Rie Aleksandra - DPO Hub

EDPB meeting minutes 5 May 2025

members – 3 min read

No major news, though lots going on in 🇧🇪 (interesting FATCA decision, "abuse of law by NOYB" and mass rejection of NOYB complaints) | Approved 🇬🇧 GDPR & LED adequacy decisions extensions | Interesting 🇫🇷 case the CNIL will "propose a collective and coordinated action" for.

Jun 30, 2025

National DPA news

members – 3 min read

Latest: 🇫🇷 & partners launch AI model audit tool project | 🇬🇷 annual report | 🇸🇪 IMY tasked with health data role | 🇬🇧 Data (Use and Access) Act (DUAA) receives Royal Assent – see ICO's resource page for all details | 🇳🇴 Web tracking audit = sanctions & NOK 250k fine + DPO survey is ready

Jun 30, 2025

Welcome! Start here 👇

members – 2 min read

Bumping this as reminder – to make the most out of your subscription, read through this post: How to use DPO Hub effectively and find your way around.

Jun 29, 2025

Adequacy decisions

members – 2 min read

24 June: Commission extends the UK's GDPR and LED adequacy decisions until 27 Dec | EU and Japan open adequacy extension talks | EDPS blocked transfers to Brazil, Turkey, India and Fiji in Feb 2024

Jun 25, 2025

The UK Data (Use and Access) Act 2025 (DUAA)

members – 8 min read

Get quickly up to speed on the new UK Data (Use and Access) Act. 💬 "there is no need to panic. Many of the changes empower rather than require, and even if embraced could be done so incrementally."

Jun 25, 2025

AI (Act) resources

members – 15 min read

Latest: 🇫🇷 Legitimate interest recommendation for dev. AI systems | 🇪🇸 AI mustn't interpret your objection | 🇪🇺 EC seeks experts for AI Scientific Panel | 🇪🇺 Joint Research Centre GenAI study | 🇪🇺 EP updated AI Act implementation timeline

Jun 23, 2025

EDPB Guidelines 2/2024 Article 48

members – 5 min read

Update 20 Jun: I've reviewed the final version – mostly clarifications and my annotations on the public consultation one are still valid | EDPB Guidelines on Article 48 covering official requests from third country public authorities for personal data transfers.

Jun 20, 2025

The DPO role: Key resources

members – 3 min read

Latest: 🇳🇴 DPA regularly runs new DPO intro courses and has a dedicated 'DPO strategy' | 🇳🇱 Several DPO-specific initiatives | 🇩🇰 Big revamp of DPO resources with extensive FAQ, video podcast with several DPOs, and more | Key DPO role resources: CJEU, EDPB, DPAs, EDPS, GDPR commentaries and more

Jun 19, 2025

Privacy, data protection & security legal landscape

members – 5 min read

Latest: 🇪🇺 EP & Council agrees on GDPR cross-border enforcement Regulation | Political ads Regulation new feedback round till 25 Jun | Commission DMA-fines Apple and Meta | The Council adopts the European Health Data Space

Jun 18, 2025

CJEU C-40/17 Fashion ID 29 Jul 2019

members – 4 min read

You’re a (joint) controller if you use third-party tools on your website that share personal data with the provider – but only for parts where you (jointly) determine purposes and means. If you collect the data, you must inform and get consent, and each controller must pursue a legitimate interest.

Jun 17, 2025

Events 2025

members – 5 min read

☀️ Summer events: 23-27 Jun 🇳🇴 Lillestrøm: Internet Governance Forum – IGF Norway | 7-9 Jul 🇬🇧 Cambridge Privacy Laws & Business 38th Int. Conference | 9-10 Jul 🇪🇸 Santander: Innovation and privacy in AI and data spaces - course by AEPD | 17-18 Jul 🇩🇪 Berlin: International Data Law Forum (IDLF)

Jun 17, 2025

🇮🇪 DPC fines TikTok €530m for China transfers

members – 2 min read

[DPC order paused until Oct] TikTok also ordered to bring processing into compliance within six months or stop the transfers. They also breached transparency by failing to disclose the third countries involved and didn't explain the nature of the transfers in its privacy policy.

Jun 10, 2025