The Court of Justice of the European Union reaffirmed the conditions data protection authorities can issue fines to data controllers under the EU General Data Protection Regulation. The CJEU ruled a data controller should not receive a fine unless the violation of the GDPR was committed "intentionally or negligently." The decision stemmed from cases originating from Lithuania and Germany, which dealt with the Lithuania National Public Health Centre processing citizens' data for its COVID-19 monitoring app and a German real estate company retaining customer data longer than necessary.
CJEU clarifies DPAs' legal grounds for issuing fines under GDPR
Related stories
Neurotechnologies under the EU AI Act: Where law meets science
Ireland's DPC discusses recent TikTok enforcement decision
Why privacy technology is failing — and why AI won't fix it
Notes from the IAPP Canada: Building momentum during Privacy Awareness Week
New York State of Mind: A discussion with NYC Chief Privacy Officer Michael Fitzpatrick
