GDPRhub newsletter 09 June 2022

🎙️
Listen to the audio recording here.

Belgium

The Belgian DPA fined a large media company €50,000 for not obtaining prior consent for the placement cookies and for violating the principles of accountability and storage limitation. Read more or edit on GDPRhub...

Written with the support of Enzo Marquet

The Council of State suspended a decision to choose a US contractor in the context of a public procurement procedure on the ground that the public authority did not sufficiently examine whether the contractor was compliant with the requirements of the GDPR, in particular the provisions on transfers and the further processing by another company, Smart Analytics, based in Russia. Read more or edit on GDPRhub...

The Brussels Tribunal held that the Belgian DPA improperly handled the case of a complainant and committed a breach of its duty of care by not handling his request to reach an amicable solution within a reasonable period of time. Read more or edit on GDPRhub...

Finland

The DPA ordered the Police University College to give the data subject a video recording featuring other students. The DPA held that the controller wrongfully denied the right of access under Article 15(4) GDPR without sufficiently demonstrating how giving the copy would adversely affect others. Read more or edit on GDPRhub...

Written with the support of Vadym Kublik

Germany

The Administrative Court of Berlin held that the Berlin DPA is not competent for matters of church taxes because of the special competence of the independent church supervisory authorities in accordance with Article 91 GDPR. Read more or edit on GDPRhub...

The Higher Regional Court of Koblenz rejected the notion of a de minimis limit under Article 82 GDPR and held that a data subject can also claim compensation for minor damages, in the present case €500, because the controller unlawfully reported a payment default to a credit rating agency. Read more or edit on GDPRhub...

The Higher Regional Court of Köln held that an access request of an insurance holder aimed to verify the lawfulness of premium increases - and not the lawfulness of the data processing - cannot be considered excessive under Article 12(5) GDPR. Read more or edit on GDPRhub...

Written with the support of Heiko Hanusch

The Administrative Court of Cologne held rectification of data under Article 16 GDPR requires the data subject to prove that the data designated to replace the inaccurate data is accurate itself. Read more or edit on GDPRhub...

Italy

The Italian DPA fined Uber a total of €4,240,000 for violations relating to 1,500,000 data subjects in Italy, including lack of transparency and consent and failure to notify the DPA of a personal data breach. Read more or edit on GDPRhub...

Written with the support of sabrina_salmeri

The Italian DPA fined Palumbo Superyacht Ancora €50,000 for, among other things, violating the principles of fairness and storage limitation by illegally keeping a former independent contractor's work email account active and preventing them from accessing it. Read more or edit on GDPRhub...

Written with the support of Carloc

The Italian DPA held that the controller had no legal ground to inform the parents of the children enrolled in a private nursery school about the pregnancy of a teacher. The DPA also held that this was a violation of the principles of lawfulness and data minimization. Read more or edit on GDPRhub...

Written with the support of Carloc

Netherlands

The District Court Midden-Nederland rejected a data subject’s claim that processing by the Tax Authority had been unlawful because Article 6(1)(e) GDPR provided a valid legal basis and there was no violation of Article 6(4) GDPR. Read more or edit on GDPRhub...

Written with the support of Giel Ritzen

Norway

The Norwegian DPA fined the Norwegian Labour Inspection Authority approximately €14,679 (150,000 NOK) for credit rating a data subject without a legal basis. The DPA also reprimanded the controller for falsely informing the data subject that their data had not been processed. Read more or edit on GDPRhub...

Romania

The Romanian DPA fined a credit institution and collection agency approximately €5,000 (24.740 RON) for unlawfully disclosing the personal data of a loan applicant to doctors and medical units. Read more or  edit on GDPRhub...

Written with the support of Heiko Hanusch