Amazon’s 746 Million Euro GDPR Fine Upheld by Luxembourg Court
Amazon lost its appeal against a 746 million euro fine for GDPR violations, as Luxembourg’s court upheld the decision by the CNPD.
Court cases
EDPB Adopts Statement on PNR Directive Implementation
The EDPB adopted a statement on the PNR Directive, urging EU countries to implement changes in line with the CJEU’s judgment to enhance passenger data protection.
Meta Appeals €91 Million GDPR Fine
Meta challenges a €91 million fine from Ireland’s DPC for improperly storing user passwords, claiming the penalty is excessive and misapplied under GDPR.
Train Companies Cannot Require Gender Information, Says EU Court
The European Court of Justice ruled that train companies cannot require gender identification for ticket purchases, promoting inclusivity and privacy rights.
EU Court Orders Commission to Pay Damages for Non-compliant Data Transfer
The EU court ordered the European Commission to pay damages for illegal data transfers, highlighting the importance of compliance with EU data transfer rules and potential for class actions.
EU Court rules GDPR complaints can’t be rejected based on frequency
The CJEU ruled that complaint frequency doesn’t invalidate GDPR complaints unless they are clearly vexatious or abusive, impacting data protection enforcement across the EU.
WhatsApp Appeals €225 Million GDPR Fine to EU’s Top Court
WhatsApp appeals a €225 million fine at the CJEU, challenging the EDPB’s decision over alleged GDPR violations related to user data transparency.
Meta to Face €550 Million Lawsuit in Spain for Data Protection Violations
Meta faces a €550 million lawsuit in Spain for allegedly violating E.U. data protection laws by unlawfully collecting user data for targeted advertising.
German court says Facebook liable in data scraping case
The Federal Court of Justice ruled that Facebook must compensate a user for immaterial damages due to a data breach, emphasizing the significance of data control under GDPR.
Estonia to limit telecommunication data retention obligation
Estonia’s Ministry of Justice faces challenges in aligning data retention policies with EU regulations while balancing privacy rights and national security.
DPA is not obliged to impose sanctions, CJEU rules
Supervisory authorities under GDPR can choose not to impose penalties for data breaches if the controller has already taken corrective actions.
noyb takes Swedish DPA to the Court Over GDPR Complaint Handling
The case against Sweden’s IMY raises concerns over the enforcement of data protection rights under EU law, prompting noyb to appeal for proper complaint handling.