Rie Aleksandra - DPO Hub

CJEU C-422/24 Storstockholms Lokaltrafik 18 Dec 2025

members – 3 min read

If public transport ticket inspectors process personal data using body cams, they must inform data subjects under Article 13 – not Article 14 – because the data's collected directly from the data subject.

Dec 18, 2025

Privacy, data protection & security legal landscape

members – 8 min read

COM shares CRA FAQ 3 Dec | ✅ Procedural rules on GDPR enforcement Regulation effective 12 Dec | COM fines X €120m under DSA | Political ads Regulation Article 13(6) public consultation planned Q2 2026 | CSAM Regulation: Council agrees position – next is negotiations with Parliament.

Dec 12, 2025

EDPB meeting minutes 16 Oct and 4 Nov 2025

members – 2 min read

2 x meeting minutes today! 🚨 Guidelines: Joint AI Act ↔ EU data protection law interplay; Political advertisements; Web scraping in the context of generative AI | 🚨 Irish, French & Dutch DPAs investigate data brokers | 🇧🇷 & 🇬🇧 adequacy decisions

Dec 12, 2025

GDPR 2.0 - Digital Omnibus

members – 23 min read

New official summary | NOYB survey | 🇸🇪 IMY comments | New consultation; feedback goes to Parliament and Council | Digital Omnibus: COM's proposal to simplify AI, cybersecurity and (personal) data rules to "save businesses up to €5bn by 2029".

Dec 12, 2025

CJEU C-492/23 Russmedia Digital and Inform Media Press 2 Dec 2025

members – 5 min read

🧨 CJEU rules contrary to the AG: marketplace operators are *controllers* for ads data instead. This has major implications for marketplaces. (And what about DSA?) Also check out CJEU's recorded debrief with President Lenaerts.

Dec 10, 2025

Events 2026

members – 6 min read

What's cooking in 2026? Several events added for the national DPO associations. Also see 15 Dec event with the 🇫🇮 Data Privacy Association + NOYB: EU Omnibus – 'Compliance Challenges and the Role of the DPO'

Dec 9, 2025

'Pay or OK' – 'Consent or Pay' resources

members – 5 min read

Meta to launch new model in Jan | ICO shares guidance for the public

Dec 8, 2025

Norway DPA orders Helseplattformen to rectify shortcomings

members – 3 min read

🇳🇴 Datatilsynet notifies Helseplattformen of their intent to order fixes to serious organisational and (less serious) technical deficiencies – response is due by 6 Jan 2026, with the final decision after. Key ISMS takeaways on this one + download a collated PDF.

Dec 7, 2025

Your OSS for the EDPB

members – 3 min read

⏰ New consultation – requiring users to create accounts to shop online | EDPB wants input on templates (DPIAs, breaches WIP) | Overview page for all things EDPB: Guidelines, Opinions, Recommendations, Members, Meetings, Strategy & Work Programs, CEF, SPE, OSS, Art. 65 Decisions, WP29, CSC

Dec 4, 2025

DPO Hub closes 31 March 2026

members – 2 min read

DPO Hub runs as normal until 31 March. Any subscription renewing before then will end on that date; you won't pay for longer, even on annual plans. If you cancelled but want to extend till March, contact me to reactivate. If you already paid for longer, you'll be refunded pro rata.

Dec 3, 2025

EDPB Guidelines 1/2025 Pseudonymisation (public consultation)

members – 2 min read

New discussion paper available: Stakeholder event on anonymisation and pseudonymisation in light of the EDPS v SRB judgment | ❌ Stakeholder event came and went 17 Nov 🤨 | EDPB hotly debated pseudonymisation guidelines – to be finalised after the public consultation closed in Feb 2025.

Dec 2, 2025

EDPB meeting agendas and minutes

members – 9 min read

2-3 Dec agenda 🚨 x 3: Digital Omnibus | Joint guidelines AI Act ↔ EU data protection law interplay | Recommendations on legal basis for requiring users to create accounts on e-commerce websites | DMA High Level Group: Common paper on AI

Dec 1, 2025