EU and Japan conclude "landmark deal on cross-border data flows"
members
–
1 min read
🇪🇺 & 🇯🇵 agree cross-border data flows agreement which complement their existing adequacy arrangement.
CJEU ePD LED GDPR C-470/21 La Quadrature du Net and Others (Personal data and action to combat counterfeiting) 20 Apr 2024
members
–
1 min read
Member States may require internet access providers to retain IP addresses in a general and indiscriminate manner to combat criminal offences, provided this retention doesn’t reveal precise details about the private life of the person concerned.
CJEU (EIO) C-670/22 EncroChat & CJEU (ePD) C-178/22 Bolzano 30 Apr 2024
members
–
1 min read
CJEU on access to phone records related to serious crime and clarifies conditions for transmitting and using evidence in criminal cases with a cross-border dimension.
CJEU C-129/21 Proximus (subscribers' consent) 27 Oct 2022
members
–
3 min read
Consent is required to list subscribers' details in publicly available directories. If obtained, including on behalf of other controllers, a data subject can withdraw it (= an erasure request) from any of them, and each controller may need to inform the others.
European Parliament adopts European Health Data Space (EHDS)
members
–
1 min read
📝 The Commission welcomes the European Parliament's adoption of the European Health Data Space (EHDS).
CJEU C‑741/21 juris 11 Apr 2024
members
–
5 min read
Breaching GDPR rights doesn't automatically result in non-material damage, and controllers can't (ever?) escape liability simply because someone under their authority didn't follow instructions.
EDPB clarifies implementation DPF redress mechanisms
members
–
1 min read
📝 The EDPB clarifies implementation of the Data Protection.. errrr, I mean *Privacy* Framework redress mechanisms!
EDPB's controversial ‘Consent or Pay’ Opinion is here
members
–
2 min read
[Updated 24 April with highlighted file + 🎙️] Is the EDPB trying to "rewrite the entire economic model of Big Tech and the adtech industry in the EU"? 🤔 Controversial Opinion just published!
EDPB Annual report 2023
members
–
1 min read
Today, the EDPB shared their 2023 annual report. Read the press release directly here and grab both the report and its Executive Summary.
Denmark DPA changes data processing agreement SCCs
members
–
1 min read
🇩🇰 DPA changes sub-processor third-party beneficiary clause in their SCCs for data processing agreements as per Article 28(8). Agreements signed before this are still valid.
New CJEU ruling + AG opinion DPAs might dread (C-768/21 Land Hessen)
members
–
1 min read
Breaching GDPR rights doesn't automatically result in non-material damage, and controllers can't (ever?) escape liability simply because someone under their authority didn't follow instructions, and an AG Opinion may disrupt DPAs workload. 😬
CJEU C-101/01 Bodil Lindqvist 6 Nov 2003
members
–
4 min read
A key (Directive 95/46/EC) ruling broadly interpreting key definitions (personal and health data, processing) and narrowly applied exceptions, but found that simply putting a website online doesn't necessarily result in transfers.