GDPR Article 5 Principles of Processing

Recital 85

Recital 45

Recital 45

Rechtbank Midden-Nederland - persoonsgegevens - 20/268

Rechtbank Midden-Nederland - Bestuursrecht

MK AVG, reikwijdt begrip 'persoonsgegevens'. Gegrond met instandlating rechtsgevolgen.

Peter Puškár v Finančné riaditeľstvo Slovenskej republiky and Kriminálny úrad finančnej správy

Puškár

Principles (Purpose Limitation): The objective of the processing of personal data is inextricably linked to the task of the controller. Consequently, the transfer of the task to the latter must clearly include the purpose of the processing. (¶110)

MINISTER VOOR IMMIGRATIE V. M, 17.7.2014 (“Minister v. M”)

Minister v. M

Right to access: The right of access is a per-requisite to obtain rectification, erasure or blocking of personal data (¶¶ 44-46). To comply with the right of access it is sufficient for the applicant to be provided with a full summary of those data in an intelligible form, that is, a form which allows him to become aware of those data and to check that they are accurate and processed in compliance with the Directive. He need not be given a copy of the documents. (¶¶ 59-60)

Guidelines 05/2020 on consent under Regulation 2016/679

Guidelines on consent

ARTICLE 29 DATA PROTECTION WORKING PARTY

Guidelines on transparency

Guidelines 05/2022 on the use of facial recognition technology in the area of law enforcement

Guidelines on the use of facial recognition technology in the area of law enforcement

More and more law enforcement authorities (LEAs) apply or intend to apply facial recognition technology (FRT). It may be used to authenticate or to identify a person and can be applied on videos (e.g. CCTV) or photographs. It may be used for various purposes, including to search for persons in police watch lists or to monitor a person's movements in the public space. FRT is built on the processing of biometric data , therefore, it encompasses the processing of special categories ...

Guidelines 8/2020 on the targeting of social media users

Guidelines on the targeting of social media users

Guidelines 5/2019 on the criteria of the Right to be Forgotten in the search engines cases under the GDPR (part 1)

Guidelines on the criteria of the right to be forgotten in the search engines cases under the GDPR (part 1)

Guidelines 07/2020 on the concepts of controller and processor in the GDPR

Guidelines on the concepts of controller and processor in the GDPR

The concepts of controller, joint controller and processor play a crucial role in the application of the General Data Protection Regulation 2016/679 (GDPR), since they determine who shall be responsible for compliance with different data protection rules, and how data subjects can exercise their rights in practice. The precise meaning of these concepts and the criteria for their correct interpretation must be sufficiently clear and consistent throughout the European Economic Area (EEA). The conc...

Guidelines 01/2022 on data subject rights - Right of access

Guidelines on data subject rights - Right of access

The right of access of data subjects is enshrined in Art. 8 of the EU Charter of Fundamental Rights. It has been a part of the European data protection legal framework since its beginning and is now further developed by more specified and precise rules in Art. 15 GDPR.

Guidelines 01/2021

Guidelines on Examples regarding Personal Data Breach Notification

Richtsnoeren 3/2022 betreffende het herkennen en vermijden van misleidende ontwerppatronen in de interfaces van socialemediaplatforms

guidelines misleidende ontwerppatronen

Deze richtsnoeren bieden praktische aanbevelingen aan aanbieders van sociale media als verwerkingsverantwoordelijken van sociale media, ontwerpers en gebruikers van socialemediaplatforms, over het beoordelen en vermijden van zogenaamde 'misleidende ontwerp patronen' in de interfaces van sociale media die inbreuk maken op de vereisten van de AVG. Daartoe beveelt de EDPB aan dat verwerkingsverantwoordelijken gebruikmaken van interdisciplinaire teams, bestaande uit onder meer ontwerpers, func...

Richtsnoeren 07/2020 over de begrippen 'verwerkingsverantwoordelijke' en 'verwerker' in de AVG

guidelines over de begrippen 'verwerkingsverantwoordelijke' en 'verwerker' in de AVG

De begrippen 'verwerkingsverantwoordelijke', 'gezamenlijke verwerkingsverantwoordelijke' en 'verwerker' spelen een cruciale rol bij de toepassing van de algemene verordening gegevensbescherming (AVG, Verordening (EU) 2016/679), aangezien ermee wordt bepaald wie verantwoordelijk is voor de naleving van verschillende gegevensbeschermingsregels en op welke wijze betrokkenen hun rechten in de praktijk kunnen uitoefenen. De precieze betekenis van deze begrippen en de criteria voor de jui...

Richtsnoeren 02/2021 inzake virtuele spraakassistenten

guidelines over virtuele spraakassistenten

Een virtuele spraakassistent ( virtual voice assistant , of VVA) betreft een dienst die spraakgestuurde opdrachten begrijpt en uitvoert, of indien nodig als tussenschakel optreedt naar andere IT-systemen. Tegenwoordig is een VVA als optie beschikbaar op de meeste smartphones, tablets en reguliere computers en sinds enkele jaren zelfs op losse apparaten zoals smartspeakers. Een VVA functioneert als schakel tussen de gebruiker en zijn apparaat of een online dienst zoals een zoekmachine...

