Niels Westerlaken - Legal.digital

Sign in Subscribe

Niels Westerlaken

Employee mistake not sufficient for award of non-material damages

Employee mistake not sufficient for award of non-material damages

CJEU 25 January 2024, IT 4473; ECLI:EU:C:2024:72 (Applicant v. MediaMarktSaturn) The applicant in the main proceedings purchased an electrical appliance from Saturn. For the sale of this, a credit agreement was drawn up, which required some of the applicant's personal data to be processed in Saturn's

Turing annual reviews Privacy and IT from 2023

Turing annual reviews Privacy and IT from 2023

Also in the year 2023, legislators, the judiciary and regulators were frequently busy in the field of privacy and data protection. Meanwhile, the AVG celebrated its fifth anniversary which provided a moment to look back and look forward. Or as AP Chairman Aleid Wolfsen described it: reason to celebrate and

"Limburg District Court rules in summary proceedings: privacy wins over legitimate interest in cameras in neighbor dispute"

"Limburg District Court rules in summary proceedings: privacy wins over legitimate interest in cameras in neighbor dispute"

Brief. Neighbor dispute. Defendant has not sufficiently demonstrated a legitimate interest in the presence of cameras against the front and side walls of his home. The plaintiffs' right to respect for privacy is therefore outweighed. (Machine translated) https://deeplink.rechtspraak.nl/uitspraak?id=ECLI:NL:RBLIM:2024:304

Data brokers: TAGADAMEDIA fined €75,000

Supervisory Authorities

Data brokers: TAGADAMEDIA fined €75,000

Information background As part of its priority topic of investigation on commercial prospecting in 2022, the CNIL focused on the practices of professionals in the sector, in particular those who resell data, including many intermediaries in this ecosystem, known as data brokers. On this occasion, the CNIL decided to initiate

Denmark's DPA issues injunction in Chromebook case

Supervisory Authorities

Denmark's DPA issues injunction in Chromebook case

Denmark's data protection authority, Datatilsynet, ruled school districts cannot pass on student information to help Google maintain and improve its services or for measuring performance of new functions in its Chrome products. The data can be passed on to help provide the service and improve its security, as well as

EDPB launches website auditing tool

EDPB launches website auditing tool

The EDPB has launched a website auditing tool that can be used to help analyse whether websites are compliant with the law. The tool was developed in the context of the EDPB Support Pool of Experts (SPE) and can be used by both legal and technical auditors at data protection

Preserving the confidentiality of communications is essential to fundamental rights

Preserving the confidentiality of communications is essential to fundamental rights

EDPS issues Opinion on the proposed Regulation to extend the temporary derogation from certain provisions of the ePrivacy Directive to combat child sexual abuse online. Read Press Release & Opinion.Each year on 28 January, we celebrate Data Protection Day. This date commemorates the anniversary of the Council of Europe’s

EDPB creates website auditing tool for GDPR compliance

EDPB creates website auditing tool for GDPR compliance

The European Data Protection Board released a website auditing tool for EU General Data Protection Regulation compliance. The auditing tool was developed by the EDPB Support Pool of Experts and can be used by data protection authorities, in addition to data controllers and processors, to streamline the "preparing, carrying out

Netherlands' DPA calls for standards for privacy, AI use in education

The Netherlands' data protection authority, the Autoriteit Persoonsgegevens, said there needs to be better standards to protect privacy within the education field, particularly as it begins to adopt more use of artificial intelligence technologies. A review of practices found educators had taken steps to comply with privacy law but there

Employee monitoring: CNIL fined AMAZON FRANCE LOGISTIQUE €32 million

Supervisory Authorities

Employee monitoring: CNIL fined AMAZON FRANCE LOGISTIQUE €32 million

The essentials AMAZON FRANCE LOGISTIQUE manages the AMAZON group's large warehouses in France, where it receives and stores items and then prepares parcels for delivery to customers. As part of its activities, each warehouse employee is given a scanner to document the performance of certain tasks assigned to them in

"Justified use of installed cameras without violation of AVG and illegality, Zeeland-West Brabant District Court rules"

"Justified use of installed cameras without violation of AVG and illegality, Zeeland-West Brabant District Court rules"

Posted cameras not in violation of AVG and not unlawful. (Machine translated) https://deeplink.rechtspraak.nl/uitspraak?id=ECLI:NL:RBZWB:2023:9058

US Data Protection Review Court's quiet presence

US Data Protection Review Court's quiet presence

Politico reports on a perceived lack of transparency around the establishment and work of the U.S. Data Protection Review Court. Created under the EU-U.S. Data Privacy Framework, the court's mandate is to tackle consumer redress concerning foreign surveillance claims against U.S. government access to non-U.S. residents'

