GDPR violation

On June 8, 2020, the Belgian Supervisory Authority (“SA”) fined a (then ex-) politician €5,000 for sending political marketing materials without an appropriate legal basis.  Although the fine was not massive, the case is interesting for another reason: the complaint was brought not by the individuals who received the marketing materials, but by their employer.

According to the SA, the politician exploited the employee list of a local Commune to identify recipients to whom the marketing materials would be sent.  It is not clear how the politician obtained the list.  When the Commune discovered that the list had been leaked, it notified a security breach to the SA and, at the same time, lodged a complaint against the politician.Continue Reading Belgian SA Decision on Lodging GDPR Complaints

On January 21, 2019, the French Supervisory Authority for data protection (“CNIL”) issued a fine of €50 million against Google for violations of the General Data Protection Regulation (“GDPR”) (the decision was published in French here).  The CNIL’s decision was triggered by complaints from two non-profit organizations together representing 9974 individuals. The case raises