Opinion 38/2021 on the draft decision of the competent supervisory authority of Latvia regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) |EPDB

Accreditation

Urgent Binding Decision 01/2023 requested by the Norwegian SA for the ordering of final measures regarding Meta Platforms Ireland Ltd (Art. 66(2) GDPR)

Liability and Remedies, Supervisory Authorities

Italian Data Protection Authority (Garante)-Community of Francavilla Fontana (1/15/2020)

Controllers and Processors, Principles, Representative

Spanish Data Protection Authority (aepd)-Miraclia Telecomunicaciones S.L. (11/25/2020)

Data Subjects Rights, Lawfulness of Processing

National Commission for Data Protection (CNPD)-Unknown (5/12/2021)

Data minimisation, Data Subjects Rights, Principles

Spanish Data Protection Authority (aepd)-VENTANAS MAKE YOURSELF, S.L. (12/28/2021)

Data Subjects Rights

Data Protection Authority of Brandenburg-Physician (7/13/1905)

Lawfulness of Processing, Principles, Sensitive Data

Spanish Data Protection Authority (aepd)-Vodafone España, S.A.U. (10/31/2022)

Data Subjects Rights, Integrity and confidentiality, Principles

Spanish Data Protection Authority (aepd)-20 MINUTOS EDITORA, S.L. (4/3/2023)

Data minimisation, Principles

Spanish Data Protection Authority (aepd)-FONTANORTE, S.L. (7/27/2023)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Cypriot Data Protection Commissioner-Bank of Cyprus Public Company Ltd. (7/15/1905)

Accuracy, Principles

Guidelines 09/2020 on relevant and reasoned objection under Regulation 2016/679

Data Subjects Rights, Right to Object

Opinion 08/2022 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of Bioclinica Group |EPDB

Binding Corporate Rules, Data Transfers

European Commision press release on AI Act Agreement

AI, Specific processing situations

Data Protection Authority of Hamburg-Facebook Germany GmbH (7/11/1905)

Controllers and Processors, Data Protection Officer (DPO)

Italian Data Protection Authority (Garante)-Burgo Group S.p.A (11/23/2020)

Data Subjects Rights, Principles

National Commission for Data Protection (CNPD)-Unknown (5/12/2021)

Data minimisation, Data Subjects Rights, Principles

Spanish Data Protection Authority (aepd)-REAL CLUB NÁUTICO DE RIBADEO (12/28/2021)

Consent, Lawfulness of Processing

Data Protection Authority of Brandenburg-Company (7/13/1905)
Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-SC Prestige Media PHG SRL (11/8/2022)

Controllers and Processors, Lawfulness of Processing, Representative

Spanish Data Protection Authority (aepd)-Private individual (4/3/2023)

Data Subjects Rights

Italian Data Protection Authority (Garante)-Thin Srl (6/1/2023)

Data Subjects Rights, Lawfulness of Processing, Principles, Sensitive Data

Spanish Data Protection Authority (aepd)-BANCO BILBAO VIZCAYA ARGENTARIA, S.A (1/19/2023)

Data Subjects Rights, Integrity and confidentiality, Principles

Opinion 06/2022 on the draft decision of the Irish Supervisory Authority regarding the Controller Binding Corporate Rules of Groupon International Limited |EPDB

Binding Corporate Rules, Data Transfers

Privacy-Enhancing and Privacy Preserving Technologies: Understanding the Role of PETs and PPTs in the Digital Age by CIPL

Controllers and Processors, Technical and Organisational Measures (TOMs)

Data Protection Authority of Hamburg-Hamburger Verkehrsverbund GmbH (HVV GmbH) (7/11/1905)

Controllers and Processors, Data Breaches, Data Subjects Rights

Belgian Data Protection Authority (APD)-Private Individual (11/25/2020)

Data Subjects Rights, Lawfulness of Processing

Data Protection Authority of Sweden (Integritetsskyddsmyndigheten)-Region Sörmland (6/7/2021)

Data Subjects Rights, Lawfulness of Processing

French Data Protection Authority (CNIL)-SLIMPAY (12/28/2021)

Controllers and Processors, Data Processing Agreement (DPA), Data Subjects Rights

Spanish Data Protection Authority (aepd)-Private individual (6/9/2022)

Data minimisation, Principles

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-SC Das Sense Society SRL (11/9/2022)

Administratives Measures, Liability and Remedies

Spanish Data Protection Authority (aepd)-INMARAN ASESORES S.L. (3/24/2023)

Administratives Measures, Liability and Remedies

Italian Data Protection Authority (Garante)-Ew Business Machines S.p.A. (6/1/2023)

Data Subjects Rights, Lawfulness of Processing, Principles, Sensitive Data

Spanish Data Protection Authority (aepd)-ORANGE ESPAGNE S.A.U. (1/23/2024)

Consent, Lawfulness of Processing

Decision EU 2023/1795 of 10 July 2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-US Data Privacy Framework

Adequacy Decisions

Guidelines 01/2020 on processing personal data in the context of connected vehicles and mobility related applications

Connected Vihicles

Opinion 05/2022 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of the Lundbeck Group |EPDB

Binding Corporate Rules, Data Transfers

Cybersecurity of Artificial Intelligence in the AI Act by the European Commision

Controllers and Processors, Technical and Organisational Measures (TOMs)

Data Protection Authority of Hamburg-Hamburger Volksbank eG (7/11/1905)

Data Subjects Rights, Right to Object

Austrian Data Protection Authority (dsb)-Private Individual (10/19/2020)

Lawfulness of Processing, Principles, Sensitive Data

Data Protection Authority of Sweden (Integritetsskyddsmyndigheten)-Region Värmland (6/7/2021)

Data Subjects Rights, Lawfulness of Processing

French Data Protection Authority (CNIL)-FREE MOBILE (12/28/2021)

Data Subjects Rights, Principles, Privacy by Design, Right to Object

Italian Data Protection Authority (Garante)-Ekss s.r.l. (4/28/2022)

Data Subjects Rights, Lawfulness of Processing

Italian Data Protection Authority (Garante)-Colosseo S.r.l. (8/5/2022)

Access Requests (DSAR), Accountability, Controllers and Processors, Data Subjects Rights, Principles, Representative

Italian Data Protection Authority (Garante)-Store owner (3/9/2023)

Data Subjects Rights, Principles

Data Protection Authority of Berlin-Humboldt Forum Service GmbH (7/15/1905)
Spanish Data Protection Authority (aepd)-Private individual (12/23/2023)

Consent, Data Subjects Rights, Lawfulness of Processing

Opinion 07/2022 on the draft decision of the Hungarian Supervisory Authority regarding the Controller Binding Corporate Rules of MOL Group |EPDB

Binding Corporate Rules, Data Transfers

New rules for Artificial Intelligence – Questions and Answers by the European Commision

AI, Specific processing situations

Spanish Data Protection Authority (aepd)-Grupo Valsor Y Losan, S.L. (2/14/2020)

Integrity and confidentiality, Principles

Austrian Data Protection Authority (dsb)-Private Individual (10/19/2020)

Controllers and Processors, Lawfulness of Processing, Representative

Data Protection Authority of Sweden (Integritetsskyddsmyndigheten)-Region Stockholm (6/7/2021)

Data Subjects Rights, Lawfulness of Processing

Spanish Data Protection Authority (aepd)-Call shop manager (12/28/2021)

Data Subjects Rights

Italian Data Protection Authority (Garante)-Il Sole 24 Ore S.p.a. (4/28/2022)

Data Subjects Rights, Principles, Sensitive Data

Spanish Data Protection Authority (aepd)-CÍTRICOS TANTA, S.L. (11/2/2022)

Consent, Lawfulness of Processing

Italian Data Protection Authority (Garante)-Azienda socio-sanitaria locale n. 1 di Sassari (3/23/2023)

Controllers and Processors, Principles, Sensitive Data, Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-ELECTRAWORKS – CEUTA, S.A. (8/8/2023)

Data Subjects Rights

Spanish Data Protection Authority (aepd)-VACACIONES EDREAMS, S.L. (12/12/2023)

Access Requests (DSAR), Data Subjects Rights

Opinion 04/2022 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of Norican Group |EPDB

Binding Corporate Rules, Data Transfers

Guidelines on submission of signals under the Whistleblowing directive by the Bulgarian CPDP

Whistleblowing

Spanish Data Protection Authority (aepd)-Colegio Arenales Carabanchel (School) (2/14/2020)

Lawfulness of Processing

Spanish Data Protection Authority (aepd)-Servicio de Alojamientos Responsables, S.L. (12/2/2020)

Consent, Lawfulness of Processing

Data Protection Authority of Sweden (Integritetsskyddsmyndigheten)-MedHelp AB (6/7/2021)

Lawfulness of Processing, Principles, Sensitive Data

Norwegian Supervisory Authority (Datatilsynet)-Elektro & Automasjon Systemer AS (12/13/2021)

Lawfulness of Processing, Legitimate Interest

Data Protection Authority of Brandenburg-Real estate agent (7/13/1905)

Lawfulness of Processing

Spanish Data Protection Authority (aepd)-Rapido Finance, S.L. (11/2/2022)

Consent, Lawfulness of Processing

Data Protection Authority of Hamburg-Private individual (7/14/1905)

Controllers and Processors, Principles, Representative

Italian Data Protection Authority (Garante)-Camedi s.r.l. (6/1/2023)

Controllers and Processors, Principles, Sensitive Data, Technical and Organisational Measures (TOMs)

Polish National Personal Data Protection Office (UODO)-District Court Krakow (12/19/2023)

Data Breaches

Decision (EU) 2021/1773 of 28 June 2021 pursuant to Directive (EU) 2016/680 of the European Parliament and of the Council on the adequate protection of personal data by the United Kingdom

Adequacy Decisions

Opinion 32/2021 regarding the European Commission Draft Implementing Decision pursuant to Regulation (EU) 2016/679 on the adequate protection of personal data in the Republic of Korea |EPDB

Adequacy Decisions, Data Transfers

[Draft] Guidelines on the processing of personal data in regard to recruitment by the UK ICO

Automated Decision-making, Controllers and Processors, Data Protection Impact Assessment (DPIA), Employment, Specific processing situations

Spanish Data Protection Authority (aepd)-Mymoviles Europa 2000, S.L. (2/18/2020)

Data Subjects Rights

Spanish Data Protection Authority (aepd)-Comercio Online Levante, S.L. (12/2/2020)

Data Subjects Rights, Integrity and confidentiality, Principles

Data Protection Authority of Sweden (Integritetsskyddsmyndigheten)-Voice Integrate Nordic AB (6/7/2021)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Ica s.r.l. (12/2/2021)

Data Subjects Rights, Integrity and confidentiality, Principles

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-S.C. Wine Point S.R.L. (6/15/2022)

Lawfulness of Processing, Performance of Contract

Spanish Data Protection Authority (aepd)-TECHPUMP SOLUTIONS S.L. (10/31/2022)

Consent, Lawfulness of Processing, Sensitive Data

Data Protection Authority of Hamburg-Logistics company (7/14/1905)

Controllers and Processors, Data Subjects Rights, Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-ODRIA COSTAS INTERNACIONAL, S.L. (8/8/2023)

Data minimisation, Principles

Polish National Personal Data Protection Office (UODO)-Insurance company (10/18/2023)

Controllers and Processors, Data Breaches

EDPB-EDPS Joint Opinion 1/2022 on the Proposal for a Regulation of the European Parliament and of the Council amending Regulation (EU) 2021/953 on a framework for the issuance, verification and acceptance of interoperable COVID-19 vaccination, test and recovery certificates (EU Digital COVID Certificate) to facilitate free movement during the COVID-19 pandemic |EPDB

Health Data, Principles, Sensitive Data

Meta Platforms Ireland v EDPB (Case T-319/24)

Controllers and Processors, Data Sharing, Data Subjects Rights

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL LAYING DOWN HARMONISED RULES ON ARTIFICIAL INTELLIGENCE (ARTIFICIAL INTELLIGENCE ACT)

AI, Specific processing situations

Spanish Data Protection Authority (aepd)-Iberdrola Clientes (2/14/2020)

Lawfulness of Processing

Spanish Data Protection Authority (aepd)-Asociación de Víctimas por Arbitrariedades Judiciales, (JAVA) (12/2/2020)

Consent, Lawfulness of Processing

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-S.C. Dreamtime Call S.R.L. (6/9/2021)

Controllers and Processors, Cooperation with Supervisory Authorithy, Representative

Italian Data Protection Authority (Garante)-TIM S.p.A. (11/11/2021)

Access Requests (DSAR), Data Subjects Rights

Spanish Data Protection Authority (aepd)-Private individual (6/9/2022)

Lawfulness of Processing

Spanish Data Protection Authority (aepd)-UNITED PARCEL SERVICE ESPAÑA LTD Y COMPAÑIA SRC (11/3/2022)

Data Subjects Rights, Integrity and confidentiality, Principles

Data Protection Authority of Hamburg-Physician (7/14/1905)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-GYMOOGIMNASIOS S.L. (8/2/2023)

Controllers and Processors, Data minimisation, Data Protection Officer (DPO), Principles

Italian Data Protection Authority (Garante)-Company (12/21/2023)

Data Subjects Rights, Principles

EDPB-EDPS Joint Opinion 2/2022 on the Proposal of the European Parliament and of the Council on harmonised rules on fair access to and use of data (Data Act)

Data Transfers

Case 3:24-cv-04710-TSH DAVID MILLETTE VS OPENAI

Data Subjects Rights

Voluntary AI Safety Standard by the Australian Government

AI, Specific processing situations

Understanding the Role of PETs and PPTs in the Digital Age

Controllers and Processors, Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-Vodafone España, S.A.U. (2/14/2020)

Data Subjects Rights, Integrity and confidentiality, Principles

Data Protection Authority of Sweden (Integritetsskyddsmyndigheten)-Aleris Sjukvård AB (12/3/2020)

Integrity and confidentiality, Principles

Polish National Personal Data Protection Office (UODO)-PNP S.A. (4/27/2021)

Controllers and Processors, Cooperation with Supervisory Authorithy, Representative

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Telekom Romania Communications SA (12/6/2021)

Access Requests (DSAR), Accountability, Accuracy, Data Subjects Rights, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Nos s.r.l.s. (4/28/2022)

Consent, Controllers and Processors, Data Subjects Rights, Lawfulness of Processing, Representative

Spanish Data Protection Authority (aepd)-Private individual (11/10/2022)

Data minimisation, Principles

Data Protection Authority of Hamburg-Covid-19 test center (7/14/1905)

Access Requests (DSAR), Data Subjects Rights

Italian Data Protection Authority (Garante)-Azienda Usl Toscana Sud Est. (6/1/2023)

Lawfulness of Processing, Principles, Sensitive Data

Austrian Data Protection Authority (dsb)-Political party (7/15/1905)
Decision (EU) 2021/1772 of 28 June 2021 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate protection of personal data by the United Kingdom (notified under document C(2021)4800)

Adequacy Decisions

Opinion 1/2022 on the draft decision of the Luxembourg Supervisory Authority regarding the GDPR – CARPA certification criteria |EPDB

Certification

Data protection code of practice for digital identity schemes in Afrtica

Code of Conduct, Controllers and Processors

Safe and responsible AI in Australia Proposals paper for introducing mandatory guardrails for AI in high-risk settings by Australian Government

AI, Specific processing situations

[DRAFT] Data Confidentiality – Identifying and Protecting Assets Against Data Breaches by NIST

Controllers and Processors, Data Breaches

Spanish Data Protection Authority (aepd)-Xfera Moviles S.A. (2/14/2020)

Data Subjects Rights, Integrity and confidentiality, Principles

Data Protection Authority of Sweden (Integritetsskyddsmyndigheten)-Aleris Sjukvård AB (12/3/2020)

Integrity and confidentiality, Principles

Data Protection Authority of Sweden (Integritetsskyddsmyndigheten)-Directorate of the Östra Skaraborg Rescue Service (6/9/2021)

Lawfulness of Processing, Principles, Sensitive Data, Technical and Organisational Measures (TOMs)

