 2023
- Administrative Court - 14/2020 (category Article 6(1)(f) GDPR)personal data, within the meaning of Article 4(2) of Regulation. Louis Companies is responsible for processing (Article 4(7) of the Regulation). Data subjects15 KB (2,128 words) - 10:02, 15 February 2024
- BayLDA (Bavaria) - LDA-1085.1-10821/21-F (category Article 14 GDPR)controller 1 violated Article 5(1)(b) GDPR, Article 14 GDPR, Article 15 GDPR and Article 18 GDPR. Regarding the violation of Article 5(1)(b) GDPR, the data subject19 KB (2,876 words) - 11:50, 2 May 2024
- APD/GBA (Belgium) - 165/2022 (category Article 14(1) GDPR)and (2) GDPR, Article 14 (1) and (1) 2 GDPR, Article 5 (2) GDPR, Article 24 (1) GDPR and Article 25 (1) GDPR. II. Motivation II.1. Interest of the complainant28 KB (4,010 words) - 13:40, 14 December 2022
- Rb. Gelderland - C/05/393140 / HA RK 21-165 (category Article 14 GDPR)under Article 14 GDPR, comply with his access request pursuant to Article 15 GDPR, and to erase his personal data pursuant to Article 17(1)(c) GDPR. The23 KB (3,640 words) - 11:43, 24 March 2022
- Datatilsynet (Denmark) - 2019-431-0031 (category Article 14(1) GDPR)2016/679 [7] that: "Article 14, paragraph Article 14 (5) (c) allows for the abolition of the disclosure requirements in Article 14 (2). 1, 2 and 4, in so far as35 KB (5,528 words) - 08:12, 24 January 2022
- UODO (Poland) - DKE.561.17.2020 (category Article 31 GDPR)entrepreneur. The DPA found that the controller violated Article 31 GDPR and Article 58(1)(e) GDPR and issued a warning to the entrepreneur. The entrepreneur22 KB (3,364 words) - 09:52, 17 November 2023
- LG Frankfurt am Main - 2-24 O 156/21 (category Article 6(1)(b) GDPR)claim under Article 80(1) GDPR and Article 80(2) GDPR. Also, the court clarified, making reference to CJEU case C-319/20, that Article 80(2) GDPR does not70 KB (11,309 words) - 14:37, 21 December 2023
- VG Ansbach - AN 14 K 19.01274 (category Article 77 GDPR)judicial review under Article 78 GDPR. The disputed infringement occurred before the GDPR came into legal force according to Article 99 GDPR. Therefore, the35 KB (5,807 words) - 14:24, 12 October 2022
- Persónuvernd - 2020010601 (category Article 4(1) GDPR)of him or her, cf. 2. tölul. Article 3 Act no. 90/2018 and point 1. Article 4 of the Regulation. According to para. Article 4 Act no. 90/2018, the Act and39 KB (6,351 words) - 09:52, 6 May 2021
- Garante per la protezione dei dati personali (Italy) - 9811300 (category Article 12(4) GDPR)controller violated Article 12(3) GDPR because it didn’t provide access within the time limit in this provision. It also violated Article 12(4) GDPR because it27 KB (4,317 words) - 08:06, 20 October 2022
- Rb. Gelderland - C/05/400739 / KG ZA 22-54 (category Article 14 GDPR)himself, this principle is elaborated in Article 14 of the GDPR. It follows from Article 14(1)(d) of the GDPR that the controller must inform the data21 KB (3,270 words) - 15:32, 11 May 2022
- VG Ansbach - 14 K 19.01274 (category Article 77 GDPR)2018 did not constitute a complaint under Article 77 GDPR, but a "submission" within the meaning of Article 28(4) of Directive 95/46/EC. In the present case33 KB (5,554 words) - 11:06, 19 November 2021
- APD/GBA (Belgium) - 87/2023 (category Article 12(4) GDPR)territorial scope of the GDPR, Article 3 of the GDPR is assumed of two different cases. In the first case (Article 3.1 of the GDPR), the data processing carried21 KB (2,987 words) - 20:10, 4 July 2023
- APD/GBA (Belgium) - 32/2022 (category Article 14 GDPR)of Article 21.4 of the GDPR. 22. With regard to the other information (Article 14.1 and 14.2 GDPR) that the controller, this provision (Article 14.3 GDPR)31 KB (4,547 words) - 15:54, 3 May 2022
- VfGH - G 287/2022-16, G 288/2022-14 (category Article 85 GDPR)requirements of Article 85 GDPR. § 9(1) DSG provides - in implementation of the obligation under EU law pursuant to Article 85(1) GDPR - that the provisions202 KB (29,013 words) - 13:35, 12 January 2023
- Rb. Rotterdam - ROT 22/2125 (category Article 13(4) GDPR)personal data. Last, the controller generally referred to Article 13(4), Article 14(5) and Article 23 GDPR for possible non-disclosure. The data subject found18 KB (2,609 words) - 15:20, 21 March 2023
- OGH - 4Ob84/19k (category Article 14 GDPR)rely on Article 6 (1) (f) GDPR/legitimate interest as a basis for the processing and were appropriate information requirements according to Article 14 GDPR27 KB (4,141 words) - 14:14, 2 May 2023
- Supreme Court - C.20.0323.N (category Article 4(11) GDPR)minimisation under Article 5(1)(c) GDPR, and contrary to the obligation to obtain the freely given consent of the data subject under Article 6(1)(a) GDPR, when refusal43 KB (6,749 words) - 07:07, 28 October 2021
- AEPD (Spain) - PS/00172/2020 (category Article 6(1) GDPR)claim, a transferred the defendant, in accordance with the provisions of article 65.4 of the Law Organic 3/2018, of December 5, Protection of Personal Data38 KB (6,160 words) - 14:06, 13 December 2023
- AN - SAN 3073/2022 (category Article 5(1)(c) GDPR)union enshrined in Article 7 of the Spanish Constitution. Therefore, such processing would be lawful in accordance with Article 6(1) GDPR. Share your comments34 KB (5,374 words) - 14:21, 24 November 2022
- AP (The Netherlands) - z2023-00037 (category Article 14 GDPR)violation of Article 6 GDPR and Article 5(1)(a) GDPR (lawfulness) as it lacked a legal basis for processing. The Municipality sought to rely on Article 6(1)(e)42 KB (6,980 words) - 15:30, 21 November 2023
- VG München - M 3 E 22.667 (category Article 6(1)(c) GDPR)of 14 days. 32 The test result is processed in accordance with Article 4, Paragraph 1, Clause 5 of the 16th BayIfSMV for the purposes of Article 4, Paragraph34 KB (5,550 words) - 14:38, 15 June 2022
- Persónuvernd (Island) - 2022050850 (category Article 13(4) GDPR)represent during elections constituted lawful processing under Article 6(1)(c) GDPR and Article 9(2) GDPR. A data subject, who was the ombudsman of a political26 KB (3,831 words) - 10:10, 10 January 2024
- Datatilsynet (Norway) - 20/02291 (category Article 5(1)(f) GDPR)patient data cf. Article 32 GDPR and Article 5(1)(f) GDPR and inadequate internal controls cf. Article 24 GDPR and Article 5(2) GDPR. Østfold Hospital45 KB (6,645 words) - 14:40, 28 March 2022
- APD/GBA (Belgium) - 137/2023 (category Article 14 GDPR)transparency under Article 12(1) GDPR and Article 14 GDPR, as the controller had failed to fulfill the informational obligations under Article 14 GDPR. The municipality52 KB (7,789 words) - 11:38, 11 October 2023
- AEPD (Spain) - PS/00430/2018 (category Article 4(7) GDPR)( *** POSITION 1) for an infraction of Article 6.1.f) of the GDPR, in accordance with Article 83.5 of the GDPR ”. In the face of it, no allegations have40 KB (6,508 words) - 14:39, 13 December 2023
- APD/GBA (Belgium) - 170/2022 (category Article 14 GDPR)c) of the GDPR as well as as Articles 12.1, 13 and 14 of the GDPR. er 8. On March 17, 2020, the Litigation Division decides, pursuant to Article 95, § 131 KB (4,450 words) - 11:01, 7 December 2022
