News

English Summary }}}} A court awarded €3,000 to a data subject after finding a news portal violated her privacy under [[Article 5 GDPR]] by publishing her personal data unnecessarily and disproportionately, despite claims of public interest.A court awarded €3,000 in damages to a data subject after finding that a news portal violated her right to privacy by publishing her personal data unnecessarily and disproportionately in two articles, despite the controller’s claims of public interest. == Engl

}}}} The court held that the mere automated creation of a score value does not trigger [[Article 22 GDPR]] unless it directly leads to a legally or similarly significant decision about the data subject.A court held that the mere automated creation of a score value by a credit information agency does not trigger [[Article 22 GDPR]] unless it directly leads to a legally or similarly significant decision concerning the the data subject. == English Summary ==== English Summary == === Facts ====== Fa

Holding }}}} The court held that the mere automated creation of a score value does not trigger [[Article 22 GDPR|Article 22 GDPR]] unless it directly leads to a legally or similarly significant decision about the data subject.The court held that the mere automated creation of a score value does not trigger [[Article 22 GDPR]] unless it directly leads to a legally or similarly significant decision about the data subject. == English Summary ==== English Summary == The data subject brought multiple

Facts The first article reported on payments related to the football club Dinamo Zagreb and included the data subject’s full name, bank account number, and payment amounts. The second article referred to the first article via a hyperlink but did not mention the data subject directly.The first article reported on payments related to the football club Dinamo Zagreb and included the data subject’s full name, bank account number, and payment amounts. The second article referred to the first article

Federal agencies like Immigration and Customs Enforcement (ICE) and Customs and Border Protection (CBP) have descended into utter lawlessness, most recently in Minnesota. The violence is shocking. So are the intrusions on digital rights. For example, we have a First Amendment right to record on-duty police, including ICE and CBP, but federal agents are violating this right. Indeed, Alex Pretti was exercising this right shortly before federal agents shot and killed him. So were the many people wh

We're taking part in Copyright Week, a series of actions and discussions supporting key principles that should guide copyright policy. Every day this week, various groups are taking on different elements of copyright law and policy, and addressing what's at stake, and what we need to do to make sure that copyright promotes creativity and innovation. Imagine every post online came with a bounty of up to $150,000 paid to anyone who finds it violates opaque government rules—all out of the

|Court_Original_Name=Oberlandesgericht Frankfurt am Main|Court_Original_Name=Oberlandesgericht Frankfurt am Main |Court_English_Name=Higher Regional Court Frankfurt am Main|Court_English_Name=Higher Regional Court Frankfurt am Main |Court_With_Country=OLG Frankfurt am Main (Germany)|Court_With_Country=OLG Frankfurt (Germany) |Case_Number_Name=6 U 81/23|Case_Number_Name=6 U 81/23 |Party_Link_2=|Party_Link_2= |Appeal_From_Body=LG Frankfurt am Main (Germany)|Appeal_From_Body=LG Frankfurt (Germany)

| Court_Original_Name = Higher Regional Court Frankfurt am Main | Court_Original_Name = Higher Regional Court Frankfurt am Main | Court_English_Name = Higher Regional Court Frankfurt am Main | Court_English_Name = Higher Regional Court Frankfurt am Main | Court_Country = OLG Frankfurt am Main (Germany) | Court_Country = OLG Frankfurt (Germany) | Case_Number = 6 U 81/23 | Case_Number = 6 U 81/23 | Party_Link_2 = | Party_Link_2 = | Appeal_From_Court = Regional Court Frankfurt am Main (Germany) | Appeal_From_Court = Regional Court Frankfurt (Germany)

|Hof_Oorspronkelijke_Naam=Oberlandesgericht Frankfurt am Main|Hof_Oorspronkelijke_Naam=Oberlandesgericht Frankfurt am Main |Hof_Engelse_Naam=Higher Regional Court Frankfurt am Main|Hof_Engelse_Naam=Higher Regional Court Frankfurt am Main |Hof_Met_Land=OLG Frankfurt am Main (Duitsland)|Hof_Met_Land=OLG Frankfurt (Duitsland) |Zaaknummer_Naam=6 U 81/23|Zaaknummer_Naam=6 U 81/23 |Partij_Link_2=|Partij_Link_2= |Beroep_Van_Instantie=LG Frankfurt am Main (Duitsland)|Beroep_Van_Instantie=LG Frankfurt (Duitsland)

