Category

Controller and processor
In its Opinion 22/2024, dated 9 October 2024, the European Data Protection Board (EDPB) clarifies data controllers’ responsibilities under Article 28 of the GDPR when engaging processors and sub-processors. This...
Read More
On 18 September 2023, the French Data Protection authority (CNIL) imposed an administrative fine of EUR 200,000 against SAF LOGISTICS, a French company that carries out air cargo activity from...
Read More
On 1 June 2022, the Slovenian supervisory authority (Information Commissioner) rendered a decision (no. 0612-23/2019/19) ordering a cloud provider (CP) to enter into joint controllership arrangements with its clients. The...
Read More
On 22 September 2021, the Icelandic data protection authority (“Persónuvernd“) issued a ruling against a law firm, Magna Lögmanna ehf (“Magna“), in which it determined that the law firm’s disclosure...
Read More
On 26 July 2021, the French Data Protection Authority (“CNIL“) issued a fine of EUR 400,000 against Monsanto, leading company in the field of agricultural biotechnologies. The decision elucidates the...
Read More
The Italian Data Protection Authority (Garante) issued on 17 December 2020 a EUR 40,000 fine against an Italian software company (Miropass s.r.l.) for GDPR violations connected to the use of...
Read More
On 17 September 2020, Italian data protection authority (Garante) rendered two related decisions, one against a hospital in Naples, and the other against an IT company, concerning a data breach which...
Read More
On 18 September 2020 Regional Court of Frankfurt am Main rendered an interesting judgement which holds, in the main, that data leakage does not on its own evidence controller’s breach...
Read More
Last September, the European Data Protection Board (“EDPB“) issued its Guidelines 07/2020 on the concepts of controller and processor in the GDPR. The guidelines were subject to public consultation until...
Read More

ARCHIVE