- AEPD (Spain) - PS/00247/2019 (category Article 32(4) GDPR)employee of the entity - infringes Article 32. 2 and 32.4 of the RGPD, an infringement punishable under Article 83.4.a of the GDPR. Assessing the circumstances39 KB (6,720 words) - 14:22, 13 December 2023
- VG Ansbach - AN 14 K 19.01313 (category Article 77 GDPR)alternative 2 GDPR would have been appropriate. 14 Since the substantive requirements for notification within the meaning of Article 78 (2) alternative 2 GDPR are13 KB (2,004 words) - 09:00, 23 August 2023
- Persónuvernd (Iceland) - Nr. 2020123144 (category Article 14 GDPR)with the applicable data protection law, and in particular with Article 14 of the GDPR. In Iceland, the processing of personal data relating to the creditworthiness19 KB (2,786 words) - 11:36, 22 September 2021
- APD/GBA (Belgium) - 66/2021 (category Article 4(3) GDPR)indictments. 2.2. Identification of the controller (Article 4.7 GDPR) 71. In accordance with Article 4.7 of the GDPR, the controller should be considered: the “natural88 KB (13,010 words) - 20:12, 30 December 2021
- APD/GBA (Belgium) - 95/2023 (category Article 4(1) GDPR)information listed in article 13.1 and 13.2. of the GDPR unless and insofar as the data subject has already knowledge (Article 13.4. of the GDPR). This information27 KB (3,839 words) - 13:12, 18 July 2023
- IDPC (Malta) - CDP/54/2023 (category Article 4(1) GDPR)processing according to Article 4(2) GDPR and thus requires a legal basis according to Article 6(1) GDPR and comply with Article 5 GDPR. The controller did16 KB (2,429 words) - 14:21, 7 May 2024
- OLG Dresden - 4 U 1278/21 (category Article 4(1) GDPR)personal data according to Article 4(1) GDPR, and that the data subject had a right to erasure pursuant to Article 17(1)(d) GDPR. According to the OLG Dresden31 KB (5,060 words) - 07:47, 16 March 2022
- IMY (Sweden) - DI-2019-4062 (category Article 14(2)(g) GDPR)data under Article 17 GDPR, restriction of processing concerning the data subject under Article 18 GDPR, the right to object under Article 20 GDPR as well118 KB (13,497 words) - 16:24, 6 April 2022
- GHDHA - 200.290.360-01 (category Article 14 GDPR)art. 14 paragraphs 1 to 3 GDPR, Nauta has pointed out that art. 14, paragraph 5, opening words and under d, GDPR provides that paragraphs 1 to 4 of this35 KB (5,770 words) - 07:13, 4 April 2022
- BVwG - W214 2225733-1 (category Article 14 GDPR)§74 B-VG Art133 Para.4 DSG §1 DSG §24 GDPR Art12 GDPR Art14 GDPR Art32 GDPR Art5 GDPR Art57 GDPR Art58 GDPR Art6 GDPR Art77 GDPR Art83 VwGVG §28 paragraph140 KB (23,138 words) - 15:13, 19 August 2022
- VGH München - 12 B 19.1648 (category Article 6(1)(c) GDPR)130, 151 [184]). (recital 46)2. § Article 14.2 and Article 15.5 sentence 4 in conjunction with In this respect, § 14.2 of the Telemedia Act does not constitute25 KB (3,847 words) - 12:32, 31 January 2022
- APD/GBA (Belgium) - 127/2022 (category Article 14 GDPR)measures under Article 24 GDPR and 25 GDPR. However, the DPA considered that in this case, the violations of Article 5(1)(f) GDPR and 32 GDPR were sufficient14 KB (1,993 words) - 14:36, 14 September 2022
- RvS - 201902417/1/A2 (category Article 6(1)(e) GDPR)time, which is a violation of the GDPR. As to the claim for damages, the CoS notes that though Article 82(1) of the GDPR states that full compensation for37 KB (5,721 words) - 12:41, 16 September 2021
- APDCAT (Catalonia) - CNS 14/2022 (category Article 6(1)(c) GDPR)Article 21 GDPR grants the right to object to processing based on point Article 6(1)(e) GDPR or Article 6(1)(f) GDPR but does not mention processing based9 KB (1,229 words) - 11:46, 15 June 2022
- Garante per la protezione dei dati personali (Italy) - 9963509 (category Article 9(4) GDPR)obligations related to the processing operations pursuant to Article 5(1)(a) GDPR and Article 14(5)(b) GDPR. In that case, the DPA recommended that the information51 KB (7,841 words) - 08:22, 21 December 2023
- NAIH (Hungary) - NAIH-642-4/2022 (category Article 14 GDPR)80) for the breach of Articles 5(1)(b)(c) GDPR, 6(1) GDPR, 12(1) GDPR, 7(2) GDPR, 9(1) GDPR, 13 GDPR and 14 GDPR. Independent of any instructions from the73 KB (11,498 words) - 15:22, 29 August 2023
- Rb. Oost-Brabant - C/01/371762 / EX RK 21-90 (category Article 14 GDPR)collected from the data subject (Article 13 GDPR) or whether the personal data were not obtained from the data subject (Article 14 GDPR). In both cases, a controller27 KB (4,371 words) - 14:35, 17 August 2022
- Datatilsynet (Norway) - 20/01772 (category Article 14(1)(d) GDPR)but at the latest within one month, cf. article 14 no. 3, letter a. 5 According to article 14 no. 5, this article does not apply if: • The registered person53 KB (7,945 words) - 10:46, 24 January 2023
- APD/GBA (Belgium) - 14/2023 (category Article 5(1)(a) GDPR)contract (article 17.1 of the GDPR), within 30 days of notification of the this decision; - under article 58.2.c) of the GDPR and article 95, §1, 4° of the33 KB (4,897 words) - 14:05, 1 March 2023
- Garante per la protezione dei dati personali (Italy) - 9964761 (category Article 14 GDPR)Therefore, the DPA confirmed a breach of Article 5(1)(a) GDPR, Article 6(1)(a) GDPR, Article 7 GDPR and of Article 130 of the Italian Privacy Code for having65 KB (10,464 words) - 09:48, 17 January 2024
- VG Ansbach - AN 14 K 22.00468 (category Article 2(2) GDPR)2022, para 9 to Article 4 paragraph GDPR; Klar/Kuhling in Kühling/Buchner, DS-GVO/BDSG, 3rd edition 2020, paragraph 30 to Article 4 No. 1 GDPR; sign in BeckOK38 KB (6,226 words) - 15:30, 18 January 2023
- Persónuvernd (Iceland) - Case no. 2021020294 (category Article 14 GDPR)happened without her consent (see Article 6(1)(a) GDPR) and without informing her of the existence of the data (see Article 14 GDPR). The illegally processed personal25 KB (3,944 words) - 08:50, 16 February 2023
- Rb. Oost-Brabant - C/01/371762 / EX RK 21-90 (interim decision) (category Article 14 GDPR)obligations that follow from Article 12, 13, 14 and 26 GDPR, although this competence does not directly follow from Article 35 of the General Data Protection39 KB (6,439 words) - 06:19, 23 August 2022
- APD/GBA (Belgium) - 15/2023 (category Article 4(11) GDPR)of Article 6(1)(e) are met. II.2. Article 5 of the GDPR, Article 24(1) of the GDPR and Article 25(1) and (2) of the AVG II.2.1. Article 5 (2) GDPR, Article105 KB (15,883 words) - 15:05, 8 March 2023
- Datatilsynet (Denmark) - 2021-31-5542 (category Article 14 GDPR)legitimate interests under Article 14(2)(b) GDPR, and so get the possibility to exercise their right under Article 21(1) GDPR. Therefore, the DPA reprimanded43 KB (6,531 words) - 14:04, 21 September 2022
- CNIL (France) - SAN-2024-004 (category Article 4(11) GDPR)there was a breach of Article 14 GDPR. Finally, regarding the security of processing, the CNIL indicated that under Article 32 GDPR, the controller must69 KB (10,971 words) - 11:00, 17 April 2024