French Data Protection Authority (CNIL)-Google LLC (12/31/2021)
Belgian Data Protection Authority (APD)-SA Rossel & Cie (6/16/2022)

Consent, Controllers and Processors, Data Protection Officer (DPO), Data Subjects Rights, Lawfulness of Processing

Spanish Data Protection Authority (aepd)-Homeowners Association (11/10/2022)

Data minimisation, Principles

Data Protection Authority of Hamburg-Covid-19 test center (7/14/1905)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-ADENET SYSTEMS, S.L. (8/11/2023)

Administratives Measures, Liability and Remedies

Icelandic data protection authority (‘Persónuvernd’)-Stjörnuna ehf (3/24/2024)

Lawfulness of Processing, Sensitive Data

Relying on the legal basis of legitimate interests to develop an AI system by CNIL

Lawfulness of Processing, Legitimate Interest

Decision by Dutch Data Protection Authority to impose an administrative fine on Uber |English

Controllers and Processors, Data Breaches, Data Subjects Rights

Frequently Asked Questions (FAQs) on the Data Act by the EU Commission

Controllers and Processors, Data Sharing

[Draft] Guidelines on the processing of personal data in regard to employment by the UK ICO

Employment, Specific processing situations

Italian Data Protection Authority (Garante)-Azienda Ospedaliero Universitaria Integrata di Verona (Hospital) (1/23/2020)

Data Subjects Rights, Integrity and confidentiality, Principles

Spanish Data Protection Authority (aepd)-Dr Marín Cirugia Plástica, S.L.P. (12/3/2020)

Data Subjects Rights

Norwegian Supervisory Authority (Datatilsynet)-BRAbank ASA (5/28/2021)

Controllers and Processors, Data Subjects Rights, Technical and Organisational Measures (TOMs)

French Data Protection Authority (CNIL)-Google Ireland Ltd. (12/31/2021)
Norwegian Supervisory Authority (Datatilsynet)-Arbeidstilsynet (5/16/2022)

Lawfulness of Processing, Public Interests

Spanish Data Protection Authority (aepd)-Banco Bilbao Vizcaya Argentaria S.L. (11/11/2022)

Data Subjects Rights, Integrity and confidentiality, Principles

Spanish Data Protection Authority (aepd)-Private individual (3/23/2023)

Data Subjects Rights

Spanish Data Protection Authority (aepd)-RING RING CLIN S.L. (8/11/2023)

Administratives Measures, Liability and Remedies

Polish National Personal Data Protection Office (UODO)-Company (12/13/2023)
The NSW AI Assessment Framework

Controllers and Processors, Data Protection Impact Assessment (DPIA)

Emerging digital technologies in the public sector report by EU Commission

New technology

Global Approaches to Auditing Artificial Intelligence by IPIE

AI, Specific processing situations

International data transfer agreement and guidance by the UK ICO

Data Transfers

Italian Data Protection Authority (Garante)-Sapienza Università di Roma (1/23/2020)

Data Subjects Rights, Integrity and confidentiality, Principles

Data Protection Authority of Sweden (Integritetsskyddsmyndigheten)-Östergötland Region (12/3/2020)

Integrity and confidentiality, Principles

Data Protection Authority of Liechtenstein-Unknown (7/12/1905)
French Data Protection Authority (CNIL)-Facebook Ireland Ltd. (12/31/2021)
Italian Data Protection Authority (Garante)-Ospedale San Raffaele s.r.l. (4/28/2022)

Integrity and confidentiality, Principles, Sensitive Data

Spanish Data Protection Authority (aepd)-XASTRE DO PETO, S.L. (11/11/2022)

Consent, Data Subjects Rights, Lawfulness of Processing, Right to Object

National Commission for Data Protection (CNPD)-Company (10/27/2021)

Controllers and Processors, Data Protection Officer (DPO), Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-MÁRMOLES Y GRANITOS MEJIAS, S. L. (8/16/2023)

Data minimisation, Data Subjects Rights, Principles

Italian Data Protection Authority (Garante)-Azienda Trasporto Passeggeri Emilia-Romagna S.p.A. (2/22/2024)

Accountability, Consent, Lawfulness of Processing, Principles, Sensitive Data

Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data provided in Switzerland

Adequacy Decisions

Securing Artificial Intelligence: Mitigation Strategy Report by ETSI

AI, Specific processing situations

Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on adapting non-contractual civil liability rules to artificial intelligence (AI Liability Directive)

AI, Liability and Remedies, Specific processing situations, Supervisory Authorities

Artificial Intelligence Security Governance Framework 1.0 by China Cybersecurity Standardization Technical Committee

AI, Specific processing situations

RISK FRAMEWORK FOR BODY-RELATED DATA IN IMMERSIVE TECHNOLOGIES BY FPF

Principles, Sensitive Data

Spanish Data Protection Authority (aepd)-Vodafone España, S.A.U. (2/27/2020)

Controllers and Processors, Principles, Representative

Data Protection Authority of Sweden (Integritetsskyddsmyndigheten)-Västerbotten Region (12/3/2020)

Integrity and confidentiality, Principles

Dutch Supervisory Authority for Data Protection (AP)-Orthodontic Clinic (2/4/2021)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Hellenic Data Protection Authority (HDPA)-Εγνατία Οδός Α.Ε. (1/5/2022)

Data Subjects Rights

Spanish Data Protection Authority (aepd)-SCOTCH CORNER BAR (6/16/2022)

Controllers and Processors, Data minimisation, Principles, Representative

Spanish Data Protection Authority (aepd)-BANKINTER, S.A. (11/15/2022)

Data Subjects Rights, Integrity and confidentiality, Principles

Spanish Data Protection Authority (aepd)-ALI MARKET (3/24/2023)

Data Subjects Rights

Spanish Data Protection Authority (aepd)-Private individual (8/16/2023)

Data Subjects Rights

Polish National Personal Data Protection Office (UODO)-Santander Bank Polska S.A. (3/12/2024)

Controllers and Processors, Data Breaches, Data Subjects Rights

Noyb Complaint Case: C-082-02 to EU Data protection Supervisor against EU Parliament

Controllers and Processors, Data Breaches, Public Administrative Body

Multidisciplinary Perspectives on Artificial Intelligence and the Law by Springer

AI, Specific processing situations

[Press release] Commission opens formal proceedings against X under the Digital Services Act

Digital Services Act

Spanish Data Protection Authority (aepd)-Vodafone ONO, S.A.U. (2/28/2020)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Data Protection Authority of Sweden (Integritetsskyddsmyndigheten)-Sahlgrenska University Hospital (12/3/2020)

Integrity and confidentiality, Principles

National Commission for Data Protection (CNPD)-Unknown (5/31/2021)

Data Protection Officer (DPO)

Spanish Data Protection Authority (aepd)-Property Owner Community (1/11/2022)

Data minimisation, Principles

Spanish Data Protection Authority (aepd)-Company (6/17/2022)

Data Subjects Rights

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-AMPLIFON Hungary Trade and Service Provider LLC (8/11/2022)

Controllers and Processors, Data Subjects Rights, Principles, Purpose limitation, Representative

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-REGENCY COMPANY SRL (4/7/2023)

Lawfulness of Processing, Sensitive Data

Spanish Data Protection Authority (aepd)-Private individual (8/11/2023)

Data minimisation, Data Subjects Rights, Principles

Polish National Personal Data Protection Office (UODO)-Toyota Bank Polska S.A. (3/12/2024)

Controllers and Processors, Data Breaches

CJEU Press Release 1/2025 Case T-354/22 | Bindl v Commission

Administrative Fines, Civil Liability and Damages, Data Transfers, Liability and Remedies

Guidelines 2/2020 on articles 46 (2) (a) and 46 (3) (b) of Regulation 2016/679 for transfers of personal data between EEA and non-EEA public authorities and bodies

Data Transfers

Technical Recommendations on the use of APIs by CNIL

Controllers and Processors, Technical and Organisational Measures (TOMs)

Noyb Complaint Case: C-082-01 to EU Data protection Supervisor against EU Parliament

Controllers and Processors, Data Breaches, Public Administrative Body

A Guide to Cookies and Compliance by DMA

Consent, Cookies, Lawfulness of Processing

Spanish Data Protection Authority (aepd)-HM Hospitales (2/25/2020)

Controllers and Processors, Principles, Representative

Data Protection Authority of Sweden (Integritetsskyddsmyndigheten)-Karolinska University Hospital of Solna (12/3/2020)

Integrity and confidentiality, Principles

Spanish Data Protection Authority (aepd)-Inmopiso Zaragoza S.L. (6/14/2021)

Data Subjects Rights

Spanish Data Protection Authority (aepd)-EDUCANDO JUNTOS SL (1/11/2022)

Consent, Data Subjects Rights, Lawfulness of Processing

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-SC Interactions Marketing SRL (6/20/2022)

Lawfulness of Processing, Performance of Contract

Polish National Personal Data Protection Office (UODO)-Mayor (11/2/2022)

Controllers and Processors, Integrity and confidentiality, Principles, Privacy by Design, Representative, Technical and Organisational Measures (TOMs)

Data Protection Authority of Hamburg-Covid-19 test center (7/14/1905)

Lawfulness of Processing, Legal Obligation

Italian Data Protection Authority (Garante)-Ristorante Francesco srl (7/6/2023)

Data Subjects Rights, Principles

Spanish Data Protection Authority (aepd)-IBERIA LÍNEAS AÉREAS DE ESPAÑA, S.A. OPERADORA. (2/13/2024)

Access Requests (DSAR), Data Subjects Rights

Decision (EU) 2022/254 of 17 December 2021 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate protection of personal data by the Republic of Korea under the Personal Information Protection Act

Adequacy Decisions

How Google Uses Information on websites [link]
UNESCO: Consultation paper on AI Regulation

AI, Lawfulness of Processing, Public Interests, Specific processing situations

[DRAFT] FRAMEWORK CONVENTION ON ARTIFICIAL INTELLIGENCE, HUMAN RIGHTS, DEMOCRACY AND THE RULE OF LAW

AI, Specific processing situations

Spanish Data Protection Authority (aepd)-Casa Gracio Operation (2/25/2020)

Data minimisation, Principles

Data Protection Authority of Sweden (Integritetsskyddsmyndigheten)-Capio St. Göran AB (12/3/2020)

Integrity and confidentiality, Principles

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-La Santrade S.R.L. (6/9/2021)

Controllers and Processors, Cooperation with Supervisory Authorithy, Representative

Polish National Personal Data Protection Office (UODO)-Warsaw University of Technology (12/9/2021)

Controllers and Processors, Integrity and confidentiality, Principles, Privacy by Design, Representative, Technical and Organisational Measures (TOMs)

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Asociația de Proprietari Aviației Park (6/20/2022)

Accountability, Lawfulness of Processing, Principles, Sensitive Data

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Raiffeisen Bank SA (11/16/2022)

Data Subjects Rights, Principles, Privacy by Design

Spanish Data Protection Authority (aepd)-BANCO BILBAO VIZCAYA ARGENTARIA, S.A. (4/4/2023)

Consent, Data Subjects Rights, Lawfulness of Processing

Spanish Data Protection Authority (aepd)-JOLY DIGITAL, S.L.U. (8/18/2023)

Consent, Lawfulness of Processing

Spanish Data Protection Authority (aepd)-Vodafone España, S.A.U. (2/8/2024)

Consent, Lawfulness of Processing

Meta Faces $1.4 Billion Penalty for Unauthorized Biometric Data Collection in Texas
[PRESS RELEASE No 191/23] CJEU on the right to compensation for non-material damages based on the fear of possible misuse

Liability and Remedies, Supervisory Authorities

Dutch Supervisory Authority for Data Protection (AP)-Royal Dutch Tennis Association (‘KNLTB’) (3/3/2020)

Controllers and Processors, Principles, Representative

Norwegian Supervisory Authority (Datatilsynet)-Municipality of Indre Østfold (12/3/2020)

Data Subjects Rights, Lawfulness of Processing

Polish National Personal Data Protection Office (UODO)-Funeda Sp. z o.o. (3/19/2021)

Controllers and Processors, Cooperation with Supervisory Authorithy, Representative

Hellenic Data Protection Authority (HDPA)-PLUS REAL ADVERTISEMENT (12/31/2021)

Data Subjects Rights

Spanish Data Protection Authority (aepd)-Store owner (6/24/2022)

Data Subjects Rights

French Data Protection Authority (CNIL)-DISCORD INC. (11/10/2022)

Controllers and Processors, Data Subjects Rights, Principles, Storage limitation, Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-NGENIERÍA Y TELECOM JAÉN, S.L. (3/17/2023)

Lawfulness of Processing

Spanish Data Protection Authority (aepd)-Private individual (8/16/2023)

Consent, Lawfulness of Processing

Italian Data Protection Authority (Garante)-Wi-Planet sas di Torri Carlo Alberto e c. (2/7/2024)

Data Subjects Rights

Guidelines 06/2020 on the interplay of the Second Payment Services Directive and the GDPR
Annex: A summary of the Transparency in Health and Social Care guidance impact assessment by the UK ICO

Controllers and Processors, Data Protection Impact Assessment (DPIA), Principles, Sensitive Data, Transparency

Spanish Data Protection Authority (aepd)-AEMA Hispánica (2/28/2020)

Integrity and confidentiality, Principles

Spanish Data Protection Authority (aepd)-Private Individual (11/27/2020)

Lawfulness of Processing

Danish Data Protection Authority (Datatilsynet)-Vejle Municipality (6/16/2021)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Hellenic Data Protection Authority (HDPA)-INFO COMMUNICATION SERVICES (12/31/2021)

Data Subjects Rights

Danish Data Protection Authority (Datatilsynet)-Gyldendal A/S (6/22/2022)

Principles, Storage limitation

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Homeowners Association Bld. Pipera 1-2E (11/18/2022)

Administratives Measures, Liability and Remedies

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-TV2 Média Csoport Zrt. (9/26/2022)

Consent, Data Subjects Rights, Lawfulness of Processing, Principles, Sensitive Data

Spanish Data Protection Authority (aepd)-Private individual (8/23/2023)

Data Subjects Rights

Spanish Data Protection Authority (aepd)-CENTRO MÉDICO SALUS BALEARES, S.L. (2/8/2024)

Data Subjects Rights, Integrity and confidentiality, Principles

Decision of 19 December 2012 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data by New Zealand

Adequacy Decisions

Directive 2002/58/EC on privacy and electronic communications
Noyb Sues Hamburg DPA Over ‘Pay or OK’ Consent System
Transparency in health and social care by the UK ICO

Controllers and Processors, Data Protection Impact Assessment (DPIA), Principles, Sensitive Data, Transparency

Spanish Data Protection Authority (aepd)-Solo Embrague (3/3/2020)

Data Subjects Rights

Spanish Data Protection Authority (aepd)-Losada Advocats S.L. (12/2/2020)

Data Subjects Rights, Integrity and confidentiality, Principles

Hellenic Data Protection Authority (HDPA)-PURPLE SEA MΟΝΟΠΡΟΣΩΠΗ ΙΚΕ (6/3/2021)

Accountability, Lawfulness of Processing, Principles, Sensitive Data

Data Protection Authority of Ireland-Irish Teacher Council (12/2/2021)

Controllers and Processors, Data Breaches, Data Subjects Rights, Principles

Italian Data Protection Authority (Garante)-Zito Auto di Gianfranco Zito (5/22/2022)

Lawfulness of Processing, Sensitive Data

Portuguese Data Protection Authority (CNPD)-Setúbal municipality (11/2/2022)

Principles, Sensitive Data, Storage limitation

Italian Data Protection Authority (Garante)-Azienda Ospedaliera Bianchi Melacrino Morelli (1/26/2023)

Principles, Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-Homeowners’ association (8/25/2023)

Data Subjects Rights, Integrity and confidentiality, Principles

Hellenic Data Protection Authority (HDPA)-Greek Ministry of Immigration and Asylum (4/2/2024)

Controllers and Processors, Data Protection Impact Assessment (DPIA), Data Subjects Rights, Principles, Privacy by Design

