This Tuesday, the Belgian Data Protection Authority decided to reprimand the FPS Public Health for not responding to the exercise of a citizen’s right of access.
Statement in response to Marriott International, Inc’s filing with the US Securities and Exchange Commission that the Information Commissioner’s Office (ICO) intends to fine it for breaches of data protection law.
The National Supervisory Authority finalised an investigation into the controller UNICREDIT BANK S.A. and found that it breached the provisions of Article 25 (1) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
The controller was sanctioned with a fine of the amount of 613,912 lei, the equivalent of 130,000 euros.
The documents adopted at the Eleventh Plenary Session of the EDPB are now available.
On Tuesday, May 28, 2019, the Belgian DPA imposed its first financial penalty since the entry into application of the GDPR. The administrative fines amounts to EUR 2,000 and concerns the misuse of personal data for election purposes. Although the goal is small, the data is not necessarily important, but data controllers must assume their responsibility, especially if they have a government mandate.
The State Data Protection Inspectorate has imposed an administrative fine in the amount of EUR 61,500 for the breaches of the General Data Protection Regulation. The sanctions were imposed on MisterTango UAB for the breaches of Articles 5, 32 and 33 of the afore-mentioned Regulation, i.e. the personal data breach in the payment initiation service system which, inter alia, has also not been reported to the supervisory authority. In the opinion of the Inspectorate, the start of imposing fines under the General Data Protection Regulation should be a significant signal to other companies which only declaratively comply with the provisions of the above legal acts.
Just a few days short of the GDPR’s first anniversary, the European Data Protection Board surveyed the Supervisory Authorities (SAs) of the EEA and takes stock of the Board’s achievements.
From the very first day of application, the first cross-border cases were logged in the EDPB’s IMI case register, leading to a current total of 446 cross-border. 205 of these have led to One-Stop-Shop (OSS) procedures. So far, there have been 19 final OSS outcomes.
Two cases concerning Svea Ekonomi, a financial credit company, have been processed at the Office of the Data Protection Ombudsman. As a result, the Data Protection Ombudsman has ordered the company to correct its practices in the processing of personal data related to the assessment of creditworthiness, the right of inspect one’s own personal data and notification practices.
The President of the Personal Data Protection Office (UODO) imposed its first fine for the amount of PLN 943 000 (around €220 000) for the failure to fulfil the information obligation.
On February 26, the EDPB Chair and Vice-Chair addressed the European Parliament’s Civil Liberties, Justice and Home Affairs Committee (LIBE) on GDPR implementation.
The Commissioner has today issued his decision to the Lands Authority after concluding the investigation of the data breach, that was brought to his attention by the Times of Malta on 23rd November 2018. The findings of the investigation established that the online application platform available on the Authority’s portal lacked the necessary technical and organisational measures to ensure the security of processing. The Lands Authority was found to have infringed the provisions of Article 32 of the General Data Protection Regulation (GDPR) and, in terms of Article 21 of the Data Protection Act (CAP. 586), was served with an administrative fine of €5,000. The level of the fine was reached after the Commissioner took into account the circumstances set out under Article 83.2 of the GDPR.
The Hellenic DPA, in order to a) explore the level of compliance with the General Data Protection Regulation (GDPR) -six months after its entry into force- and the specific legislation on e-privacy, b) raise the awareness of data controllers and data subjects, and also c) exercise its envisaged powers, has carried out the following “ex officio” investigation, which was initiated in December 2018 and is ongoing.
The Austrian Data Protection Authority has finalised its investigation into the Austrian Post (Österreichische Post AG) and issued a decision stating the Austrian Post has violated several provisions of the GDPR.
Brussels, 13 February – On February 12th, the EEA Data Protection Authorities and the European Data Protection Supervisor, assembled in the European Data Protection Board, met for their seventh plenary session. During the plenary a wide range of topics were discussed.
On 21 January 2019, the CNIL’s restricted committee imposed a financial penalty of 50 Million euros against the company GOOGLE LLC, in accordance with the General Data Protection Regulation (GDPR), for lack of transparency, inadequate information and lack of valid consent regarding the ads personalization.