- AEPD (Spain) - PS/00443/2021 (category Article 12 GDPR)64 of the LPACAP, for the alleged violation of Article 12 of the GDPR, typified in Article 83.5 of the GDPR, in which he was indicated that he had a period40 KB (6,231 words) - 08:51, 16 March 2023
- Garante per la protezione dei dati personali (Italy) - 9578184 (category Article 14 GDPR) (section 4. Principle of accuracy)undersecretary in matters of sport (Article 5, paragraph 4). The guidelines adopted pursuant to art. 1, paragraph 14, d.l. n. 33/2020 may provide that access33 KB (5,141 words) - 10:30, 19 May 2021
- APD/GBA (Belgium) - 129/2023 (category Article 14 GDPR)impact" for the purposes of Article 35 GDPR, and (2) "insufficient documentary evidence" that an "effective" infringement of the GDPR had taken place. In reaching20 KB (2,838 words) - 06:45, 20 September 2023
- Garante per la protezione dei dati personali (Italy) - 9446730 (category Article 5(1)(e) GDPR)computer was accessed (16.5.2018) (note 1.3.2019, p. 4-5). 1.4. On 17 May 2019, pursuant to Article 166, paragraph 5, of the Code, the Office notified the34 KB (5,420 words) - 15:51, 6 December 2023
- Rb. Noord-Holland - 8117599 CV EXPL 19-16066 (category Article 14(5)(b) GDPR)exception of Article 43 of the GDPR Implementation Act (hereinafter:UAVG) and Article 85 GDPR argued that the information obligation of Articles 13 and 14 GDPR57 KB (9,344 words) - 10:03, 7 April 2021
- LfD (Lower Saxony) - 4.2 05475-02-0301/21 (category Article 6(1)(a) GDPR)on consent in accordance with Article 6 (1) (a) GDPR. The requirements for effective consent in accordance with Article 4 No. 11 and Art. 7 DS-GVO were35 KB (5,593 words) - 08:56, 9 January 2024
- AEPD (Spain) - EXP202208230 (category Article 28(2) GDPR)violation of article 28.2 typified in Article 83.4 a) GDPR. SIXTY THOUSAND EUROS (€60,000) for alleged violation of article 28.3 typified in Article 83.4 a) GDPR45 KB (6,904 words) - 13:12, 13 December 2023
- TA Marseille - N°1901249 (category Article 4(11) GDPR)under Article L. 761-1 of the Code of Administrative Justice. Article 3: The remainder of the parties' submissions is rejected. N° 19012497 Article 4: The26 KB (3,558 words) - 10:21, 10 September 2021
- APD/GBA (Belgium) - 162/2022 (category Article 4(11) GDPR)and (2) GDPR; b. a breach of Article 12(1) and (6) GDPR, Article 13(1) and (2) GDPR and Article 14(1) and (2) GDPR, Article 5(2) GDPR, Article 24(1) GDPR71 KB (10,426 words) - 08:21, 23 November 2022
- AEPD (Spain) - PS/00480/2020 (category Article 5(1)(f) GDPR)offense. The violation of article 32 of the RGPD is referenced in article 83.4.a) of the cited GDPR in the following terms: "4. Violations of the following41 KB (6,468 words) - 17:16, 24 November 2021
- an article about the alleged harassment, unnecessary and illegal detention of a Turkish Cypriot woman who was on the Police Alert-List. The article revealed22 KB (3,496 words) - 12:08, 17 February 2022
- VGH München - BeckRS 2021, 36742 (category Article 9(2)(i) GDPR)general personality rights (Article 2 (1) in conjunction with Article 1 (1) GG) of the applicant and violates Article 9 (1) GDPR. Voluntary consent (Art.33 KB (5,353 words) - 12:40, 26 January 2022
- Datatilsynet (Norway) - 20/02191 (category Article 5(1)(f) GDPR)processing special categories of data, cf. Article 32(1)(b) GDPR, Article 32(1)(d), Article 24 and Article 35, cf. Article 5. In May 2019, a municipality reported38 KB (5,967 words) - 11:48, 7 May 2022
- VG Osnabrück - 1 B 72/21 (category Article 6(1)(c) GDPR)meaning of Article 6 Paragraph 3 in conjunction with Paragraph 1 Letter c) or Letter e) GDPR, whereby according to Article 85 Paragraph 1, 2 GDPR the protection34 KB (5,527 words) - 13:49, 12 April 2022
- APD/GBA (Belgium) - 84-2022 (category Article 14 GDPR)their data. Hence, there was a breach of Article 13 and Article 14. The DPA held that the controller violated Article 5(1)(a) (principle of fairness), as it14 KB (2,020 words) - 16:07, 22 June 2022
- AEPD (Spain) - EXP202203914 (category Article 6(1) GDPR)correspond would be for the infringement of article 6.1 of the GDPR, typified in article 83.5 a) of the GDPR, the sanction that would correspond would be37 KB (5,914 words) - 10:42, 13 December 2023
- Datatilsynet (Denmark) - 2021-31-4751 (category Article 14 GDPR)sexual relationships. 4.1.4. Article 6 (1) of the Data Protection Regulation Article 9 (1) (f) and Article 9 (1) 2, letter f 4.1.4.1. Comments of the parties105 KB (17,427 words) - 18:19, 16 February 2022
- LG Landshut - 51 O 513/20 (category Article 4(7) GDPR)under Article 82 (1) GDPR, because they are not a controller in the meaning of Article 4(7) GDPR. The Court also found that pursuant to §§ 13, 14 WEG, other20 KB (3,082 words) - 06:30, 25 July 2022
- DSB (Austria) - DSB-D770.1336 (category Article 6(1)(e) GDPR)DSG, in compliance with Article 8(2) of the Charter of Fundamental Rights of the European Union (CFREU) and Article 6(1)(e) GDPR. The DSB thus rejected31 KB (4,841 words) - 16:21, 19 December 2023
- CE - 440376 (category Article 6(4) GDPR)collected for other purposes which would be incompatible with Article 5(1)(b) GDPR and Article 6(4) GDPR. The CE dismissed that claimed by recalling that both33 KB (5,152 words) - 14:48, 12 January 2022
- Garante per la protezione dei dati personali (Italy) - 9971433 (category Article 14 GDPR)party. Therefore, the controller breached Article 5(1)(a) GDPR, Article 6(1)(a) GDPR, Article 7 GDPR, and Article 130 of the Italian privacy code, since the51 KB (7,993 words) - 12:39, 6 February 2024
- CNIL (France) - SAN-2023-015 (category Article 14 GDPR)of Article 12 GDPR, Article 13 GDPR, Article 14 GDPR, Article 15 GDPR, Article 28 GDPR, Article 32 GDPR and Article 33 GDPR, as well as of Article L. 34-567 KB (10,546 words) - 13:55, 25 October 2023
- VG Ansbach - AN 14 K 20.00083 (category Article 6(1)(b) GDPR)areas pursuant to Article 58(2)(f) GDPR. The court held that the video surveillance was not lawful pursuant to Article 6(1)(a) GDPR as the data subjects36 KB (5,858 words) - 13:51, 16 May 2022
- Rb. Amsterdam - C/13/696010 / HA ZA 21-81 (category Article 22 GDPR)rights GDPR challenge' (14.04.21): https://techcrunch.com/2021/04/14/uber-hit-with-default-robo-firing-ruling-after-another-eu-labor-rights-gdpr-challenge/11 KB (1,518 words) - 09:26, 29 April 2021
- NAIH (Hungary) - NAIH-5802-9/2022. (category Article 14 GDPR)violated Article 14(1) and (2) GDPR. Because it failed to provide clear and transparent information, the controller also violated Article 12(1) GDPR. The DPA120 KB (19,907 words) - 10:48, 9 November 2022
- Garante per la protezione dei dati personali (Italy) - 9988614 (category Article 14 GDPR)provided to the interested parties based on Article 13 GDPR and to non-contactable persons based on Article 14 GDPR. The information notice includes the right115 KB (18,087 words) - 14:11, 17 April 2024
- Garante per la protezione dei dati personali (Italy) - 9921112 (category Article 14 GDPR)response to their request to exercise their rights under Article 15, Article 17 and Article 21 GDPR. Therefore, the data subject lodged a complaint with the87 KB (13,867 words) - 13:11, 28 September 2023