Richtsnoeren 4/2019 inzake artikel 25 Gegevensbescherming door ontwerp en door standaardinstellingen

guidelines privacy by design en default

Richtsnoeren 01/2022 over de rechten van betrokkenen Recht van inzage

guidelines recht op inzage

Het recht van inzage van betrokkenen is vastgelegd in artikel 8 van het Handvest van de grondrechten van de Europese Unie. Het maakt al sinds het begin deel uit van het Europese wettelijke kader voor gegevensbescherming en wordt nu verder ontwikkeld met specifiekere, preciezere regels in artikel 15 AVG.

Richtsnoeren 8/2020 betreffende de targeting van gebruikers van sociale media

guidelines targeting gebruikers sociale media

Richtsnoeren 05/2020 inzake toestemming overeenkomstig Verordening 2016/679

guidelines toestemming

GROEP GEGEVENSBESCHERMING ARTIKEL 29

guidelines transparantie

Versiegeschiedenis

guidelines meldplicht datalekken

Versiegeschiedenis

guidelines uitvoeren overeenkomst

Richtsnoeren 06/2020 inzake de wisselwerking tussen de tweede richtlijn betalingsdiensten en de AVG

guidelines wisselwerking toepassing artikel 3 en hoofdstuk V AVG

Version history

OGS Zagreb - Pn-877/2023-29

English Summary }}}} A court awarded €3,000 to a data subject after finding a news portal violated her privacy under [[Article 5 GDPR]] by publishing her personal data unnecessarily and disproportionately, despite claims of public interest.A court awarded €3,000 in damages to a data subject after finding that a news portal violated her right to privacy by publishing her personal data unnecessarily and disproportionately in two articles, despite the controller’s claims of public interest. == Engl

New Report Helps Journalists Dig Deeper Into Police Surveillance Technology

Report from EFF, Center for Just Journalism, and IPVM Helps Cut Through Sales HypeSAN FRANCISCO — A new report released today offers journalists tips on cutting through the sales hype about police surveillance technology and report accurately on costs, benefits, privacy, and accountability as these invasive and often ineffective tools come to communities across the nation. The “Selling Safety” report is a joint project of the Electronic Frontier Foundation (EFF), the Center for Just Journalism (

“Free” Surveillance Tech Still Comes at a High and Dangerous Cost

Surveillance technology vendors, federal agencies, and wealthy private donors have long helped provide local law enforcement “free” access to surveillance equipment that bypasses local oversight. The result is predictable: serious accountability gaps and data pipelines to other entities, including Immigration and Customs Enforcement (ICE), that expose millions of people to harm. The cost of “free” surveillance tools — like automated license plate readers (ALPRs), networked cameras, face recognit

Protecting Our Right to Sue Federal Agents Who Violate the Constitution

Federal agencies like Immigration and Customs Enforcement (ICE) and Customs and Border Protection (CBP) have descended into utter lawlessness, most recently in Minnesota. The violence is shocking. So are the intrusions on digital rights. For example, we have a First Amendment right to record on-duty police, including ICE and CBP, but federal agents are violating this right. Indeed, Alex Pretti was exercising this right shortly before federal agents shot and killed him. So were the many people wh

EFF Statement on ICE and CBP Violence

Dangerously unchecked surveillance and rights violations have been a throughline of the Department of Homeland Security since the agency’s creation in the wake of the September 11th attacks. In particular, Immigration and Customs Enforcement (ICE) and Customs and Border Protection (CBP) have been responsible for countless civil liberties and digital rights violations since that time. In the past year, however, ICE and CBP have descended into utter lawlessness, repeatedly refusing to exercise or

EDRi launches new resource to document abuses and support a full ban on spyware in Europe

Spyware continues to spread across Europe despite years of scandals and undisputable evidence of fundamental rights violations. As the European Commission remains inactive, civil society, journalists and some lawmakers at the European Parliament are stepping up pressure for accountability. In this context, EDRi is launching a document pool to centralise resources that tracks abuse and support the growing push for a full EU-wide ban of spyware. The post EDRi launches new resource to document abus

EDPB and EDPS support streamlining AI Act implementation but call for stronger safeguards to protect fundamental rights

Brussels, 21 January - The European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) have adopted a Joint Opinion on the European Commission’s Proposal for the ‘Digital Omnibus on AI’. The Proposal seeks to simplify the implementation of certain harmonised rules under the AI Act to ensure their effective application.The EDPB and the EDPS support the objective of addressing practical challenges relating to the implementation of the AI Act. Administrative simplificat

SO Warszawa - C 310/23

Fixed Link The controller did not respond adequately, providing unclear information or referring the data subject to third parties. As a result, the data subject lodged a complaint with the DPA.The controller did not respond adequately, providing unclear information or referring the data subject to third parties. As a result, the data subject lodged a complaint with the DPA. The DPA issued a final decision warning the controller for violating [[Article 6(1) GDPR|Article 6(1)]] and [[Article 5(1)

#KeepItOn: Iran plunged into digital darkness, concealing human rights abuses

join the international community, including the UN’s Independent International Fact-Finding Mission, in calling on Iran to immediately restore internet and mobile communications and in demanding accountability and transparency for the grave human rights violations documented in the country The post #KeepItOn: Iran plunged into digital darkness, concealing human rights abuses appeared first on Access Now.

