Right to Erasure

Artikel 17

Boete bij onrechtmatige verwerking persoonsgegevens strafrechtelijke aard

Recital 39

Recital 68

Recital 81

Recital 156

Article 17

Recht op gegevenswissing („recht op vergetelheid”)

Recital 65

Recital 66

Article 17

Right to erasure (‘right to be forgotten’)

Article 19

Notification obligation regarding rectification or erasure of personal data or restriction of processing

Recital 65

Recital 66

Gerechtshof Arnhem-Leeuwarden - rechten van betrokkenen - 200.254.914

Gerechtshof Arnhem-Leeuwarden - Civiel recht

Verzoek verwijdering zoekresultaten Google Search. AVG of Wbp?Belangenafweging

Gerechtshof Arnhem-Leeuwarden - grondslag - 200.256.426

Gerechtshof Arnhem-Leeuwarden - Civiel recht

artikel 3:296 BW. artikel 4 sub 2 en 6 AVG. Preambule AVG overwegingen 47 en 50. Artikel 17 en 47 Handvest EU. Artikel 1 Eerste Protocol EVRM.Artikel 8 en 13 EVRM. Het hof moet beoordelen wiens belang in dit geval zwaarder weegt: het belang van DFW op bescherming van haar intellectueel eigendomsrecht of het belang van Ziggo c.s. op bescherming van persoonsgegevens van haar klanten. Het hof oordeelt dat op dit moment de belangen van de Ziggo-klanten na afgifte van de persoonsgegevens door DFW nog

DIGITAL RIGHTS IRELAND LTD V. IRELAND,

Digital Rights Ireland

Data retention: Legally mandated communications meta-data retention can only be a justified interference with the right of privacy and the right to data protection under EU law if the retention is done for the purpose of fighting ‘serious crime’, on the basis of objective criteria and where there are clear substantial and procedural conditions laid down by law.

WORTEN-EQUIPAMENTOS PARA O LAR SA V. ACT (AUTHORITY FOR WORKING CONDITIONS), 30.5.2013 (“WORTEN”)

Worten

Security: Data protection law requires controllers (not Member States) to adopt technical and organizational measures which, having regard to the state of the art and cost of their implementation, are to ensure a level of security appropriate to the risks represented. Controller must ensure that only those persons duly authorized have access. (¶¶ 24–25, 28–29)

VERSIEGESCHIEDENIS

binding corporate rules voor verwerkingsverantwoordelijken

Guidelines 1/2020 on processing personal data in the context of connected vehicles and mobility related applications

Guidelines on processing of personal data through video devices

Guidelines 03/2021 on the application of Article 65(1)(a) GDPR

Guidelines on the application of Article 60 GDPR

Versiegeschiedenis

guidelines recht op inzage

Guidelines 04/2022 on the calculation of administrative fines under the GDPR

Guidelines on the calculation of administrative fines under the GDPR

The European Data Protection Board (EDPB) has adopted these guidelines to harmonise the methodology supervisory authorities use when calculating of the amount of the fine. These Guidelines complement the previously adopted Guidelines on the application and setting of administrative fines for the purpose of the Regulation 2016/679 (WP253), which focus on the circumstances in which to impose a fine. The calculation of the amount of the fine is at the discretion of the supervisory authority, ...

Guidelines 07/2020 on the concepts of controller and processor in the GDPR

Guidelines on the concepts of controller and processor in the GDPR

The concepts of controller, joint controller and processor play a crucial role in the application of the General Data Protection Regulation 2016/679 (GDPR), since they determine who shall be responsible for compliance with different data protection rules, and how data subjects can exercise their rights in practice. The precise meaning of these concepts and the criteria for their correct interpretation must be sufficiently clear and consistent throughout the European Economic Area (EEA). The conc...

Guidelines 8/2020 on the targeting of social media users

Guidelines on the targeting of social media users

Guidelines 05/2022 on the use of facial recognition technology in the area of law enforcement

Guidelines on the use of facial recognition technology in the area of law enforcement

More and more law enforcement authorities (LEAs) apply or intend to apply facial recognition technology (FRT). It may be used to authenticate or to identify a person and can be applied on videos (e.g. CCTV) or photographs. It may be used for various purposes, including to search for persons in police watch lists or to monitor a person's movements in the public space. FRT is built on the processing of biometric data , therefore, it encompasses the processing of special categories ...

