The General Data Protection Regulation (GDPR) gives data subjects rights over their own personal data, including the right of access to personal data processed by a controller (Article 15). In practice, the data subject can ask an organisation to access
By a decision of November 25, 2021, the Court of Justice of the European Union (CJEU) ruled that the practice of displaying an advertisement under the appearance of an e-mail in the users’ e-mail box is subject to the prior information and consent of the users (as required under directive 2002/58/EC), without which it also constitutes an unfair commercial practice insofar as this practice corresponds to the notion of “repeated and unwanted solicitations” within the meaning of the Directive 2005/29/EC (“Unfair Commercial Practices Directive”) .
On 17 June 2021, the CNIL imposed a fine of 500,000 Euros and an obligation to comply within 3 months under a penalty of 500 Euros per day on BRICO PRIVÉ, a French company opearating a DIY private sales website
The judgement Bărbulescu v. Romania (application no. 61496/08) handed down by the European Court of Human Rights (ECHR) on September 5, 2017 concerned the decision of a private company to dismiss an employee after monitoring his electronic communications and accessing