Rie Aleksandra - DPO Hub (Page 11)

🚨 EDPB: (sub-)processor Opinion, legitimate interest Guidelines, draft enforcement regulation Statement, 2024-2025 work programme

members – 1 min read

Controllers should keep identity of *all* processors and sub-processors "readily available at all times" and their obligation to verify (sub-)processors' ‘sufficient guarantees’ should apply regardless of the risk. The EDPB also shares legitimate interest Guidelines for public consultation and more.

Oct 9, 2024

CJEU LED ePD C-548/21 Bezirkshauptmannschaft Landeck (Attempt to access personal data stored on a mobile phone) 4 Oct 2024

members – 1 min read

A case relating to the ePrivacy and Law Enforcement Directives, concluding that police access to phones isn't limited to the fight against serious crime.

Oct 4, 2024

Interesting non-GDPR CJEU case on gender change (C-4/23 Mirin)

members – 1 min read

💡 (Non-GDPR/ePrivacy) CJEU ruling stating that Member States can't refuse to recognise changed name and gender approved in another Member State.

Oct 4, 2024

EDPB meeting minutes 16 July 2024

members – 2 min read

Systems overload! Is the EDPB taking on too much?

Oct 3, 2024

Norway DPA fines university for insufficient access control in MS Teams

members – 4 min read

The 🇳🇴 University of Agder was fined €12,500 (NOK 150k) for failing to secure personal data on Teams/SharePoint and insufficient internal controls. Short decision, several takeaways for everyone!

Sep 12, 2024

Dutch DPA fines Clearview AI €30.5m, warns personal liability and says use also illegal

members – 4 min read

[📝 NB! Massive post update 11 Sep] The 🇳🇱 DPA fines Clearview €30.5m, imposes four orders and warns of non-compliance penalties of €5.1m. Using Clearview is illegal and the DPA investigates if company directors can be held personally liable for the violations. Numerous questions on this decision!

Sep 11, 2024

Italy: bank fined €1m and rental company €250k for unclear DPAg and no legal basis

members – 4 min read

The 🇮🇹 Garante fined a bank €1 million for anti-fraud checks as a processor on behalf of a group company without a legal basis, breaching both Articles 28(3) and 5(1)(a). The rental company was separately fined €250,000, also for an insufficient privacy notice. Here are your key takeaways! 💡

Aug 21, 2024

CJEU C-154/21 RW v Österreichische Post (Information on recipients of personal data) 12 Jan 2023

members – 3 min read

You have the right to know the actual identities of the recipients your personal data has been shared with.

Aug 16, 2024

Your data, my dilemma, our decision (object by 9 Aug)!

members – 2 min read

Moving to US, object if you don't want to come

Jul 29, 2024

EDPB meeting minutes 18-19 June 2024

members – 2 min read

Noteworthy points on involving others (earlier) in their work, opinions vs. guidelines, the political ads Regulation, and 🇸🇪 Supreme Admin. Court CJEU request regarding Art. 13-14 and camera surveillance.

Jul 28, 2024

European Commission shares 2nd GDPR review report

members –

Grab your PDF with a TOC here!

Jul 26, 2024

EDPB Guidelines 1/2022 Right of access

members – 3 min read

A snapshot of the EDPB Guidelines dealing with DSARs: Brief overview, key points, and some advice for data protection pros.

Jul 19, 2024