Fine

The Netherlands: DPA imposes EUR 830,00 fine for access request fees

On the 6th of July 2020, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, “Dutch DPA“) published its decision to impose a fine of 830,000 EUR on Stichting Bureau Krediet Registratie (BKR). BKR keeps an electronic file of the loans and debts people have in the Netherlands, stored in a central database. Companies like financial institutions …

The Netherlands: DPA imposes EUR 830,00 fine for access request fees Read More »

Germany: Berlin data protection authority imposes EUR 14.5 million fine for “data cemetery”

On 30 October 2019, the Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit – “Berlin DPA”) imposed an administrative fine of about EUR 14.5 million against Deutsche Wohnen SE for infringements of the General Data Protection Regulation (GDPR). Facts and legal evaluation by Berlin DPA Deutsche Wohnen SE …

Germany: Berlin data protection authority imposes EUR 14.5 million fine for “data cemetery” Read More »

FRANCE: A new phase in European privacy law enforcement – CNIL fined Google LLC 50 million euros!

By Denise Lebeau-Marianna, Caroline Chancé and Alexandre Balducci   On 21 January 2019, the restricted committee of the French Data Protection Supervisory Authority (CNIL) fined Google LLC 50 million euros for breaching GDPR for lack of transparency, inadequate information and lack of valid consent regarding personalized advertising.  This is the first decision rendered by the CNIL …

FRANCE: A new phase in European privacy law enforcement – CNIL fined Google LLC 50 million euros! Read More »

UK: Personal liability for PECR regulatory fines proposed in Government consultation

On 30 May the Department for Digital, Culture, Media & Sport in the United Kingdom launched a consultation on the functioning of the current regime for holding to account company directors, those holding similar positions in corporate bodies / unincorporated associations, and members of partnerships for breaches of the Privacy and Electronic Communication Regulations 2003 …

UK: Personal liability for PECR regulatory fines proposed in Government consultation Read More »

FRANCE: First GDPR complaints lodged with the CNIL

Immediately after the entry into application of the GDPR, the CNIL received several complaints over “forced consent” and unlawful processing. On May 25, the non-profit European Center for Digital Rights (known as nyob for “none or your business”), founded by Max Schrems, filed four, very similar, complaints over “forced consent” against Google (Android), Instagram, WhatsApp …

FRANCE: First GDPR complaints lodged with the CNIL Read More »

THE NETHERLANDS: new chairman DPA announces fines

By Richard van Schaik and Róbin de Wit Last week, the chairman of the Dutch Personal Data Protection Authority (Autoriteit Persoonsgegevens, “AP”), Aleid Wolfsen, announced that several investigations around data breaches are pending and that the first serious fine is just a matter of time. Mr. Wolfsen is optimistic about the impact of the upcoming …

THE NETHERLANDS: new chairman DPA announces fines Read More »

GERMANY: Bavarian Data Protection Authority issues guidance on GDPR Sanctions

On September 1, 2016, the Bavarian Data Protection Authority (BayLDA) issued a brief paper outlining the basic principles of the future sanction regime under the European General Data Protection Regulation (GDPR). The document is available at the following link: https://www.lda.bayern.de/media/baylda_ds-gvo_7_sanctions.pdf (German-language only). Background The GDPR will become effective on May 25, 2018, after a transition …

GERMANY: Bavarian Data Protection Authority issues guidance on GDPR Sanctions Read More »

EUROPE: GDPR – Group revenues at risk of fines

On 4 May 2016, the long awaited General Data Protection Regulation (GDPR) was published in the Official Journal of the European Union. With an ‘enforced from date’ of 25 May 2018, the potential high penalties for breach of the GDPR are becoming an increasing area of concern for multi-national businesses. Under the GDPR, supervisory authorities …

EUROPE: GDPR – Group revenues at risk of fines Read More »

FRANCE: The CNIL Fines Google €100,000 Over Right To Be Forgotten

The French data protection authority (the “CNIL”) will not settle for a compromise, or so says its recent decision to fine Google Inc. €100,000 for failing to properly implement the so-called “right to be forgotten”. By Carol Umhoefer (Carol.Umhoefer@dlapiper.com) and Caroline Chancé (Caroline.Chance@dlapiper.com). Earlier this month, Google announced it was adapting its approach to the …

FRANCE: The CNIL Fines Google €100,000 Over Right To Be Forgotten Read More »