Publication at Faculty of Law |
2019
Abstract
In March 2019 the Office for Personal Data Protection issued a decision imposing penalty of of CZK 250,000 on an unspecified entity for alleged violation of the data minimisation principle laid down in Art. 5 (1)(c) of Regulation (EU) 2016/679 (GDPR), i.e. the principle that personal data have to be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. This decision contained a number of conclusions that were quite unexpected to the suppliers and users of the "dynamic biometric signature" technology.