Rie Aleksandra - DPO Hub

EDPB press release: Right of access CEF 2024 report

members – 1 min read

30 DPAs participated in EDPB's 2024 CEF action on the Right of access, involving 1185 controllers. 7 identified challenges like lack of documented procedures and requesting excessive ID docs. More awareness needed!

Jan 20, 2025

AI (Act) resources

members – 9 min read

🐦‍🔥 New amazing tool from David Rosenthal: Office AI add-in (Windows only)! Added link to Digiphile's 2nd highlighted version (thanks Philip!). 🇪🇺 2nd draft ready! General-Purpose AI Code of Practice. 🇬🇧 ICO shares a summary report after completing their five-part generative AI consultation series.

Jan 20, 2025

EDPB press release: 🚨 Pseudonymisation guidelines + working with competition authorities

members – 1 min read

Pseudonymisation guidelines on public consultation until 28 Feb! Plus, the EDPB suggest how they can cooperate with competition authorities

Jan 17, 2025

EDPB Support Pool of Experts (SPE) projects

members – 3 min read

An overview of SPE project so far. Which ones (if any) should you spend time on? Maybe the OSS case digests. New one added on 17 Jan regarding the Right of access.

Jan 17, 2025

Events 2025

members – 4 min read

Updated with tons of events! Also check out the discussion post in the 💛 Community, where folks share where they're heading in 2025.

Jan 17, 2025

Consent or Pay resources

members – 2 min read

Updated this post to gather some of the Consent or Pay resources while we wait for the EDPB's Guidelines!

Jan 15, 2025

CJEU C-416/23 Österreichische Datenschutzbehörde (Excessive requests) 9 Jan 2025

members – 4 min read

Art. 57(4) 'requests' include 'complaints' in 57(1)(f) and 77(1) and aren't 'excessive' due to volume alone; DPAs must show abuse, and can then charge a reasonable fee or refuse to act after considering all circumstances and ensuring their choice is justified.

Jan 14, 2025

CJEU C-394/23 Mousse 9 Jan 2025

members – 5 min read

Processing customers' titles to personalise communication based on gender isn’t essential for performing a contract; nor is it for a legitimate interest if they weren't informed beforehand, the processing isn't strictly necessary, or the balancing test goes in their favor.

Jan 13, 2025

CJEU C-21/23 Lindenapotheke 4 Oct 2024

members – 5 min read

NB! Updated re: explicit consent. Competitors can take legal action against your GDPR violations if considered an illegal unfair commercial practice. Special category personal data threshold is lowered: ordering pharmacy-only medicinal products online is considered sharing health data.

Jan 12, 2025

CJEU EUDPR General Court T‑354/22 Bindl v Commission 8 Jan 2025

members – 2 min read

The CJEU's General Court orders the European Commission to pay €400 in non-material damages for US transfers made in March 2022, when no adequacy decision or alternative safeguard was in place. Expect an appeal!

Jan 10, 2025

Member memos

members – 32 min read

Last update 31 Dec: DPO Hub 2024 stats (🤯) + 2025 plans (and I need your brutally honest feedback!)

Dec 31, 2024

🇮🇪 DPC fines LinkedIn €310m for illegal behavioural analysis and targeted advertising

members – 2 min read

UPDATE 1 Jan: Summary + full decision published! 6 years after a complaint, the DPC finds LinkedIn breached lawfulness (no consent, legitimate interest or contractual necessity), fairness, and transparency. Result: reprimand, order to rectify violations + €310 million fine.

Dec 30, 2024