Leaked AI Act (and why I'm not reading it) - update
members
–
2 min read
12 March: Updated with final text before the final vote scheduled for the 13 March plenary - with all 808 amendments. 🔥
4 new CJEU rulings
members
–
1 min read
Two rulings on the concept of personal data, one stating that oral data = processing, and last one pertains to the Europol regulation. DPO Hub writeups coming!
🚨 CJEU confirms TC String as personal data and IAB Europe as joint controller
members
–
1 min read
DPO Hub writeup coming soon!
EDPB CEF DPO report - a deep dive
members
–
8 min read
🚨 My final writeup of the EDPB's CEF DPO report, which you shouldn't spend time on unless you have time to spare or are simply burning with curiosity! PS: We just released our Grumpy GDPR episode on this.
EDPB launches 2024 CEF action: right of access
members
–
2 min read
31 DPAs (7 are 🇩🇪 state level) participate with the intention to assess how organisations deal with access requests *in practice*. Final report published!
Sweden MedHelp 1177 case
members
–
8 min read
This case is not only a goldmine for DPOs in the Swedish healthcare sector (although particularly so), but DPOs in general, for assessing roles, legal bases and processor liability.
Sweden court upholds ~$1m fine: major health data leak and forwarding calls to 🇹🇭
members
–
2 min read
🇸🇪 MedHelp must pay SEK 11,3 million (~$1m) for leaking 2,7 million health-related conversations (of 170 000 hours) online for several years and no legal basis for forwarding call to Thailand.
🇬🇧 ICO Gameforge audit report
members
–
3 min read
The ICO conducted a 'consentual audit' of Gameforge’s processing of UK children’s personal data under the AADC and data protection legislation.
CJEU C-582/14 Breyer (dynamic IP addresses) 19 Oct 2016
members
–
2 min read
The CJEU held that not only static IP addresses (ref. Scarlet) are protected personal data under data protection law, but also dynamic ones, and that national laws can't restrict interest which are legitimate under EU law.
CJEU C-70/10 Scarlet Extended (static IP addresses) 24 Nov 2011
members
–
1 min read
In a case on copyright infringement, the CJEU stated that IP addresses are protected personal data because they allow data subjects to be precisely identified.
Denmark DPA reports controller to police and suggests DKK 1,5 m fine
members
–
2 min read
💸 DKK 1,5m and reported to the police for not auditing their processors for 𝒚𝒆𝒂𝒓𝒔, violating the accountability principle.