Rie Aleksandra - DPO Hub

National DPA news

members – 4 min read

Latest: 🇵🇱 Call to change medical documentation laws | 🇩🇪 Federal DPA update on Facebook page ban case + shares social media guidance | 🇸🇮 Slovenia DPA warns against CSAM | 🇩🇪 Hamburg DPA bridges the gap: GDPR ↔ AI Act

Sep 18, 2025

AI (Act) resources

members – 18 min read

Latest: MIT 1600+ AI Risk Repository | NIST Cyber AI Profile Workshop | 🇳🇱 AI Act Guide (in 🇬🇧) | 🇩🇪 DPAs protest proposal to move AI oversight | Commission seeks feedback on AI dynamics, fairness and contestability in DMA review

Sep 18, 2025

CJEU T-553/23 Latombe v Commission 3 Sep 2025

members – 3 min read

[Added Rie's point of view – 🇬🇧 version still not available 17 Sep.] "The General Court dismisses the action for annulment" and the EU-US DPF remains valid.

Sep 17, 2025

CJEU C-199/24 Legal Newsdesk Sweden 4 Sep 2025 AG Opinion

members – 3 min read

AG Szpunar: National law can’t make defamation the only remedy if criminal conviction data are published online for payment. Publishing conviction records online for payment, without any processing or editing, isn’t processing for journalistic purposes.

Sep 16, 2025

GDPR 2.0?

members – 6 min read

16 Sep: Have your say on the upcoming Digital Omnibus (deadline 14 Oct.) | The Commission is proposing to simplify the European Single Market, including the GDPR Articles 4, 30, 40 and 42.

Sep 16, 2025

EDPB meeting agendas and minutes

members – 7 min read

Sep 15, 2025

Privacy, data protection & security legal landscape

members – 6 min read

Latest: 📆 The Data Act applies 12 Sep! | 'Age Verification Blueprint' testing in 🇩🇰🇫🇷🇬🇷🇮🇹🇪🇸 | Digital Fairness Act public consultation till 9 Oct | EP & Council agrees on GDPR cross-border enforcement Regulation

Sep 12, 2025

CJEU C-655/23 Quirin Privatbank 4 Sep 2025

members – 3 min read

GDPR offers no judicial remedy outside erasure requests to stop future unlawful processing, but Member States may. Non-material damage covers negative feelings – if proven. A controller’s fault doesn’t affect compensation, and a court order banning repeat GDPR violations can’t reduce or replace it.

Sep 7, 2025

CJEU C-413/23 P EDPS v SRB (Concept of personal data) 4 Sep 2025

members – 3 min read

CJEU on General Court: 1) ❌ Someone's comment = their personal data, no need to examine further 2) ✅ Pseudonymised data isn’t always personal data for everyone, in every case 3) ❌ Identifiability must be assessed when data is collected and from the controller’s perspective; Deloitte's not relevant.

Sep 7, 2025

Adequacy decisions

members – 3 min read

5 Sep: Commission with 🇧🇷 Brazil draft adequacy decision – Up next: EDPB Opinion, Member States reps approval and EP "right of scrutiny" | 22 July: Commission deems 🇬🇧 UK DUAA adequate.

Sep 6, 2025

CJEU C-383/23 ILVA (GDPR fine) 13 Feb 2025

members – 4 min read

2 Sep: 💸 ILVA fined €201k | When fining a controller in a corporate group, DPAs must base the maximum fine on the *group’s* total worldwide turnover from the prior business year. A crucial ruling for anyone in a company group – here's also text you can copy for an email to your Management/Board.

Sep 2, 2025

Events 2025

members – 5 min read

Next up: 16-19 Sep 🇰🇷 Seoul: Global Privacy Assembly | 18 Sep 🇳🇱 Utrecht: DPO Day organised by the DPA | 29-30 Sep 🇸🇪 Stockholm: Nordic Privacy Arena

Sep 2, 2025