English Summary }}}} A court awarded €3,500 to a data subject after a bank mistakenly sent her financial data to another client, finding that the disclosure unlawfully violated her right to privacy and caused non-material harm.A court awarded €3,500 to a data subject after a bank mistakenly sent her financial data to another client, finding that the disclosure unlawfully violated her right to privacy and caused non-material damages. == English Summary ==== English Summary == === Holding ====== H

Summary: A court has awarded €3,500 to a person whose financial data was accidentally sent to another customer by a bank. The court ruled that this unauthorized disclosure constituted a violation of the person's right to privacy and that non-pecuniary damages were involved. Summary: A court has awarded €3,500 to a person whose financial data was accidentally sent to another customer by a bank. The court ruled that this unauthorized disclosure constituted a violation of the person's right to privacy and that non-pecuniary damages were involved. == Summary == Summary == === Conclusion ======

}}}} The Court awarded €100 in non-material damages following a large-scale scraping incident affecting a social network. Although the impairment was considered minor, the Court held that the unauthorised linking and public dissemination of the data subject’s telephone number with other profile data resulted in a loss of control over personal data, which in itself constituted compensable non-material damage.A Court awarded €100 in non-material damages following a large-scale scraping incident af

}}}} The Court awarded €100 in non-material damages for the storage and processing of cookies without the data subject’s consent. Although the infringement was considered minor, and the data subject suffered no loss of control over his data, the court held that the feeling of being monitored constituted non-material damage.A Court awarded €100 in non-material damages for the storage and processing of cookies without the data subject’s consent. Although the infringement was considered minor, and

The court awarded €100 in non-pecuniary damages for the storage and processing of cookies without the consent of the individual. While the violation was considered minor, and the individual did not suffer a loss of control over their data, the court ruled that the feeling of being monitored constituted a form of non-pecuniary damage. The court awarded €100 in non-pecuniary damages for the storage and processing of cookies without the consent of the individual. Although the violation was considered minor, and...

}}}} The court has awarded €100 in non-pecuniary damages following a large-scale data breach that affected a social network. While the damage was considered minor, the court ruled that the unauthorized linking and public dissemination of the individual's phone number with other profile data resulted in a loss of control over personal data, which in itself constituted non-pecuniary damage worthy of compensation. The court has awarded €100 in non-pecuniary damages following a large-scale data breach.

You may not be aware, given the numerous reports highlighting new questions about copyright and generative AI, but the biggest copyright case of the year revolves around a long-standing question in internet law: should internet service providers act as enforcers of copyright? After years of legal battles, this question is now before the Supreme Court. And if the Supreme Court upholds a previous ruling by a lower court, internet service providers could be forced to block internet access for individuals based solely on accusations of copyright infringement.

U wellicht niet, gezien de vele berichten die de aandacht vestigen op nieuwe vragen over auteursrecht en generatieve AI, maar de grootste auteursrechtzaak van het jaar ging over een aloude vraag voor internetbegrippen: moeten internetproviders optreden als handhavers van het auteursrecht? Na jaren van rechtszaken staat die vraag nu voor het Hooggerechtshof. En als het Hooggerechtshof een eerdere uitspraak van een lagere rechtbank niet herroept, zouden internetproviders gedwongen kunnen worden om de internettoegang van mensen te blokkeren op basis van niets meer dan loutere beschuldigingen van auteursrechtinbreuk.

You might not know it, given the many headlines focused on new questions about copyright and Generative AI, but the year’s biggest copyright case concerned an old-for-the-internet question: do ISPs have to be copyright cops? After years of litigation, that question is now squarely before the Supreme Court. And if the Supreme Court doesn’t reverse a lower court’s ruling, ISPs could be forced to terminate people’s internet access based on nothing more than mere accusations of copyright infringemen

> Procurement. Claim for damages against contracting authority. Reliance on estoppel succeeds. Plaintiff did not challenge the award decision in interlocutory proceedings within 20 days. Pursuant to the tender conditions, she thereby also processed her right to damages. Applying this sunset clause here is not unreasonable or disproportionate. (Machine translated)

Aankoop. Schadeclaim tegen de opdrachtgever. De beroepsmogelijkheid op het beginsel van estoppel wordt erkend. De eiser heeft de beslissing van de aanbesteding niet binnen 20 dagen aangevochten in een voorlopig geschil. Volgens de voorwaarden van de aanbesteding heeft ze daarmee ook haar recht op schadevergoeding laten vervallen. Het toepassen van deze "vervalbedinging" is hier niet onredelijk of onevenredig.