- DPC (Ireland) - WhatsApp Ireland Limited - IN-18-12-2 (category Article 4(1) GDPR) (section WhatsApp’s transparency obligations in the context of non-users under Articles 14 and 12(1) GDPR)the relevant provisions of the GDPR are Article 14, read in conjunction with Article 12(1). 28. Article 14 of the GDPR concerns transparency in the context830 KB (115,261 words) - 15:37, 22 February 2022
- VUSRH - Usž-670/21-2 (category Article 4(1) GDPR)rendered on the basis of Article 79 para. 4 of the ZUS is also correct, given that the plaintiff lost the dispute in its entirety. 14. Since there are no reasons16 KB (2,450 words) - 07:53, 8 February 2022
- Rb. Midden-Nederland - C/16/526196/ HA RK / 21-01 (category Article 14(5) GDPR)is made to Article 14, paragraph 5 sub a GDPR. The fact that this was different in 2016 under the WBP has not been argued by [applicant]. 4.3.4 Has ASR provided34 KB (5,483 words) - 11:58, 5 December 2022
- AEPD (Spain) - PS/00250/2021 (category Article 5(1)(f) GDPR)violation of Article 32 of the RGPD typified in Article 83.4.a) of the RGPD the sanction of APERCIBIMENTO, and for the violation of article 5.1.f) of the40 KB (6,262 words) - 10:43, 7 July 2021
- CNIL (France) - Deliberation of the restricted training n°SAN-2022-021 of November 24, 2022 concerning the company ELECTRICITÉ DE FRANCE (category Article 14 GDPR)obligations under Article 21 of the GDPR. Fourthly, EDF breached its obligation to guarantee data security as prescribed in Article 32 of the GDPR. In particular52 KB (8,315 words) - 21:54, 6 March 2024
- KR - Mål nr 1552-22 (category Article 14 GDPR)had a different interpretation of article 13 Kammarrätten first took at textual approach to article 12-14 GDPR. Article 13 states that if personal data relating18 KB (2,781 words) - 15:50, 1 February 2023
- LAG Schleswig-Holstein - 1 Sa 148/22 (category Article 4(1) GDPR)He was rejected. On 14.09.2021, the data subject requested his personal information (Article 15 (1) GDPR and Article 15 (3) GDPR) from the controller51 KB (8,324 words) - 15:52, 18 January 2024
- NAIH (Hungary) - NAIH-5377-12/2023 (category Article 5(1)(c) GDPR)the basis of Article 2 (1) of the GDPR, the GDPR shall apply to the data processing in this case apply. (19) Article 5 (1) point c) GDPR: Personal data39 KB (5,747 words) - 14:31, 6 November 2023
- BVwG - W101 2132183-1 and W101 2132039-1 (category Article 4(1) GDPR) (section Use of online tools to provide access in line with Article 12 GDPR)personal data and information under Article 15 GDPR in his Google account, Google has not violated Article 15 GDPR concerning this data/information. As107 KB (17,615 words) - 09:42, 10 September 2021
- Garante per la protezione dei dati personali (Italy) - 9920977 (category Article 14 GDPR)conformity with the data subject’s rights of information under Article 13 GDPR and Article 14 GDPR, the hospital should firstly make clear what the legal basis92 KB (14,476 words) - 08:25, 19 September 2023
- HDPA (Greece) - 35/2023 (category Article 4(12) GDPR)processing and confidentiality (article 5 par. 1 a) and f) GDPR) and constitutes an incident of infringement (Article 4 no. 12 GDPR) 21 b) incorrect handling52 KB (8,460 words) - 10:54, 10 January 2024
- AG Pfaffenhofen a. d. Ilm - 2 C 133/21 (category Article 14 GDPR)violated Article 14 and Article 15 GDPR, since the controller did not give exact information where they had obtained the email-address from (Article 14(2)(f)28 KB (4,447 words) - 16:37, 13 January 2022
- RvS - 202000944/1/A3 (category Article 15(1) GDPR)of State in the Netherlands (RvS) held that a complainant cannot use Article 15 GDPR to find out who reported to the municipality that he may not be entitled16 KB (2,464 words) - 11:43, 10 September 2021
- EDPS - 2020-1013 (category Article 6 GDPR)obligations under Articles 4(1)(a) and 14 (principle of transparency), Article 4(2) (accountability principle), and Article 15 (data subject’s right to66 KB (10,349 words) - 08:54, 19 January 2022
- but not limited to Articles 4, 5, 6, 7, 13, 14, 25 GDPR, in all matters relating to cookies. 168/2022: Controller: RTBF, for the use of cookies on the RTBF29 KB (3,892 words) - 13:46, 7 December 2022
- APD/GBA (Belgium) - 45/2023 (category Article 6(1)(a) GDPR)the data subject (Article 6(1)(a) GDPR and Article 9(2)(a) GDPR) or must be part of the performance of a contract (Article 6( 1)(b) GDPR) 2. According to22 KB (2,983 words) - 08:20, 16 May 2023
- APD/GBA (Belgium) - 07/2024 (category Article 14 GDPR)28 II.4. Transparency towards those involved (Article 12.1, Article 13.1 and 13.2, Article 14.1 and 14.2, Article 5.2, Article 24.1, and Article 25.1 GDPR)350 KB (51,369 words) - 09:25, 31 January 2024
- APD/GBA (Belgium) - 189/2022 (category Article 12(4) GDPR)sector, within the period of one month (article 12.3 GDPR), nor to notify the extension of that period (article 12.4 GDPR). The specific reason for the exercise21 KB (3,086 words) - 08:57, 11 January 2023
- WSA Rzeszów - II SA/Rz 1539/21 (category Article 6(1)(e) GDPR)name is personal data under Article 4(1) GDPR. Additionally, the Head of the Municipality maintained that according to Article 11 of the Polish Labour Code40 KB (6,464 words) - 20:55, 1 March 2022
- LSG Niedersachsen-Bremen - L 16 SF 5/21 DS (category Article 77 GDPR)supported by the structure of Article 78 GDPR, which is strictly intertwined with Article 77 GDPR. Indeed, Article 78(2) GDPR provides the data subject with34 KB (5,655 words) - 14:08, 16 May 2023
- NSA - III OSK 1522/21 (category Article 4(1) GDPR)- roadside check of the vehicle, - 14:14 - roadside check of the vehicle, - 14:30 - roadside check of a cyclist, - 14:33 - roadside inspection of the applicant's47 KB (7,566 words) - 11:37, 15 November 2022
- Rb. Gelderland - C/05/404834 / HA ZA 22-245 (category Article 15(3) GDPR)GDPR 4.26. [defendant 1] and [defendant 2]. also based their request on Article 15 paragraph 3 GDPR. 4.27. [claimant] has argued with reasons that the36 KB (5,830 words) - 09:54, 23 November 2022
- Datatilsynet (Norway) - 17/01281 (category Article 6(1)(f) GDPR)Privacy Ordinance Article 4 no. 2. For this processing of personal data, the mission assembly is responsible for processing. Article 6 (1) of the Privacy38 KB (6,275 words) - 16:13, 6 December 2023
- LG Hannover - 13 O 129/21 (category Article 82(1) GDPR)sense of Article 82(1) GDPR, because the controller unlawfully disclosed the data to its customers. The court also held that under Article 82 GDPR the violation28 KB (4,506 words) - 11:20, 4 November 2022
- Garante per la protezione dei dati personali (Italy) - 9706389 (category Article 14 GDPR)receiving marketing calls. (In violation of Articles 5(1), (2), 6(1), 7, 14 and 21 GDPR.) Second, the Garante held that the company contravened the principle142 KB (23,307 words) - 09:37, 28 October 2021
