Fine EUR 150,000 to multinational company in Greece for GDPR violations


The Greek Data Protection Authority has imposed a fine of 150,000 euros on PWC BS A.E. for violations of the General Data Protection Regulation. In particular, the Personal Data Protection Authority, upon a complaint, investigated on its own motion the legality of the processing of the personal data of employees of PWC BS (PRICEWATERHOUSECOOPERS BUSINESSSOLUTIONS SA) pursuant to which the abovementioned employees were forced to consent to the processing their personal data for three (3) distinct purposes.
The Authority considered PWC BS as the controller:
1) has undergone unlawful processing, in breach of the provisions of Article 5 (1) (e); a) of the GDPR (principle of legality), the personal data of its employees, as it applied an inappropriate legal basis under Art. 6 (1)  a  GDPR (consent) instead of the appropriate legal basis for the performance of the contract, compliance with a legal obligation and the superior legal interest (Art. 6 (1), b, c' and g  GDPR).
2) in an unlawful and no transparent manner, in breach of Article 5 (1) (e); (a) b and c (GDPR) (the principle of objectivity and transparency), the personal data of its employees, as it gave them the false impression that they processed it in accordance with the legal basis of their consent in accordance to 6 (1) a’GDPR.In practice, it was processed on another legal basis, for which the employees were never informed.
3) as controller, although he was responsible, was unable to comply with and demonstrate compliance with Article 5 (1) of the GDPR in breach of the principle of accountability provided for in Article 5 (2) and he carried the burden of compliance on employees.

Comments

Post a Comment

Top Stories

Accidents on board an aircraft: The strict liability of airlines under the Montreal convention extends to inadequate first aid administered on board an aircraft

Image
According to the Judgment of the European Court of Justice dated 6/7/2023 in Case C-510/21 (Austrian Airlines ),  as regards accidents on board an aircraft, the strict liability of airlines under the Montreal convention extends to inadequate first aid administered on board an aircraft. On a flight operated by Austrian Airlines, a jug containing hot coffee fell from a catering trolley and scalded a passenger. First aid was administered to him on board the aircraft. The passenger brought an action before the Austrian courts seeking damages and a declaration establishing Austrian Airlines’ liability for all future damage resulting from the aggravation of his burns on account of the inadequate first aid administered on board the aircraft. Austrian Airlines contends that the action should be dismissed, since it was brought after the expiry of the two-year time limit provided for in the Montreal convention [1] in respect of actions for damages relating to an accident that took place on
Read more

The length of court proceedings for 7 years and 8 months violated the right to a fair hearing within a reasonable time (ECtHR)

Image
In Chamber's judgment dated 5.9.2023 in the case of Van den Kerkhof v. Belgium (application no. 13630/19) the European Court of Human Rights held, unanimously, that there had been a violation of Article 6 § 1 (right to a fair hearing within a reasonable time) of the European Convention on Human Rights.  The case concerned the length of civil proceedings pending before a court of the Brussels judicial district. In the present case the proceedings were brought by the applicant against the vendors of a flat and the real estate agency that had served as an intermediary for the sale.  The Court held that the applicant’s case had not been heard within a reasonable time, noting that seven years and eight months had elapsed for two levels of jurisdiction and that the proceedings were still pending before the French-Language Brussels Court of First Instance.  It emphasised that the system for protecting the rights guaranteed by the Convention was based on the principle of subsidiarity and t
Read more

TikTok processing of children’s data: Dispute's settlement by European Data Protection Board

Image
The European Data Protection Board (EDPB) adopted a dispute resolution decision on the basis of Art. 65 GDPR concerning a draft decision of the Irish Data Protection Authority (DPA) regarding TikTok Technology Limited (TTL).  The binding decision addresses legal questions arising from objections to the draft decision of the Irish DPA as lead supervisory authority (LSA) regarding TikTok Technology Ltd. The EDPB binding decision ensures the correct and consistent application of the GDPR by the national DPAs. The Irish DPA issued the draft decision following an own-volition inquiry into the processing by TTL of personal data of registered TikTok users between the ages of 13 and 17, as well as certain issues regarding TTL’s processing of personal data of children under the age of 13. As no consensus was reached on the objections lodged by DPAs, the EDPB was called upon to settle the dispute between the DPAs within two months. The objections concerned, among other things, whether ther
Read more

Promotion of judges after evaluation by other judges: Substantive conditions and procedural rules must be such as to dispel any reasonable doubt as to the independence and the impartiality

Image
According to the Judgment of the European Court of Justice (7.9.2023) in Case C-216/21 ( Asociaţia ‘Forumul Judecătorilor din România’ ), the promotion of judges to a higher court, based on an assessment, by members of that court, of their work and conduct, is compatible with EU law .  The relevant substantive conditions and procedural rules must, however, be such as to dispel any reasonable doubt as to the independence and the impartiality of the judges concerned, once they have been promoted. In 2019, the Superior Council of Magistracy (SCM) of Romania approved a reform of the procedure for the promotion of judges to higher courts. The ‘Forum of Judges of Romania’ Association and a private individual are contesting that reform before the Court of Appeal, Ploieşti (Romania).  The applicants in the main proceedings submit that replacing the old written exams with an assessment, by (i) the president and (ii) members of the higher court concerned, of candidates’ work and conduct makes th
Read more

Timeshare contracts: Applicable law in the absence of a choice made by the parties (ECJ)

Image
The Court of Justice of the European Union, by judgment, dated 14 September 2023, in Case C-632/21, in proceedings between JF and NS, and Diamond Resorts Europe Limited and others, concerning an application for a declaration that timeshare contracts concluded between the applicants in the main proceedings and Diamond Resorts Europe are void, ruled that: 1. The provisions of Regulation (EC) No 593/2008 on the law applicable to contractual obligations (Rome I) are applicable, in the context of a dispute before a court of a Member State, to contracts the two parties of which are United Kingdom nationals, to the extent that those contracts have a foreign element. 2. Article 6(2) of Regulation No 593/2008 must be interpreted as meaning that: - Where a consumer contract fulfils the requirements laid down in Article 6(1) of that regulation (the contract has been concluded by the consumer for a purpose which can be regarded as being outside his or her trade or profession, the professiona
Read more