- Austria's Federal Administrative Court, Bundesverwaltungsgericht, overturned an 18 million euro EU General Data Protection Regulation issued to Post AG by the Data Protection Authority.
- France's data protection authority, the Commission nationale de l'informatique et des libertés, announced two fines amounting to 3.05 million euros to branches of multinational Carrefour for violations of the GDPR.
- Italy's data protection authority, the Garante, issued an injunction order and imposed a 50,000 euro fine against the Ministry of the Interior for unlawful processing of personal data. The Garante also announced a ruling in a case on the right to be forgotten.
- Spain's data protection authority, Agencia Española de Protección de Datos, fined Telefónica Móviles España 75,000 euros for processing personal data in violation of the GDPR.
- Sweden's data protection authority, Datainspektionen, announced fines of amounts ranging between SEK 2.5 million to SEK 30 million against seven health care providers in relation to unlawful access to patient data. It also issued a SEK 200,000 fine against the municipality of Gnosjö over unlawful use of surveillance cameras.
- Iceland's data protection authority, Persónuvernd, published its annual activity report.
- Norway's data protection authority, Datatilsynet, issued an administrative fine of NOK 750,000 against Østfold HF Hospital for improperly storing pieces of patient records.
- Following the public disclosure of a list containing addresses of quarantined individuals, Poland's data protection authority, Urząd Ochrony Danych Osobowych, reprimanded a waste management company and ordered the company to notify subjects of the breach.
- Facebook was fined 4 million rubles for breaching Russian data localization laws, The Moscow Times reports.
If you want to comment on this post, you need to login.