- ICO (UK) - Emailmovers Limited (category Article 4(7) GDPR)Legal Framework Controller 4. The Commissioner is of the view that EML is a controller as defined in Article 4(7) of the UK GDPR and section 6 of the Data29 KB (4,150 words) - 12:48, 3 August 2021
- APD/GBA (Belgium) - 11/2022 (category Article 4(1) GDPR)interpreted Article 5.3 of the Directive Privacy and electronic communications using the GDPR, specifically on the basis of Article 4.11, Article 6.1.a GDPR (consent92 KB (13,989 words) - 14:56, 3 February 2022
- AEPD (Spain) - PS/00180/2020 (category Article 13 GDPR)as per Article 22(2) of the Spanish Law on Information Society Services (LSSI) — amongst others, the Spanish law regulating cookies — and Article 13 of38 KB (5,879 words) - 14:07, 13 December 2023
- DSB (Austria) - 2023-0.583.644 (category Article 5(1)(a) GDPR)represents personal data within the meaning of Article 4, Paragraph 1, GDPR, Article 4, Number One, GDPR (cf. ECJ December 11, 2014, C-212/13, paragraph93 KB (15,554 words) - 10:04, 15 February 2024
- CNIL (France) - SAN-2021-012 (category Article 14 GDPR)obligation to inform the persons concerned pursuant to Article 14 of the GDPR 71. Article 14 of the GDPR provides that when personal data have not been collected55 KB (8,897 words) - 13:56, 21 November 2023
- RvS - 202100213/1/A3 (category Article 12(3) GDPR)month as per Article 12(3) GDPR. Second, the Council of State held that the right to rectification of personal data pursuant to Article 16 GDPR only applies20 KB (3,092 words) - 09:01, 2 February 2022
- Garante per la protezione dei dati personali (Italy) - 9845156 (category Article 14 GDPR)exemptions set out in Article 14(5) GDPR apply in this case, the DPA found a violation of the principle of transparency in Article 5(1)(a) GDPR and the obligations128 KB (20,856 words) - 12:32, 14 March 2023
- CNIL (France) - SAN-2021-010 (category Article 14 GDPR)now carried out in accordance with Articles 13 and 14 GDPR. Has the firm violated Article 5(1)(e) GDPR and domestic legal provisions regarding personal data47 KB (6,931 words) - 09:28, 28 July 2021
- Hämeenlinnan hallinto-oikeus (Finland) - 2548/2023 (category Article 5(1)(a) GDPR)in the tax information portals had in any case violated Article 5(1)(a) GDPR and Article 32 GDPR, because the large-scale and permanent publication of personal44 KB (6,893 words) - 10:28, 25 March 2024
- UODO (Poland) - DKN.5131.31.2021 (category Article 5(1)(a) GDPR)controller violated Article 33(1) GDPR by failing to inform the DPA of the data breach. Second, the DPA held that the controller violated Article 28(1), (3) and105 KB (17,237 words) - 09:22, 10 May 2023
- ICO (UK) - Mermaids (category Article 5(1)(f) GDPR)for by Article 51 of the GDPR. 13. By Article 57(1) of the GDPR, it is the Commissioner's task to monitor and enforce the application of the GDPR. 14. By58 KB (7,695 words) - 09:00, 28 July 2021
- BVwG - W211 2221963-1 (category Article 6 GDPR)pursuant to Article 14 (1) (d), (e) and (f) and (2) (c), (e) and (f) of the GDPR in accordance with Article 14 (5) (a) of the GDPR (point 4). It was explained43 KB (7,062 words) - 19:38, 18 January 2021
- LG Rostock - 3 O 762/19 (category Article 4(2) GDPR)unlawful under Article 6(1) GDPR: A user's consent under Article 6(1)(a) GDPR could not be considered valid under Articles 4(11) and 7 GDPR, especially since103 KB (16,959 words) - 13:58, 20 September 2021
- AEPD (Spain) - PS/00131/2020 (category Article 13 GDPR)with article 4.1 of the RGPD. As for the fingerprint, it is also data that must be qualified. two as biometric data and in accordance with article 4.14 of45 KB (6,923 words) - 08:41, 16 June 2021
- LG Augsburg - 022 O 2669/22 (category Article 14 GDPR)13, 14 GDPR), also the defendant clearly and in ease language pointed to the default settings, so no breach of Article 25 GDPR or Article 32 GDPR either26 KB (4,101 words) - 10:24, 13 March 2024
- mentioned appears in pieces 14 and 16, are no longer visible on YouTube. [Y] sends on about this 14/01/2019 an email to a friend. (Part 4) On 31/01/2019 [Y] receives31 KB (4,878 words) - 13:23, 31 March 2022
- VGH Kassel - 10 E 1898/22 (category Article 5(1)(e) GDPR)recourse (cf. Bay. VGH, decision of May 5, 2014 - 4 C 14.449 -, para. 17; OVG Hamburg, Resolution of August 14, 2000 - 3 So 54/00 -, paragraph 6; each juris)10 KB (1,302 words) - 16:28, 24 January 2023
- AEPD (Spain) - PS/00459/2020 (category Article 5 GDPR)purposes of prescription in article 72 of the LOPDGDD and both are typified in article 83.5 of the GDPR. In this regard, article 29.5 of Law 40/2015, of October40 KB (6,380 words) - 08:15, 28 July 2021
- Garante per la protezione dei dati personali (Italy) - 9461168 (category Article 5(1)(f) GDPR)reviewe the security of the data processed by the processor under Article 28(3)(a) and (h) GDPR. For these reasons, the responsibility of the security incident50 KB (8,001 words) - 15:52, 6 December 2023
- Persónuvernd (Island) - 2021051199 (category Article 14 GDPR)under the exemption carved out by the Icelandic GDPR (Article 19 of 90/2018) which states that Article 14 GDPR does not apply when an administrative authority30 KB (4,766 words) - 15:03, 29 September 2023
- Garante per la protezione dei dati personali (Italy) - 9685922 (category Article 5(1)(f) GDPR)processing carried out is in violation of Article 5(1)(f) GDPR, Article 25(1) GDPR, Article 32 GDPR and Article 35 GDPR. Especially, the controller cannot exclude119 KB (19,123 words) - 11:29, 16 August 2022
- Garante per la protezione dei dati personali (Italy) - 9880336 (category Article 14 GDPR)DPA found that the controller violated the following GDPR provisions: Articles 5(1), 6(1) and 7 GDPR for acquiring personal data from a third party for marketing52 KB (8,324 words) - 15:03, 9 May 2023
- Garante per la protezione dei dati personali (Italy) - 9993548 (category Article 14 GDPR)the principles set out in Articles 5(1)(a) GPDR, Article 6(1)(a) GDPR, Article 13 GDPR and Article 14 GDPR. For reasons stated above the DPA determined fine42 KB (6,554 words) - 12:35, 27 March 2024
- Persónuvernd (Iceland) - 2020061951 (category Article 5(1) GDPR)defined in the first paragraph. Article 4 of the Act, cf. Points 2 and 4 Article 3 of the Act and points 1 and 2. Article 4 of the Regulation. According to44 KB (7,044 words) - 08:42, 13 December 2021
- APD/GBA (Belgium) - 46/2022 (category Article 5(1)(a) GDPR)erasure (Article 17 of the GDPR), the right to restriction (Article 18 GDPR), as well as the right of opposition (Article 21 GDPR) 91. Article 17 of the86 KB (12,864 words) - 06:37, 23 February 2023
- Datatilsynet (Norway) - 21/03126 (category Article 83(4)(a) GDPR)purposes of Article 4(16) GDPR." Consequently, the DPA concluded that the cooperation mechanism and procedure set out in Article 56(1) GDPR and Article 60 GDPR133 KB (19,309 words) - 05:16, 24 March 2023
- DSB (Austria) - DSB-D213.1759 (category Article 5(1)(c) GDPR)hereinafter: GDPR), OJ L 119, 4 May 2016, p. 1.: Article 4, Article 5 Paragraph 1 Letter c, Article 6, Article 12 Paragraph 3, Article 51 Paragraph 172 KB (11,993 words) - 14:21, 10 April 2024
