Background information Date of final decision: 8 March 2022 Controller: Harpa Concert Hall and Conference Centre ohf. Legal Reference: principles relating to processing of personal data (Article 5), lawfulness of processing (Article 6) Decision: infringement of the GDPR, order to comply, fine 1 million ISK (approx. 7.200 Euros). Key words: principles, lawfulness of processing, transparency, data…
Category: Non-U.S.
The Icelandic SA: HEI medical travel agency fined for an unlawful use of an e-mail address and not handling an access request
Background information Date of final decision: 3 May 2022 National case: 2020051610 Controller: HEI ehf. (HEI – Medical Travel) Legal Reference: lawfulness of processing (Article 6), right of access (Article 15) Decision: infringement of the GDPR, fine 1.5 million ISK (approx. 10.700 Euros). Key words: lawfulness of processing, access request, e-mail list, erasure of personal…
Court of Justice of the EU Greenlights GDPR Collective Claims Without a Mandate
Dan Cooper, Kristof Van Quathem, and Anna Oberschelp de Meneses of Covington and Burling write: On April 28, 2022, the Court of Justice of the EU (“CJEU”) decided that consumer protection associations may bring collective claims without a mandate from the affected consumers, including for violations of the GDPR, relying on national consumer law provisions. The words…
SLAPPs: A real problem or a defendant’s wildcard? – Iain Wilson
Iain Wilson writes: In our blog In defence of privacy and the judiciary we discussed how the press had misreported the decision in HRH the Duchess of Sussex v Associated Newspapers Ltd [2021] EWCA Civ 1810 and, with the assistance of the government, had weaponised that misreporting to lobby for the reform of privacy law. We are now seeing a…