Search results
From GDPRhub
- CNIL (France) - SAN-2020-012 (category Article 4(7) GDPR) (section On the material and territorial competence of the French DPA)supervisory authority competent to hear the facts in question would not be the CNIL but the Irish data protection authority, the Data Protection Commission93 KB (14,936 words) - 17:09, 6 December 2023
- IMY (Sweden) - DI-2020-11373 (category Article 44 GDPR)level of protection of personal data guaranteed by the GDPR. Tele2 Sverige Aktiebolag (the controller) used Google Analytics tool provided by Google LLC (processor)113 KB (12,773 words) - 15:20, 6 December 2023
- CNIL (France) - SAN-2019-001 (category Article 4(11) GDPR)imposed a record fine of €50 million on Google for several violations of GDPR including processing personal data without a lawful basis, violating the free consent90 KB (14,556 words) - 17:08, 6 December 2023
- IMY (Sweden) - DI-2020-11397 (category Article 44 GDPR)undermine the level of protection of personal data guaranteed by the GDPR. CDON AB (the controller) used Google Analytics tool provided by Google LLC (processor)121 KB (13,722 words) - 15:16, 5 July 2023
- CNIL (France) - SAN-2021-023 (category Article 56 GDPR) (section The material competence of the CNIL and the non-application of the "one-stop shop" mechanism provided for by the GDPR)The French DPA fined Google LLC €90,000,000 and Google Ireland Limited €60,000,000 for failing to comply with Article 82 of the French Data Protection Act120 KB (19,650 words) - 09:00, 6 April 2022
- CNIL (France) - SAN-2022-027 (category French)this was not the case, in violation with Article 82 of the French Data Protection Act. Article 82 of the French Data Protection Act also states that users73 KB (11,864 words) - 17:03, 6 December 2023
- CNIL (France) - SAN-2022-025 (category Article 4(11) GDPR)consent from French users, in violation of Article 82 of the French Data Protection Act. On March 10 2021, the French DPA received a complaint against Apple ('provider'82 KB (13,463 words) - 17:03, 6 December 2023
- CNIL (France) - SAN-2020-009 (category Article 5(1)(a) GDPR) (section On the violation of the obligation to fairly process personal data)breaches of the GDPR and the French Data Protection law (Loi informatique et libertés). In this case, the French data protection authority investigated several48 KB (7,404 words) - 17:09, 6 December 2023
- APD/GBA (Belgium) - 37/2020 (category Article 17 GDPR)movement of data). Data Protection), hereinafter DPMR ; Having regard to the law of 3 December 2017 establishing the Data Protection Authority, hereinafter131 KB (22,429 words) - 16:57, 12 December 2023
- CE - N° 430810 (category Article 6(1)(a) GDPR)not the lead authority for Google LLC since Google LLC's Irish establishment did not have any decision-making power with regard to its data processing operations42 KB (6,800 words) - 09:50, 10 September 2021
- CNIL (France) - SAN-2020-013 (category Article 6 GDPR)company's compliance with the French data protection law. The French DPA reported several infringements of the data protection law by AEC when placing cookies82 KB (13,424 words) - 17:10, 6 December 2023
- CNIL (France) - SAN-2021-024 (category French) (section The material competence of the CNIL and the non-application of the "one-stop shop" mechanism provided for by the GDPR)supervisory authority competent to know the facts which against him would not be the CNIL but the Irish data protection authority, the Data Protection Commissioner82 KB (13,428 words) - 17:02, 6 December 2023
- The French DPA (CNIL) imposed a € 2250000 fine on Carrefour France for several violations of the GDPR and French data protection law. These include: excessive104 KB (16,646 words) - 17:09, 6 December 2023
- CNIL (France) - SAN-2023-025 (category Article 6(1)(a) GDPR)Article 30 of the GDPR, namely: the name and contact details of the data controller, his representative and the data protection delegate. data, the purposes53 KB (8,418 words) - 11:21, 6 February 2024
- ICO - Monetary Penalty on Ticketmaster UK Limited (category Article 4(2) GDPR)page. 9.4 million EEA data subjects were notified as having been potentially affected by the Personal Data Breach, of whom 1.5 million data subjects originated130 KB (21,195 words) - 13:52, 25 April 2021
