Rie Aleksandra - DPO Hub

DPO Hub 2.0 from 1 April

members – 3 min read

DPO Hub runs as normal until 31 March and then your subscription ends automatically. If you pre-paid for longer, you'll be refunded pro rata. DPO Hub switches to 📚 Library mode on 1 April. Founding rate available for existing members – contact me for access.

Dec 22, 2025

Events 2026

members – 6 min read

What's cooking in 2026? Several events added for the national DPO associations.

Dec 20, 2025

CJEU C-422/24 Storstockholms Lokaltrafik 18 Dec 2025

members – 3 min read

If public transport ticket inspectors process personal data using body cams, they must inform data subjects under Article 13 – not Article 14 – because the data's collected directly from the data subject.

Dec 18, 2025

Privacy, data protection & security legal landscape

members – 8 min read

COM shares CRA FAQ 3 Dec | ✅ Procedural rules on GDPR enforcement Regulation effective 12 Dec | COM fines X €120m under DSA | Political ads Regulation Article 13(6) public consultation planned Q2 2026 | CSAM Regulation: Council agrees position – next is negotiations with Parliament.

Dec 12, 2025

EDPB meeting minutes 16 Oct and 4 Nov 2025

members – 2 min read

2 x meeting minutes today! 🚨 Guidelines: Joint AI Act ↔ EU data protection law interplay; Political advertisements; Web scraping in the context of generative AI | 🚨 Irish, French & Dutch DPAs investigate data brokers | 🇧🇷 & 🇬🇧 adequacy decisions

Dec 12, 2025

GDPR 2.0 - Digital Omnibus

members – 23 min read

POLITICO 62-page analysis | 💚 Grumpy GDPR podcast episode w/Max Schrems: Under the Bus | New consultation; feedback goes to Parliament and Council | Digital Omnibus: COM's proposal to simplify AI, cybersecurity and (personal) data rules to "save businesses up to €5bn by 2029".

Dec 12, 2025

CJEU C-492/23 Russmedia Digital and Inform Media Press 2 Dec 2025

members – 5 min read

🧨 CJEU rules contrary to the AG: marketplace operators are *controllers* for ads data instead. This has major implications for marketplaces. (And what about DSA?) Also check out CJEU's recorded debrief with President Lenaerts.

Dec 10, 2025

'Pay or OK' – 'Consent or Pay' resources

members – 5 min read

Meta to launch new model in Jan | ICO shares guidance for the public

Dec 8, 2025

Norway DPA orders Helseplattformen to rectify shortcomings

members – 3 min read

🇳🇴 Datatilsynet notifies Helseplattformen of their intent to order fixes to serious organisational and (less serious) technical deficiencies – response is due by 6 Jan 2026, with the final decision after. Key ISMS takeaways on this one + download a collated PDF.

Dec 7, 2025

Your OSS for the EDPB

members – 3 min read

⏰ New consultation – requiring users to create accounts to shop online | EDPB wants input on templates (DPIAs, breaches WIP) | Overview page for all things EDPB: Guidelines, Opinions, Recommendations, Members, Meetings, Strategy & Work Programs, CEF, SPE, OSS, Art. 65 Decisions, WP29, CSC

Dec 4, 2025

EDPB Guidelines 1/2025 Pseudonymisation (public consultation)

members – 2 min read

New discussion paper available: Stakeholder event on anonymisation and pseudonymisation in light of the EDPS v SRB judgment | ❌ Stakeholder event came and went 17 Nov 🤨 | EDPB hotly debated pseudonymisation guidelines – to be finalised after the public consultation closed in Feb 2025.

Dec 2, 2025

EDPB meeting agendas and minutes

members – 9 min read

2-3 Dec agenda 🚨 x 3: Digital Omnibus | Joint guidelines AI Act ↔ EU data protection law interplay | Recommendations on legal basis for requiring users to create accounts on e-commerce websites | DMA High Level Group: Common paper on AI

Dec 1, 2025