UK ICO Introduction to Anonymisation

Anonymisation

Privacy Program 247.ai
The NYT vs OpenAI and Microsoft

AI, Copyright, Specific processing situations

Spanish Data Protection Authority (aepd)-Vodafone España, S.A.U. (3/3/2020)

Data Subjects Rights, Integrity and confidentiality, Principles

Spanish Data Protection Authority (aepd)-Xfera Moviles S.A. (12/9/2020)

Consent, Lawfulness of Processing

Lithuanian Data Protection Authority (VDAI)-UAB VS FITNESS (6/21/2021)

Lawfulness of Processing, Principles, Sensitive Data

Austrian Data Protection Authority (dsb)-REWE International AG (1/14/2022)
Polish National Personal Data Protection Office (UODO)-Stołeczny Ośrodek dla Osób Nietrzeźwych (5/31/2022)

Controllers and Processors, Lawfulness of Processing, Representative

Spanish Data Protection Authority (aepd)-Private individual (11/21/2022)

Data minimisation, Principles

Italian Data Protection Authority (Garante)-Azienda Ospedale-Università Padova (1/11/2023)

Integrity and confidentiality, Principles, Sensitive Data

Spanish Data Protection Authority (aepd)-Private individual (8/28/2023)

Consent, Lawfulness of Processing

Spanish Data Protection Authority (aepd)-CTC EXTERNALIZACIÓN, S.L (2/12/2024)

Controllers and Processors, Data Protection Impact Assessment (DPIA), Data Subjects Rights

Guidelines 4/2019 on Article 25 Data Protection by Design and by Default

Privacy by Design

AI Meets Media: OpenAI Secures Another Multi-Year Deal with Media Giant

AI

GUIDELINES ON LEGITIMATE INTEREST by the NPC of the Republic of Philippines

Lawfulness of Processing, Legitimate Interest

Spanish Data Protection Authority (aepd)-Vodafone España, S.A.U. (3/3/2020)

Controllers and Processors, Principles, Representative

Spanish Data Protection Authority (aepd)-Unknown (12/9/2020)

Integrity and confidentiality, Principles

Data Protection Authority of Sweden (Integritetsskyddsmyndigheten)-Storstockholms Lokaltrafik (6/21/2021)

Data Subjects Rights, Lawfulness of Processing, Legitimate Interest, Principles, Sensitive Data

Spanish Data Protection Authority (aepd)-Private individual (1/13/2022)

Data minimisation, Data Subjects Rights, Principles

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Budapest Bank Zrt. (2/8/2022)

Lawfulness of Processing, Principles, Sensitive Data

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-ING Bank NV Amsterdam Sucursala București (11/21/2022)

Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-WUNSCHURLAUB S.L. (2/28/2023)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-MULTIGAS ASESORES S.L. (8/28/2023)

Administratives Measures, Liability and Remedies

Italian Data Protection Authority (Garante)-Azienda socio-sanitaria locale n. 1 di Sassari (2/8/2024)

Controllers and Processors, Principles, Sensitive Data, Technical and Organisational Measures (TOMs)

Decision of 8 May 2008 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data in Jersey

Adequacy Decisions

EO 13800 on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

Technical and Organisational Measures (TOMs)

Information Commissioner’s Further Response to the Data Protection and Digital Information Bill (DPDI Bill)

Principles, Sensitive Data

Spanish Data Protection Authority (aepd)-Vodafone España, S.A.U. (3/3/2020)

Controllers and Processors, Principles, Representative

Belgian Data Protection Authority (APD)-Unknown (11/13/2020)

Controllers and Processors, Data Subjects Rights, Principles, Representative

French Data Protection Authority (CNIL)-BRICO PRIVÉ (6/14/2021)

Access Requests (DSAR), Controllers and Processors, Data Subjects Rights, Principles, Storage limitation, Technical and Organisational Measures (TOMs)

Hellenic Data Protection Authority (HDPA)-Greek Ministry of Tourism (12/29/2021)

Controllers and Processors, Data Breaches, Data Protection Officer (DPO), Data Subjects Rights

Spanish Data Protection Authority (aepd)-Company (6/28/2022)

Data Subjects Rights

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Medicover S.R.L. (11/24/2022)

Controllers and Processors, Data Subjects Rights, Lawfulness of Processing, Performance of Contract, Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-ECOMM MOVADGENCY S.L. (2/28/2023)

Data Subjects Rights, Right to Object

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Uipath SRL (8/21/2023)

Data Subjects Rights, Principles, Privacy by Design

Spanish Data Protection Authority (aepd)-ROUNDED TECHNOLOGIES, S.L. (1/23/2024)

Data Subjects Rights

EU Parliament Faces noyb Complaints After Major Data Breach
Processing Personal Data on the Basis of Legitimate Interests under the GDPR by FPF

Lawfulness of Processing, Legitimate Interest

Polish National Personal Data Protection Office (UODO)-School in Gdansk (Danzig) (fine imposed against town of Gdansk) (3/4/2020)

Principles, Sensitive Data

Spanish Data Protection Authority (aepd)-Borjamotor, S.A. (12/10/2020)

Consent, Lawfulness of Processing

Norwegian Supervisory Authority (Datatilsynet)-Unknown (6/22/2021)

Access Requests (DSAR), Controllers and Processors, Data Subjects Rights, Principles, Representative

Italian Data Protection Authority (Garante)-Società Med Store Saronno s.r.l. (12/2/2021)

Data Subjects Rights, Integrity and confidentiality, Principles

Spanish Data Protection Authority (aepd)-CORPORACIÓN DE RADIO Y TELEVISIÓN ESPAÑOLA S.A. (6/23/2022)

Data minimisation, Principles

Data Protection Authority of Ireland-Meta Platforms Ireland Limited (11/25/2022)

Privacy by Design

Spanish Data Protection Authority (aepd)-CITIZENGO FOUNDATION (2/28/2023)

Consent, Lawfulness of Processing

Italian Data Protection Authority (Garante)-Cat s.r.l. (7/18/2023)

Principles, Representative

Italian Data Protection Authority (Garante)-Municipality of Modica (7/18/2023)

Accountability, Lawfulness of Processing, Principles, Sensitive Data

Guidelines 5/2019 on the criteria of the Right to be Forgotten in the search engines cases under the GDPR

Right to Erasure

Interim Report – Governing AI for Humanity by UN AI Advisory Body

AI, Specific processing situations

Spanish Data Protection Authority (aepd)-Vodafone España, S.A.U. (3/4/2020)

Controllers and Processors, Principles, Representative

Spanish Data Protection Authority (aepd)-Banco Bilbao Vizcaya Argentaria, S.A. (12/11/2020)

Data Subjects Rights, Lawfulness of Processing

Spanish Data Protection Authority (aepd)-TNT EXPRESS WORLDWIDE SPAIN, S.L. (6/22/2021)

Accuracy, Principles

Italian Data Protection Authority (Garante)-Casa di cura Fondazione Gaetano e Piera Borghi s.r.l. (12/2/2021)

Data Subjects Rights, Integrity and confidentiality, Principles

Spanish Data Protection Authority (aepd)-RADIO TELEVISION MADRID, S.A. (6/23/2022)

Data minimisation, Principles

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-OTP LEASING ROMANIA IFN SA (11/25/2022)

Data Subjects Rights, Principles, Privacy by Design

Polish National Personal Data Protection Office (UODO)-Housing cooperative (3/1/2023)

Controllers and Processors, Data Breaches, Data Subjects Rights

Italian Data Protection Authority (Garante)-Ermeslink di Giovanni Di Stefano (7/18/2023)

Controllers and Processors, Lawfulness of Processing, Representative

Spanish Data Protection Authority (aepd)-ASNEF-EQUIFAX, SERVICIOS DE INFORMACIÓN SOBRE SOLVENCIA Y CRÉDITO, S.L. (2/13/2024)

Access Requests (DSAR), Data Subjects Rights

Decision (EU) 2019/419 of 23 January 2019 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate protection of personal data by Japan under the Act on the Protection of Personal Information

Adequacy Decisions

Garante vs OpenAI

AI

Uber Fined €290 Million for GDPR Violations Over Data Transfers to the U.S.
Italian Data Protection Authority (Garante)-Liceo Artistico Statale di Napoli (3/6/2020)

Controllers and Processors, Principles, Representative, Sensitive Data

Data Protection Authority of Sweden (Integritetsskyddsmyndigheten)-Umeå University (12/11/2020)

Integrity and confidentiality, Principles

Italian Data Protection Authority (Garante)-Iren Mercato S.p.A. (5/13/2021)

Consent, Lawfulness of Processing, Principles

Italian Data Protection Authority (Garante)-Società H San Raffaele Resnati s.r.l. (11/25/2021)

Integrity and confidentiality, Principles, Sensitive Data

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Continental Automotive Romania SRL (6/30/2022)

Controllers and Processors, Data Subjects Rights, Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-Private individual (11/29/2022)

Data minimisation, Principles

Czech Data Protection Auhtority (UOOU)-Company (7/14/1905)
Spanish Data Protection Authority (aepd)-Private individual (8/30/2023)

Consent, Data Subjects Rights, Lawfulness of Processing

Spanish Data Protection Authority (aepd)-VODAFONE ESPAÑA, S.A.U. (2/13/2024)

Consent, Lawfulness of Processing

Website privacy controls a guide for business by New York State Attorney General

Data Subjects Rights

AI fairness in practice by the Alan Turing Institute

AI, Specific processing situations

Italian Data Protection Authority (Garante)-Liceo Scientifico Nobel di Torre del Greco (3/6/2020)

Controllers and Processors, Principles, Representative, Sensitive Data

Polish National Personal Data Protection Office (UODO)-Virgin Mobile Polska (12/14/2020)

Integrity and confidentiality, Principles

Norwegian Supervisory Authority (Datatilsynet)-Moss municipality (6/4/2021)

Controllers and Processors, Principles, Sensitive Data, Technical and Organisational Measures (TOMs)

Belgian Data Protection Authority (APD)-Bank (12/16/2021)

Controllers and Processors, Data Protection Officer (DPO)

Spanish Data Protection Authority (aepd)-FLY FUT, S.L. (6/28/2022)

Consent, Lawfulness of Processing

Italian Data Protection Authority (Garante)-Vodafone Italia S.p.A. (11/10/2022)

Consent, Controllers and Processors, Data Subjects Rights, Lawfulness of Processing, Representative

Italian Data Protection Authority (Garante)-Misterbianco municipality (1/26/2023)

Principles, Representative

Spanish Data Protection Authority (aepd)-Private individual (8/30/2023)

Data minimisation, Principles

Italian Data Protection Authority (Garante)-Camera di Commercio Industria Artigianato e Agricoltura (2/22/2024)

Lawfulness of Processing, Representative

Guidelines 05/2020 on consent under Regulation 2016/679

Consent, Lawfulness of Processing

Data protection compliant AI by Bavarian State Office for Data protection Supervision

AI, Specific processing situations

Telegram CEO’s Arrest Sparks Debate on Privacy vs. Regulation

Personal Data Collection, Technical and Organisational Measures (TOMs)

Case T-1077/23

AI, Copyright, Specific processing situations

Spanish Data Protection Authority (aepd)-Private individual (3/6/2020)

Principles

Hellenic Data Protection Authority (HDPA)-American College of Greece (10/29/2020)

Data Subjects Rights

Lithuanian Data Protection Authority (VDAI)-Unknown (7/12/1905)

Controllers and Processors, Data Protection Impact Assessment (DPIA), Data Subjects Rights, Principles, Technical and Organisational Measures (TOMs)

Portuguese Data Protection Authority (CNPD)-Lisbon City Council (12/21/2021)

Lawfulness of Processing, Sensitive Data

Information Commissioner (ICO)-Tavistock & Portman NHS Foundation Trust (6/9/2022)

Data Subjects Rights, Integrity and confidentiality, Principles

French Data Protection Authority (CNIL)-ÉLECTRICITÉ DE FRANCE (11/24/2022)

Consent, Data Subjects Rights, Lawfulness of Processing

Italian Data Protection Authority (Garante)-Eurosanità S.P.A. (12/15/2022)

Controllers and Processors, Principles, Sensitive Data, Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-Private individual (8/30/2023)

Data minimisation, Principles

Spanish Data Protection Authority (aepd)-SANITAS, S.A. DE SEGUROS (2/6/2024)

Lawfulness of Processing, Principles, Sensitive Data

Decision of 28 April 2004 on the adequate protection of personal data in the Isle of Man

Adequacy Decisions

Guidelines 9/2022 on personal data breach notification under GDPR [Official EDPB Guidelines] [pdf]

Data Breaches

Connecticut Data Privacy Act
REGULATION (EU) 2018/1725 “GDPR for EU Institutions”
NIST Special Publication_1800-29 Data Confidentiality- Detect, Respond to, and Recover from Data Breaches

Controllers and Processors, Data Breaches

Privacy Notice Template by the UK ICO

Data Subjects Rights

Spanish Data Protection Authority (aepd)-Gesthotel Activos Balagares (3/9/2020)

Integrity and confidentiality, Principles

Data Protection Authority of Ireland-Twitter International Company (12/15/2020)

Controllers and Processors, Data Breaches

Icelandic data protection authority (‘Persónuvernd’)-Huppuís ehf (6/15/2021)

Consent, Data Subjects Rights, Lawfulness of Processing, Principles, Sensitive Data

Data Protection Commissioner of Malta-C-Planet (IT Solutions) Limited (1/17/2022)

Integrity and confidentiality, Principles, Representative

Hellenic Data Protection Authority (HDPA)-Pediatric psychologist (6/29/2022)

Controllers and Processors, Cooperation with Supervisory Authorithy

Spanish Data Protection Authority (aepd)-Company (11/29/2022)

Data Subjects Rights, Lawfulness of Processing

Italian Data Protection Authority (Garante)-Store owner (12/1/2022)

Data Subjects Rights, Lawfulness of Processing

Spanish Data Protection Authority (aepd)-ALBEN AIRPORT FACILITIES S.L. (8/29/2023)

Data Subjects Rights, Integrity and confidentiality, Principles

Spanish Data Protection Authority (aepd)-URQUÍA & BAS, CORREDURÍA DE SEGUROS S.L. (6/22/2022)

Controllers and Processors, Data Breaches

CNIL Permissions in Mobile Apps

Consent, Lawfulness of Processing

Case 2:24-cv-05140 by the attorney general of California

Consent, Controllers and Processors, Data Sharing, Lawfulness of Processing

How to handle someone’s data subject access request when there is information about other individuals involved by the Irish DPA

Access Requests (DSAR), Data Subjects Rights

Danish Data Protection Authority (Datatilsynet)-Hørsholm Municipality (3/10/2020)

Data Subjects Rights, Integrity and confidentiality, Principles

Data Protection Authority of Sweden (Integritetsskyddsmyndigheten)-Uppsalahem AB (12/15/2020)

Principles

Polish National Personal Data Protection Office (UODO)-Sopockie Towarzystwo Ubezpieczeń ERGO Hestia S.A. (6/21/2021)

Controllers and Processors, Data Breaches, Data Subjects Rights

Spanish Data Protection Authority (aepd)-VODAFONE ESPAÑA, S.A.U. (1/18/2022)

Consent, Lawfulness of Processing

Spanish Data Protection Authority (aepd)-Private Individual (7/1/2022)

Data minimisation, Principles

Spanish Data Protection Authority (aepd)-INDECEMI, S.L. (12/3/2022)

Integrity and confidentiality, Principles

Spanish Data Protection Authority (aepd)-Real Federación Española de Tenis de Mesa (4/4/2023)

Principles, Sensitive Data

Spanish Data Protection Authority (aepd)-WALL BOX CHARGERS S.L. (8/28/2023)

Data Subjects Rights, Integrity and confidentiality, Principles

Spanish Data Protection Authority (aepd)-Private individual (3/15/2024)

Data minimisation, Data Subjects Rights, Principles

Guidelines 04/2020 on the use of location data and contact tracing tools in the context of the COVID-19 outbreak

Health Data

THE INTERSECTION BETWEEN COMPETITION AND DATA PRIVACY by OECD – OCDE

Data Subjects Rights

[Draft] Transfer Impact Assessment by the CNIL

Data Transfers

Danish Data Protection Authority (Datatilsynet)-Gladsaxe Municipality (3/10/2020)

