- Chief Compliance Officer and VP of Legal Affairs, Arrow Electronics
By 
Kyle Brasseur2023-12-05T21:29:00
A German property company’s court win regarding a penalty levied against it for alleged violations of the General Data Protection Regulation (GDPR) carries notable ramifications for enforcement of the EU privacy law.
The Court of Justice of the European Union (CJEU) ruled Tuesday on a case related to a penalty of 14.5 million euros (U.S. $15.7 million) initially levied against Deutsche Wohnen by the Berlin Data Protection Commissioner in 2019 for alleged violations of the GDPR regarding retention of tenant data for longer than necessary. That penalty was reversed in 2021 after a Berlin regional court found that, under German law, the company could not be held responsible for violating the GDPR unless blame could be attached to a specific individual or executive.
An appeal of that determination prompted the involvement of the CJEU, which held “a data controller may not have an administrative fine imposed on it for an infringement of the GDPR unless that infringement was committed wrongfully; that is to say, intentionally or negligently.”
THIS IS MEMBERS-ONLY CONTENT. To continue reading, choose one of the options below.
News and analysis for the well-informed compliance or audit exec. Select an option and click continue.
Annual Membership $499 Value offer
Full price one year membership with auto-renewal.
Membership $599
One-year only, no auto-renewal.
Ride-hailing company Uber Technologies was assessed a penalty of €10 million (U.S. $11 million) by the Dutch Data Protection Authority for alleged privacy rights violations regarding the handling of European drivers’ personal data.
The idea companies can be held “strictly liable” for violations of the European Union’s privacy rules was shot down, following a judgment from Europe’s top court relating to a case involving German property company Deutsche Wohnen.
Experts weigh in on the results of a report from the European Data Protection Board showing which countries have seen the most GDPR fines annulled or modified following court appeal.
USAA Federal Savings Bank has been hit with its third cease and desist order from the Treasury Department’s Office of the Comptroller of the Currency in the past five years for failing to correct unsafe and unsound banking practices.
Becton Dickinson medical device company will pay $175 million for “repeatedly” misleading investors about its Alaris infusion pump, a product the company knew was flawed and was sold without the required patient-safety approvals, the Securities and Exchange Commission said.
The Securities and Exchange Commission charged bankrupt fashion retailer Express with failing to disclose nearly $1 million in perks to a former chief executive, but did not levy a financial penalty thanks to its cooperation, the SEC said.