- OVG Münster - 16 A 1582/21 (category Article 12(5) GDPR) (section No Analogous Application of Article 14(5)(b) variant 2 GDPR.)12(5)(1) GDPR as an independent claim. The broad concept of personal data underlying the GDPR (Article 4(1) GDPR), the wording and purpose of Article 15(3)(1)123 KB (20,784 words) - 10:11, 26 November 2021
- APD/GBA (Belgium) - 60/2023 (category Article 14 GDPR)information obligations under Article 5(1)(a), Article 6(1), Article 12, Article 13, Article 24(1), Article 25(1) and Article 25(2). Share your comments here39 KB (5,541 words) - 08:17, 6 June 2023
- Commissioner (Cyprus) - 11.17.001.008.001 (category Article 5(1)(f) GDPR)data within the meaning of Article 4 (2)of the Regulation.Responsible for processing Bank of Cyprus Public Company Ltd (article 4 (7) ofRegulation). Data61 KB (9,412 words) - 16:52, 6 December 2023
- Rb. Oost-Brabant - C/01/356292 / KG ZA 20-141 (category Article 6(1)(e) GDPR)that the GDPR applies to the request for removal. The request shall be based on Article 21 in conjunction with Article 79 of the GDPR and Article 35(2) of18 KB (2,804 words) - 16:26, 10 March 2022
- NAIH (Hungary) - NAIH/2020/193/8 (category Article 12(4) GDPR)been deleted by the employer upon request pursuant to Article 16, Article 17 and Article 5(1)(d) GDPR (inaccuracy of personal data). Therefore, the employer58 KB (9,413 words) - 10:11, 17 November 2023
- BVwG - W101 2218962-1 (category Article 4(1) GDPR)date 07/28/2022 standard B-VG Art133 Para.4 DSG §24 paragraph 1 DSG §24 paragraph 5 GDPR Art12 GDPR Art15 GDPR Art4 VwGVG §28 paragraph 2 WTBG 2017 §80 saying42 KB (6,586 words) - 09:33, 17 September 2022
- FG Berlin-Brandenburg - 16 K 2059/21 (category Article 14(5)(b) GDPR)court emphasised that some scholars even apply Article 14(5)(b) GDPR analogously to Article 15(1) GDPR even though it did not create an analogy itself117 KB (19,778 words) - 14:27, 13 April 2022
- Datatilsynet (Norway) - 20/01626 (category Article 5(1)(a) GDPR)processing as per Article 5(1)(b), nor legal grounds as per Article 6. In sum, the DPA found that NIF had breached Article 5(1)(a), (c) and (f), Article 6, and Article50 KB (8,081 words) - 18:52, 5 March 2022
- CNIL (France) - SAN-2023-025 (category Article 6(1)(a) GDPR)the data subjects, therefore breaching Article 6 GDPR, as well as Article 5(1)(b) GDPR. Thirdly, Article 30 GDPR stipulates that the controller must keep53 KB (8,418 words) - 11:21, 6 February 2024
- Datatilsynet (Norway) - 23-114365TVI-TOSL/08 and 23-114359TVI-TOSL/08 (category Article 6(1)(b) GDPR)because, under the GDPR, Facebook Norway could not be considered a data controller under Article 4(7) GDPR and Articles 66(1) and 61(8) GDPR were used incorrectly113 KB (18,098 words) - 11:57, 13 September 2023
- Persónuvernd (Iceland) - 2020010355 (category Article 5(1)(f) GDPR)failed to comply with the provisions of Article 32(1)(b) GDPR, Article 32(1)(d) GDPR and Article 5(1)(f) GDPR. Furthermore, InfoMentor did not ensure sufficient44 KB (7,217 words) - 10:04, 12 May 2021
- APD/GBA (Belgium) - 124/2021 (category Article 6(3) GDPR)breach of Article 6 GDPR), and had failed to properly inform the Complainants about the processing activity (i.e. breach of Article 13 GDPR). After these38 KB (5,625 words) - 10:37, 7 December 2021
- Rb. Amsterdam - c/13/673085 / HA ZA 19-340 (category Article 17(1) GDPR)taken publicly (Article 6 (1) ECHR, Article 14(1) International Covenant on Civil and Political Rights, Article 21 Dutch Basic Law and Article 5(1) of the25 KB (4,071 words) - 13:55, 20 September 2021
- EDPB - Urgent Binding Decision 01/2023 (category Article 6(1)(f) GDPR)advertising purposes on the basis of Article 6(1)(b) GDPR and Article 6(1)(f) GDPR, pursuant to Article 58(2)(f) GDPR, to be effective one week after notification346 KB (48,181 words) - 16:39, 12 December 2023
- OLG Brandenburg - 11 U 9/23 (category Article 4(1) GDPR)controller may refuse to comply with access requests under Article 15 GDPR pursuant to Article 12(5)(b) GDPR if they are aimed exclusively at achieving objectives27 KB (4,404 words) - 08:48, 12 July 2023
- Court of Appeal of Brussels - 2020/AR/582 (category Article 58(2)(a) GDPR)decision 14/2020, of 14 April 2020 of the Disputes room of the GBA known under file number DOS-2020-01192, send them by e-mail at notified on 14 April 20226 KB (3,871 words) - 07:59, 24 August 2023
- Persónuvernd (Island) - Mál nr. 2021091751 (category Article 17 GDPR)compliance with the GDPR. This complaint would have perhaps benefited from being read under Article 5 (data minimisation) rather than Article 17 (right to erasure)19 KB (3,102 words) - 12:48, 17 January 2024
- APD/GBA (Belgium) - 137/2021 (category Article 14 GDPR) (section Violation of the right to access (Article 15 GDPR), the right to object (Article 21 GDPR) and the right to erasure (Article 17 GDPR))breach of Article 14(1), Article 14(2), Article 14(3), Article 15 GDPR, Article 17(1)(c) and Article 21(2) GDPR, read in combination with Article 12(3) GDPR6 KB (761 words) - 10:35, 16 December 2021
- Garante per la protezione dei dati personali (Italy) - 9556625 (category Article 5(1) GDPR)Guarantor for the protection of personal data, approved by resolution no. 98 of 4/4/2019, published in the Official Gazette n. 106 of 8/5/2019 and in www.gpdp57 KB (9,144 words) - 15:55, 6 December 2023
- DSB (Austria) - 2022-0.585.764 (category Article 2(2)(c) GDPR)personal data in accordance with Article 4, number one, GDPR. 3.2.4. The GDPR defines the term processing in Art. 4 Z 2 GDPR by listing a number of possible77 KB (13,004 words) - 14:44, 9 May 2023
- APD/GBA (Belgium) - 72/2021 (category Article 6(1)(e) GDPR)conditions provided for in Article 6.1.e) are met by the species. Under Article 6.3.b) and recital 45 of the GDPR, processing based on Article 6.1.e) must meet two57 KB (8,330 words) - 11:53, 30 June 2021
- BVerwG - 10 C 4.20 (category Article 23(1)(e) GDPR)Information Acts and the GDPR. Due to the questions of EU law raised by the case with regard to Article 23(1)(e) GDPR and Article 23(1)(j) GDPR, the BVerwG had37 KB (6,075 words) - 08:46, 20 July 2022
- CJEU - C-280/22 - Kinderrechtencoalitie Vlaanderen and Liga voor Mensenrechten v Belgian State (category Article 4 GDPR)1, 2, 3, 4, 5, 6, 9, 25, 32, 35 and 36 of the GDPR, Articles 1, 2, 3, 4, 8, 9, 10, 27 and 28 of Directive (EU) 2016/680, Articles 1, 2, 3, 4, 5, 10, 287 KB (740 words) - 11:43, 7 September 2022
- VG Potsdam - 11 K 4526/16 (category Article 4(1) GDPR)provided for in Article 15(1) GDPR, which was kept by the Higher Administrative Court. The Court denied the request. Does Article 15 GDPR apply to hand written33 KB (5,306 words) - 15:12, 22 March 2022
- LArbG Baden-Württemberg - 2 Sa 16/21 (category Article 12(1) GDPR)employer violated their Article 15 GDPR obligations as a data controller. The plaintiff requested information under Article 15 GDPR from its former employer49 KB (8,074 words) - 08:33, 6 October 2022