Data Subjects Rights, Integrity and confidentiality, Principles

Data State Inspectorate (DSI)-HH Invest SIA (12/15/2020)

Data Subjects Rights

National Commission for Data Protection (CNPD)-Unknown (4/8/2021)

Data Subjects Rights, Principles, Storage limitation

Spanish Data Protection Authority (aepd)-Private individual (1/14/2022)

Data minimisation, Principles

Spanish Data Protection Authority (aepd)-Alquiler Seguro SA (5/24/2022)

Consent, Lawfulness of Processing

Spanish Data Protection Authority (aepd)-LORENT 2013, S.L (12/3/2022)

Data minimisation, Principles

Hellenic Data Protection Authority (HDPA)-Vodafone (2/2/2023)

Lawfulness of Processing, Principles, Sensitive Data

Data Protection Authority of Sweden-Trygg-Hansa (8/28/2023)

Data Subjects Rights, Integrity and confidentiality, Principles

Bulgarian Commission for Personal Data Protection (KZLD)-Unknown (2/9/2023)

Lawfulness of Processing, Principles, Sensitive Data

Decision of 31 January 2011 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data by the State of Israel with regard to automated processing of personal data

Adequacy Decisions

Legal Advisory – Application of Existing CA Laws to Artificial Intelligence

AI

Zapier’s Transfer Impact Assessment

Data Transfers

Supervision of AI systems in the EU by Dutch DPA and RDI (english)

AI, Specific processing situations

Case C 683-2021

Data Controller, Data Processors, Joint Controllers

Data Protection Authority of Sweden (Integritetsskyddsmyndigheten)-Google LLC (3/11/2020)

Access Requests (DSAR), Controllers and Processors, Data Subjects Rights, Principles, Representative

Data State Inspectorate (DSI)-Unknown (12/15/2020)

Controllers and Processors, Principles, Representative

Italian Data Protection Authority (Garante)-Foodinho s.r.l. (6/10/2021)

Data Subjects Rights, Lawfulness of Processing, Sensitive Data

Spanish Data Protection Authority (aepd)-MEETING PUERTO C.B. (1/17/2022)

Consent, Lawfulness of Processing

Deputy Data Protection Ombudsman-Otavamedia Oy (5/9/2022)

Data minimisation

Spanish Data Protection Authority (aepd)-Homeowners Association (12/3/2022)

Data minimisation, Principles

Hellenic Data Protection Authority (HDPA)-Piraeus Bank (2/2/2023)

Data Breaches, Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Rinascente S.p.A. (6/8/2023)

Lawfulness of Processing, Sensitive Data

Spanish Data Protection Authority (aepd)-20 MINUTOS EDITORA, S.L. (3/25/2024)

Administratives Measures, Liability and Remedies

Governance of artificial intelligence (AI) by House of Commons UK

AI, Specific processing situations

EU DATA ACT
Icelandic data protection authority (‘Persónuvernd’)-National Center of Addiction Medicine (‘SAA’) (3/10/2020)

Data Subjects Rights, Integrity and confidentiality, Principles

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Banca Transilvania SA (12/17/2020)

Data Subjects Rights, Integrity and confidentiality, Principles

Deputy Data Protection Ombudsman-Magazine publisher (6/24/2021)

Data Protection Officer (DPO), Data Subjects Rights, Lawfulness of Processing

Spanish Data Protection Authority (aepd)-Private individual (1/17/2022)

Data minimisation, Principles

Hellenic Data Protection Authority (HDPA)-Parliamentary election candidate (6/24/2022)

Data Subjects Rights

Italian Data Protection Authority (Garante)-Alpha Exploration (10/6/2022)

Lawfulness of Processing, Sensitive Data

Hellenic Data Protection Authority (HDPA)-Vodafone (2/20/2023)

Access Requests (DSAR), Data Subjects Rights

Italian Data Protection Authority (Garante)-Autostrade per l’Italia spa (6/22/2023)

Controllers and Processors, Data Processing Agreement (DPA), Data Subjects Rights, Lawfulness of Processing

Spanish Data Protection Authority (aepd)-INSTITUT MARQUÉS OBSTETRICIA I GINECOLOGIA, S.L.P. (11/2/2023)

Data Subjects Rights, Integrity and confidentiality, Principles

Guidelines 03/2020 on the processing of data concerning health for the purpose of scientific research in the context of the COVID-19 outbreak

Health Data

Principles on Children & Online Gaming Adopted at the Nordic Data Protection Meeting in Oslo 30 May 2024

Children as data subjects, Data Subjects Rights

Icelandic data protection authority (‘Persónuvernd’)-Breiðholt Upper Secondary School (3/10/2020)

Data Subjects Rights, Integrity and confidentiality, Principles

French Data Protection Authority (CNIL)-Doctor (12/17/2020)

Controllers and Processors, Data Subjects Rights, Technical and Organisational Measures (TOMs)

Croatian Data Protection Authority (azop)-IT services company (7/5/2021)

Technical and Organisational Measures (TOMs)

National Commission for Data Protection (CNPD)-Unknown (12/1/2021)

Data minimisation, Data Subjects Rights, Principles

Hellenic Data Protection Authority (HDPA)-WIND Ελλάς Τηλεπικοινωνίες ΑΕΒΕ (6/20/2022)

Access Requests (DSAR), Data Subjects Rights

Italian Data Protection Authority (Garante)-Codess Sociale, Soc. Coop. sociale. (10/6/2022)

Access Requests (DSAR), Data Subjects Rights

Spanish Data Protection Authority (aepd)-ORANGE ESPAGNE S.A.U. (3/16/2023)

Data minimisation, Principles

Spanish Data Protection Authority (aepd)-Private individual (9/19/2023)

Data minimisation, Data Subjects Rights, Principles

Data Protection Authority of Hamburg-Company (7/15/1905)

Data Subjects Rights, Principles, Sensitive Data

Decision of 21 November 2003 on the adequate protection of personal data in Guernsey

Adequacy Decisions

UK ICO Consultation on GenAI

AI

Case 4:23-cv-01110-P AHA v. Bacerra

Health Data, Principles, Sensitive Data

GUIDELINES CLOCKING AND ATTENDANCE CONTROL PROCESSING USING BIOMETRIC SYSTEMS BY THE AEPD

Employment, Principles, Sensitive Data, Specific processing situations

Norwegian Supervisory Authority (Datatilsynet)-Rælingen Municipality (2/26/2020)

Data Subjects Rights, Integrity and confidentiality, Principles

French Data Protection Authority (CNIL)-Doctor (12/17/2020)

Controllers and Processors, Data Subjects Rights, Technical and Organisational Measures (TOMs)

Danish Data Protection Authority (Datatilsynet)-Nordbornholms Byggeforretning Aps (7/7/2021)

Controllers and Processors, Principles, Representative

Spanish Data Protection Authority (aepd)-GARLEX SOLUTIONS, S.L. (1/18/2022)

Lawfulness of Processing

Italian Data Protection Authority (Garante)-Azienda Sanitaria Locale Roma (5/26/2022)

Data minimisation, Principles, Representative

Italian Data Protection Authority (Garante)-FCA Italy S.p.A. (9/15/2022)

Data Subjects Rights

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Company (4/4/2023)

Data Subjects Rights

Spanish Data Protection Authority (aepd)-Private individual (9/19/2023)

Data minimisation, Principles

Data Protection Authority of Hamburg-Private individual (7/15/1905)
Colorado Privacy Act
DECISION OF THE INFORMATION COMMISSIONER Snap Inc. and Snap Group Limited

AI, Specific processing situations

Data Protection Authority of Saarland-Restaurant (7/11/1905)

Data minimisation, Principles

Spanish Data Protection Authority (aepd)-Online Services (12/15/2020)

Consent, Controllers and Processors, Data Protection Officer (DPO), Data Subjects Rights, Lawfulness of Processing

Italian Data Protection Authority (Garante)-Comune di Bolzano (5/13/2021)

Lawfulness of Processing, Principles, Sensitive Data

National Commission for Data Protection (CNPD)-Unknown (11/9/2021)

Data minimisation, Data Subjects Rights, Principles

Italian Data Protection Authority (Garante)-Intesa Sanpaolo S.p.A (5/26/2022)

Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Azienda Usl Valle d’Aosta (11/10/2022)

Lawfulness of Processing, Principles, Privacy by Design, Sensitive Data

Italian Data Protection Authority (Garante)-Deca s.r.l. (3/9/2023)

Data Subjects Rights

Spanish Data Protection Authority (aepd)-Vodafone España, S.A.U. (9/5/2023)

Consent, Lawfulness of Processing

Data Protection Authority of Hamburg-Daycare center (7/15/1905)

Controllers and Processors, Technical and Organisational Measures (TOMs)

EDPB Report on the first review of the European Commission Implementing Decision on the adequate protection of personal data under the EU-US Data Privacy Framework
UK ICO Controller ROPA Template

Records of processing Activities (ROPA)

Directive (EU) 2016/1148 “NIS2 Directive”
Artificial intelligence (AI) and human rights: Using AI as a weapon of repression and its impact on human rights by EU Parliament

AI, Specific processing situations

Report on the first review of the functioning of the adequacy decisions adopted pursuant to Article 25(6) of Directive 95/46/EC

Adequacy Decisions, Data Transfers

Norwegian Supervisory Authority (Datatilsynet)-Coop Finnmark SA (2/28/2020)

Controllers and Processors, Principles, Representative

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Unknown (12/16/2020)

Principles, Purpose limitation, Sensitive Data

National Commission for Data Protection (CNPD)-Unknown (6/11/2021)

Controllers and Processors, Data minimisation, Data Subjects Rights, Principles, Sensitive Data, Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-PHARMA TALENTS, S.L.U. (1/14/2022)

Data Subjects Rights, Integrity and confidentiality, Principles

Norwegian Supervisory Authority (Datatilsynet)-Norwegian Parliament (3/4/2022)

Data Subjects Rights, Integrity and confidentiality, Principles

Spanish Data Protection Authority (aepd)-CASA 7 PERSONAL SHOPPER, S.L. (12/2/2022)

Data Subjects Rights, Integrity and confidentiality, Principles

Hellenic Data Protection Authority (HDPA)-ΜΑΡΙΑ ΠΕΔΙΩΤΗ ΚΑΙ ΣΙΑ Ο.Ε. (12/19/2022)

Controllers and Processors, Cooperation with Supervisory Authorithy, Data Subjects Rights

Spanish Data Protection Authority (aepd)-Private individual (9/1/2023)

Data Subjects Rights

Spanish Data Protection Authority (aepd)-SINDICATO LIBRE DE TRANSPORTES (11/3/2023)

Data Subjects Rights, Integrity and confidentiality, Principles

Decision of 5 March 2010 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection provided by the Faeroese Act on processing of personal data

Adequacy Decisions

Guide to Binding Corporate Rules by the UK ICO

Data Transfers

Data Protection Authority of Nordrhein-Westfalen-Private person (YouTube-Channel) (8/5/2019)

Controllers and Processors, Principles, Representative

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Robinson Tours Ltd. (Robinson Tours Idegenforgalmi és Szolgáltató Kft.) (12/16/2020)

Controllers and Processors, Data Breaches, Lawfulness of Processing, Performance of Contract, Principles, Privacy by Design

National Commission for Data Protection (CNPD)-Unknown (6/11/2021)

Data minimisation, Data Subjects Rights, Principles

Italian Data Protection Authority (Garante)-Enel Energia S.p.A (12/16/2021)

Accountability, Consent, Lawfulness of Processing, Principles, Sensitive Data

Spanish Data Protection Authority (aepd)-Vodafone España, S.A.U. (7/6/2022)

Consent, Lawfulness of Processing

Spanish Data Protection Authority (aepd)-Federation of Sports for People with Intellectual Disabilities of Castilla la Mancha-FECAM (12/2/2022)

Data Subjects Rights, Principles, Sensitive Data

Spanish Data Protection Authority (aepd)-Private individual (4/13/2023)

Data minimisation, Principles

Spanish Data Protection Authority (aepd)-Private individual (8/30/2023)

Consent, Lawfulness of Processing

Hellenic Data Protection Authority (HDPA)-Hellenic Post (ΕΛΛΗΝΙΚΑ ΤΑΧΥΔΡΟΜΕΙΑ ΑΝΩΝΥΜΗ ΕΤΑΙΡΕΙΑ) (2/28/2024)

Data Subjects Rights, Integrity and confidentiality, Principles

[PROPOSAL 2024] EU AI ACT

AI, Specific processing situations

Croatian Data Protection Authority (azop)-Bank (name not available at the moment) (3/13/2020)

Access Requests (DSAR), Data Subjects Rights

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Next Time Media Agency Ltd. (Next Time Media Ügynökség Kft.) (12/16/2020)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Dentist (6/10/2021)

Lawfulness of Processing, Principles, Sensitive Data

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Kaufland România SCS (1/20/2022)

Data Subjects Rights

Spanish Data Protection Authority (aepd)-Private individual (7/5/2022)

Data minimisation, Data Subjects Rights, Principles

Spanish Data Protection Authority (aepd)-ALPA 57 PRODUCCIONES, S.L. (11/25/2022)

Administratives Measures, Liability and Remedies

Spanish Data Protection Authority (aepd)-Vodafone España, S.A.U. (4/13/2023)

Consent, Lawfulness of Processing

Icelandic data protection authority (‘Persónuvernd’)-University of Iceland (9/6/2023)

Data Subjects Rights, Lawfulness of Processing

Spanish Data Protection Authority (aepd)-PRESTAMER, S.L. (4/12/2024)

Data Subjects Rights, Integrity and confidentiality, Principles

Generative AI framework for HM Government by the UK Central Digital and Data Office

AI, Specific processing situations

Spanish Data Protection Authority (aepd)-Telefónica (3/18/2020)

Administratives Measures, Liability and Remedies

Spanish Data Protection Authority (aepd)-Banco Bilbao Vizcaya Argentaria, S.A. (12/21/2020)

Accuracy, Principles

Dutch Supervisory Authority for Data Protection (AP)-UWV (Dutch employee insurance service provider) (5/31/2021)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-Website operator (1/21/2022)

Data Subjects Rights

Spanish Data Protection Authority (aepd)-ASOCIACIÓN DE AFICIONADOS Y PEQUEÑOS ACCIONISTAS UNIDAD HERCULANA (7/6/2022)

Data minimisation, Data Subjects Rights, Principles

Spanish Data Protection Authority (aepd)-Association for the prevention and study of crimes, abuses and negligence in information technology and advanced communications (APEDANICA) (11/25/2022)

Data minimisation, Principles

Spanish Data Protection Authority (aepd)-GUUDJOB WORLDWIDE S.L. (2/28/2023)

Data Subjects Rights

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-NN Asigurări de Viață S.A. (9/18/2023)

Data Subjects Rights, Right to Object

Spanish Data Protection Authority (aepd)-VODAFONE ESPAÑA, S.A.U. (4/5/2024)

Accuracy, Principles

Decision of 20 December 2001 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data provided by the Canadian Personal Information Protection and Electronic Documents Act

Adequacy Decisions

Utah Consumer Privacy Act
Artificial Intelligence Strategy of the CJEU

AI, Specific processing situations

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Vodafone Romania (2/11/2020)

Data Subjects Rights, Integrity and confidentiality, Principles

Spanish Data Protection Authority (aepd)-Iberdrola Clientes, SAU (12/22/2020)

Data Subjects Rights, Data Transfers

Information Commissioner (ICO)-Mermaids (7/5/2021)

Data Subjects Rights, Integrity and confidentiality, Principles

Spanish Data Protection Authority (aepd)-Property Owner Community (1/21/2022)

Data minimisation, Principles

French Data Protection Authority (CNIL)-TotalEnergies Electricité et Gaz France (6/23/2022)

Data Subjects Rights, Right to Object

Data Protection Authority of Ireland-Slane Credit Union Ltd. (1/26/2022)

Data Processing Agreement (DPA), Data Subjects Rights, Integrity and confidentiality, Principles

Spanish Data Protection Authority (aepd)-VODAFONE ONO, S.A.U. (3/10/2023)

