📊 DPO Hub Pulse: AI topic page?
members
–
Disclaimer: Work is underway on the legitimate interest topic page, but here’s your chance to weigh in on an AI one.
🚨 EDPB shares Art. 48 Guidelines (PC) and new Data Protection Seal certification
members
–
1 min read
The EDPB just shared new Guidelines! This time for Article 48 and they're on public consultation until 25 Jan 2025. They also announced a new EU Data Protection Seal certification for 'Brand Compliance'.
CJEU C-169/23 Masdi 28 Nov 2024
members
–
4 min read
The Art. 14(5)(c) derogation applies to *all* data not collected from the data subject, including self-generated. DPAs can, as per Art. 14(5)(c), verify if national law has measures to protect data subjects' legitimate interests, but this doesn’t include assessing Art. 32 security measures.
CJEU C-17/22 HTB Neunte Immobilien Portfolio 12 Sep 2024
members
–
5 min read
National case-law could be relevant under Article 6(1)(c) legal obligation. The CJEU offers further guidance on legitimate interest assessments and highlights the importance of the data subjects' 'reasonable expectations'.
My Meta Pay or Okay experience - now they're cutting the price with 40%
members
–
5 min read
Latest: Meta reduces sub prices and offers new free choice with less personalised ads, claiming it "goes beyond what is required in the law". 💸 And gets huge fines: €797.72m from the 🇪🇺 EC for antitrust violations and $25.4m from 🇮🇳 India's competition authority for 2021 privacy notice failures.
ICO approves first sector-owned UK GDPR Code of Conduct for private investigators
members
–
1 min read
🇬🇧 ICO: "This code, which investigators in the private sector can sign up to, will provide certainty and reassurance to those using their services [and] assist investigators to navigate the challenges between conducting investigations whilst respecting people’s privacy rights."
CJEU C-252/21 Meta Platforms and Others (General terms of use of a social network) 'Bundeskartellamt' 4 Jul 2023
members
–
6 min read
The 'Bundeskartellamt' ruling, where the CJEU applies 'strictly' to the legal bases necessity test for the first time. 🔥 You might rely on legitimate interest for direct marketing, network security or product improvement, but the processing must now meet this higher threshold.
EDPB meeting minutes 7-8 Oct 2024
members
–
2 min read
Must-read update! Will we get PCs for Art. 64(2) Opinions? Strategic case coming to an end. Updates on recent Opinions and Guidelines + DPA news: New 🇦🇹 DPA for the legislative sector, 🇸🇪 new Director, 🇪🇸 Director leaving, 🇽🇰 becomes observer, new tools from 🇱🇹&🇭🇷 + lots of DPA networking.
Takeaways from EDPB's AI models stakeholder event 5 Nov
members
–
1 min read
The EDPB has now held their stakeholder event and the Opinion is due by the end of the year. Check out these LinkedIn posts (and comments) to hear how it went!
EDPB Guidelines 1/2024 Legitimate interests (public consultation)
members
–
4 min read
The EDPB's recent new legitimate interest guidelines are on public consultation until 20 Nov 2024. Initial analysis: 📝 Document, document, document.
EDPB Opinion 22/2024: obligations when relying on (sub-)processors
members
–
8 min read
📚 You must list all (sub-sub-sub-sub...)processors (name, address, contact person, processing activity, roles & responsibilities) and always verify they've provided 'sufficient guarantees'—though the extent might vary based on risk—also for onwards transfers.
CJEU C-634/21 SCHUFA Holding (Scoring) 7 Dec 2023
members
–
4 min read
Credit scoring = Art. 22(1) 'automated individual decision-making' when a third party heavily relies on a probability value to form or end a contract with a data subject. A ruling of "ground-breaking importance for AI-based decisions" according to the Hamburg DPA!