Cookies: CNIL fined Yahoo! €10 million

Supervisory Authorities

Cookies: CNIL fined Yahoo! €10 million

Background information YAHOO EMEA LIMITED publishes several web services such as a search engine and an e-mail service. The CNIL received 27 complaints reporting the failure to take into account the refusal of cookies and the obstacles encountered in withdrawing consent to the deposit of cookies. In October 2020 and

Netherlands DPA fines credit card company

Supervisory Authorities

Netherlands DPA fines credit card company

The Netherlands data protection authority, Autoriteit Persoonsgegevens, announced a fine for credit card company International Card Services. The AP fined the company 150,000 euros for allegedly not conducting a data protection impact assessment before processing the personal data of 1.5 million customers.Full story https://iapp.org/news/

Belgium's DPA fines data management company

Supervisory Authorities

Belgium's DPA fines data management company

Belgium's Data Protection Authority announced an administrative fine of 174,640 euros to data management company Black Tiger Belgium. The ADP enforced three administrative fines after Black Tiger Belgium allegedly violated the EU General Data Protection Regulation by not being transparent about the company's data processing of personal data.Full

EDPB publishes GDPR one-stop-shop digest

Supervisory Authorities

EDPB publishes GDPR one-stop-shop digest

The European Data Protection Board published a guide to EU General Data Protection Regulation one-stop-shop cases concerning security of data processing and data breach notification. The digest, which covers enforcement actions under Articles 32, 33 and 34 of the GDPR, aims to offer "insights on how DPAs have interpreted and

EDPB identifies areas of improvement to promote the role and recognition of DPOs

EDPB identifies areas of improvement to promote the role and recognition of DPOs

Brussels, 17 January - During its latest plenary, the EDPB adopted a report on the findings of its second coordinated enforcement action, which focused on the designation and position of Data Protection Officers (DPOs). The report is the result of an EU-wide coordinated investigation and lists the obstacles currently faced

Meta ignores the users’ right to easily withdraw consent

Meta ignores the users’ right to easily withdraw consent

Meta ignores the users’ right to easily withdraw consent If Instagram and Facebook users want to withdraw their consent, they have to buy an expensive subscription https://noyb.eu/en/meta-ignores-users-right-easily-withdraw-consent

Request for disclosure of personal data by housing association

Request for disclosure of personal data by housing association

A tenant requests the landlord, the housing association, to provide an overview of the personal data it has processed about him (Art. 15 AVG). The tenant considers the housing corporation's answer (the provided processing overview) insufficient and requests the Rb. (in brief) to order the housing corporation - on pain

New criteria for GDPR fines determined by the CJEU

New criteria for GDPR fines determined by the CJEU

The Court of Justice of the European Union (“CJEU“) has ruled on the conditions under which national data protection supervisory authorities may impose administrative fines on one or more data controllers for a violation of EU Regulation 679/2016 (“GDPR“). Let’s cover the specifics of the case: The case

CJEU Rules that GDPR Prohibition on Automated Decision-Making Applies to Credit Scoring

CJEU Rules that GDPR Prohibition on Automated Decision-Making Applies to Credit Scoring

On December 7, 2023, the Court of Justice of the European Union ruled that credit scoring constitutes automated decision-making, which is prohibited under Article 22 of the EU General Data Protection Regulation unless certain conditions are met. Continue Reading https://www.huntonprivacyblog.com/2023/12/14/cjeu-rules-that-gdpr-prohibition-on-automated-decision-making-applies-to-credit-scoring/

GDPR complaint against X (Twitter) over illegal micro-targeting for chat control ads

GDPR complaint against X (Twitter) over illegal micro-targeting for chat control ads

GDPR complaint against X (Twitter) over illegal micro-targeting for chat control ads X enabled the illegal political micro-targeting used by the EU Commission https://noyb.eu/en/gdpr-complaint-against-x-twitter-over-illegal-micro-targeting-chat-control-ads

EU court lowers requirements for imposing fines for data protection breaches

EU court lowers requirements for imposing fines for data protection breaches

The European Court of Justice issued a landmark ruling on Tuesday (5 December) that is set to facilitate the imposition of fines for infringements of the General Data Protection Regulation (GDPR). https://www.euractiv.com/section/data-protection/news/eu-court-lowers-requirements-for-imposing-fines-for-data-protection-breaches/

Your car is probably harvesting your data. Here's how you can wipe it

Your car is probably harvesting your data. Here's how you can wipe it

It is so easy to vacuum up private data from vehicles that Andrea Amico taught his daughter how to extract text messages from her mom’s car when she was only eight years old. Blue-haired and an engineer by training, Amico has a hacker’s mentality, which has manifested in

"Request for access to processed data and copies addressed in interlocutory order by 's-Hertogenbosch Court of Appeal"

"Request for access to processed data and copies addressed in interlocutory order by 's-Hertogenbosch Court of Appeal"

art. 15 AVG / request for inspection / requested complete overview of data processed and copies / interlocutory decision (Machine translated) https://deeplink.rechtspraak.nl/uitspraak?id=ECLI:NL:GHSHE:2023:3911