- CNPD (Luxembourg) - Délibération n°13FR/2021 (category Article 12 GDPR)considered as processor within the meaning of article 4, point 8 of the GDPR. 7. In his response letter of February 14, 2019 to the minutes drawn up by the CNPD30 KB (4,164 words) - 11:12, 16 June 2021
- VG Schwerin - 1 A 1343/19 SN (category Article 4(1) GDPR) (section Expert Opinion as Personal Data Within the Meaning of Article 4(1) GDPR)para. 2 lit. c and Article 15(3) of the GDPR. The expert opinion was personal data within the meaning of Art. 4 No. 1 of the GDPR. The GDPR does not differentiate61 KB (10,071 words) - 14:28, 14 July 2021
- APD/GBA (Belgium) - 172/2022 (category Article 12(4) GDPR)personal data within the meaning of Article 4.1) of the GDPR. 14 12 GDPR, Art. 4, 1). ; Opinion 4/2007 of the “article 29” working group on data protection43 KB (6,300 words) - 11:35, 20 December 2022
- SA/Wr - IV SA/Wr 671/22 (category Article 86 GDPR)information and the protection of personal data under Article 86 GDPR. However, the restriction under its Article 5(1) of the Polish Act on Access to Public Information31 KB (4,776 words) - 12:43, 8 May 2023
- IP (Slovenia) - 0603-98/2022/6 (category Article 5(2) GDPR)first paragraph of Article 91 of ZVOP 1 and when applying the second paragraph of Article 26 of ZP 1, the first paragraph of Article 21 of ZP 1 and the25 KB (4,035 words) - 13:16, 26 July 2023
- AEPD (Spain) - PS/00261/2021 (category Article 6(1) GDPR)contemplates in its article 76, entitled “Sanctions and corrective measures”: "one. The penalties provided for in sections 4, 5 and 6 of article 83 of the Regulation34 KB (5,536 words) - 19:04, 16 May 2022
- APD/GBA (Belgium) - 29/2024 (category Article 12(4) GDPR)defendant has committed Articles 12.3 and 12.4 GDPR in conjunction with Article 17.1 GDPR, as well as Article 31 GDPR in no way minor infringements, nor that27 KB (4,073 words) - 10:26, 21 February 2024
- Datatilsynet (Denmark) - 2019-32-0988 (category Article 5(1)(e) GDPR)rejected the complainant´s request for deletion pursuant to Article 6 (1) (e) and (f) of the GDPR arguing that the recordings of emergency calls are part of45 KB (7,151 words) - 16:24, 6 December 2023
- Rb. Zeeland-West-Brabant - 10072897 AZ VERZ 22-61 (category Article 4(2) GDPR)of data within the meaning of Article 4(2) GDPR, hence the lawfulness of the observation was tested directly against Article 8 ECHR. The requirement by the30 KB (4,770 words) - 12:39, 10 November 2022
- VG der Freien Hansestadt Bremen - 4 K 1338/21 (category Article 4(2) GDPR)in the sense of Article 4(2) GDPR. Therefore, the data controller needed a lawful ground for processing in the sense of Article 6(1) GDPR. Due to the fact10 KB (1,353 words) - 10:42, 14 November 2022
- BVwG - W258 2247028-1 (category Article 58(2) GDPR)under national law nor under the GDPR - had the power to declare the processing unlawful. It argued that Article 58(2) GDPR does not provide a DPA with such27 KB (4,012 words) - 14:36, 2 July 2022
- Datatilsynet (Norway) - 21/02455 (category Article 14 GDPR)Norwegian territory after determining violations of Article 6(1) GDPR, Article 12(2) GDPR and Article 14 GDPR. After the advance notification to Shinigami Eyes9 KB (1,125 words) - 04:17, 23 June 2022
- Garante per la protezione dei dati personali (Italy) - 9737185 (category Article 14 GDPR)right. This amounted to a violation of Article 5 (1)(a), Article 12, Article 13, Article 14 GDPR and Article 21 GDPR. Therefore, on the basis of all the elements52 KB (8,589 words) - 20:01, 16 February 2022
- Garante per la protezione dei dati personali (Italy) - 9983210 (category Article 5(1) GDPR)Article 9, Article 12 and Article 13 GDPR. The Italian DPA ordered the controller to bring processing operations into conformity with the provisions of89 KB (14,466 words) - 15:14, 20 February 2024
- Datatilsynet (Denmark) - 2019-32-0709 (category Article 5(1)(a) GDPR)with Article 6 (1) of the Data Protection Regulation. Article 17 (1) (c) and that the information shall not be deleted in accordance with Article 17 (1)24 KB (3,763 words) - 16:23, 6 December 2023
- CNIL (France) - SAN-2023-014 (category Article 4(11) GDPR)violating Article 82 of the French data protection act, whose reference to consent must be understood within the meaning of Article 4(11) GDPR, since VOODOO9 KB (1,295 words) - 15:39, 17 October 2023
- AEPD (Spain) - EXP202205820 (category Article 6 GDPR)according to article 4.1 of the GDPR, are a Personal data and its protection, therefore, is the subject of said Regulation. In the article 4.2 of the GDPR defines61 KB (9,700 words) - 13:21, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9828901 (category Article 14 GDPR)behalf of the controller, violating Article 27(4) GDPR. The DPA confirmed that the controller violated Article 35 GDPR for not having carried out a DPIA91 KB (14,709 words) - 13:02, 14 December 2022
- APD/GBA (Belgium) - 85/2022 (category Article 4(11) GDPR)(potential violation of Articles4.11, 6.1 a) and 7.1 GDPR): ▪ The GDPR requires a “statement or unequivocal active act” (Article 4.11 GDPR), which means that all171 KB (24,826 words) - 15:55, 18 June 2022
- the processing (article 21 of the GDPR) and the processing is necessary for freedom of expression and information (Article 17.3 of the GDPR). e - 3 plea:19 KB (2,637 words) - 10:37, 7 December 2021
- BlnBDI (Berlin) - C-807/21 - Deutsche Wohnen (category Article 83 GDPR)intentional infringement of Article 25(1) GDPR and Article 5(1)(a), (c), and (e) GDPR, the authority imposed a pecuniary penalty of €14,385,000, as well as 157 KB (936 words) - 16:39, 12 December 2023
- HDPA (Greece) - 47/2023 (category Article 12(1) GDPR)meaning of article 4 par. 2) and 6) GDPR, under processing under the regulatory scope of articles 2 par. 1 of the GDPR and 2 of Law 4624/2019. 4 2) Since36 KB (6,028 words) - 07:43, 20 March 2024
- VGH München - 7 CE 20.1822 (category Article 4(1) GDPR)county Standard chains: BayPrG Art. 4 para. 1 VwGO § 123 (1) sentence 2, § 146, § 152, § 154 (2) ZPO § 920 Basic Law Article 5(1) GKG § 47, § 52 (2), § 53 (2)25 KB (3,916 words) - 12:37, 31 January 2022
- ICO (UK) - Enforcement Notice and Warning Letter - Home Office (category Article 5(2) GDPR)accountability pursuant to Article 5(2) UK GDPR because it failed to demonstrate compliance with Article 5(1)(a) and (c) UK GDPR principles of lawfulness129 KB (17,281 words) - 14:57, 10 April 2024
- APD/GBA (Belgium) - 57/2021 (category Article 5(1)(a) GDPR)result of the violations of article 5.1 a), article 5.2, article 6.1, article 12.1, article 13.1 c) and d) and article 13.2 b) GDPR. 21. On 17 June 2020, the99 KB (15,064 words) - 14:05, 2 June 2021
- OLG Karlsruhe - 12 U 305/21 (category Article 12 GDPR)among other things, on Article 15 GDPR. The court of first instance decided to reject the claim and argued that Article 15 GDPR only provides data subjects38 KB (6,239 words) - 10:47, 15 February 2023
- Garante per la protezione dei dati personali (Italy) - 9751362 (category Article 14 GDPR)of the Regulation. Article 58(2)(i) and Article 83(3) of the Regulation and Article 166(2) of the Code. 4. CORRECTIVE MEASURES Article 58(2) provides the134 KB (21,856 words) - 05:16, 25 May 2022