District Court of North Holland February 15, 2023, IT 4241; ECLI:NL:RBNHO:2023:2471 (Pit v. OfficeGrip Holding c.s.) This case deals with the question of whether a new ICT supplier is liable for damages resulting from the loss of data from its client's old ICT environment. The court held that the agreement between the client and the new ICT supplier was aimed at setting up a new ICT environment and managing it. It had not been agreed that the new supplier was responsible for managing the old ICT

anonymizing defendant's name in judgment, GDPR, invasion of privacy, intangible damages

Het anonimiseren van de naam van de beklaagde in een vonnis, AVG (Algemene Verordening Gegevensbescherming), schending van de privacy, immateriële schade.

Since May 2018, the GDPR has been directly applicable in the European Economic Area, including the member states of the European Union, Liechtenstein, Norway, and Iceland. Four years later, awarding damages for GDPR violations is still not a common practice in the Netherlands, despite the fact that news reports regularly mention data breaches and other GDPR violations. This article analyzes Dutch case law over the past four years to see what factors may influence the awarding of damages under th

> The Advocate General of the Court of Justice of the European Union (CJEU) issued a non-binding opinion, which privacy advocates fear could further limit users’ possibilities to enforce their privacy rights under the GDPR. > According to [the opinion](https://curia.europa.eu/juris/document/document.jsf;jsessionid=79F0B703F7CD84C2DE01BF340FD03C29?text=&docid=266842&pageIndex=0&doclang=en&mode=lst&dir=&occ=first&part=1&cid=244110) delivered last week, Europeans would hardly get compensated if t

De Advocaat-Generaal van het Gerechtshof van de Europese Unie (HvJEU) heeft een niet-bindend advies uitgebracht, waar privacyactivisten zich zorgen over maken, omdat dit de mogelijkheden van gebruikers om hun privacyrechten op te eisen onder de AVG (Algemene Verordening Gegevensbescherming) verder zou kunnen beperken. Volgens het [advies](https://curia.europa.eu/juris/document/document.jsf;jsessionid=79F0B703F7CD84C2DE01BF340FD03C29?text=&docid=266842&pageIndex=0&doclang=en&mode=lst&dir=&occ=first&part=1&cid=244110), dat vorige week is uitgebracht, zouden Europeanen nauwelijks enige compensatie ontvangen als...

Data ownership proposals are misguided and would be self-defeating if implemented. Instead, privacy law reform should focus on strengthening ongoing use restrictions over personal data, according to this article.

Voorstellen over het eigendom van data zijn misplaatst en zouden averechts werken als ze zouden worden doorgevoerd. In plaats daarvan moet hervorming van de privacywetgeving zich richten op het versterken van de bestaande beperkingen op het gebruik van persoonlijke gegevens, zo stelt dit artikel.

> Privacybescherming is niet absoluut. Dat staat zelfs letterlijk zo in de privacywetgeving. De AVG bevat daarom ook allerlei uitzonderingen. Een van de uitzonderingen die enkele keren terugkomt in de AVG ziet op de verwerking van persoonsgegevens in het kader van "de instelling, uitoefening of onderbouwing van een rechtsvordering". Tot op heden was echter niet heel erg duidelijk wat die woorden nu precies betekenen. Een recente uitspraak van de Afdeling bestuursrechtspraak van de Raad van State

De Europese Commissie heeft een voorstel aangenomen om de regels te harmoniseren met betrekking tot de compensatie van consumenten in de Richtlijn over aansprakelijkheid voor kunstmatige intelligentie. De voorgestelde regels maken het consumenten mogelijk om schadeclaims in te dienen voor schade die "veroorzaakt is door onrechtmatig gedrag" met behulp van AI-technologieën. De Commissie heeft aangegeven dat de basis voor dergelijke claims onder meer "schendingen van de privacy of schade veroorzaakt door veiligheidsproblemen" kan omvatten, en tegelijkertijd opgemerkt dat claims ook kunnen worden ingediend "als iemand gediscrimineerd is tijdens een wervingsproces waarbij AI-technologie wordt gebruikt."

> The European Commission adopted a proposal for harmonizing rules around consumer redress in the Artificial Intelligence Liability Directive. The proposed rules will allow consumers to bring claims for damages "caused due to wrongful behaviour" with AI technologies. The Commission said the basis for claims could include "breaches of privacy, or damages caused by safety issues," while also noting claims can be brought "if someone has been discriminated in a recruitment process involving AI techn

The Danish Data Protection Agency has looked into the tool Google Analytics and its settings, and the terms under which the tool is provided. On the basis of this review, the Danish Data Protection Agency concludes that the tool cannot, without more, be used lawfully. Lawful use requires the implementation of supplementary measures in addition to the settings provided by Google.

