Rie Aleksandra - DPO Hub

ICO Anonymisation and pseudonymisation guidance

members – 2 min read

The UK ICO has published its updated anonymisation and pseudonymisation guidance – unfortunately only as a series of sub-pages on their website. (I’ve asked if a PDF version is available.)

Mar 30, 2025

Events 2025

members – 4 min read

New: ICO Anonymisation & Pseudonymisation guidance webinar 22 May! Personverndagene 🇳🇴: program ready + hubsters meetup! Want to connect with fellow hubsters? Read where people are heading in the NoTies Community.

Mar 30, 2025

CJEU C-654/23 Inteligo Media 27 Mar 2025 AG Opinion

members – 2 min read

AG Szpunar: If someone creates an online account that includes access to your email newsletters, sending them qualifies as 'direct marketing’ under the ePrivacy Directive Article 13 and is covered by the exception in point 2. Under Article 95 GDPR, a lawful basis under Article 6 isn’t needed.

Mar 27, 2025

Norway DPA with record NOK 4 million DPO fine

members – 8 min read

BIG share: the DPA’s advance notification flagged a potential NOK 99m fine! Datatilsynet fined Telenor ASA for failing to properly assess and document the DPO role, including independence, potential conflicts of interest, and a direct reporting line to top management.

Mar 26, 2025

National DPA news

members – 1 min read

Mar 24, 2025

EDPB Support Pool of Experts (SPE)

members – 5 min read

Latest: EDPB shares their 2nd SPE report and this time, I'm not even reading it... About SPE: What is it, what have they spent (and spend) time and resources on, is it justified based on the current results, and should you apply? (Likely not.) Should you even spend time reading this post?

Mar 20, 2025

Luxembourg Court upholds major €746m fine to Amazon

members – 2 min read

Just added the ruling. Fine and daily penalty upheld for Articles 6, 12-17, and 21 violations related to interest-based ads, but since an appeal is inevitable, this isn’t final yet. In the meantime, Amazon doesn’t have to pay or take any action.

Mar 20, 2025

Binding Corporate Rules (BCRs)

members – 1 min read

The EDPB has updated the cooperation procedure for BCR approvals, detailing the roles of lead DPAs, review phases and the EDPB’s opinion process. 💡 This document replaces WP263rev.01.

Mar 20, 2025

Adequacy decisions

members – 1 min read

Latest: The Commission proposes to extend the UK's adequacy decisions until 27 December to allow time to complete the legislative process. Next up is EDPB's review.

Mar 19, 2025

CJEU GC EUDPR T‑354/22 Bindl v Commission 8 Jan 2025

members – 2 min read

Latest: The case has been appealed! The CJEU's General Court orders the European Commission to pay €400 in non-material damages for US transfers made in March 2022, when no adequacy decision or alternative safeguard was in place.

Mar 19, 2025

New SCCs on public consultation

members – 1 min read

Latest: The public consultations for new SCCs (third-country importers directly subject to the GDPR), announced in Sep 2024, are delayed from Q2 to Q3 2025. 🤔

Mar 19, 2025

Lawfulness: Consent

members – 6 min read

Latest update: Luxembourg DPA with updated guidance. Start here for all things consent: when to rely on and not, practical tips and key resources (GDPR, DPD, CFR, OECD, CJEU rulings and EDPB guidance).

Mar 17, 2025