Guidelines 02/2021 on virtual voice assistants

Guidelines on virtual voice assistants

A virtual voice assistant (VVA) is a service that understands voice commands and executes them or mediates with other IT systems if needed. VVAs are currently available on most smartphones and tablets, traditional computers, and, in the latest years, even standalone devices like smart speakers. VVAs act as interface between users and their computing devices and online services such as search engines or online shops. Due to their role, VVAs have access to a huge amount of personal...

Richtsnoeren 10/2020 met betrekking tot de beperkingen krachtens artikel 23 AVG

guidelines beperkingen rechten van betrokkenen

Richtsnoeren 04/2022 voor de berekening van administratieve geldboeten krachtens de AVG

guidelines berekenen administratieve boetes

Het Europees Comité voor gegevensbescherming (EDPB) heeft deze richtsnoeren vastgesteld met het oog op de harmonisatie van de methode die de toezichthoudende autoriteiten gebruiken om het bedrag van de geldboete te berekenen. Deze richtsnoeren vormen een aanvulling op de eerder vastgestelde Richtsnoeren voor de toepassing en vaststelling van administratieve geldboeten in de zin van Verordening (EU) 2016/679 (WP 253), die betrekking hebben op de omstandigheden waarin een geldboete moet worden opg...

Richtsnoeren 3/2019 inzake de verwerking van persoonsgegevens door middel van videoapparatuur

guidelines cameratoezicht

Richtsnoeren van 1/2018 voor certificering en het vaststellen van certificeringscriteria overeenkomstig de artikelen 42 en 43 van de verordening

guidelines certificering

Richtsnoeren 01/2020 inzake de verwerking van persoonsgegevens in het kader van verbonden voertuigen en mobiliteitsgerelateerde toepassingen

guidelines connected vehicles

Versiegeschiedenis

guidelines doorgifte van persoonsgegevens tussen overheidsinstanties en -organen binnen en buiten de EER

Richtsnoeren 05/2022 voor het gebruik van gezichtsherkenningstechnologie in het kader van rechtshandhaving

guidelines gebruik gezichtsherkenning bij rechtshandhaving

Steeds meer rechtshandhavingsinstanties passen gezichtsherkenningstechnologie toe of zijn voornemens deze toe te passen. De technologie kan worden gebruikt om een persoon te authenticeren of te identificeren en kan voor video's (bijv. CCTV) of foto's worden ingezet, maar ook voor andere doeleinden, waaronder het opzoeken van personen op signaleringslijsten van de politie of het volgen van de bewegingen van een persoon in de openbare ruimte. Gezichtsherkenningstechnologie is gebaseer...

Versiegeschiedenis

guidelines meldplicht datalekken

Richtsnoeren 3/2022 betreffende het herkennen en vermijden van misleidende ontwerppatronen in de interfaces van socialemediaplatforms

guidelines misleidende ontwerppatronen

Deze richtsnoeren bieden praktische aanbevelingen aan aanbieders van sociale media als verwerkingsverantwoordelijken van sociale media, ontwerpers en gebruikers van socialemediaplatforms, over het beoordelen en vermijden van zogenaamde 'misleidende ontwerp patronen' in de interfaces van sociale media die inbreuk maken op de vereisten van de AVG. Daartoe beveelt de EDPB aan dat verwerkingsverantwoordelijken gebruikmaken van interdisciplinaire teams, bestaande uit onder meer ontwerpers, func...

Richtsnoeren 07/2020 over de begrippen 'verwerkingsverantwoordelijke' en 'verwerker' in de AVG

guidelines over de begrippen 'verwerkingsverantwoordelijke' en 'verwerker' in de AVG

De begrippen 'verwerkingsverantwoordelijke', 'gezamenlijke verwerkingsverantwoordelijke' en 'verwerker' spelen een cruciale rol bij de toepassing van de algemene verordening gegevensbescherming (AVG, Verordening (EU) 2016/679), aangezien ermee wordt bepaald wie verantwoordelijk is voor de naleving van verschillende gegevensbeschermingsregels en op welke wijze betrokkenen hun rechten in de praktijk kunnen uitoefenen. De precieze betekenis van deze begrippen en de criteria voor de jui...