De Deense Autoriteit voor Persoonsgegevens heeft onderzoek gedaan naar het instrument Google Analytics en de bijbehorende instellingen, evenals de voorwaarden waaronder het instrument wordt aangeboden. Op basis van dit onderzoek concludeert de Deense Autoriteit voor Persoonsgegevens dat het instrument, zonder aanvullende maatregelen, niet op een wettelijke manier kan worden gebruikt. Wettelijk gebruik vereist de implementatie van aanvullende maatregelen, naast de instellingen die door Google worden aangeboden.

De Europese Toezichthouder op de Bescherming van Persoonsgegevens heeft Europol opgedragen om persoonlijke gegevens over te dragen aan de Nederlandse activist Frank van der Linde. Dit besluit is het resultaat van een onderzoek van twee jaar naar de manier waarop Europol de persoonlijke gegevens van Van der Linde bewaart en verwerkt.

> The fine is the result of an investigation that began in 2020 and focused on the company’s processing of children’s personal data. Based on press reports, the investigation focused on children between the ages of 13 and 17 who were allowed to operate business or creator Instagram accounts. As a result, children’s phone numbers and email addresses were publicly accessible.

De boete is het resultaat van een onderzoek dat in 2020 is begonnen en zich richtte op de manier waarop het bedrijf persoonlijke gegevens van kinderen verwerkte. Op basis van berichten in de media richtte het onderzoek zich op kinderen tussen de 13 en 17 jaar oud die toestemming hadden om zakelijke of creatieve Instagram-accounts te gebruiken. Hierdoor waren telefoonnummers en e-mailadressen van kinderen openbaar toegankelijk.

Dit artikel stelt dat het beschouwen van de negatieve gevolgen van kunstmatige intelligentie als risico's een bewuste keuze is met gevolgen. Risicobeheer brengt zijn eigen specifieke uitdagingen met zich mee: een verzameling van instrumenten en problemen die in andere vakgebieden zijn ontstaan. Bovendien zijn er minstens vier modellen voor risicobeheer, elk met verschillende doelen en methoden. De opkomende conflicten over de regulering van de risico's van kunstmatige intelligentie illustreren de spanningen die ontstaan wanneer toezichthouders één model van risicobeheer hanteren, terwijl belanghebbenden een ander model voorstellen.

> This Article observes that constructing AI harms as risks is a choice with consequences. Risk regulation comes with its own policy baggage: a set of tools and troubles that have emerged in other fields. Moreover, there are at least four models for risk regulation, each with divergent goals and methods. Emerging conflicts over AI risk regulation illustrate the tensions that emerge when regulators employ one model of risk regulation, while stakeholders call for another.

> The proposed fine follows complaints filed by privacy NGO ‘Privacy International’ against Criteo. […] Under the CNIL’s sanction procedure, Criteo has the right to respond to the report, both with respect to the alleged infringements and the proposed sanction.

De voorgestelde boete volgt op klachten die de privacyorganisatie "Privacy International" heeft ingediend tegen Criteo. [...] In het kader van de sanctieprocedure van de CNIL heeft Criteo het recht om te reageren op het rapport, zowel met betrekking tot de vermeende overtredingen als de voorgestelde sanctie.

> European supervisory authorities’ varying practices of calculating GDPR administrative fines can be viewed, on the one hand, as inconsistent and in conflict with the principle of uniform interpretation and application of the GDPR in general and uniform sanction for GDPR infringements in particular, as enshrined in GDPR recital 10, 11 and 13.

De verantwoordelijke functionaris heeft de betrokkene gefilmd in hun werkomgeving en heeft een video van zesenzestig seconden op YouTube gepubliceerd voor promotionele doeleinden. De betrokkene had eerder mondeling toestemming gegeven voor de opname, maar had geen verdere informatie ontvangen over het doel van de opname of hun rechten.

> The controller filmed the data subject in their work environment and published a thirty-six second video on Youtube for promotional purposes. The data subject had previously given verbal consent to the filming but had not received any further information about the purpose of the filming or their rights.

> DeFine is a translation into a calculator of part of the methodology proposed by the European Data Protection Board to calculate GDPR fines (see EDPB, Guidelines 04/2022 on the calculation of administrative fines under the GDPR, 12 May 2022, available online; it was subject to a public consultation until 27 June 2022).