- IDPC (Malta) - CDP/DBN/31/2020 (category Article 14 GDPR) (section Obligation to notify the data breach (Article 33 and Article 34 GDPR))without a proper legal basis under Article 6 and Article 9 GDPR, and that the information required under Article 14 GDPR was not provided to the data subjects10 KB (1,225 words) - 12:13, 24 March 2022
- ArbG Düsseldorf - 9 Ca 6557/18 (category Article 6(1)(c) GDPR)The claim for a data copy under Article 15(3) GDPR can be objected to on the basis of the principle of good faith that the efforts of the person responsible58 KB (9,364 words) - 13:51, 16 December 2021
- OLG Schleswig - 9 Wx 23/21 (category Article 6(4) GDPR)out in Article 23(1) GDPR. § 21(2) TTDSG serves the enforcement of civil claims and thus pursues an objective mentioned in Article 23(1)(j) GDPR, which29 KB (4,683 words) - 18:37, 6 April 2022
- Datainspektionen - DI-2020-4534 (category Article 6(1)(f) GDPR)of the tenants under Article 6(1)(f)? The DPA held that Uppsalahem AB had processed personal data in breach of Article 6 (1) (f) GDPR by conducting camera34 KB (3,985 words) - 11:43, 7 April 2022
- OLG Hamm - 20 U 146/22 (category Article 12(5)(b) GDPR)meaning of Article 4(1) GDPR. Nevertheless, in this case the controller had the right to disregard the request in light of Article 12(5)(b) GDPR, as the latter30 KB (4,784 words) - 08:39, 8 August 2023
- DSB (Austria) - 2023-0.227.168 (category Article 4(7) GDPR)No. Article 12, paragraph one,, paragraph 2, paragraph 3 and paragraph 4,, Article 15, paragraph one,, Article 23, paragraph one, litera e,, Article 5139 KB (6,150 words) - 14:23, 29 August 2023
- AEPD (Spain) - TD/00277/2020 (category Article 17 GDPR)of these data (hereinafter, GDPR); and in article 47 of the LOPDGDD. SECOND: In accordance with the provisions of article 55 of the RGPD, the Agency Spanish40 KB (6,518 words) - 13:29, 13 December 2023
- DSB (Austria) - 2022-0.083.310 (category Article 2(2)(a) GDPR)data, claiming that this would constitute a violation against Article 5 GDPR and Article 6 GDPR. The Federal Minister of Finances denied the competence of52 KB (8,272 words) - 16:33, 18 January 2024
- Persónuvernd- nr. 2018/1779 (category Article 5(1)(a) GDPR)whether the processing is automatic or not, cf. Item 4 Article 3 of the Act and Paragraph 2. Article 4 Regulation. This case relates, on the one hand, to18 KB (2,797 words) - 16:06, 10 March 2022
- Persónuvernd - nr. 2018/1779 (category Article 5(1)(a) GDPR)whether the processing is automatic or not, cf. Item 4 Article 3 of the Act and Paragraph 2. Article 4 Regulation. This case relates, on the one hand, to18 KB (2,797 words) - 16:08, 10 March 2022
- AEPD (Spain) - EXP202105333 (category Article 6(1) GDPR)hereinafter, LPACAP), for the alleged infringement of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR. SIXTH: On October 13, 2022, DIGI requests the49 KB (7,973 words) - 13:25, 13 December 2023
- OLG Celle - 8 U 165/22 (category Article 12(5) GDPR)sense of Article 4(1) GDPR. Moreover, OLG Celle also held that a singular access request can never be excessive for the purposes of Article 12(5) GDPR as the62 KB (10,852 words) - 14:08, 7 January 2023
- VGH München - 5 CS 20.1302 (category Article 4(1) GDPR)meaning of Article 4 (1) and (2) GDPR, this would be justified under Article 6 (1)(c) and (3). The court also found that the VIG complies with Article 86 GDPR:29 KB (4,594 words) - 12:48, 15 September 2021
- Persónuvernd (Iceland) - Case no. 2021101924 (category Article 6(1)(a) GDPR)and 14 GDPR, data subjects have, among other things, the right to be informed about the processing of their data. However, pursuant to Article 14(5)(b)36 KB (5,751 words) - 15:12, 25 January 2023
- Garante per la protezione dei dati personali (Italy) - 9983244 (category Article 5(1)(f) GDPR)considering that the controller violated Article 5 GDPR, Article 9 GDPR and Article 32 GDPR, as well as Article 2-septies(8) of the Italian Privacy Code47 KB (7,566 words) - 09:15, 28 February 2024
- IP - 07121-1/2020/519 (category Article 14 GDPR)data and a legal basis would be needed according to Article 6 GDPR and the principles of Article 5 GDPR should be respected. The employer who decides that15 KB (2,192 words) - 15:21, 17 March 2022
- Datatilsynet (Denmark) - 2020-432-0037 (category Article 28(3) GDPR)violation of Article 32(1) GDPR due to the scope of the data mishandling and the sensitivity of the subject. Moreover, the Family Court violated Article 28(3)46 KB (7,343 words) - 16:39, 6 December 2023
- UODO (Poland) - DKN.5131.7.2020 (category Article 33(1) GDPR)person's behavior can be obtained by profiling, as referred to in art. 4 pts 4 GDPR. However, as part of our activities, we do not conduct profiling, and50 KB (8,066 words) - 10:00, 17 November 2023
- HDPA (Greece) - 6/2024 (category Article 4(7) GDPR)provided is provided for in Article 13 GDPR for the case where the data is collected by the subject and in Article 14 GDPR for the case where the data19 KB (3,000 words) - 13:44, 6 March 2024
- District Court Warsaw-Praga (Poland) - II C 1228/19 (category Article 4(12) GDPR)designated by Union or Member State law (Article 4(7) of the GDPR). According to Art. 4 point 12 of the GDPR, "personal data breach" means a breach of27 KB (4,466 words) - 12:28, 31 January 2023
- Persónuvernd (Iceland) - 2020031451 (category Article 5(1)(f) GDPR)2016/679, cf. Paragraph 1 Article 4 of the Act, and thereby the authority of the Data Protection Authority, cf. Paragraph 1 Article 39 of the Act, covers the15 KB (2,283 words) - 14:02, 4 April 2022
- FG München - 15 K 1212/19 (category Article 4(7) GDPR)the "lifting". (4.2) Exclusions (4.2.1) GDPR and AO restrictions According to Art. 15 Para. 1 GDPR, the person concerned (Art. 4 No. 1 GDPR) has a right to98 KB (16,511 words) - 08:37, 9 May 2022
- CNPD (Luxembourg) - Délibération n°43FR/2021 (category Article 37(1) GDPR)Protection Officer (DPO) under Section 4 of Chapter 4 of the GDPR (see in particular Article 37 GDPR to Article 39 GDPR). One of these audit proceedings concerned20 KB (2,865 words) - 10:43, 7 December 2021
- Garante per la protezione dei dati personali (Italy) - 9894662 (category Article 14 GDPR)violation of Article 24 GDPR. Moreover, the DPA stressed that controllers must be able to demonstrate that they obtained consent, pursuant to Article 7(1) GDPR245 KB (40,390 words) - 14:30, 21 June 2023
- NAIH (Hungary) - NAIH/2020/66/21 (category Article 25(1) GDPR)fine are set out in Article 83 of the General Data Protection Regulation. contained in Article. In the event of a breach of Article 5 of the General Data67 KB (10,492 words) - 10:11, 17 November 2023
- Rb. Amsterdam - C/13/683377 / HA ZA 20-468 (category Article 14 GDPR)introduction) the GDPR. 14.5. Article 11.7a Tw has been in force since 5 June 2012 (and amended in 2013, 2015 and 2018). Previously, Article 4.1 of the Decree243 KB (40,160 words) - 11:54, 5 April 2023