Consent, Lawfulness of Processing

Deputy Data Protection Ombudsman-Suomen Yritysrekisteri (9/11/2023)

Data Subjects Rights

Spanish Data Protection Authority (aepd)-AIO E-COMMERCE, S.L. (10/26/2022)

Data minimisation, Principles, Sensitive Data

One-stop-shop case digest on Security of Processing and Data Breach Notification by the EDPB

Controllers and Processors, Data Breaches, Technical and Organisational Measures (TOMs)

Hellenic Data Protection Authority (HDPA)-Public Power Corporation S.A. (2/21/2020)

Access Requests (DSAR), Data Subjects Rights

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-S.C. C&V Water Control S.A. (12/22/2020)

Administratives Measures, Liability and Remedies, Principles, Sensitive Data

National Commission for Data Protection (CNPD)-Unknown (6/11/2021)

Data Protection Officer (DPO)

Data Protection Authority of Ireland-Limerick City and County Council (12/9/2021)

Access Requests (DSAR), Data Subjects Rights

Italian Data Protection Authority (Garante)-Bazar di Hu Xiaoyan (5/12/2022)

Data Subjects Rights, Principles

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Casa Rusu S.R.L. (12/9/2022)

Data Subjects Rights, Principles, Privacy by Design

Dutch Supervisory Authority for Data Protection (AP)-Dutch Social Insurance Institution (SVB) (1/19/2023)

Technical and Organisational Measures (TOMs)

Data Protection Authority of Ireland-TikTok Limited (9/1/2023)

Data minimisation, Data Subjects Rights

Spanish Data Protection Authority (aepd)-INFORMÁTICA MÉDICA, S.L. (11/7/2022)

Controllers and Processors, Data Processing Agreement (DPA)

Draft Impact Assessment Framework by the UK ICO

Controllers and Processors, Data Protection Impact Assessment (DPIA)

Spanish Data Protection Authority (aepd)-Centro De Estudio Dirigidos Delta, S.L. (3/16/2020)

Integrity and confidentiality, Principles

Belgian Data Protection Authority (APD)-Unknown (12/23/2020)

Data Subjects Rights

Spanish Data Protection Authority (aepd)-Caixabank S.A. (7/8/2021)

Lawfulness of Processing, Legitimate Interest

Italian Data Protection Authority (Garante)-Azienda USL di Parma (12/2/2021)

Integrity and confidentiality, Principles, Sensitive Data

Cypriot Data Protection Commissioner-Oroklini Municipal Council (7/14/1905)

Controllers and Processors, Cooperation with Supervisory Authorithy

Spanish Data Protection Authority (aepd)-Private individual (12/9/2022)

Data Subjects Rights, Lawfulness of Processing

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Partidul Uniunea Salvați România (4/19/2023)

Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-AcegasApsAmga SpA (7/6/2023)

Access Requests (DSAR), Data Subjects Rights, Lawfulness of Processing

Italian Data Protection Authority (Garante)-Azienda sanitaria locale Roma 3 (3/21/2024)

Data Breaches

Data Broker Sells Voter Data on Support for QAnon and January 6

Data Sharing

Decision of 30 June 2003 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data in Argentina

Adequacy Decisions

CJEU Press Release 2/2025 Case C-394/23 | Mousse

Data minimisation, Principles, Purpose limitation

2023 Coordinated Enforcement Action Designation and Position of Data Protection Officers by EDPB

Controllers and Processors, Data Protection Officer (DPO)

Решение Рег.№ ППН-02-399-2019 КЗЛД – НАП

Controllers and Processors, Data Breaches, Lawfulness of Processing

Spanish Data Protection Authority (aepd)-Private Person (3/16/2020)

Controllers and Processors, Principles, Representative

Belgian Data Protection Authority (APD)-Unknown (12/23/2020)

Data Subjects Rights, Lawfulness of Processing

Spanish Data Protection Authority (aepd)-Malagatrom S.L.U. (7/8/2021)

Lawfulness of Processing

Deputy Data Protection Ombudsman-Travel agency (12/16/2021)

Controllers and Processors, Data Subjects Rights, Integrity and confidentiality, Principles, Privacy by Design, Technical and Organisational Measures (TOMs)

Cypriot Data Protection Commissioner-Εκδοτικού Οίκου Δίας (2/4/2022)

Controllers and Processors, Principles, Representative

Spanish Data Protection Authority (aepd)-Notary (12/9/2022)

Lawfulness of Processing

Italian Data Protection Authority (Garante)-Banca Cambiano 1884 S.p.A. (3/9/2023)

Data Subjects Rights

Spanish Data Protection Authority (aepd)-Private individual (9/21/2023)

Data minimisation, Principles

Spanish Data Protection Authority (aepd)-Private individual (2/19/2024)

Administratives Measures, Liability and Remedies

Guidelines 3/2019 on processing of personal data through video devices

CCTV

UK Data Protection Act 2018
NIST Privacy Framework v1
Наказателно постановление-04-2019-КЗЛД-НАП

Controllers and Processors, Data Breaches, Lawfulness of Processing

Spanish Data Protection Authority (aepd)-Retailer (3/6/2020)

Data Subjects Rights

Polish National Personal Data Protection Office (UODO)-Towarzystwo Ubezpieczeń i Reasekuracji WARTA S.A. (12/28/2020)

Controllers and Processors, Data Breaches, Data Subjects Rights

Croatian Data Protection Authority (azop)-Insurance company (7/5/2021)

Data Subjects Rights

Deputy Data Protection Ombudsman-Motor insurance center (12/16/2021)

Lawfulness of Processing, Sensitive Data

Cypriot Data Protection Commissioner-Physician (7/14/1905)

Controllers and Processors, Cooperation with Supervisory Authorithy

Spanish Data Protection Authority (aepd)-Private individual (12/9/2022)

Data Subjects Rights

Data Protection Authority of Hessen-Covid-19 test center (7/14/1905)

Consent, Data Subjects Rights, Lawfulness of Processing

Spanish Data Protection Authority (aepd)-Private individual (9/21/2023)

Lawfulness of Processing

Spanish Data Protection Authority (aepd)-Ophthalmologic institute (10/26/2023)

Data Subjects Rights, Integrity and confidentiality, Principles

Neurodata risks report by EDPS and Spanish DPA

AI, Specific processing situations

NIST Critical Infrastructure Framework
Manipulative, Deceptive, and Exploitative AI Systems report by the Dutch DPA

AI, Lawfulness of Processing, Specific processing situations

Spanish Data Protection Authority (aepd)-Homeowners Association (3/12/2020)

Data Subjects Rights, Principles

Italian Data Protection Authority (Garante)-Reti Televisive Italiane S.p.a. (11/26/2020)

Lawfulness of Processing

Danish Data Protection Authority (Datatilsynet)-Medicals Nordic I/S (7/9/2021)
Data Protection Authority of Sweden (Integritetsskyddsmyndigheten)-Uppsala regional board (1/26/2022)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Hellenic Data Protection Authority (HDPA)-Clearview Al Inc. (7/13/2022)

Controllers and Processors, Data Subjects Rights, Lawfulness of Processing, Principles, Representative, Sensitive Data

Portuguese Data Protection Authority (CNPD)-Portuguese National Statistical Institute (11/2/2022)

Data Subjects Rights, Lawfulness of Processing, Principles, Sensitive Data

Data Protection Authority of Hessen-Covid-19 test center (7/14/1905)

Consent, Lawfulness of Processing, Principles, Sensitive Data

Spanish Data Protection Authority (aepd)-SUMINISTRADOR IBÉRICO DE ENERGÍA, S.L. (9/7/2023)

Consent, Lawfulness of Processing

Spanish Data Protection Authority (aepd)-Hiper Store S.L. (2/8/2023)

Data Subjects Rights

Decision of 19 October 2010 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data in Andorra

Adequacy Decisions

European Convention on Human Rights
GDPR in practice: Experience of data protection authorities by FRA

Data Processing by the Government, Specific processing situations

RISK FRAMEWORK FOR BODY-RELATED DATA IN IMMERSIVE TECHNOLOGIES
EDPS Model Administrative Arrangement

Data Processing by the Government, Data Transfers, Specific processing situations

Spanish Data Protection Authority (aepd)-Amalfi Servicios de Restauracion S.L. (3/16/2020)

Data Subjects Rights, Principles

Italian Data Protection Authority (Garante)-Concentrix Cvg Italy s.r.l. (11/26/2020)

Lawfulness of Processing, Principles, Sensitive Data

Data Protection Authority of Bavaria-Unknown (7/12/1905)

Administratives Measures, Liability and Remedies

Data Protection Authority of Sweden (Integritetsskyddsmyndigheten)-Uppsala hospital board (1/26/2022)

Data Subjects Rights, Integrity and confidentiality, Principles

Polish National Personal Data Protection Office (UODO)-Głównego Geodetę Kraju (7/6/2022)

Controllers and Processors, Data Breaches, Data Subjects Rights

Spanish Data Protection Authority (aepd)-Vodafone España, S.A.U. (12/13/2022)

Consent, Lawfulness of Processing

Data Protection Authority of Hessen-Police officer (7/14/1905)
Italian Data Protection Authority (Garante)-Prodav srl (7/18/2023)

Data Subjects Rights, Principles

Spanish Data Protection Authority (aepd)-Vodafone España, S.A.U. (3/1/2024)

Consent, Lawfulness of Processing

U.S. Court Revives Video Privacy Lawsuit Against NBA

Lawfulness of Processing

Guidelines 3/2018 on the territorial scope of the GDPR (Article 3)

Territorial Scope

Guidelines scraping by private organizations and individuals by the Dutch Data Protection Authority

Automated Decision-making, Controllers and Processors

Guidelines 01/2023 on Article 37 Law Enforcement Directive by EDPB

Data Transfers

The EU’s International Cooperation on Cyber Capacity Building| second edition

Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-Oliveros Ustrell, S.L. (3/19/2020)

Controllers and Processors, Principles, Representative

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Qualitance QBS SA (12/29/2020)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Danish Data Protection Authority (Datatilsynet)-Region of Syddanmark (7/16/2021)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Centro di Medicina preventiva s.r.l. (12/16/2021)

Controllers and Processors, Data Protection Officer (DPO), Data Subjects Rights, Principles, Technical and Organisational Measures (TOMs)

Danish Data Protection Authority (Datatilsynet)-SIRIUS (law firm) (7/14/2022)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Deputy Data Protection Ombudsman-Viking Line Oy Abp (12/9/2022)

Data Subjects Rights, Lawfulness of Processing, Principles, Sensitive Data

Data Protection Authority of Hessen-Police officer (7/14/1905)
Spanish Data Protection Authority (aepd)-GENERAL LOGISTICS SYSTEMS SPAIN, S.A. (8/30/2023)

Lawfulness of Processing

Spanish Data Protection Authority (aepd)-Vodafone España, S.A.U. (2/29/2024)

Consent, Lawfulness of Processing

DSB (Austria) – D130.1013 2024-0.743.431 nyob vs Google

Data Controller, Data Subjects Rights, Definitions

Federal Act on Data Protection (Switzerland)
Artificial Intelligence Risk Management Framework by NIST: Generative Artificial Intelligence Profile

AI, Risk Management, Specific processing situations

AI, DATA GOVERNANCE AND PRIVACY SYNERGIES AND AREAS OF INTERNATIONAL CO-OPERATION BY OECD

AI, Specific processing situations

Recommendations 02/2020 on the European Essential Guarantees for surveillance measures

CCTV, Lawfulness of Processing, Legitimate Interest, Specific processing situations

Secure Future Initiative Report by Microsoft

Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-RTI – Reti Televisive Italiane s.p.a. (2/6/2020)

Controllers and Processors, Principles, Representative

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-ING Bank N.V. Amsterdam – Bucharest office (12/30/2020)

Controllers and Processors, Principles, Representative

National Commission for Data Protection (CNPD)-Unknown (6/29/2021)

Data minimisation, Data Subjects Rights, Principles

Italian Data Protection Authority (Garante)-Corradi s.r.l. (12/16/2021)

Data Subjects Rights, Lawfulness of Processing, Sensitive Data

Italian Data Protection Authority (Garante)-Turkish City (5/26/2022)

Data Subjects Rights

French Data Protection Authority (CNIL)-FREE SAS (12/8/2022)

Access Requests (DSAR), Controllers and Processors, Data Subjects Rights, Technical and Organisational Measures (TOMs)

Data Protection Authority of Hessen-Police officer (7/14/1905)
Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Digi Telecommunications and Services Ltd. (6/22/2023)

Data Subjects Rights, Lawfulness of Processing

Spanish Data Protection Authority (aepd)-CAIXABANK, S.A (4/12/2024)

Consent, Lawfulness of Processing

EDPB Releases First Report on EU-U.S. Data Privacy Framework
Standard contractual clauses for international transfers by EU

Data Transfers, Standard Contractual Clauses (SCC)

Controller – Processor Assessment Tool

Controllers and Processors

National framework for the assurance of artificial intelligence in government by the Australian, state and territory governments

AI, Specific processing situations

Guide to Technical and Organisational Data Protection Measures (TOM) by the Swiss FDPIC

Controllers and Processors, Technical and Organisational Measures (TOMs)

Cyber Threat Modelling for Risk Assessment by CSB

Risk Management, Technical and Organisational Measures (TOMs)

Hellenic Data Protection Authority (HDPA)-Speech and Special Education Centre – Mihou Dimitra (3/20/2020)

Access Requests (DSAR), Controllers and Processors, Data Subjects Rights, Representative

Spanish Data Protection Authority (aepd)-Vodafone España, S.A.U. (1/4/2021)

Accuracy, Principles, Sensitive Data

Spanish Data Protection Authority (aepd)-Aparcamiento Arcusa S.L.U. (7/9/2021)

Data minimisation, Data Subjects Rights, Principles

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Lawyer (12/3/2021)

Consent, Lawfulness of Processing, Principles, Sensitive Data

Spanish Data Protection Authority (aepd)-Private Individual (7/1/2022)

Data minimisation, Principles

Italian Data Protection Authority (Garante)-I.S.P.R.O. (10/20/2022)

Integrity and confidentiality, Principles, Sensitive Data

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Tensa Art Design SA (4/24/2023)

Data Subjects Rights

Spanish Data Protection Authority (aepd)-Private individual (9/25/2023)

Data minimisation, Data Subjects Rights, Principles

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-S.C. Tensa Art Design S.A.. (4/22/2024)

Lawfulness of Processing

W03-2025: Privacy News Podcast
Guidelines 2/2019 on the processing of personal data under Article 6(1)(b) GDPR in the context of the provision of online services to data subjects

Performance of Contract

Board of Directors Handbook for Cloud Risk Governance | Google

Risk Management

Relying on the legal basis of legitimate interest to develop an AI system by CNIL

AI, Specific processing situations

[UK] International Data Transfer Addendum to the EU Commission Standard Contractual Clauses

Data Transfers

Guide to Good Governance in Cybersecurity by DCSD

Technical and Organisational Measures (TOMs)

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Directorate of Social and Child Welfare Institutions of the Ferencvaros District of Budapest (5/21/2019)

Controllers and Processors, Data Breaches

Norwegian Supervisory Authority (Datatilsynet)-Innovasjon Norge (1/4/2021)

Controllers and Processors, Principles, Representative

Spanish Data Protection Authority (aepd)-Marbella Resorts S.L. (7/6/2021)

Controllers and Processors, Data Processing Agreement (DPA)

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-SC Grupex 2000 SRL (2/1/2022)

Lawfulness of Processing, Principles, Sensitive Data

Cypriot Data Protection Commissioner-Cyprus Judo Federation (7/14/1905)

Controllers and Processors, Cooperation with Supervisory Authorithy

Spanish Data Protection Authority (aepd)-Vodafone España, S.A.U. (12/13/2022)

Consent, Lawfulness of Processing

Spanish Data Protection Authority (aepd)-KFC RESTAURANTS SPAIN, S.L. (4/20/2023)

Controllers and Processors, Data Subjects Rights, Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-EUROPA PRESS DE CATALUNYA, S.A. (9/26/2023)

