Rights: Access (DSAR) - examples
members
–
40 min read
Right of access examples from the EDPB and ICO.
EDPB press release: DPAs AI Act role, EU-US DPF FAQs, new European Data Protection Seal
members
–
1 min read
EDPB opines that DPAs should be designated AI Act MSAs, adopted 🇪🇺-🇺🇸 DPF FAQs for individuals and businesses, and an opinion approving the EuroPriSe Criteria Catalogue for certifying processors' processing activities, resulting in a European Data Protection Seal.
Denmark Google Workspace for Education Chromebook case (Helsingørgate)
members
–
9 min read
[15 July: Municipalities complies with Jan order + 🚨 DPA asks for EDPB opinion on the scope of a controller's documentation obligations regarding a processor's use of sub-processors] The Danish DPA's landmark decision of 2022 to ban certain use of Google products and US transfers, is still ongoing.
CJEU C-757/22 Meta Platforms Ireland (Representative action) 11 Jul 2024
members
–
2 min read
Consumer protection groups can take legal action against controllers they believe violate data subjects' rights, including the right to information. With C-319/20, this ruling *could* be a bit of a bombshell! #classaction
CJEU C-461/22 MK (Professional guardian) 11 Jul 2024
members
–
1 min read
A former legal guardian who acted in a professional capacity is a controller and must comply with the GDPR, including the right of access.
Right to object and right to erasure: insights from OSS decisions
members
–
2 min read
EDPB SPE project: Article 60 One-Stop-Shop thematic case digest analysing Articles 17 and 21. Key takeaway: Create, document, implement and control policies and procedures, including complaints management. PS: The 'data subject journey' is your secret weapon!
EDPB meeting minutes 23 May 2024
members
–
1 min read
Noteworthy points on both EUC and Microsoft appealing the EDPS decision, next steps for the Consent or Pay guidelines, and AI Act national competent authorities.
CJEU C-590/22 PS (Incorrect address) and C-182/22 Scalable Capital 20 Jun 2024
members
–
5 min read
⚖️ 9 points interpreting Art. 82(1), including: its aim is to compensate for damage, not to punish or deter GDPR violations; fear alone or stolen personal data can trigger claims if proven; and national courts can grant minimal compensation for minor damage.
CJEU ePD C-229/23 HYA and Others II 13 Jun 2024
members
–
1 min read
Article 15(1) of the ePD allows Member State law to require that judges' decisions authorising wiretaps must include their own written reasons, even if the police's applications already provide detailed justifications.
Dutch DPA on education sector social media marketing
members
–
4 min read
The DPA stresses that their advice applies generally to all social media and "of great importance" to all educational institutions and similar organisations in 🇳🇱.