News

English Summary }}}} A court awarded €3,000 to a data subject after finding a news portal violated her privacy under [[Article 5 GDPR]] by publishing her personal data unnecessarily and disproportionately, despite claims of public interest.A court awarded €3,000 in damages to a data subject after finding that a news portal violated her right to privacy by publishing her personal data unnecessarily and disproportionately in two articles, despite the controller’s claims of public interest. == Engl

Holding }}}} The court held that the mere automated creation of a score value does not trigger [[Article 22 GDPR|Article 22 GDPR]] unless it directly leads to a legally or similarly significant decision about the data subject.The court held that the mere automated creation of a score value does not trigger [[Article 22 GDPR]] unless it directly leads to a legally or similarly significant decision about the data subject. == English Summary ==== English Summary == The data subject brought multiple

}}}} The court held that the mere automated creation of a score value does not trigger [[Article 22 GDPR]] unless it directly leads to a legally or similarly significant decision about the data subject.A court held that the mere automated creation of a score value by a credit information agency does not trigger [[Article 22 GDPR]] unless it directly leads to a legally or similarly significant decision concerning the the data subject. == English Summary ==== English Summary == === Facts ====== Fa

Facts The first article reported on payments related to the football club Dinamo Zagreb and included the data subject’s full name, bank account number, and payment amounts. The second article referred to the first article via a hyperlink but did not mention the data subject directly.The first article reported on payments related to the football club Dinamo Zagreb and included the data subject’s full name, bank account number, and payment amounts. The second article referred to the first article

Federal agencies like Immigration and Customs Enforcement (ICE) and Customs and Border Protection (CBP) have descended into utter lawlessness, most recently in Minnesota. The violence is shocking. So are the intrusions on digital rights. For example, we have a First Amendment right to record on-duty police, including ICE and CBP, but federal agents are violating this right. Indeed, Alex Pretti was exercising this right shortly before federal agents shot and killed him. So were the many people wh

We're taking part in Copyright Week, a series of actions and discussions supporting key principles that should guide copyright policy. Every day this week, various groups are taking on different elements of copyright law and policy, and addressing what's at stake, and what we need to do to make sure that copyright promotes creativity and innovation. Imagine every post online came with a bounty of up to $150,000 paid to anyone who finds it violates opaque government rules—all out of the

English Summary }}}} A court awarded €3,500 to a data subject after a bank mistakenly sent her financial data to another client, finding that the disclosure unlawfully violated her right to privacy and caused non-material harm.A court awarded €3,500 to a data subject after a bank mistakenly sent her financial data to another client, finding that the disclosure unlawfully violated her right to privacy and caused non-material damages. == English Summary ==== English Summary == === Holding ====== H

}}}} The Court awarded €100 in non-material damages for the storage and processing of cookies without the data subject’s consent. Although the infringement was considered minor, and the data subject suffered no loss of control over his data, the court held that the feeling of being monitored constituted non-material damage.A Court awarded €100 in non-material damages for the storage and processing of cookies without the data subject’s consent. Although the infringement was considered minor, and

}}}} The Court awarded €100 in non-material damages following a large-scale scraping incident affecting a social network. Although the impairment was considered minor, the Court held that the unauthorised linking and public dissemination of the data subject’s telephone number with other profile data resulted in a loss of control over personal data, which in itself constituted compensable non-material damage.A Court awarded €100 in non-material damages following a large-scale scraping incident af

|Court_Original_Name=Oberlandesgericht Frankfurt am Main|Court_Original_Name=Oberlandesgericht Frankfurt am Main |Court_English_Name=Higher Regional Court Frankfurt am Main|Court_English_Name=Higher Regional Court Frankfurt am Main |Court_With_Country=OLG Frankfurt am Main (Germany)|Court_With_Country=OLG Frankfurt (Germany) |Case_Number_Name=6 U 81/23|Case_Number_Name=6 U 81/23 |Party_Link_2=|Party_Link_2= |Appeal_From_Body=LG Frankfurt am Main (Germany)|Appeal_From_Body=LG Frankfurt (Germany)

> Procurement. Claim for damages against contracting authority. Reliance on estoppel succeeds. Plaintiff did not challenge the award decision in interlocutory proceedings within 20 days. Pursuant to the tender conditions, she thereby also processed her right to damages. Applying this sunset clause here is not unreasonable or disproportionate. (Machine translated)

> Dissolution because of a disturbed employment relationship, serious culpability of the employer because of insufficient reintegration in the first track and justified complaints of the employee about violation of privacy. Regarding the amount of the fair compensation, it was considered that hardly any relevant income loss had been suffered because the employee had been unfit for work for a long time and the end of the waiting period had... (Machine translated)

> Thirteen non-EU countries sometimes accept “social media profiles and phone contacts” as evidence of identity for the purpose of deportations, according to an internal European Commission assessment of third country cooperation on readmission.

