Rie Aleksandra - DPO Hub

Privacy, data protection & security legal landscape

members – 6 min read

Latest: Political ads Reg. new feedback round till 25 Jun | Commission DMA-fines Apple and Meta | The Council adopts the European Health Data Space (EHDS) | EC shares Data Act public consultation summary report, FAQ and DGA practical guide

May 29, 2025

The DPO role: Key resources

members – 2 min read

Added 🇲🇾 DPA guidance with interesting thresholds based on number of data subjects | Key resources on the DPO role, including from the CJEU, EDPB, DPAs, EDPS, GDPR commentaries and more. Explore and let Rie know what’s missing!

May 28, 2025

AI (Act) resources

members – 13 min read

Rumors: EC to pause AI Act? Data Union Strategy & EC wants input on data use to develop AI | AI literacy | 🇫🇮 DPA AI guidance for developers and deployers | 5th AI Pact webinar 27 May | EC to simplify the AI Act? | New SPE project: "AI Privacy Risks & Mitigations in LLMs"

May 28, 2025

National DPA news

members – 2 min read

May 27, 2025

CJEU C-604/22 IAB Europe TC String 7 Mar 2024

members – 7 min read

[Final 🇧🇪 ruling, articles] GDPR definitions are broad: information = personal data if someone can be identified using third-party data. Joint controllership doesn’t automatically cover further processing, but you are one if you set binding rules and jointly decide purposes and means.

May 25, 2025

The Grindr NOK 65m fine case in Norway

members – 2 min read

[Added news article mentioning the upcoming appeal] The Oslo District Court ruled in favour of the state on all points, after Grindr sued the authorities after the Privacy Appeals Board fully upheld the DPA's decision, including the NOK 65m (~€5.6m) record fine. Preliminary win but expect an appeal.

May 25, 2025

GDPR 2.0?

members – 4 min read

The Commission is proposing to simplify the European Single Market, including the GDPR Articles 4, 30, 40 and 42. Skip the full 46-page PDF and read the relevant parts and get the latest updates here – including 🇵🇱 DPA and EDRi weighing in.

May 21, 2025

CJEU C-209/23 RRC Sports 15 May 2025 AG Opinion

members – 2 min read

AG Emiliou: FIFA’s new Football Agent Regulations don’t automatically violate Article 6 GDPR, but must meet certain conditions – there must be a legitimate interest, the data must be strictly necessary, and the rules must not place an unreasonable burden on people’s privacy or finances.

May 21, 2025

Data breaches

members – 2 min read

Latest: Started to add DPA resources, including France with new practical guides for the education sector and Denmark with finalised guide. Upcoming topic page for breaches, prompted by EDPB's recent summary document.

May 20, 2025

Events 2025

members – 4 min read

Latest: 🇳🇴 IGF Norway 23-27 Jun 🇱🇹 Baltic Privacy and Innovation Summit 5 Jun 🇪🇸 AEPD offers course "Innovation and privacy in AI and data spaces" | 🇫🇷 European Health Data Protection Congress 15-17 Oct

May 20, 2025

🇮🇪 DPC fines TikTok €530m for China transfers

members – 2 min read

[Added DPC comments] TikTok also ordered to bring processing into compliance within six months or stop the transfers. They also breached transparency by failing to disclose the third countries involved and didn't explain the nature of the transfers in its privacy policy.

May 15, 2025

Norway DPA shares education sector audit findings

members – 2 min read

Datatilsynet completed their large-scale audit examining how 50 municipalities safeguard privacy and data protection when using digital learning tools for educational purposes. Read their request for information letter here + watch the recording of their final report presentation.

May 15, 2025