Article 40 GDPR

Commentary CoC are a voluntary accountability tool providing for specific data protection rules for categories of controllers and processors. In other words, CoC can provide a rule book for a group of controllers and processors describing how a GDPR compliant processing operation looks like in the specific processing situation.<ref>EDPB, ‘Guidelines 1/2019 on Codes of Conduct and Monitoring Bodies under Regulation 2016/679’, 4 June 2019 (Version 2.0), margin number 7 (available [https://ww

MTN Group must answer for dangerous bounty SMS campaign in the Republic of Congo

Access Now,together with several human rights organizations, are calling on MTN Group to protect mobile service subscribers and ensure transparency and accountability for data breaches perpetuated by their subsidiaries in the Republic of Congo. The post MTN Group must answer for dangerous bounty SMS campaign in the Republic of Congo appeared first on Access Now.

EU adopts Digital Trade Agreement with Singapore despite warnings: a setback for digital rights and democratic oversight

The European Parliament has approved the EU–Singapore Digital Trade Agreement, rejecting a motion to seek a Court of Justice opinion on its legality. This decision weakens the Union’s capacity to safeguard privacy, data protection, and accountability over software systems, at a time when deregulation pressures are increasing across Europe. The post EU adopts Digital Trade Agreement with Singapore despite warnings: a setback for digital rights and democratic oversight appeared first on European D

Statement from the listed authors of Stochastic Parrots on the “AI pause” letter

> The harms from so-called AI are real and present and follow from the acts of people and corporations deploying automated systems. Regulatory efforts should focus on transparency, accountability and preventing exploitative labor practices. By Angelina McMillan-Major, Emily M. Bender, Margaret Mitchell and Timnit Gebru for DAIR on March 31, 2023

Is the AI Act caging ChatGPT and other General Purpose Artificial Intelligence systems?

> The growth of generative artificial intelligence systems has led EU lawmakers to focus on General Purpose AI in drafting the AI Act, which will set the framework governing artificial intelligence in the European Union. As previously reported, the EU Parliament has already broadened the definition of artificial intelligence for the purposes of the AI Act… The post Is the AI Act caging ChatGPT and other General Purpose Artificial Intelligence systems? appeared first on GamingTechLaw.

AEPD issues guidance for anonymization

> Spain’s data protection authority, the Agencia Española de Protección de Datos, published guidance for anonymizing data. The guidance called for a trained professional to handle the anonymization of a personal data set who also has experience in reidentification attacks. Even though “residual probability” of reidentification will always exist, a data controller must apply accountability to the anonymization process “with appropriate measures to ensure compliance taking i

CJEU clarifies GDPR principles of purpose limitation and storage limitation

The purpose limitation principle does not preclude a controller from capturing and storing in a test database established for testing and error correction purposes personal data previously collected and stored in another database. However, such "further processing" of personal data must be compatible with the specific purposes for which the personal data were originally collected. The principle of storage limitation precludes the retention of personal data in that test database for longer than n

ICO Publishes Draft Employee Monitoring Guidance for Consultation

> On October 14, 2022, the Federal Trade Commission announced it is extending the deadline by one month to submit comments on its Advanced Notice of Proposed Rulemaking on commercial surveillance and lax data security practices.

Beyond Data Ownership

Data ownership proposals are misguided and would be self-defeating if implemented. Instead, privacy law reform should focus on strengthening ongoing use restrictions over personal data, according to this article.

What Happened to the Risk-Based Approach to Data Transfers?

The GDPR incorporates the RBA for all obligations of the controller in the GDPR. Where the transfer rules are stated as obligations of the controller (rather than as absolute principles), the RBA of Article 24 therefore applies. Other than the DPAs assume, this is not contradicted by the ECJ in Schrems II nor by the EDPB recommendations on additional measures following the Schrems II judgment, according to Lokke Moerel, Professor of Global ICT Law at Tilburg University and a Dutch Cyber Security

Danish SA Declares Use of Google Analytics Unlawful Without Supplementary Measures

The Danish Data Protection Agency has looked into the tool Google Analytics and its settings, and the terms under which the tool is provided. On the basis of this review, the Danish Data Protection Agency concludes that the tool cannot, without more, be used lawfully. Lawful use requires the implementation of supplementary measures in addition to the settings provided by Google.