- Personvernnemnda (Norway) - PVN-2022-22 (category Article 9 GDPR)personal data 22 May 2020. On 24 January 2021, the Norwegian Data Protection Authority sent a notification that the Norwegian Data Protection Authority was91 KB (14,440 words) - 10:06, 17 November 2023
- APD/GBA (Belgium) - 25/2020 (category Article 5 GDPR)(General Data Protection Regulation), hereinafter AVG; Having regard to the Act of 3 December 2017 establishing the Data Protection Authority, hereinafter84 KB (14,035 words) - 16:56, 12 December 2023
- CNIL (France) - SAN-2023-024 (category Article 6(1) GDPR)Council of April 27, 2016 relating to the protection of personal data and the free movement of such data (GDPR); Having regard to Directive 2002/58/EC of76 KB (12,140 words) - 13:55, 28 February 2024
- CNIL (France) - SAN-2023-023 (category Article 5(1)(e) GDPR)be carried out by Google, as specified in its terms of use, the data controller had breached Article 82 of the French Data Protection Act. Considering the60 KB (9,512 words) - 10:08, 31 January 2024
- CNIL (France) - Deliberation SAN-2022-024 of December 20, 2022 (category Article 4(11) GDPR)verify its compliance with the French law implementing the ePrivacy-Directive, the French "Data Protection Act", and the GDPR. In their investigation, the73 KB (11,822 words) - 11:58, 11 January 2023
- Datatilsynet (Norway) - 20/02136 (notification) (category Article 6(1) GDPR)European Data Protection Board (“EDPB”) has provided guidance with an analysis of the notion of consent in GDPR. 4 3European Data Protection Board, Guidelines77 KB (11,517 words) - 10:36, 22 October 2022
- EDPB - Binding Decision 4/2022 - 'Meta (Instagram)' (category Article 4 GDPR)of their data, when such data processing is not necessary for the provision of the service. Article 7(4) GDPR, which defines the conditions for consent468 KB (51,340 words) - 14:10, 30 January 2023
- CNIL (France) - SAN-2023-009 (category Article 7(1) GDPR)The French DPA fined the online advertising group Criteo €40 million for violations relating to the processing of personal data, in particular for failing78 KB (12,701 words) - 10:11, 28 June 2023
- CNIL (France) - SAN-2024-003 (category Article 4(11) GDPR)Article 83 of the GDPR provides that: "Each supervisory authority shall ensure that administrative fines imposed under this article for violations of this regulation52 KB (8,208 words) - 10:44, 13 March 2024
- Garante per la protezione dei dati personali (Italy) - 9806053 (category Article 5(1)(a) GDPR)Regulation called "Google Ads Data Processing Terms", "according to which ilMeteo s.r.l. is the data controller and Google LLC is responsible "for the same (see91 KB (14,906 words) - 14:39, 5 October 2022
- CNIL (France) - SAN-2024-004 (category Article 4(11) GDPR)controller’s premises in order to verify compliance with the GDPR and French Data Protection Act. During this inspection, the CNIL discovered that, regarding69 KB (10,971 words) - 11:00, 17 April 2024
- AEPD (Spain) - PS/00140/2020 (category Article 6(1)(a) GDPR)highlights that if GOOGLE LLC would have provided this data for anonymization and if it were personal would have violated data protection regulations. The390 KB (63,154 words) - 07:08, 9 June 2022
- ICO - Monetary Penalty on Marriott International Inc. (category Article 5(1)(f) GDPR)Schedule 16 of the Data Protection Act 2018 (the “DPA”). I relates to infringements of the General Data Protection Regulation (the “GDPR”), which came to241 KB (31,368 words) - 09:59, 9 May 2022
- Garante per la protezione dei dati personali (Italy) - 9675440 (category Article 5(1)(e) GDPR)Information and policy on the protection of employee data; b. Data Processing Agreement - Agreement for data processing; c. Personal Data treatment & communication180 KB (29,599 words) - 13:51, 28 July 2021
- DPC (Ireland) - WhatsApp Ireland Limited - IN-18-12-2 (category Article 13(1)(e) GDPR) (section Article 13(2)(e) - whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and of the possible consequences of failure to provide such data)the Data Protection Commission made pursuant to Section 111 of the Data Protection Act, 2018 and Articles 60 and 65 of the General Data Protection Regulation830 KB (115,261 words) - 15:37, 22 February 2022