Wrongful infringement needed to impose administrative sanction for GDPR violations

Wrongful infringement needed to impose administrative sanction for GDPR violations The ECJ decided two cases involving fines contested by entities in Lithuania and Germany. The Lithuanian National Public Health Centre challenged a €12,000 fine for creating a Covid-19 tracking app, while Deutsche Wohnen, a German real estate company, contested a fine exceeding €14 million for […]

German subsidiary of H&M fined over €35 million ($41.3 million) for misuse of employees’ data

  A German subsidiary of H&M was fined over €35 million ($41.3 million) for violation of the GDPR in the use of its employees’ data. It was found that since 2014, H&M had been processing a considerable amount of data about its employees’ persona life (such as holiday experiences, family issues, religious beliefs, and illness […]

Tags: ,

EDPB’s Fifteenth Plenary session: Important topics discussed

On November 12 and 13, 2019, the European Data Protection Board (EDPB) met in its fifteenth plenary session. The EDPB discussed important topics. Adoption of EU-US Privacy Shield Third Annual Review Report. After the Third Annual Joint Review of the Shield, the EDPB adopted its report. The EDPB appreciates the improvements by the US Authorities[i] […]

Tags: ,

ICO’s Guide to the GDPR

ICO published a veery useful guide dedicated to “data protection officers and others who have day-to-day responsibility for data protection” aimed at “small and medium-sized organisations”. See here  

The Italian DPA rejects basic aspects of the law-imposed centralized electronic invoicing system because it had serious privacy flaws

The centralized electronic invoicing system (e-invoicing), as originally structured by the Agenzia delle Entrate (“Agenzia”), the Italian tax authority, has been significantly curtailed by a recent decision of the Italian DPA (Garante Privacy, “Garante”). In its decision, the Garante found that the system contained major critical issues vis-a-vis data protection law. The e-invoicing is a […]

Portuguese hospital challenges GDPR EUR 400,000 fine

On October 10, 2018, the Portuguese Data Protection Authority (CNPD) found the Barreiro Hospital guilty of violating the integrity and confidentiality principle and the data minimization principle set forth by the GDPR. According to this source, the infringements were punished with a fine of €400,000. The hospital is going to fight the fine, this source […]

Tags: , ,

Digital Single Market: European Parliament adopts new regulation on the free flow of non-personal data in the EU

On October 4, 2018, the European Parliament adopted the proposed EU Regulation on the Free Flow of Non-Personal Data in the European Union. The Regulation aims at removing obstacles to the free movement of non-personal data within the European Union. The Regulation does not cover data mobility outside the EU. The approved Regulation does not […]

Tags: ,

CNIL publishes analysis of blockchain in light of the GDPR

In September 2018, the French Data Protection Agency, the Commission Nationale de l’informatique et des Libertés (CNIL) published a report explaining how Blockchain relates to the GDPR (“Report”). In particular the Report highlights the following. WHO IS THE CONTROLLER IN A BLOCKCHAIN TRANSACTION. Users of the web who decide to submit a transaction to the validation […]

Tags: ,

Italian GDPR harmonization law is now in force

On September 19, 2018, Legislative Decree n. 101/2018 harmonizing the Italian privacy law with the General Data Protection Regulation (GDPR) entered into force. Legislative Decree was published on the Official Italian Gazette (Gazzetta ufficiale n. 205 04-09-2018) on September 4, 2018. More on the Legislative Decree and the Italian Privacy Code (Legislative Decree 196/2003) is available […]

Tags: ,