CASES, SANCTIONS AND CLAIMS

  • (2019, Dec) The Austrian DPA decided that it is excessive to ask for proof of identity in a case where a user requested the erasure of a profile which was created without any proof of real identity (article in English).
  • 2019, Mar) German regional labour court decides that an employer unlawfully refused an employee’s Data Subject Access Request concerning information about the charges that led to his dismissal.
  • (2019, Nov) Denmark: Automatic denial of access request is prohibited.
  • (2019, Nov) Germany: The German Federal Commissioner for Data Protection and Freedom of Information (BfDI) fined a telecommunications company with 9,550,000 Euros for lack of appropriate measures to authenticate data subjects (article in English).
  • (2020, Feb) Berlin DPA stated in a case that request for additional information to confirm the identity of data subject is not necessary if request to erase data was sent via the support area of the account management section after logging in using registration data.
  • (2020, Jul) According to a decision of the Düsseldorf Court, a former employee received damages amounting to EUR 5,000 because he received delayed and incomplete information from his employer.
  • (2020, Jul) The Dutch Data Protection Authority imposed a fine of €830,000 on an organization for charging data subjects a fee to access their personal data more than once a year.
  • (2020, Aug) The Dutch Data Protection Authority imposed a fine of €830,000 against BKR (National Credit Register) for personal data access charges.

REPORTS AND ARTICLES FROM OTHER ORGANISATIONS

OFFICIAL GUIDELINES, REPORTS AND STATEMENTS