On 5 March 2020, the Icelandic SA took the decision to impose an administrative fine of ISK 1.300.000 (EUR 8.945) on the Breiðholt Upper Secondary School in a case relating to a personal data breach as a result of a lack of implementation of appropriate data protection policies and appropriate technical and organisational measures to protect the data by the controller.
On 5 March 2020, the Icelandic Supervisory Authority (SA) took the decision to impose an administrative fine of ISK 3.000.000 (EUR 20.643) on the National Center of Addiction Medicine in a case relating to a personal data breach. After carrying out an investigation of the data breach, the SA concluded that the breach was a result of a lack of implementation of appropriate data protection policies and appropriate technical and organisational measures to protect the data by the controller.
The Danish Data Protection Agency has reported the municipality of Gladsaxe and the Municipality of Hørsholm to the police, as it finds that the municipalities have not met the requirements of an adequate level of security under the General Data Protection Regulation (GDPR). The Agency became aware of the cases when both municipalities notified the agency of personal data breaches relating to the theft of computers containing personal data.
The Swedish Data Protection Authority imposes a fine of 75 million Swedish kronor (approximately 7 million euro) on Google for failure to comply with the GDPR. Google as a search engine operator has not fulfilled its obligations in respect of the right to request delisting.
A summary of the hearing is now available.
New factsheets, checklists and flowcharts on data protection published by the EDPS.
The company’s organisational and technical measures for the protection of personal data were not appropriate to the risk posed by the processing of personal data, which means that data of about 2.2 million people have fallen into the wrong hands. There was a lack of appropriate response procedures to deal with the emergence of unusual network traffic, concluded the President of the Personal Data Protection Office (UODO).
The Belgian data protection authority imposed a fine of €10,000 on a merchant for the disproportionate use of the electronical identity card for the purpose of creating a loyalty card.
Europol’s EC3 signs Memorandum of Understanding (MOU) with global non-profit dedicated to reducing cyber-risk in the financial system through intelligence sharing.
A multi-country action day coordinated by Eurojust in The Hague led to the dismantling of an international criminal network committing massive fraud with pay-TV, which shows organised crime expanding its illegal activities to large-scale violations of audiovisual copyright.
The Portuguese Judicial Police (Polícia Judiciária) dismantled Europe’s second-largest counterfeit currency network on the dark web with Europol’s support. Five individuals have been arrested and are accused of counterfeiting and organised crime. Counterfeit banknotes were seized across Europe, notably in France, Germany, Spain and Portugal, worth over € 1.3 million.
A summary of the exchange of views, with a focus on digital, transport and finance policy, is now available.
Update: a speech by Commissioner Vella was made available.
The key decisions taken by the Commission are presented below and grouped by policy area.
The Commission is also closing 146 cases in which the issues with the Member States concerned have been solved without the Commission needing to pursue the procedure further.
The Court orders Belgium to pay a penalty payment of €5,000 per day for not fully transposing the directive on high-speed electronic communications networks and, a fortiori, for failure to notify the relevant transposing measures to the Commission.