EDPB meeting minutes 16 July 2024
members
–
2 min read
Systems overload! Is the EDPB taking on too much?
Norway DPA fines university for insufficient access control in MS Teams
members
–
4 min read
The 🇳🇴 University of Agder was fined €12,500 (NOK 150k) for failing to secure personal data on Teams/SharePoint and insufficient internal controls. Short decision, several takeaways for everyone!
Dutch DPA fines Clearview AI €30.5m, warns personal liability and says *use* also illegal
members
–
4 min read
[📝 NB! Massive post update 11 Sep] The 🇳🇱 DPA fines Clearview €30.5m, imposes four orders and warns of non-compliance penalties of €5.1m. Using Clearview is illegal and the DPA investigates if company directors can be held personally liable for the violations. Numerous questions on this decision!
Italy: bank fined €1m and rental company €250k for unclear DPAg and no legal basis
members
–
4 min read
The 🇮🇹 Garante fined a bank €1 million for anti-fraud checks as a processor on behalf of a group company without a legal basis, breaching both Articles 28(3) and 5(1)(a). The rental company was separately fined €250,000, also for an insufficient privacy notice. Here are your key takeaways! 💡
CJEU C-154/21 RW v Österreichische Post (Information on recipients of personal data) 12 Jan 2023
members
–
3 min read
You have the right to know the actual identities of the recipients your personal data has been shared with.
Your data, my dilemma, our decision (object by 9 Aug)!
members
–
2 min read
Moving to US, object if you don't want to come
EDPB meeting minutes 18-19 June 2024
members
–
2 min read
Noteworthy points on involving others (earlier) in their work, opinions vs. guidelines, the political ads Regulation, and 🇸🇪 Supreme Admin. Court CJEU request regarding Art. 13-14 and camera surveillance.
EDPB Guidelines 1/2022 Right of access
members
–
3 min read
A snapshot of the EDPB Guidelines dealing with DSARs: Brief overview, key points, and some advice for data protection pros.
Rights: Access (DSAR) - examples
members
–
40 min read
Right of access examples from the EDPB and ICO.
EDPB press release: DPAs AI Act role, EU-US DPF FAQs, new European Data Protection Seal
members
–
1 min read
EDPB opines that DPAs should be designated AI Act MSAs, adopted 🇪🇺-🇺🇸 DPF FAQs for individuals and businesses, and an opinion approving the EuroPriSe Criteria Catalogue for certifying processors' processing activities, resulting in a European Data Protection Seal.
Denmark Google Workspace for Education Chromebook case (Helsingørgate)
members
–
9 min read
[15 July: Municipalities complies with Jan order + 🚨 DPA asks for EDPB opinion on the scope of a controller's documentation obligations regarding a processor's use of sub-processors] The Danish DPA's landmark decision of 2022 to ban certain use of Google products and US transfers, is still ongoing.