Paper: Investigating GDPR Fines in the Light of Data Flows

Marlene Sämann, Marlene; Daniel Theis, Daniel; Tobias Urban; Martin Dägeling
June 2022, Conference: Privacy Enhancing Technologies Symposium (PETS)At: SydneyVolume: 4

“… Our analysis shows that it is a combination of technical and organizational issues that are involved when a fine is imposed. ”

“Moreover, data protection authorities more often react to data subjects’ complaints when data breaches become public and when health-related data is involved..”

“.. We further show that the root causes for fined data processing lie in the early data life cycle phases (e.g., data collection). Here, organizational problems are more prevalent (601 fines) than technical issues (314 fines), while technical issues are mentioned more often in later life cycle phases (e.g., retention, access and usage). Especially mistakes in the early phases of the data collection process (e.g., lacking a legal basis) and unauthorized disclosure in later phases are fined. ..”

GDPR – rights and freedoms – EU Charter of fundamental rights.

e.g. freedoms:

Chapter II: freedoms (the right to liberty and security, respect for private and family life, protection of personal data, the right to marry and found a family, freedom of thought, conscience and religion, freedom of expression and information, freedom of assembly and association, freedom of the arts and sciences, the right to education, freedom to choose an occupation and the right to engage in work, freedom to conduct a business, the right to property, the right to asylum, protection in the event of removal, expulsion or extradition).

Germany: BSI publishes technical guidelines for security of digital health apps

in German:

BSI TR-03161 Anforderungen an Anwendungen im Gesundheitswesen