CASES, SANCTIONS AND CLAIMS

  • The European  Court of Human Rights published a factsheet with some relevant case law regarding data privacy and Art. 8 of the European Convention on Human Rights.
  • The European Court of Justice published the judgement in Case C‑193/18 dealing with the concept of electronic communications networks and services.
  • The CJEU Advocate General Campos Sánchez-Bordona delivered the Opinion in case C‑78/18 (European Commission v Hungary) concerning the national law which required transparency for donations from abroad made to certain NGOs. The AG finds the measure “unjustified and disproportionate interference with the rights of those who make donations to respect for their privacy and to the protection of their personal data”.
  • The Dutch Supreme Court ruled that “Street parking enforcement via licence plate scanning is lawful and proportionate interference with article 8 ECHR”.
  • The Romanian Court ruled that displaying a court decision containing the names of the parties, as well as their other identifying data, in a public, visible and easily accessible place is likely to infringe the data subject’s right to protection of personal data.
  • European Court of Human Rights (ECHR) has published a factsheet containing a summary of the most relevant cases on data protection.
  • European Court of Human Rights (ECHR) has published a factsheet containing a summary of the most relevant cases on data protection related to the new technologies.
  • The Belgian Market Court has quashed a previous decision by the litigation chamber of the Belgian Data Protection Authority (BDPA) in relation to the use of the Belgian electronic identity card  as a means of obtaining a loyalty card at a liquor store. The Belgian DPA issued a fine of EUR 10,000 for a merchant who required customers to provide their ID cards  to be scanned to receive loyalty cards.
  • European Court of Human Rights published a factsheet with the summary of the new cases on New Technologies.
  • The Hungarian National Authority for Data Protection (the lead supervisory authority in this case) has rejected a complaint lodged with the Romanian data protection authority for lack of evidences. The DPA considered the complaint being ungrounded (see the decision here).
  • According to Advocate General Szpunar, a service that puts taxi passengers directly in touch, via an electronic application, with taxi drivers constitutes an Information Society service (see here the press release).
  • Finland: Nokia is being investigated for possible GDPR violations concerning unencrypted data transfers from Nokia phones to servers in China.
  • EDPS: Investigation into contractual agreements concerning software used by EU institutions.
  • Investigation launched by EDPS into the contracts between Microsoft and EU institutions.
  • The EDPS publishes preliminary results in the investigation of the use of Microsoft products by EU institutions.
  • In Germany, the Baden-Wuerttemberg Authority imposed a fine of EUR 1,400 on a police officer who was accessing personal data for private purposes through official means.
  • The Austrian DPA imposed an administrative fine of 18 million euros on Österreichische Post AG after conducting administrative fine proceedings.
  • Tusla fined by Data Protection Commission over three GDPR breaches.
  • A lawyer gets fined €2,000 under the GDPR, by the Spanish DPA. According to the authority’s resolution, the lawyer has summoned the tenants of a property on two occasions, by reusing sheets of paper containing third-party personal data (names) on the reverse side.
  • Romanian DPA imposed a fine of €3,000 against Telekom Romania Communications SA. Romanian DPA found that the controller did not implement enough security measures in order to include the verification of the accuracy of personal data collected by telephone (remotely) for the purpose of concluding contracts.
  • The Hungarian DPA imposed two fines (in the amounts of approx. €7,225 and €5,780) on the publisher of Forbes Hungary in connection with publishing the list of the 50 wealthiest Hungarians and the list of the biggest family-owned businesses (Both texts available only in Hungarian).
  • GDPR and garbage bins – in a surprising case originating from Ireland, the DPA confirmend that any litter collected in the postal office public bins would not be subjected to GDPR laws. An Post, the Irish postal services provider, removed all public bins from a certain post office, measure caused by, as stated by them, potential privacy breaches under the GDPR.
  • No, it is not necessary to ban visitors’ books because of GDPR.
  • A formal GDPR complaint has been submitted  against Google for infringing Article 5(1)b of the GDPR, which sets forth the “purpose limitation” principle.

REPORTS AND ARTICLES FROM OTHER ORGANISATIONS

OFFICIAL GUIDELINES, REPORTS AND STATEMENTS