Richtsnoeren 02/2021 inzake virtuele spraakassistenten

guidelines over virtuele spraakassistenten

Een virtuele spraakassistent ( virtual voice assistant , of VVA) betreft een dienst die spraakgestuurde opdrachten begrijpt en uitvoert, of indien nodig als tussenschakel optreedt naar andere IT-systemen. Tegenwoordig is een VVA als optie beschikbaar op de meeste smartphones, tablets en reguliere computers en sinds enkele jaren zelfs op losse apparaten zoals smartspeakers. Een VVA functioneert als schakel tussen de gebruiker en zijn apparaat of een online dienst zoals een zoekmachine...

DPC welcomes publication of EDPB CEF implementation report on right to be forgotten

DPC welcomes publication of EDPB CEF implementation report on right to be forgotten

EDPB identifies challenges hindering the full implementation of the right to erasure

Brussels, 18 February - The European Data Protection Board (EDPB) has adopted a report on its Coordinated Enforcement Framework (CEF) action on the right to be forgotten (Art.17 GDPR). The Board selected this topic as it is one of the most frequently exercised GDPR rights and one about which DPAs frequently receive complaints from individuals. The main objectives of this coordinated action are to ensure that the right to erasure is effectively exercised by individuals in Europe and understand ho

APD/GBA (Belgium) - 23/2026

}}}} The DPA ordered a company to erase the data provided by potential tenants after not entering into a lease agreement with them.The DPA ordered a landlord to erase the data provided by potential tenants after not entering into a lease agreement with them. == English Summary ==== English Summary == In 2023 the data subjects intended to enter into a lease agreement with a company (the controller). The controller requested various information from the data subjects, including identity documents,

A call to EU legislators: protect rights and reject the call to delete transparency safeguard in AI Act

We, the undersigned organisations and individuals, urge you in the strongest possible terms to reject the deletion of the Article 49(2) transparency safeguard for high-risk AI systems that is proposed in the AI Omnibus. This transparency safeguard ensures that providers of AI systems cannot circumvent the core obligations of the AI Act. The post A call to EU legislators: protect rights and reject the call to delete transparency safeguard in AI Act appeared first on Access Now.

USR - Us I-755/2025-8

Fixed Link He latter further claimed during the lawsuit against AZOP's decision that the authority had incorrectly and incompletely established the facts, misapplied substantive law, and breached procedural rules. He emphasized that the published personal data was unrelated to transparency in public administration, that he was neither a public figure nor a political actor, and that any public interest ended once he left office on 31 March 2023. He invoked his right to erasure under [[Articl

USR - Us I-755/2025-8

Facts }}}} A court held that a television broadcaster lawfully published a video containing personal data about a public company board member as the information served the public interest thus complying with [[Article 6 GDPR|Article 6 GDPR]] and outweighting the right to erasure.A court held that a television broadcaster lawfully published a video containing personal data about a public company board member as the information served the public interest thus complying with [[Article 6 GDPR]] and

DSB (Austria) - 2025-0.276.820

}}}} An Austrian media company was fined €6,820 by the Data Protection Authority for negligently failing to implement a binding order to modify its website’s cookie banner, delaying user consent options despite all appeals being rejected.The DPA fined a media company €6,820 for failing to bring its cookie banner into compliance by implementing a visually equivalent option to reject cookies. The DPA previously ordered the controller to do so in accordance with Article 58(2)(d) GDPR. == English Su

DSB (Austria) - 2025-0.276.820

A media company in Austria (the controller), which was publishing local news, operated a website which collected personal data from visitors using cookies and a cookie consent banner. Cookies included unique identifiers for tracking visitors. A media company in Austria (the controller), which was publishing local news, operated a website which collected personal data from visitors using cookies and a cookie consent banner. Cookies included unique identifiers for tracking visitors. In August 2021

USR - Us I-755/2025-8

Facts }}}} A court held that a television broadcaster lawfully published a video containing personal data about a public company board member as the information served the public interest thus complying with [[Article 6 GDPR]] and outweighting the right to erasure.A court held that a television broadcaster lawfully published a video concerning the resignation of a public company’s board member as well as their personal data. According to the court, the information served the public interest and

