Rie Aleksandra - DPO Hub

GDPR 2.0 - Digital Omnibus

members – 22 min read

The Digital Omnibus is the Commission's proposal to simplify AI, cybersecurity and (personal) data rules to "save businesses up to €5bn in administrative costs by 2029". They opened a new eight-week public consultation on 21 Nov and will summarise and present feedback to the Parliament and Council.

Nov 23, 2025

National DPA news (2025)

members – 5 min read

🇩🇪 Hessen DPA greenlights M365! | 🇭🇷 DPA fines telecoms operator €4.5m | 🇪🇸 Encryption guide for freelancers and SMEs + AEPD YouTube series | 🇳🇴 Credit agencies audit | 🇫🇷 survey: Monetization of personal data | Learnings for all: 🇳🇱 DPAg tips after five major service provider cyber attacks

Nov 19, 2025

AI (Act) resources

members – 22 min read

🔥 Digital Omnibus on AI Regulation Proposal published! | ⏰ AI Act high-risk regime delayed 12-15 months? | EDPS EUDPR guide: AI Systems Risk Management

Nov 19, 2025

Privacy, data protection & security legal landscape

members – 7 min read

✅ Council adopts new Regulation to speed up handling of cross-border data protection complaints

Nov 17, 2025

Your OSS for the EDPB

members – 3 min read

❌ Stakeholder event on anonymisation & pseudonymisation came and went 17 Nov 🤨 | EDPB wants input on templates (DPIAs, breaches WIP) | Overview page for all things EDPB: Guidelines, Opinions, Recommendations, Members, Meetings, Strategy & Work Programs, CEF, SPE, OSS, Art. 65 Decisions, WP29, CSC

Nov 17, 2025

CJEU C-654/23 Inteligo Media 13 Nov 2025

members – 7 min read

If a user creates a free account and gets access to articles, newsletters and the option to pay for further content, this falls under Art. 13(1) and (2) ePD as 'sale of a service' and 'direct marketing', and you don't need a legal basis under Art. 6 GDPR, in line with Art. 95 GDPR.

Nov 13, 2025

EDPB meeting minutes 7-8 Oct 2025

members – 3 min read

Nov 9, 2025

EDPB meeting minutes 11 Sep 2025

members – 2 min read

DSA ↔ GDPR interplay guidelines | 🇧🇷 Brazil & 🇬🇧 UK adequacy decisions | Helsinki Statement – practical implementation & Commission on simplifying breach reporting | EDPS C-413/23 update | BCRs: 🇮🇪 Shopify, 🇱🇺 Northern Trust, Ferrero Group, 🇳🇴 Mowi.

Nov 8, 2025

EDPB meeting agendas and minutes

members – 8 min read

Sep & Oct minutes published | 4 Nov agenda: 🚨 Guidelines x 3: Political ads; Web scraping in GenAI context; AI Act ↔ EU data protection law interplay | Opinion on 🇧🇷 adequacy decision | New SPE project: Market study of data brokers

Nov 6, 2025

Adequacy decisions

members – 3 min read

5 Nov: EDPB Opinion on 🇧🇷 Brazil draft adequacy decision – up next: Member States reps approval and EP "right of scrutiny" | 20 Oct: EDPB adopts opinions on UK GDPR & LED | 16 Sep: Republic of Korea EU adequacy decision.

Nov 5, 2025

CJEU C-413/23 P EDPS v SRB (Concept of personal data) 4 Sep 2025

members – 5 min read

Pseudonymised data isn’t always personal in every case to everyone – but measures must be effective. Comments are personal by nature – no need to assess content, purpose or effects. Whether a person can be identified must be assessed from the controller’s perspective, when collecting the data.

Nov 2, 2025

CJEU T-553/23 Latombe v Commission 3 Sep 2025

members – 4 min read

🔥 Latombe to appeal! New CJEU case number: C-703/25 P | "The General Court dismisses the action for annulment" and the EU-US DPF remains valid.

Oct 31, 2025