On July 15, 2021, the European Data Protection Baord (EDPB) adopted its first urgent binding decision in application of Art. 66(2) GDPR following a request from the Hamburg supervisory authority.
However, under article 66 GDPR, as the Irish supervisory authority is the the lead supervisory authority in this matter, the Hamburg Authority needed the validation of the EDPB for these provisional measures to become final.
The EDPB rejected the Hamburg Auhtority’s request but requires further investigations to be carried out on Facebook and Whatsapp Ireland.
On 17 June 2021, the CNIL imposed a fine of 500,000 Euros and an obligation to comply within 3 months under a penalty of 500 Euros per day on BRICO PRIVÉ, a French company opearating a DIY private sales website
As expected, the Commission has adopted two adequacy decisions for transferring personal data freely to the United Kingdom – one under the General Data Protection Regulation (GDPR) and the other for the Law Enforcement Directive. These adequacy decisions also facilitate
In its recent decision of June 15, 2021, involving Facebook and the Belgium Data Protection Authority (“DPA”), the European Court of Justice (the “ECJ” or the “Court”) clarified the conditions under which the non-lead supervisory authorities may exercise their powers