GDPRhub newsletter 16 June 2022

🎙️
Listen to the audio recording here.

Finland

The Finnish DPA held that a BMW dealership did not have to disclose the service history of a used vehicle to a new buyer under Article 15 GDPR because it contained the personal data of the previous owner, not the new one. Read more or edit on GDPRhub...

Written with the support of Vadym Kublik

Germany

The Regional Court of Essen held that an insurance company can reject an access request as excessive if the request's purpose is not to be aware of or verify the lawfulness of the processing but to check why the premium has increased. Read more or edit on GDPRhub...

Also in Germany, the Administrative Court of Munich rejected a request for interim relief directed against the collection and storing of Covid-19 test certificates by a school because the legal provisions permitting the school’s conduct were repealed in the meantime. Read more or edit on GDPRhub...

Italy

The Italian DPA fined a public waste collection company (processor) €200,000 for installing video surveillance systems without prior authorisation from the Municipality of Taranto (controller) and for posting videos of identifiable persons on Facebook without a legal basis. Read more or edit on GDPRhub...

The Italian DPA also fined a daily newspaper €40,000 for negligently publishing the personal details of a homosexual couple and their adopted child in an online article covering related judicial proceedings. Read more or edit on GDPRhub...

Finally, the Italian DPA fined a public administration €50,000 for unlawfully disclosing personal (health related) data to unauthorised third parties and for adopting inadequate security measures pursuant to Article 32 GDPR. Read more or edit on GDPRhub...

Netherlands

The biggest internet service provider in the Netherlands (Ziggo) is not obliged to send a warning letter to its customer(s) on behalf of Stichting BREIN regarding alleged copyright infringement. Read more or edit on GDPRhub...

Poland

The Polish DPA fined a car trailer manufacturer approximately €3,492 (16,000 PLN) for failing to report a data breach which involved the loss of an employee's employment certificate. Read more or edit on GDPRhub...

Spain

The Catalan DPA responded to a controller's request for guidance, advising that a railway could disclose the ID number of a sub-contracted security guard without their consent but was required to notify the guard prior to processing. Read more or edit on GDPRhub...

The Spanish DPA fined a restaurant owner €3,000 for installing CCTV cameras to monitor the public space outside the restaurant which included a neighbor's front door. Read more or edit on GDPRhub...

Written with the support of Sergi Ariño Mayans