Data minimisation, Principles

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-ALPHA BANK ROMANIA SA. (4/23/2024)

Controllers and Processors, Data Processing Agreement (DPA), Data Subjects Rights

Standard contractual clauses for EU-EEA by EU

Standard Contractual Clauses (SCC)

2025-W02-Privacy News German Court Awards EUR 10000 for Unlawful Disclosure of Data, EDPB Issues Opinion on AI Models and more
Generative AI Controls Framework Safe, Secure, and Compliant AI Adoption Approach Whitepaper by IBM

AI, Specific processing situations

[UK] Standard Data Protection Clauses to be issued by the Commissioner under S119A(1) Data Protection Act 2018

Data Transfers

ENISA Threat Landscape 2024 EU Agency for Cybersecurity

Technical and Organisational Measures (TOMs)

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Local bank (5/31/2019)

Access Requests (DSAR), Data Subjects Rights

French Data Protection Authority (CNIL)-Perfomeclic (12/7/2020)

Data minimisation, Data Subjects Rights, Principles, Right to Object, Sensitive Data

Spanish Data Protection Authority (aepd)-Private Individual (7/2/2021)

Consent, Lawfulness of Processing

Spanish Data Protection Authority (aepd)-Property Owner Community (1/31/2022)

Lawfulness of Processing

Italian Data Protection Authority (Garante)-Azienda Socio Sanitaria Territoriale Dei Sette Laghi (5/22/2022)

Controllers and Processors, Integrity and confidentiality, Principles, Sensitive Data, Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-Vodafone España, S.A.U. (12/13/2022)

Consent, Lawfulness of Processing

Italian Data Protection Authority (Garante)-Azienda sanitaria locale di Bari (3/2/2023)

Lawfulness of Processing, Principles, Sensitive Data

Spanish Data Protection Authority (aepd)-DIGI SPAIN TELECOM, S.L. (9/26/2023)

Consent, Lawfulness of Processing

Czech Data Protection Auhtority (UOOU)-Avast Software s.r.o. (4/15/2024)
Regulating targeted and behavioural advertising in digital services by EU Parliament

Marketing and Advertising, Specific processing situations

International Data Transfer Agreements – Transitional Provisions

Data Transfers

Chief Information Security Officer_ HANDBOOK

Risk Management

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Claim management company (6/3/2019)

Controllers and Processors, Principles, Representative

Polish National Personal Data Protection Office (UODO)-ID Finance Poland Sp. z o.o. (12/17/2020)

Data Subjects Rights, Integrity and confidentiality, Principles, Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-Homeowners Association (7/7/2021)

Data minimisation, Principles

Spanish Data Protection Authority (aepd)-Cyrana España General S.L. (1/31/2022)

Consent, Lawfulness of Processing

Data Protection Authority of Brandenburg-Private individual (7/13/1905)

Lawfulness of Processing

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Societatea Energetică Electrica S.A. (12/15/2022)

Controllers and Processors, Data Processing Agreement (DPA)

Data Protection Authority of Sweden-Skåne region (4/26/2023)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-CHINA CENTER LLEIDA (9/27/2023)

Data Subjects Rights

Data Protection Authority of Brandenburg-Supermarket (7/15/1905)

Consent, Lawfulness of Processing, Principles, Sensitive Data

Guidelines 1/2019 on Codes of Conduct and Monitoring Bodies under Regulation 2016/679

Code of Conduct

Orientation guide of the Conference of Independent Federal and State Data Protection Supervisory Authorities by the German Data Protection Conference (DSK)

AI, Specific processing situations

GDPR: a culture of non-compliance? Numbers of evidence-based enforcement efforts by nyob

Liability and Remedies, Supervisory Authorities

AIPact by the European Artificial Intelligence Office

AI, Data Subjects Rights, Specific processing situations

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Unknown (6/26/2019)

Access Requests (DSAR), Controllers and Processors, Data Subjects Rights, Principles, Representative

Polish National Personal Data Protection Office (UODO)-TUiR Warta S.A. (12/9/2020)

Controllers and Processors, Data Breaches, Data Subjects Rights

Spanish Data Protection Authority (aepd)-Unknown (7/1/2021)

Consent, Lawfulness of Processing

Spanish Data Protection Authority (aepd)-INCOPROSOL, S.L. (1/31/2022)

Data minimisation, Principles

Data Protection Authority of Brandenburg-Private individual (7/13/1905)

Lawfulness of Processing

Spanish Data Protection Authority (aepd)-HOSPITAL RECOLETAS PONFERRADA, S.L. (12/15/2022)

Consent, Data Subjects Rights, Lawfulness of Processing

Austrian Data Protection Authority (dsb)-Operator of a public toilet (8/23/2022)

Lawfulness of Processing, Legitimate Interest, Sensitive Data

French Data Protection Authority (CNIL)-SAF LOGISTICS (9/18/2023)

Controllers and Processors, Cooperation with Supervisory Authorithy, Data minimisation, Principles, Sensitive Data

Data Protection Authority of Brandenburg-Private individual (7/15/1905)
AI Literacy – Questions & Answers

AI

Data protection impact assessment on the processing of personal data on government Facebook Pages

Controllers and Processors, Data Protection Impact Assessment (DPIA)

Datenschutzkonforme Künstliche Intelligenz Checkliste mit Prüfkriterien nach DS-GVO

AI, Specific processing situations

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Financial Enterprise (6/26/2019)

Controllers and Processors, Data Subjects Rights, Principles, Representative, Right to Object

French Data Protection Authority (CNIL)-Nestor SAS (1/5/2021)

Data Subjects Rights

Spanish Data Protection Authority (aepd)-Private Individual (7/1/2021)

Consent, Lawfulness of Processing

Belgian Data Protection Authority (APD)-Researcher (1/27/2022)

Consent, Lawfulness of Processing, Sensitive Data

Data Protection Authority of Brandenburg-Physician (7/13/1905)

Lawfulness of Processing

Spanish Data Protection Authority (aepd)-ORANGE ESPAGNE, S.A.U. (12/15/2022)

Consent, Lawfulness of Processing

Spanish Data Protection Authority (aepd)-SECURITAS DIREC ESPAÑA, S.A. (4/21/2023)

Administratives Measures, Liability and Remedies

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-RESTART ENERGY ONE S.A. (9/26/2023)

Controllers and Processors, Sensitive Data, Technical and Organisational Measures (TOMs)

Data Protection Authority of Brandenburg-Police officer (7/15/1905)
2025-W05 DeepSeek: A Quantum Leap in AI, A Dead End in GDPR Compliance
Automated Decision-Making in Online Platforms: Protection Against Discrimination and Manipulation of Behavior

Automated Decision-making, Controllers and Processors

CASE STUDIES (2018 – 2023) by the Irish DPC

Access Requests (DSAR), Controllers and Processors, Data Breaches, Data Subjects Rights, Liability and Remedies, Supervisory Authorities

Austrian Data Protection Authority (dsb)-Betting place (12/9/2018)

Data Subjects Rights

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Budapest Environs Regional Court (7/17/2019)

Controllers and Processors, Principles, Representative

Polish National Personal Data Protection Office (UODO)-L. Sp. z o.o. (11/1/2019)

Lawfulness of Processing, Principles, Sensitive Data

Hellenic Data Protection Authority (HDPA)-Pediatrician (7/8/2021)

Data Subjects Rights

Belgian Data Protection Authority (APD)-EU DisinfoLab (1/27/2022)

Consent, Lawfulness of Processing, Sensitive Data

Italian Data Protection Authority (Garante)-City of Rome (Roma capitale) (1/27/2021)

Lawfulness of Processing, Sensitive Data

Spanish Data Protection Authority (aepd)-Private individual (12/20/2022)

Data minimisation, Principles

Spanish Data Protection Authority (aepd)-DIGI SPAIN TELECOM, S.L. (4/25/2023)

Consent, Lawfulness of Processing

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-UAT Comuna Albeni (9/25/2023)

Administratives Measures, Liability and Remedies, Principles, Sensitive Data

Data Protection Authority of Brandenburg-Fishing club (7/15/1905)

Lawfulness of Processing

IAB Europe’s response to the EDPB public consultation on Guidelines 1/2025 on Pseudonymisation

Pseudonymisation

Guidelines 1/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the Regulation

Certification

UK ICO Privacy Policy Generator

Data Subjects Rights

DRAFT RISK ASSESSMENT REGULATIONS FOR CALIFORNIA PRIVACY PROTECTION AGENCY

Risk Management

Austrian Data Protection Authority (dsb)-Kebab restaurant (7/10/1905)

Data Subjects Rights, Principles

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Public area maintenance company (8/2/2019)

Controllers and Processors, Data Subjects Rights, Principles, Representative

Czech Data Protection Auhtority (UOOU)-Unknown (1/4/2021)

Consent, Data Subjects Rights, Lawfulness of Processing

Spanish Data Protection Authority (aepd)-Telefónica Móviles España, S.A.U. (7/12/2021)

Lawfulness of Processing

Hellenic Data Protection Authority (HDPA)-Cosmote Mobile Telecommunications S.A. (1/27/2022)

Controllers and Processors, Data Subjects Rights, Lawfulness of Processing, Representative

Data Protection Authority of Brandenburg-Police department (7/13/1905)
Spanish Data Protection Authority (aepd)-Property owner administrative board (12/20/2022)

Integrity and confidentiality, Principles

Spanish Data Protection Authority (aepd)-Telefónica Móviles España, S.A.U. (4/24/2023)

Consent, Lawfulness of Processing

Italian Data Protection Authority (Garante)-RCS Mediagroup Spa (8/31/2023)

Lawfulness of Processing, Sensitive Data

Croatian Data Protection Authority (azop)-Unknown (4/22/2024)

Data Subjects Rights

2025-W03 The Austrian DSB Slaps Down Google’s Controllership Denial, CCPA applicable for AI and more
Analysis of the final compromise text of the EU AI Act with a view to agreement by the Belgian Presidency

AI, Specific processing situations

Austrian Data Protection Authority (dsb)-Private car owner (9/27/2018)

Controllers and Processors, Lawfulness of Processing, Representative

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Government Office Managing the Real Estate Register (8/8/2019)

Data Subjects Rights, Principles

Norwegian Supervisory Authority (Datatilsynet)-Lindstrand Trading AS (1/6/2021)

Controllers and Processors, Principles, Representative

Polish National Personal Data Protection Office (UODO)-Fundację Promocji Mediacji i Edukacji Prawnej Lex Nostra (6/30/2021)

Controllers and Processors, Data Breaches, Data Subjects Rights

Hellenic Data Protection Authority (HDPA)-OTE Group (1/27/2022)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Data Protection Authority of Brandenburg-Police department (7/13/1905)
Spanish Data Protection Authority (aepd)-Private individual (12/20/2022)

Consent, Lawfulness of Processing

Spanish Data Protection Authority (aepd)-Website operator (4/26/2023)

Data Subjects Rights

Spanish Data Protection Authority (aepd)-FEDERACIÓN DE BALONMANO DE CASTILLA LA MANCHA (9/25/2023)

Data Subjects Rights, Principles, Sensitive Data

Croatian Data Protection Authority (azop)-Betting company (4/22/2024)

Consent, Data Protection Officer (DPO), Lawfulness of Processing

The AI Risk Repository by MIT

AI

Transfer Impact Assessment (TIA)

Data Transfers

Transparency and Consent Framework Policies by IAB Europe

Consent, Cookies, Lawfulness of Processing, Principles, Transparency

Austrian Data Protection Authority (dsb)-Private person (12/20/2018)

Consent, Controllers and Processors, Data Subjects Rights, Lawfulness of Processing, Representative

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Unknown Company (10/15/2019)

Controllers and Processors, Data Subjects Rights, Principles, Representative, Technical and Organisational Measures (TOMs)

Norwegian Supervisory Authority (Datatilsynet)-Gveik AS (1/7/2021)

Controllers and Processors, Principles, Representative

Dutch Supervisory Authority for Data Protection (AP)-TikTok (4/9/2021)

Data Subjects Rights

Italian Data Protection Authority (Garante)-B&T S.p.A. (11/25/2021)

Controllers and Processors, Data Subjects Rights, Lawfulness of Processing, Representative

Data Protection Authority of Brandenburg-Police department (7/13/1905)
Italian Data Protection Authority (Garante)-Lazio Region (12/1/2022)

Lawfulness of Processing, Representative

Spanish Data Protection Authority (aepd)-Private individual (4/25/2023)

Data minimisation, Principles

Spanish Data Protection Authority (aepd)-Private individual (10/5/2023)

Data minimisation, Principles

Croatian Data Protection Authority (azop)-Betting company (4/22/2024)

Consent, Data Protection Officer (DPO), Lawfulness of Processing

Transfer Risk Assessment Tool by the UK ICO

Data Transfers

Belgian Data Protection Authority (APD)-Mayor (5/28/2019)

Controllers and Processors, Principles, Purpose limitation, Representative

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Representative of a local government (3/4/2020)

Access Requests (DSAR), Controllers and Processors, Data Subjects Rights, Principles, Representative

Estonian Data Protection Authority (AKI)-Apotheka e-apteek (12/1/2020)

Controllers and Processors, Principles, Representative

French Data Protection Authority (CNIL)-SGAM AG2R LA MONDIALE (7/20/2021)

Data Subjects Rights, Principles, Storage limitation

Italian Data Protection Authority (Garante)-Aimon Srl (11/25/2021)

Controllers and Processors, Data Subjects Rights, Lawfulness of Processing, Representative, Right to Object

Data Protection Authority of Hamburg-Company (7/13/1905)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Villafranca di Verona municipality (11/10/2022)

Lawfulness of Processing, Principles, Sensitive Data

Data Protection Authority of Brandenburg-Bank (7/14/1905)

Controllers and Processors, Data Processing Agreement (DPA), Data Subjects Rights

Cypriot Data Protection Commissioner-Breikot Management Ltd (7/15/1905)

Controllers and Processors, Data minimisation, Principles, Representative

Italian Data Protection Authority (Garante)-Enel Energia SpA (2/8/2024)

Controllers and Processors, Integrity and confidentiality, Principles, Privacy by Design, Representative, Technical and Organisational Measures (TOMs)

GDPR Amendments Proposal
Guidelines 4/2018 on the accreditation of certification bodies under Article 43 of the General Data Protection Regulation (2016/679)

Certification

Transfer Impact Assessment (TIA) Template by HSE

Data Transfers

Bulgarian Commission for Personal Data Protection (KZLD)-Bank (12/4/2018)

Controllers and Processors, Principles, Purpose limitation, Representative

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-SOS Infertility Association (3/25/2020)

Administratives Measures, Liability and Remedies

Estonian Data Protection Authority (AKI)-Südameapteegi e-apteek (12/1/2020)

Controllers and Processors, Principles, Representative

Italian Data Protection Authority (Garante)-Azienda Usl della Romagna (5/27/2021)

Integrity and confidentiality, Principles, Sensitive Data

Data Protection Authority of Saarland-Police officer (7/12/1905)

Controllers and Processors, Principles, Representative

Spanish Data Protection Authority (aepd)-DKV Seguros y Reaseguros, S.A.E. (7/13/2022)

Controllers and Processors, Data Breaches, Data Subjects Rights, Integrity and confidentiality, Principles

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-SUDREZIDENȚIAL Broker S.R.L. (12/22/2022)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Data Protection Authority of Brandenburg-Restaurant operator (7/14/1905)

Controllers and Processors, Principles, Representative

Italian Data Protection Authority (Garante)-Private individual (7/18/2023)

Controllers and Processors, Lawfulness of Processing, Representative

Italian Data Protection Authority (Garante)-Mas s.r.l. (4/13/2023)

Consent, Controllers and Processors, Data Subjects Rights, Lawfulness of Processing, Representative

[UK EXTENSION] EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES ISSUED BY THE U.S. DEPARTMENT OF COMMERCE

Data Transfers

Bulgarian Commission for Personal Data Protection (KZLD)-Telecommunication service provider (2/26/2019)

Lawfulness of Processing, Principles

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Enel Energie (3/25/2020)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Estonian Data Protection Authority (AKI)-Azeta.ee e-apteek (12/1/2020)

