The Court of Justice of the European Union reaffirmed the conditions data protection authorities can issue fines to data controllers under the EU General Data Protection Regulation. The CJEU ruled a data controller should not receive a fine unless the violation of the GDPR was committed "intentionally or negligently." The decision stemmed from cases originating from Lithuania and Germany, which dealt with the Lithuania National Public Health Centre processing citizens' data for its COVID-19 monitoring app and a German real estate company retaining customer data longer than necessary.
CJEU clarifies DPAs' legal grounds for issuing fines under GDPR
Related stories
The final days of grace: Preparing for the U.S. sensitive data rule
Notes from the IAPP Canada: Taking meaningful steps to protect children online
A view from DC: Double toil and trouble in Connecticut’s privacy amendment
US lawmakers find bipartisanship in opposition to UK's order on Apple encryption back door
A view from Brussels: Where does Brussels stand on sovereignty?