District Court of North Holland February 15, 2023, IT 4241; ECLI:NL:RBNHO:2023:2471 (Pit v. OfficeGrip Holding c.s.) This case deals with the question of whether a new ICT supplier is liable for damages resulting from the loss of data from its client's old ICT environment. The court held that the agreement between the client and the new ICT supplier was aimed at setting up a new ICT environment and managing it. It had not been agreed that the new supplier was responsible for managing the old ICT

Fair compensation after dissolution by subdistrict court. The court held that the employer had acted seriously culpable by seriously violating the employee's privacy, not being honest with the employee about it, and avoiding all communication with the employee. As a result, the employment relationship was disrupted. Estimate fair compensation, difference hypothet...

anonymizing defendant's name in judgment, GDPR, invasion of privacy, intangible damages

Since May 2018, the GDPR has been directly applicable in the European Economic Area, including the member states of the European Union, Liechtenstein, Norway, and Iceland. Four years later, awarding damages for GDPR violations is still not a common practice in the Netherlands, despite the fact that news reports regularly mention data breaches and other GDPR violations. This article analyzes Dutch case law over the past four years to see what factors may influence the awarding of damages under th

> The Advocate General of the Court of Justice of the European Union (CJEU) issued a non-binding opinion, which privacy advocates fear could further limit users’ possibilities to enforce their privacy rights under the GDPR. > According to [the opinion](https://curia.europa.eu/juris/document/document.jsf;jsessionid=79F0B703F7CD84C2DE01BF340FD03C29?text=&docid=266842&pageIndex=0&doclang=en&mode=lst&dir=&occ=first&part=1&cid=244110) delivered last week, Europeans would hardly get compensated if t

> Privacybescherming is niet absoluut. Dat staat zelfs letterlijk zo in de privacywetgeving. De AVG bevat daarom ook allerlei uitzonderingen. Een van de uitzonderingen die enkele keren terugkomt in de AVG ziet op de verwerking van persoonsgegevens in het kader van "de instelling, uitoefening of onderbouwing van een rechtsvordering". Tot op heden was echter niet heel erg duidelijk wat die woorden nu precies betekenen. Een recente uitspraak van de Afdeling bestuursrechtspraak van de Raad van State

> The European Commission adopted a proposal for harmonizing rules around consumer redress in the Artificial Intelligence Liability Directive. The proposed rules will allow consumers to bring claims for damages "caused due to wrongful behaviour" with AI technologies. The Commission said the basis for claims could include "breaches of privacy, or damages caused by safety issues," while also noting claims can be brought "if someone has been discriminated in a recruitment process involving AI techn

The GDPR incorporates the RBA for all obligations of the controller in the GDPR. Where the transfer rules are stated as obligations of the controller (rather than as absolute principles), the RBA of Article 24 therefore applies. Other than the DPAs assume, this is not contradicted by the ECJ in Schrems II nor by the EDPB recommendations on additional measures following the Schrems II judgment, according to Lokke Moerel, Professor of Global ICT Law at Tilburg University and a Dutch Cyber Security

> The fine is the result of an investigation that began in 2020 and focused on the company’s processing of children’s personal data. Based on press reports, the investigation focused on children between the ages of 13 and 17 who were allowed to operate business or creator Instagram accounts. As a result, children’s phone numbers and email addresses were publicly accessible.

> The proposed fine follows complaints filed by privacy NGO ‘Privacy International’ against Criteo. […] Under the CNIL’s sanction procedure, Criteo has the right to respond to the report, both with respect to the alleged infringements and the proposed sanction.

> The controller filmed the data subject in their work environment and published a thirty-six second video on Youtube for promotional purposes. The data subject had previously given verbal consent to the filming but had not received any further information about the purpose of the filming or their rights.

The proposed rules would require online service providers to detect, report and remove child sexual abuse material on their services. Those providers must also assess the risk of their services being used to distribute child sexual abuse material. A new European Center on Child Sexual Abuse will provide support to providers, law enforcement and victims.

> DeFine is a translation into a calculator of part of the methodology proposed by the European Data Protection Board to calculate GDPR fines (see EDPB, Guidelines 04/2022 on the calculation of administrative fines under the GDPR, 12 May 2022, available online; it was subject to a public consultation until 27 June 2022).