Rie Aleksandra - DPO Hub

10x CJEU in Sep + Community Learning Seasons: risks, DPIAs

members – 3 min read

🚨 Two key CJEU rulings: EDPS v SRB on personal data & pseudonymisation (3 Sep.) and Latombe v Commission on the EU-US DPF (4 Sep.), plus one more ruling and seven Advocate General opinions. Buckle up!

Aug 20, 2025

AI (Act) resources

members – 17 min read

Latest: 🇩🇪🇫🇷 Joint guidance: Design Principles for LLM-based Systems with Zero Trust | Commission & AI Board confirms GPAI Code of Practice can demonstrate compliance (also see combined PDFs of final Code and 'Training Content Public Summary - Note and Template') | 🇩🇪 BfDI LLM public consultation

Aug 19, 2025

National DPA news

members – 3 min read

Latest: New 🇨🇿 Cybersecurity Act | Annual reports: 🇷🇴 🇬🇧 🇮🇹 | 🇧🇬 Recommendations parental access to surveillance recordings in schools/kindergartens | 🇫🇷 Breach consumer advice (IBAN & ID theft, phishing) | 🇬🇧 Guidance on disclosing documents to the public (FOI, SAR)

Aug 17, 2025

CJEU C-422/24 Storstockholms Lokaltrafik 1 Aug 2025 AG Opinion

members – 2 min read

AG Medina: When personal data is collected through body cameras worn by ticket inspectors working for a public transport company (🇸🇪 SL), Article 13 applies, not Article 14, as it’s collected directly from the data subject.

Aug 6, 2025

The European Data Protection Supervisor – EDPS

members – 2 min read

Overview page for all things EDPS.

Aug 5, 2025

Privacy, data protection & security legal landscape

members – 6 min read

Latest: 'Age Verification Blueprint' testing in 🇩🇰🇫🇷🇬🇷🇮🇹🇪🇸 | Digital Fairness Act public consultation till 9 Oct | EP & Council agrees on GDPR cross-border enforcement Regulation

Aug 4, 2025

The DPO role: Key resources

members – 3 min read

Latest: 🇫🇷 Added links | 🇱🇻 DPA's DPO register | 🇳🇴 DPA regularly runs new DPO intro courses and has a dedicated 'DPO strategy' | 🇳🇱 Several DPO-specific initiatives | 🇩🇰 Big revamp of DPO resources | Key DPO role resources: CJEU, EDPB, DPAs, EDPS, GDPR commentaries and more

Aug 3, 2025

EDPS audit of the Commission's MS365 use

members – 11 min read

28 July: EDPS closes its investigation into the European Commission’s use of Microsoft 365, now deeming it compliant after previously finding serious EUDPR violations, notably on purpose limitation and international transfers.

Jul 29, 2025

EDPB meeting minutes 3-4 Jun 2025

members – 2 min read

🚨 AI & Data Protection Training | EDPB-EDPS opinion simplifying Art. 30(5) ROPA | Scientific research GLs discussed but redacted (as was "Smart TVs") | New 🇪🇪 CJEU case & 🇧🇪 IAB Europe update – but no further details | Joint EC-EDPB DMA ↔ GDPR interplay guidelines | 🇫🇷 rec. coming for email pixels.

Jul 27, 2025

EU and China discuss new Cross-Border Data Flow Communication Mechanism

members – 1 min read

Last year, EU and China began discussing a new Cross-Border Data Flow Communication Mechanism for non-personal data. On 17 July, a second meeting took place. First sector out: automative.

Jul 23, 2025

EDPB meeting agendas and minutes

members – 6 min read

[Updated 23 Jul with several links to published docs] 🚨 8 Jul agenda: EDPB to discuss Joint EDPB-EDPS opinion on EC's proposal to simplify ROPA req. (due end of July) | DSA model clauses + EDPB comments on Commission's DSA Art. 28 Guidelines

Jul 23, 2025

Adequacy decisions

members – 2 min read

22 July: UK DUAA deemed adequate by the Commission ✅. Up next for the draft decisions: EDPB Opinion, Member States reps approval and EP "right of scrutiny".

Jul 22, 2025