Controllers and Processors, Principles, Representative

Italian Data Protection Authority (Garante)-Azienda Provinciale per i Servizi Sanitari di Trento (5/27/2021)

Lawfulness of Processing, Principles, Sensitive Data

Data Protection Authority of Saarland-Restaurant (7/12/1905)

Data minimisation, Principles

Spanish Data Protection Authority (aepd)-Private individual (7/19/2022)

Administratives Measures, Liability and Remedies

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Kaufland Romania SCS (12/27/2022)

Controllers and Processors, Data Processing Agreement (DPA), Data Subjects Rights

Data Protection Authority of Brandenburg-Operator of a swimming pool (7/14/1905)

Lawfulness of Processing, Legal Obligation

Deputy Data Protection Ombudsman-Company (9/4/2023)

Data Subjects Rights

Italian Data Protection Authority (Garante)-Mas s.r.l.s. (4/13/2023)

Consent, Controllers and Processors, Lawfulness of Processing, Representative

SWISS-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES ISSUED BY THE U.S. DEPARTMENT OF COMMERCE

Data Transfers

Bulgarian Commission for Personal Data Protection (KZLD)-Bank (1/17/2019)

Lawfulness of Processing, Principles

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Vodafone Romania (3/25/2020)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Data Protection Authority of Niedersachsen-notebooksbilliger.de (1/8/2021)

Controllers and Processors, Principles, Representative

Spanish Data Protection Authority (aepd)-Intersumi S.C. (7/26/2021)

Data Subjects Rights

Data Protection Authority of Hessen-Employee at a Covid 19 testing center (7/12/1905)

Lawfulness of Processing

Spanish Data Protection Authority (aepd)-Bar owner (7/19/2022)

Principles, Purpose limitation

Italian Data Protection Authority (Garante)-Areti spa (11/24/2022)

Accountability, Accuracy, Data Subjects Rights, Principles, Sensitive Data

Data Protection Authority of Brandenburg-Aid organization (7/14/1905)

Controllers and Processors, Data Processing Agreement (DPA), Data Subjects Rights

Polish National Personal Data Protection Office (UODO)-Company (7/12/2023)

Controllers and Processors, Data Breaches, Data Subjects Rights

Data Protection Authority of Hessen-Physician (7/15/1905)

Data Subjects Rights, Integrity and confidentiality, Principles

Guidelines 2/2018 on derogations of Article 49 under Regulation 2016/679

Data Transfers

Senate Bill 262 (Delete Act)
EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES ISSUED BY THE U.S. DEPARTMENT OF COMMERCE

Data Transfers

Bulgarian Commission for Personal Data Protection (KZLD)-Employer (2/22/2019)

Access Requests (DSAR), Data Subjects Rights

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Dante International (3/25/2020)

Data Subjects Rights, Lawfulness of Processing

Italian Data Protection Authority (Garante)-Gaypa s.r.l. (10/29/2020)

Data Subjects Rights, Lawfulness of Processing, Sensitive Data

Spanish Data Protection Authority (aepd)-Fincas Miguel García S.L. (7/26/2021)

Data Subjects Rights

Data Protection Authority of Baden-Wuerttemberg-Restaurant (11/1/2019)

Data minimisation, Principles

Spanish Data Protection Authority (aepd)-Private individual (7/19/2022)

Data minimisation, Principles

Italian Data Protection Authority (Garante)-Sportitalia (11/10/2022)

Data Subjects Rights, Lawfulness of Processing, Principles, Sensitive Data

Spanish Data Protection Authority (aepd)-ALBERO FORTE COMPOSITE, S.L. (4/28/2023)

Controllers and Processors, Data Protection Impact Assessment (DPIA)

Italian Data Protection Authority (Garante)-Azienda Socio Sanitaria Territoriale Ovest Milanese (7/18/2023)

Controllers and Processors, Integrity and confidentiality, Principles, Sensitive Data, Technical and Organisational Measures (TOMs)

Data Protection Authority of Hessen-Company (7/15/1905)

Data Subjects Rights, Right to Object

Commission v EDPS (Case T-262/24)

Data Sharing

THE NEW STANDARD CONTRACTUAL CLAUSES – QUESTIONS AND ANSWERS

Data Transfers, Standard Contractual Clauses (SCC)

Cypriot Data Protection Commissioner-State Hospital (7/11/1905)

Access Requests (DSAR), Data Subjects Rights

Italian Data Protection Authority (Garante)-Comune di Urago (2/13/2020)

Controllers and Processors, Principles, Representative

Italian Data Protection Authority (Garante)-Borgo Fonte Scura s.r.l. (10/29/2020)

Data Subjects Rights, Lawfulness of Processing

French Data Protection Authority (CNIL)-Monsanto Company (7/26/2021)

Data Subjects Rights

Data Protection Authority of Brandenburg-Operator of a ballet school (7/12/1905)

Consent, Lawfulness of Processing, Principles

Spanish Data Protection Authority (aepd)-Bookstore employee (7/19/2022)

Data Subjects Rights, Integrity and confidentiality, Principles

Data Protection Authority of Ireland-Meta Platforms Ireland Limited (1/4/2023)

Controllers and Processors, Data Subjects Rights, Lawfulness of Processing, Representative

Spanish Data Protection Authority (aepd)-INFINITY ECOM S.L. (4/28/2023)

Data Subjects Rights

Spanish Data Protection Authority (aepd)-ILUNION SEGURIDAD, S.A. (10/10/2023)

Data Subjects Rights, Integrity and confidentiality, Principles

Data Protection Authority of Hessen-Company (7/15/1905)

Controllers and Processors, Cooperation with Supervisory Authorithy

Administrative fine against Grindr LLC by The Norwegian Data Protection Authority

Consent, Lawfulness of Processing, Principles, Sensitive Data

Conformally Privacy Policy Generator

Data Subjects Rights

PRESS RELEASE No 20/24 | Case C-118-22

Data Subjects Rights, Right to Erasure

Cypriot Data Protection Commissioner-Newspaper (7/11/1905)

Lawfulness of Processing

Spanish Data Protection Authority (aepd)-Xfera Moviles S.A. (3/25/2020)

Administratives Measures, Liability and Remedies

Spanish Data Protection Authority (aepd)-Caixabank S.A. (1/13/2021)

Data Subjects Rights, Lawfulness of Processing

Spanish Data Protection Authority (aepd)-Mercadona S.A. (7/26/2021)

Controllers and Processors, Data minimisation, Data Subjects Rights, Principles, Representative, Sensitive Data

Data Protection Authority of Brandenburg-Medical assistant (7/12/1905)

Consent, Lawfulness of Processing

Spanish Data Protection Authority (aepd)-BANKINTER, S.A. (7/18/2022)

Integrity and confidentiality, Principles

Italian Data Protection Authority (Garante)-Cisterna di Latina Municipality (11/10/2022)

Controllers and Processors, Data Protection Officer (DPO), Principles

Italian Data Protection Authority (Garante)-Ediscom S.p.a. (2/23/2023)

Lawfulness of Processing, Sensitive Data

Spanish Data Protection Authority (aepd)-NORDETIA CLINICS MÓSTOLES S.L. (10/10/2023)

Data Subjects Rights, Integrity and confidentiality, Principles

Spanish Data Protection Authority (aepd)-CORPORACIÓN DUAL GRUPO LC, S.L. (3/15/2024)

Administratives Measures, Liability and Remedies

Commission guidelines on measures to ensure a high level of privacy, safety and security for minors online [PUBLIC CONSULTATION]

Children as data subjects

Opinion 1/2023 on the draft decision of the competent supervisory authority of Croatia regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to Article 41 GDPR |EPDB

Code of Conduct, Controllers and Processors

Today’s and tomorrow’s means of payment facing the challenge of data protection by CNIL

Definitions, Processing of personal data

EO 13800 on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

Controllers and Processors, Technical and Organisational Measures (TOMs)

Czech Data Protection Auhtority (UOOU)-Employer (1/10/2019)

Lawfulness of Processing

Polish National Personal Data Protection Office (UODO)-Vis Consulting Sp. z o.o. (3/9/2020)

Controllers and Processors, Cooperation with Supervisory Authorithy, Representative

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Unknown (11/18/2020)

Accuracy, Principles

National Commission for Data Protection (CNPD)-Amazon Europe Core S.à.r.l. (7/16/2021)
Data Protection Authority of Hessen-Corporation (7/12/1905)

Data Subjects Rights

Italian Data Protection Authority (Garante)-Afragola municipality (5/26/2022)

Data Subjects Rights, Lawfulness of Processing, Principles, Sensitive Data

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Homeowners Association (1/3/2023)

Principles, Storage limitation

Spanish Data Protection Authority (aepd)-Burwebs S.L. (11/3/2022)

Data Subjects Rights, Lawfulness of Processing, Sensitive Data

Spanish Data Protection Authority (aepd)-Private individual (10/9/2023)

Data minimisation, Principles

Spanish Data Protection Authority (aepd)-JUNTA DE CONSERVACION SECTOR RESIDENCIAL ELORDIGAN SAT (3/21/2024)

Data Subjects Rights

Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679

Data Protection Impact Assessment (DPIA)

Opinion 02/2023 on the draft decision of the competent supervisory authority of Latvia regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to Article 41 GDPR |EPDB

Code of Conduct, Controllers and Processors

Artificial Intelligence and Algorithms in Risk Assessment by the European Labour Authority

Risk Management

Case ZWO 22/775, Overijssel District, Netherlands

Liability and Remedies, Supervisory Authorities

Czech Data Protection Auhtority (UOOU)-Car renting company (2/4/2019)

Lawfulness of Processing

Data Protection Commision of Bulgaria (KZLD)-T.K. EOOD (2/20/2020)

Data Subjects Rights, Principles, Privacy by Design

Norwegian Supervisory Authority (Datatilsynet)-Unknown (1/12/2021)

Controllers and Processors, Principles, Representative

Spanish Data Protection Authority (aepd)-UNIVERSIDAD A DISTANCIA DE MADRID, S.A. (7/29/2021)

Data Subjects Rights, Right to Erasure

Data Protection Authority of Hamburg-Clearview AI Inc. (7/12/1905)

Administratives Measures, Liability and Remedies

Italian Data Protection Authority (Garante)-Villabate municipality (5/12/2022)

Controllers and Processors, Data Protection Officer (DPO), Lawfulness of Processing, Representative

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Apă Canal Ilfov SA (1/4/2023)

Controllers and Processors, Data Subjects Rights, Lawfulness of Processing, Performance of Contract, Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-DISPLAY CONNECTORS, S.L. (2/22/2023)

Data minimisation, Principles

Spanish Data Protection Authority (aepd)-Private individual (10/9/2023)

Data minimisation, Principles

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-IRIDEX GROUP SALUBRIZARE SRL (5/9/2024)

Data Subjects Rights, Lawfulness of Processing, Performance of Contract

Cease and Desist – Training of Meta AI in the EU | Letter by nyob

AI

Report of the work undertaken by the Cookie Banner Taskforce [Official EDPB Guidelines] [pdf]

Consent, Cookies

Opinion 03/2023 on the draft decision of the competent supervisory authority of Romania regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR |EPDB

Code of Conduct, Controllers and Processors

Patent Landscape Report on Generative AI by WIPO

AI, Specific processing situations

A pro-innovation approach to AI regulation by UK ICO

AI, Specific processing situations

Czech Data Protection Auhtority (UOOU)-Unknown (2/28/2019)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Data Protection Commision of Bulgaria (KZLD)-L.E. EOOD (2/20/2020)

Data Subjects Rights, Lawfulness of Processing, Principles, Privacy by Design

Norwegian Supervisory Authority (Datatilsynet)-Coop Finnmark SA (1/14/2021)

Controllers and Processors, Lawfulness of Processing, Representative

Spanish Data Protection Authority (aepd)-Website operator (7/27/2021)

Data Subjects Rights

Data Protection Authority of Hamburg-Police officer (7/12/1905)

Controllers and Processors, Principles, Representative

Italian Data Protection Authority (Garante)-Convitto Nazionale Statale ‘Giordano Bruno’ di Maddaloni (boarding school) (3/25/2021)

Lawfulness of Processing, Representative

Spanish Data Protection Authority (aepd)-Homeowners Association (12/28/2022)

Data Subjects Rights

Spanish Data Protection Authority (aepd)-BANQUETES SANTA ANA, S.L. (5/3/2023)

Data minimisation, Principles

Croatian Data Protection Authority (azop)-Zagreb Holding d.o.o. (9/13/2023)

Data Subjects Rights

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-MEDICOVER SRL (5/9/2024)

Data Subjects Rights, Lawfulness of Processing, Performance of Contract

Opinion 4/2023 on the draft decision of the competent supervisory authority of Malta regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) |EPDB

Accreditation

Comparison of U.S. State Privacy Laws. Data Protection Assessments by CIPL

Controllers and Processors, Data Protection Impact Assessment (DPIA)

Czech Data Protection Auhtority (UOOU)-Credit brokerage (2/4/2019)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Data Protection Commision of Bulgaria (KZLD)-Utility Company (1/6/2020)

Consent, Lawfulness of Processing

Belgian Data Protection Authority (APD)-Unknown (1/12/2021)

Consent, Lawfulness of Processing

Spanish Data Protection Authority (aepd)-NEXTSTEPAGENCY, S.L. (7/27/2021)

Data Subjects Rights

Data Protection Authority of Hamburg-Police officer (7/12/1905)

Controllers and Processors, Principles, Representative

Croatian Data Protection Authority (azop)-Car dealership (7/21/2022)
Spanish Data Protection Authority (aepd)-MAE WEST SYSTEMS, S.L. (12/28/2022)

Data Subjects Rights

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Aldi (4/12/2023)
Croatian Data Protection Authority (azop)-Hotel (9/26/2023)

Consent, Controllers and Processors, Lawfulness of Processing, Technical and Organisational Measures (TOMs)

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-CENTRUL MEDICAL UNIREA SRL (5/8/2024)

Data Subjects Rights, Lawfulness of Processing, Performance of Contract

EDPB-EDPS Joint Opinion 02/2023 on the Proposal for a Regulation of the European Parliament and of the Council on the establishment of the digital euro

Accreditation

EditorsTrends in Data Protection and Encryption Technologies by SpringerProfessional

Definitions, New technology, Processing of personal data

NIST Cybersecurity Framework 2.0: RESOURCE & OVERVIEW GUIDE
Czech Data Protection Auhtority (UOOU)-Unknown (10/25/2018)

Access Requests (DSAR), Data Subjects Rights

Data Protection Authority of Brandenburg-Unknown Company (7/11/1905)

Access Requests (DSAR), Data Subjects Rights

Polish National Personal Data Protection Office (UODO)-Śląski Uniwersytet Medyczny (Medical University of Silesia) (1/5/2021)

Controllers and Processors, Data Breaches, Data Subjects Rights

Spanish Data Protection Authority (aepd)-PERSONAL MARK, S.L. (7/27/2021)

Access Requests (DSAR), Data Subjects Rights

Data Protection Authority of Hamburg-Police officer (7/12/1905)

Controllers and Processors, Principles, Representative

Croatian Data Protection Authority (azop)-Telecommunications company (7/21/2022)

Data Subjects Rights, Principles, Privacy by Design

Spanish Data Protection Authority (aepd)-Transport Workers’ Union of Aragon (1/3/2023)

Data Subjects Rights, Integrity and confidentiality, Principles

Italian Data Protection Authority (Garante)-Aesse S.r.l.s. (3/9/2023)

Consent, Controllers and Processors, Data Subjects Rights, Lawfulness of Processing, Representative

Croatian Data Protection Authority (azop)-Betting company (9/14/2023)

Consent, Data Protection Officer (DPO), Lawfulness of Processing

Information Commissioner (ICO)-Central Young Men’s Christian Association (4/30/2024)

Data Subjects Rights, Integrity and confidentiality, Principles

EDPB-EDPS Joint Opinion 01/2023 on the Proposal for a Regulation of the European Parliament and of the Council laying down additional procedural rules relating to the enforcement of Regulation (EU) 2016/679

