The most frequent subject of the procedure for the protection of personal data has been the revision of the legal provisions required for the processing of personal data via camera systems. And the most common violation was a violation of the legal basis of the treatment or the principle of integrity and confidentiality associated with the lack of appropriate security measures by the subcontractors. [1] IAPP, First GDPR fine in Portugal against a hospital for three violations, 03 June 2019 [2] Uria Menendez Proenca de Carvalho, Guide to key legal issues related to the COVID-19 outbreak, 03 June 2020 The Dutch Data Protection Authority (Autoriteit Persoonsgegevens, AP) has expressed concern about the continued transformation of society through digitalisation and technological innovation. This leads to more data, which is also more diverse, specific and personal. In this digital society, the protection of personal data is essential. The PA fears an increase in “digital injustice,” such as illegal data trafficking, inadequate security, discrimination, and the weakening of the democratic legal system. The Bulgarian data protection authority, namely the Commission for the Protection of Personal Data (CPDP), focuses mainly on guidelines and decisions in the context of complaints. The CPDP recently established the lawfulness of the processing of personal data by the Ministry of the Interior during the COVID-19 crisis. In particular, the statement stresses that the collection of declarations by the Ministry from citizens passing through checkpoints throughout Bulgaria is a temporary measure and affects a limited number of persons whose data are processed. The legislation on the protection of personal data limits the scope of citizens` rights and freedoms (Article 23 of the GDPR, Regulation (EU) 2016/679) and that the processing of personal data by the Ministry is necessary and proportionate to ensure public health and crime prevention. In France, following the revision of the national law “Data Protection Law” in June 2018, amendments and additions to local legislation came into force. Das am 30.
The decree published in May 2019 is the latest step towards bringing federal legislation into line with the General Data Protection Regulation (GDPR) and the Police Justice Directive, which applies to criminal cases. The national legal framework for data protection has been stabilised. The Act and its implementing regulations, which have undergone a major revision, now allow individuals and data processing organisations to better understand their rights and obligations with regard to the protection of personal data. In this context, in October 2020, the Slovak Office for the Protection of Personal Data processed the legal conditions for the processing of personal data on the state of health on the basis of the secondary law (decree of the regional health authority) related to COVID-19 – in particular, the processing of information on the negative result of the COVID-19 test/certificate from national tests. The Office concluded that there was a violation of the principles of the processing of personal data, as it stated in its opinion that the decrees issued since the Slovak Law on the Protection and Promotion of Public Health cannot be considered as an adequate legal basis for the processing of personal data. It is a well-known fact that it is quite difficult to open an account with European banks for both a company and an individual. The founder of the fund – the leading bank “CSOB” – will contribute to this. If you or your family members have legal problems with registration and activity in Slovakia or the European Union, the advantage is that one of the founders of the fund is the leading Slovak law firm bpv BRAUN PARTNERS. You will have to keep records, pay taxes or submit financial and statistical reports, increase employee salaries, audit annual financial statements – for this purpose there is another founder of the fund – BDO in Slovakia, which is a member of BDO Firms, one of the largest international networks of auditors and consultants for the number of offices and employees. If you need to find a job in the job market and train specialists for your company, the founder – Balanced HR, which is among the 10 largest HR agencies in Slovakia, will do so easily and professionally. The CJEU`s Schrem II decision last year has significantly disrupted transatlantic data transmission.
In its judgment of 16 July 2020, the CJEU found that the EU-US Privacy Shield agreement violated European data protection law. At the time of the decision, the privacy shield agreement was the basis for much of the transatlantic data transfer and was used by virtually all major providers such as Google, Facebook and Microsoft. As a result of the Court`s decision, EU companies will no longer be able to legally transfer data to the US-based Privacy Shield Framework. Companies that do not comply with this decision and continue to transfer data on the basis of an invalid mechanism (e.g. the Privacy Shield) risk a fine of €20 million or 4% of global turnover. In September 2021, the Garante announced that it had asked the Irish DPC to investigate Facebook in connection with the recent announcement of smart glasses before the glasses were marketed on the Italian market. The requests requested by Garante include the legal basis, confidentiality, anonymization and voice assistants associated with the glasses. The Irish DPC and the Garant have issued a joint statement asking Facebook Ireland to confirm that their new product, Facebook View, will properly inform individuals when it is registered[4].
The 39 inspections carried out during the observation period were carried out in 10 cases by the processing activities of public authorities and organisations, in 4 cases by the processing activities of local self-government bodies (cities and municipalities), in 20 cases by the processing activities of other legal persons (including two banks, an insurance company and a health care provider) and the treatment activities of a sports club. In 2020, checks on the processing of personal data were also carried out on four natural persons. The Datatilsynet focuses on monitoring data processors and sub-processors and ensures that companies have a legal basis for data processing and storage. On the 22nd. In September 2021, Datatilsynet announced that the reporting of a data breach by the tax administration violated Article 24(1) of the GDPR as it did not immediately inform data subjects of the data breach. The 2020 data breach, which exposed 1.26 million Danish citizens` identification numbers and was due to a software issue that lasted five years, resulted in the notification of data subjects 40 days after the breach became known. On September 21, 2021, Datatilsynet announced that Falck Danmark A/S (“Falck”) has complied with the GDPR of personal data relating to COVID-19 testing of primary school students. The transparency of falck`s processing and data protection declaration was in accordance with Articles 12(1) and (13) of the GDPR. On September 16, 2021, Datatilsynet announced that it had recommended a fine of DKK 75,000 for the security failure of the Favrskov Municipality. The police have not taken sufficient technical security measures to maintain the confidentiality of the personal data of the data subject.
The breach resulted from a stolen laptop containing a program containing the personal data of approximately 100 people with limited physical or mental capacity. Most importantly, the computer was not encrypted and the program that contained the information was not equipped with adequate security precautions, which violated Article 32 of the GDPR. In Austria, the national DPA and the GDPR apply to data protection issues. The DPA complements the GDPR, adapts its provisions to the national context and forms the legal basis for the structure and powers of the DPO. The DPO is an active authority and has imposed significant fines, including, for example, a fine of €18 million against the Austrian Post for breach of the GDPR. The DPO and the Austrian Federal Economic Chamber (hereinafter referred to as “WKO”)[1] regularly publish guidelines on data protection issues, including data subject access requests, cookies, direct marketing and the right to be forgotten. In addition to the GDPR and FADP, Austria has also ratified the Convention for the Protection of Individuals on Automatic Processing of Personal Data (“Convention 108”). The law enforcement authority is taking a firmer stance on transparency, as evidenced by its recent complaints. The Portuguese data protection authorities are still not carrying out any work on the ground. They only act in case of complaints. Despite its current legal limitations, the Portuguese Data Protection Authority (CNPD) imposed in October 2018 a fine of 400,000 euros on the Hospital of Barreiro and Montijo (CHBM) under the GDPR[1]. Recently, Portugal`s leading consumer protection association (DECO) was fined €107,000 for sending unsolicited emails.
The new government and the new budget should lead to a greater dynamic of the CNPD. In the last 12 months, there have been minor changes at national level, with the exception of one case – the addition of legal conditions for the processing of personal data on the state of health of patients in the national registry, for which the corresponding legal basis for processing was only recently adopted. In September 2021, Garante fined the Lombardy Region €200,000 for publishing the personal data of more than 100,000 students on the school`s website.[2] The students applied for state scholarships and economic grants to purchase textbooks, technological materials and teaching materials.