GDPR Decisions

Spanish telecommunications company Vodafone España did not respond to a customer’s deletion request. The affected person received several calls from ISGF on September 10, 2019 asking her to settle outstanding debts. This debt arose from an ADSL connection contract, but it was concluded by a third party. This person misused the data of the vicitm,… […]

A German restaurateur had a list on which his guests had to register in order to track possible COVID-19 infection chains. However, this contact list was open and visible to everyone. On the basis of this, the data protection authority imposed a fine of 100 euros.

MONSANTO, producer of the controversial weed killer glyphosate, has been accused of having stored personal data from over 200 critics. The data protection authority also received seven complaints from affected persons. The file in question contained information about the organization and position of the victims, as well as their business address, work phone number, mobile… […]

After several complaints to the French data protection authority CNIL over the website lefigaro.fr, they started the investigation. The authority found out that cookies from SOCIÉTÉ DU FIGARO partners were automatically enabled when you visited the website. This happened without the user’s consent. Most of these cookies have been used for advertising purposes. The authority… […]

The financial company PRA IBERIA S.L. asked a Spanish person to pay outstanding debts permanently. However, since the lady was not aware of any debt, she contacted the bank and asked for information. However, these requests remained unanswered, which turned the affected parties to the authorities. The fine consists of EUR 30,000 each due to… […]

The data protection authority fined an Italian airport company because the software used has insufficient protection for personal data. In the course of the investigations, it turned out that a secure network protocol (such as HTTPS protocol) was missing and the software itself did not encrypt the data. The authority considered it a breach of… […]

A visitor to a Spanish online shop called www.vidogrado.com filed a complaint with the data protection authority. The reason for this was a incomplete privacy policy. For example, it did not contain any information on the processing of personal data. In addition, there was no phone number from the company and the email address provided… […]

A UK organization that supports the rights of transgender individuals reported a data breach to the ICO data protection authority on June 17, 2019. The Authority then immediately started the investigation and found out that e-mails from 550 affected persons, including their name, email address and mental health or sexual orientation information, were freely accessible… […]

A company based in Luxembourg has installed surveillance cameras both outside and inside on its company premises. However, in the eyes of the Luxembourg data protection authority, the cameras were too detailed in several aspects. For example, one of the outdoor cameras captures parts of a neighboring public road. The cameras inside the building were… […]