Less people reported a data breach to the CNPD in 2021. Photo: Shutterstock

Less people reported a data breach to the CNPD in 2021. Photo: Shutterstock

The national commission for data protection in 2021 started closing cases on investigations relating to GDPR regulation and noticed a continued impact of the coronavirus pandemic on Luxembourg citizens.

The Commission Nationale pour la Protection des Données (CNPD) on 14 October published its , looking back on 2021. Out of the 49 cases pertaining to General Data Protection Regulation that were closed, 37 resulted in corrective measures in 2021, the national commission reports. Warnings, compliance procedures and fines (for 25 cases) were handed out by the CNPD.

On a national level, €319,500 were collected in fines.  

Online retailer Amazon, which has its European headquarters in Luxembourg, in July 2021 was handed a by the national privacy watchdog for not complying with EU data protection law. In October of the same year, the company the fine, which was then suspended in December 2021, due to its

Less infringements reported, more complaints

 333 data breaches were notified to the organisation over the twelve-month period, a decrease compared to the 379 counted in 2020. Like the previous year, human error was the reason for most cases (62%). 512 complaints were filed by individuals who felt their rights or GDPR laws hadn’t been respected.

With the lifting of sanitary measures over 2021, the number of on-site investigations more than doubled--going from 8 to 18. 6 companies in the grand duchy were also audited as part of a campaign promoting transparency in the online service sector.

Covid-19 remains source of concern

“As in 2020, the pandemic continued to have a significant impact on Luxembourg citizens,” the CNPD explained. The commission in its report highlights its work to keep both citizens and businesses updated on data protection rights and regulations as the covid-19 crisis evolved. Out of the 618 requests for information sent in, most were about contact tracing, body temperature measurement, teleworking and homeschooling. Monitoring in the workplace and the rights of data subjects (rights of access, the right to erasure, etc.) were also among the most requested topics.

Read also

Incorporating new technologies in existing law

Looking at the future, the CNPD recognises that “the rapid emergence and development of new technologies such as artificial intelligence, machine learning, smart sensors and blockchain is a major regulatory challenge.”

Various acts pertaining to digital services, artificial intelligence and digital markets also represent a potential puzzle for the national commission, which will have to transpose them into existing national legislation while assuring a continuously high level of personal data protection for citizens.

The data protection regulator however highlighted its past efforts over 2021 to keep not just citizens but also businesses and startups up-to-date, organising workshops, seminars and conferences throughout the year. Among its students were the public administrative institution INAP, the Chamber of Employees (CSL), the financial sector watchdog CSSF and the Luxembourg Life Long Learning Centre.

A publicly accessible conference on data protection takes place every year on 28 January, World Data Protection Day, the CNPD reminded.  

Related articles