BGH - I ZR 97/25

Facts }}}} The Court ruled that the storage period for settled payment default data by private credit agencies is not automatically limited by debtor register deletion rules, and that GDPR codes of conduct may guide the balancing of interests under [[Article 6 GDPR#1f|Article 6(1)(f) GDPR]].The Federal Court of Justice held that a credit information agency's maximum storage period for data about an already settled payment default is not limited by national deletion rules for a public debtor

DSB (Austria) - 2025-0.276.820

A media company in Austria (the controller), which was publishing local news, operated a website which collected personal data from visitors using cookies and a cookie consent banner. Cookies included unique identifiers for tracking visitors. A media company in Austria (the controller), which was publishing local news, operated a website which collected personal data from visitors using cookies and a cookie consent banner. Cookies included unique identifiers for tracking visitors. In August 2021

Respondent has no right to erasure of personal data

Hague Court of Appeal February 3, 2023, IT 4226; ECLI:NL:GHDHA:2023:306 (Veilig Thuis v. the respondent) In this case, a man requested the deletion of his personal data processed by Veilig Thuis. The court ruled that Veilig Thuis's processing of the man's data was lawful under the Social Support Act (Wmo) and that the request for data deletion was therefore denied. Safe Home is not obliged to erase the man's personal data in order to comply with the legal obligation under Article 17(1)(e) AVG, b

"The Right to Erasure: a Legal Analysis of Deleting Personal Information from Veilig Thuis' Records"

Request for destruction of Safe Home files; admissibility; right to erasure of personal data under the AVG and Wmo

"Exploring the Right to be Forgotten: Understanding Article 17 and 21 of the GDPR and Article 35 of its Implementation Law on Requesting Removal of Search Results on Google Search"

Personal data protection. Request for removal of search results from the Google Search search engine: the right to be forgotten. Articles 17 and 21 General Data Protection Regulation (AVG) and Article 35 AVG Implementation Act.

Dirkzwager: ABRvS geeft uitleg aan het AVG-begrip "de instelling, uitoefening of onderbouwing van een rechtsvordering"

> Privacybescherming is niet absoluut. Dat staat zelfs letterlijk zo in de privacywetgeving. De AVG bevat daarom ook allerlei uitzonderingen. Een van de uitzonderingen die enkele keren terugkomt in de AVG ziet op de verwerking van persoonsgegevens in het kader van "de instelling, uitoefening of onderbouwing van een rechtsvordering". Tot op heden was echter niet heel erg duidelijk wat die woorden nu precies betekenen. Een recente uitspraak van de Afdeling bestuursrechtspraak van de Raad van State

Danish SA Declares Use of Google Analytics Unlawful Without Supplementary Measures

The Danish Data Protection Agency has looked into the tool Google Analytics and its settings, and the terms under which the tool is provided. On the basis of this review, the Danish Data Protection Agency concludes that the tool cannot, without more, be used lawfully. Lawful use requires the implementation of supplementary measures in addition to the settings provided by Google.

Europol told to hand over personal data to Dutch activist

The European Data Protection Supervisor ordered Europol to hand over personal data to Dutch activist Frank van der Linde. The decision is the result of a two-year investigation into Europol's possession and storage of van der Linde's personal data.

Irish Data Protection Commissioner Fines Instagram EUR 405M for Children Privacy Violations

> The fine is the result of an investigation that began in 2020 and focused on the company’s processing of children’s personal data. Based on press reports, the investigation focused on children between the ages of 13 and 17 who were allowed to operate business or creator Instagram accounts. As a result, children’s phone numbers and email addresses were publicly accessible.

CNIL Proposes 60 Million Euros Fine Against French AdTech Company For Non-Compliance with GDPR

> The proposed fine follows complaints filed by privacy NGO ‘Privacy International’ against Criteo. […] Under the CNIL’s sanction procedure, Criteo has the right to respond to the report, both with respect to the alleged infringements and the proposed sanction.

A-G: rechtmatig verzamelde en opgeslagen persoonsgegevens mogen onder voorwaarden tijdelijk in een extra interne databank worden bewaard

Lawfully collected and stored personal data may be retained in an additional internal database, to the extent that it pursues the same data processing purposes as the original data collection. That is the opinion of Advocate General Pikamäe to the EU Court in response to questions from a Hungarian judge.