Accreditation

Review of cybersecurity news in Ukraine, tendencies, and world events related to the First World Cyber War by U.S. Agency for International Development

National Security, Specific processing situations

AI Auditing Checklist for AI Auditing by EDPB

AI, Specific processing situations

Biometric Data Guidance by the UK ICO

Principles, Sensitive Data

Czech Data Protection Auhtority (UOOU)-Unknown (2/26/2019)

Access Requests (DSAR), Data Subjects Rights

Belgian Data Protection Authority (APD)-Proximus SA (4/28/2020)

Controllers and Processors, Cooperation with Supervisory Authorithy, Data Protection Officer (DPO), Representative

Spanish Data Protection Authority (aepd)-Individual (1/20/2021)

Data minimisation, Principles

Spanish Data Protection Authority (aepd)-PODEMOS PARTIDO POLÍTICO (7/27/2021)

Data minimisation, Data Subjects Rights, Principles

Data Protection Authority of Hamburg-Police officer (7/12/1905)

Controllers and Processors, Principles, Representative

Italian Data Protection Authority (Garante)-Region of Tuscany (5/26/2022)

Data minimisation, Principles, Representative

Spanish Data Protection Authority (aepd)-Private individual (12/28/2022)

Data minimisation, Data Subjects Rights, Principles

Spanish Data Protection Authority (aepd)-GSMA LTD. (5/3/2023)

Controllers and Processors, Data Protection Impact Assessment (DPIA)

Croatian Data Protection Authority (azop)-Betting company (9/14/2023)

Consent, Data Protection Officer (DPO), Lawfulness of Processing

Spanish Data Protection Authority (aepd)-DENTAL REY-GAR, S.L. (3/7/2024)

Administratives Measures, Liability and Remedies

Accountability Toolkit Tracker – more information about the Toolkit by UK ICO

Accountability

Case Studies by the Irish DPC
Opinion 6/2023 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of Royal Greenland Group |EPDB

Binding Corporate Rules, Data Transfers

National Strategy to Advance Privacy-Preserving Data Sharing and Analytics by the EO by the US President

Anonymisation, Controllers and Processors, Technical and Organisational Measures (TOMs)

Czech Data Protection Auhtority (UOOU)-Unknown (3/21/2019)

Principles

Data Protection Authority of Sweden (Integritetsskyddsmyndigheten)-National Government Service Centre (NGSC) (4/29/2020)

Controllers and Processors, Data Breaches, Data Subjects Rights

Spanish Data Protection Authority (aepd)-Alterna Operador Integral S.L. (1/21/2021)

Performance of Contract

Spanish Data Protection Authority (aepd)-Owners Association (7/27/2021)

Data minimisation, Principles

Data Protection Authority of Hamburg-Police officer (7/12/1905)

Controllers and Processors, Principles, Representative

Italian Data Protection Authority (Garante)-Università Agraria di Nettuno (5/26/2022)

Principles, Representative

Spanish Data Protection Authority (aepd)-ADENET SYSTEMS, S.L. (12/29/2022)

Administratives Measures, Liability and Remedies

Italian Data Protection Authority (Garante)-Private individual (3/2/2023)

Lawfulness of Processing, Representative

Croatian Data Protection Authority (azop)-Debt collection company (10/5/2023)

Accountability, Controllers and Processors, Data Subjects Rights, Principles, Representative

Spanish Data Protection Authority (aepd)-Private individual (2/19/2024)

Administratives Measures, Liability and Remedies

Opinion 27/2022 on the draft decision of the French Supervisory Authority regarding the Processor Binding Corporate Rules of LEYTON Group |EPDB

Binding Corporate Rules, Data Transfers

Rethinking Privacy in the AI Era | White Paper by Stanford University

AI, Specific processing situations

Czech Data Protection Auhtority (UOOU)-UniCredit Bank Czech Republic and Slovakia, a.s. (Unknown)

Lawfulness of Processing

Dutch Supervisory Authority for Data Protection (AP)-Unknown Organisation (4/30/2020)

Principles, Sensitive Data

Norwegian Supervisory Authority (Datatilsynet)-Aquateknikk AS (1/19/2021)

Controllers and Processors, Principles, Representative

Spanish Data Protection Authority (aepd)-Owners Association (7/27/2021)

Data minimisation, Principles

Data Protection Authority of Hamburg-Police officer (7/12/1905)

Controllers and Processors, Principles, Representative

Italian Data Protection Authority (Garante)-Singh Market (5/12/2022)

Data Subjects Rights, Lawfulness of Processing

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-BRISTOL LOGISTICS SA (1/12/2023)

Data Subjects Rights, Lawfulness of Processing, Performance of Contract

Polish National Personal Data Protection Office (UODO)-Company (2/8/2023)

Controllers and Processors, Integrity and confidentiality, Principles, Privacy by Design, Representative, Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-Private individual (10/11/2023)

Consent, Data Subjects Rights, Lawfulness of Processing

Italian Data Protection Authority (Garante)-Bar (3/7/2024)

Data Subjects Rights, Principles

Garante (Italian DPA) vs Replika

Lawfulness of Processing, Principles, Privacy by Design

Opinion 28/2022 on the Europrivacy criteria of certification regarding their approval by the Board as European Data Protection Seal pursuant to Article 42.5 (GDPR) |EPDB

Certification

Opinion 23/2023 on the draft decision of the Belgian Supervisory Authority regarding the Controller Binding Corporate Rules for customer data of the UPS Group |EPDB

Binding Corporate Rules, Data Transfers

Czech Data Protection Auhtority (UOOU)-Unknown (5/6/2019)

Access Requests (DSAR), Data Subjects Rights

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Banca Comercială Română SA (5/5/2020)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Roma Capitale (Rome Municipality) (12/17/2020)

Data Subjects Rights, Lawfulness of Processing

Deputy Data Protection Ombudsman-Higher Education Institution (7/5/2021)

Data minimisation, Principles, Representative

Data Protection Authority of Hamburg-Police officer (7/12/1905)

Controllers and Processors, Principles, Representative

Italian Data Protection Authority (Garante)-Azienda sanitaria universitaria Friuli Centrale (5/26/2022)

Lawfulness of Processing, Principles, Privacy by Design, Sensitive Data

Italian Data Protection Authority (Garante)-I-Model s.r.l. (11/10/2022)

Consent, Data Subjects Rights, Lawfulness of Processing

Spanish Data Protection Authority (aepd)-FUNDACIÓ PRIVADA UNIVERSITARIA EADA (5/5/2023)

Consent, Lawfulness of Processing

Spanish Data Protection Authority (aepd)-Private individual (10/11/2023)

Data minimisation, Principles

Spanish Data Protection Authority (aepd)-Private individual (1/8/2024)

Lawfulness of Processing

Opinion 29/2022 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of the DSV Group |EPDB

Binding Corporate Rules, Data Transfers

The Colorado AI Act “Senate Bill SB24-205”

AI, Specific processing situations

Opinion 24/2023 on the draft decision of the French Supervisory Authority regarding the Controller Binding Corporate Rules of the Nestlé Group |EPDB

Binding Corporate Rules, Data Transfers

Danish Data Protection Authority (Datatilsynet)-Taxa 4×35 (7/11/1905)

Principles, Storage limitation

Data Protection Authority of Sweden (Integritetsskyddsmyndigheten)-Health and Medical Board of the Region of Örebro County (5/12/2020)

Controllers and Processors, Principles, Representative

Italian Data Protection Authority (Garante)-Miropass S.r.l. (12/17/2020)

Lawfulness of Processing, Principles, Sensitive Data

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Private Individual (7/30/2021)

Consent, Lawfulness of Processing, Sensitive Data

Data Protection Authority of Hamburg-Police officer (7/12/1905)

Controllers and Processors, Principles, Representative

Italian Data Protection Authority (Garante)-Azienda sanitaria universitaria Friuli Occidentale (5/26/2022)

Lawfulness of Processing, Principles, Privacy by Design, Sensitive Data

Spanish Data Protection Authority (aepd)-EDITORIAL RIBADEO S.L. (1/13/2023)

Administratives Measures, Liability and Remedies

Spanish Data Protection Authority (aepd)-Homeowners’ association (5/5/2023)

Integrity and confidentiality, Principles

Cypriot Data Protection Commissioner-Cypriot Ministry of the Interior (7/15/1905)

Lawfulness of Processing, Sensitive Data

Spanish Data Protection Authority (aepd)-CLÍNICA PARÍS, S.L. (2024-03-021)

Administratives Measures, Liability and Remedies

Case C‑169/23 Másdi

Data Subject Rights Restrictions, Data Subjects Rights

Opinion 30/2022 on the draft decision of the Slovak Supervisory Authority regarding the Controller Binding Corporate Rules of Piano Group |EPDB

Binding Corporate Rules, Data Transfers

Convention on AI, Human Rights, Democracy and the Rule of Law – by the Council of Europe (draft)

AI, Specific processing situations

CNIL open source PIA software – data protection impact assessment

Data Protection Impact Assessment (DPIA)

Opinion 25/2023 on the draft decision of the Dutch Supervisory Authority regarding the Controller Binding Corporate Rules of the SHV Holding N.V. Group |EPDB

Binding Corporate Rules, Data Transfers

Danish Data Protection Authority (Datatilsynet)-IDdesign A / S (2/12/2021)

Controllers and Processors, Principles, Representative, Storage limitation

Danish Data Protection Authority (Datatilsynet)-JobTeam A/S DKK (5/15/2020)

Access Requests (DSAR), Data Subjects Rights

Belgian Data Protection Authority (APD)-Unknown (1/22/2021)

Controllers and Processors, Integrity and confidentiality, Principles, Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-PRA Iberia S.L. (7/27/2021)

Consent, Data Subjects Rights, Lawfulness of Processing

Data Protection Authority of Hamburg-Restaurant (7/12/1905)

Data minimisation, Principles

Italian Data Protection Authority (Garante)-Comune di Napoli Corpo di Polizia Municipale (5/22/2022)

Lawfulness of Processing, Representative

Spanish Data Protection Authority (aepd)-SERVICIOS INTEGRALES DEL HOGAR TENERIFE, S.L. (1/12/2023)

Consent, Lawfulness of Processing

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Hotel (12/21/2022)

Controllers and Processors, Data Subjects Rights, Principles, Representative, Storage limitation

Data Protection Authority of Sweden (Integritetsskyddsmyndigheten)-Schockholm School borard (10/3/2023)

Consent, Data Subjects Rights, Lawfulness of Processing, Principles, Sensitive Data

Spanish Data Protection Authority (aepd)-TELEFÓNICA DE ESPAÑA, S.A.U. (2/23/2024)

Administratives Measures, Liability and Remedies

Opinion 31/2022 on the draft decision of the Slovak Supervisory Authority regarding the Processor Binding Corporate Rules of Piano Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 26/2023 on the draft decision of the Romanian Supervisory Authority regarding the Processor Binding Corporate Rules of the OSF Global Services Group |EPDB

Binding Corporate Rules, Data Transfers

French Data Protection Authority (CNIL)-Google LLC (1/21/2019)

Data Subjects Rights, Lawfulness of Processing, Principles

Data Protection Authority of Ireland-Tusla Child and Family Agency (5/17/2020)

Controllers and Processors, Principles, Representative

Spanish Data Protection Authority (aepd)-Telefónica Móviles España, SAU (1/21/2021)

Consent, Lawfulness of Processing

Spanish Data Protection Authority (aepd)-Club Náutico el Estacio (8/2/2021)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Data Protection Authority of Hamburg-Company (7/12/1905)

Data Subjects Rights, Lawfulness of Processing

Data Protection Authority of Hamburg-Private individual (7/13/1905)

Controllers and Processors, Lawfulness of Processing, Representative

Spanish Data Protection Authority (aepd)-Homeowners Association (1/10/2023)

Data Subjects Rights

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Beauty salon (7/14/1905)
Italian Data Protection Authority (Garante)-GFB One s.r.l. (9/14/2023)

Controllers and Processors, Data Subjects Rights, Lawfulness of Processing, Representative

Spanish Data Protection Authority (aepd)-Homeowners’ association (5/7/2024)

Integrity and confidentiality, Principles

Age Appropriate Design Toolkit Tracker- more information about the Toolkit by UK ICO

Children as data subjects

Opinion 32/2022 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of the Ramboll Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 27/2023 on the draft decision of the French Supervisory Authority regarding the Processor Binding Corporate Rules of the Tessi Group |EPDB

Binding Corporate Rules, Data Transfers

French Data Protection Authority (CNIL)-SERGIC (Real Estate) (5/28/2019)

Principles, Storage limitation

Deputy Data Protection Ombudsman-Posti Group Oyj (5/22/2020)

Access Requests (DSAR), Data Subjects Rights

French Data Protection Authority (CNIL)-Unknown (1/27/2021)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Deliveroo Italy s.r.l. (7/22/2021)

Data Subjects Rights, Lawfulness of Processing, Sensitive Data

Data Protection Authority of Hamburg-Company (7/12/1905)

Definitions, Joint Controllers

Data Protection Authority of Hamburg-Energy supplier (7/13/1905)
Spanish Data Protection Authority (aepd)-Private individual (1/10/2023)

Data minimisation, Principles

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Physician (7/14/1905)

Lawfulness of Processing

Spanish Data Protection Authority (aepd)-Private individual (10/15/2023)

Data minimisation, Data Subjects Rights, Principles

Spanish Data Protection Authority (aepd)-Homeowners’ association (5/9/2024)

Data Subjects Rights, Integrity and confidentiality, Principles

Joint Guide to ASEAN MCC and EU SCC

Data Transfers, Standard Contractual Clauses (SCC)

Opinion 11/2023 on the draft decision of the competent supervisory authority of Sweden regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR |EPDB

Accreditation

Opinion 28/2023 on the draft decision of the French Supervisory Authority regarding the Controller Binding Corporate Rules of the Servier Group |EPDB

Binding Corporate Rules, Data Transfers

Data Protection Authority of Baden-Wuerttemberg-Knuddels.de (11/21/2018)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Deputy Data Protection Ombudsman-Kymen Vesi Oy (5/22/2020)

Controllers and Processors, Data Protection Impact Assessment (DPIA)

French Data Protection Authority (CNIL)-Unknown (1/27/2021)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Data Protection Authority of Niedersachsen-Company (7/12/1905)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-ASESORES DE SEGURIDAD PRIVADA, S.L. (2/2/2022)

Data Subjects Rights

Data Protection Authority of Hamburg-Energy supplier (7/13/1905)
Spanish Data Protection Authority (aepd)-Private individual (1/9/2023)

Data minimisation, Principles

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Website operator (7/14/1905)

Controllers and Processors, Cooperation with Supervisory Authorithy, Lawfulness of Processing

Data Protection Authority of Sweden-H&M Hennes & Mauritz GBC AB (10/17/2023)

Data Subjects Rights

Polish National Personal Data Protection Office (UODO)-Association (4/30/2024)

Controllers and Processors, Data Breaches

C-634/21 Land Hessen vs SCHUFA

Automated Decision-making

Opinion 12/2023 on the draft decision of the competent supervisory authority of Cyprus regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) |EPDB

Accreditation

Opinion 29/2023 on the draft decision of the French Supervisory Authority regarding the Controller Binding Corporate Rules of the Sodexo Group |EPDB

Binding Corporate Rules, Data Transfers

Data Protection Authority of Hamburg-Kolibri Image Regina und Dirk Maass GbR (12/17/2018)

Controllers and Processors, Data Processing Agreement (DPA)

Deputy Data Protection Ombudsman-Unknown Company (5/22/2020)

Controllers and Processors, Principles, Representative

Belgian Data Protection Authority (APD)-Family Service / N.D.P.K. nv. (1/27/2021)

Consent, Controllers and Processors, Data Subjects Rights, Lawfulness of Processing, Principles, Representative

Austrian Data Protection Authority (dsb)-Unser Ö-Bonus Club GmbH (8/2/2021)

Data Protection Officer (DPO), Lawfulness of Processing

Data Protection Authority of Hamburg-Restaurant (7/12/1905)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Data Protection Authority of Hamburg-Car trading group (7/13/1905)