Rie Aleksandra - DPO Hub

The Coordinated Supervision Committee (CSC)

members – 2 min read

10 Oct 2025: EU Entry Exit System takes effect in two days | The CSC brings together DPAs and the EDPS to coordinate supervision of large-scale IT systems (e.g. IMI, Europol, SIS, Eurojust) and EU bodies under the EUDPR or relevant EU laws.

Oct 10, 2025

The DPO role: Article 37(1)(b)

members – 5 min read

10 Oct: Estonia's thresholds for 'large-scale' (5k, 10k, 50k) | Breaking down Article 37(1)(b) key terms: 'core activities', 'regular', 'systematic', 'monitoring' and 'large scale'. And what should you do if you're still unsure whether you need to appoint a DPO? Appoint one voluntarily?

Oct 10, 2025

EDPB Guidelines 1/2025 Pseudonymisation (public consultation)

members – 2 min read

STAKEHOLDER EVENT – more details to come. EDPB hotly debated pseudonymisation guidelines – to be finalised after the public consultation closed in Feb 2025.

Oct 9, 2025

EDPB meeting agendas and minutes

members – 7 min read

9 Oct Press release: DMA ↔ GDPR interplay guidelines published for public consultation | Oct agenda: 🚨 Draft 'Consent or Pay' guidelines to be discussed | Enforcement strategies | EDPB stakeholder engagement | Selecting topics for CEF 2026 | BCR draft decisions: 🇫🇷 Tessi, 🇵🇱 Box

Oct 9, 2025

AI (Act) resources

members – 20 min read

🔥 EC launches AI Act Service Desk | Master's Thesis on legitimate interest for AI training | ICO shares their Internal AI Use Policy | CNIL partners with research institute Inria | Commission draft guidance & serious AI incidents reporting template – feedback wanted ⏰ 7 Nov

Oct 9, 2025

CJEU T-384/20 RENV OC v Commission (C-479/22 P)

members – 4 min read

🔥 Update: After the CJEU sent the case back, the General Court has ordered the European Commission to pay a Greek scientist €50,000 for unlawfully processing her personal data in a press release, causing reputational, career and health-related harm.

Oct 7, 2025

'Pay or OK' – 'Consent or Pay' resources

members – 4 min read

EDPB to discuss "draft 'Consent or Pay' guidelines" on 7 Oct | Dutch court orders Meta to change Facebook and Instagram timeline settings (DSA) |🇬🇧 ICO on Meta ads model | 🇦🇹 Court rules newspaper's Pay or OK model not OK – likely heading for a CJEU referral next

Oct 5, 2025

National DPA news

members – 5 min read

ICO shares Internal AI Use Policy | 🇮🇪 DPC fines TikTok €530 million over China transfers [added 1-pager] | 🇮🇪 'Short Guide to Digital Regulation', clarifying common queries in the digital regulation space in Ireland | Appointing a former Meta lobbyist as 🇮🇪 Commissioner stirs controversy

Oct 5, 2025

Events 2025

members – 5 min read

Oct events: 🇧🇪 CEDPO DPO Conference, 🇬🇧 ICO DPPC, 🇸🇪 AI webinar, 🇬🇧 ISACA, 🇫🇷 European Health Data Protection Congress, 🇩🇪 ENISA Annual Privacy Forum, 🇧🇪 IAPP | Save-the-date 10 Dec 🇳🇱 AI Supervisory Congress (DPA + Rijksinspectie Digitale Infrastructuur) + 🇸🇪 IMY's annual DPO conference

Oct 4, 2025

CJEU T-553/23 Latombe v Commission 3 Sep 2025

members – 3 min read

[🇬🇧 version finally available!] "The General Court dismisses the action for annulment" and the EU-US DPF remains valid.

Oct 2, 2025

Norway DPA fines the Labour and Welfare Administration (NAV) NOK 20 million

members – 6 min read

[updated] After the Privacy Appeals Board overturned substantial parts of the DPA's decision against the Labour and Welfare Administration (NAV), including the record NOK 20 million fine, the DPA has decided to reassess the case.

Oct 1, 2025

Norway DPA fines Telenor ASA NOK 4 million for DPO violations

members – 9 min read

[updated] After initially flagging a potential NOK 99m (~€8.3m) fine, Datatilsynet fined Telenor ASA NOK 4m (~€351,000) for failing to properly assess and document the DPO role (independence, conflicts of interest, reporting lines) – the case is now with the 🇳🇴 Privacy Appeals Board.

Sep 29, 2025