European Parliament adopts European Health Data Space (EHDS)
members
–
1 min read
📝 The Commission welcomes the European Parliament's adoption of the European Health Data Space (EHDS).
CJEU C‑741/21 juris 11 Apr 2024
members
–
5 min read
Breaching GDPR rights doesn't automatically result in non-material damage, and controllers can't (ever?) escape liability simply because someone under their authority didn't follow instructions.
EDPB clarifies implementation DPF redress mechanisms
members
–
1 min read
📝 The EDPB clarifies implementation of the Data Protection.. errrr, I mean *Privacy* Framework redress mechanisms!
EDPB's controversial ‘Consent or Pay’ Opinion is here
members
–
2 min read
[Updated 24 April with highlighted file + 🎙️] Is the EDPB trying to "rewrite the entire economic model of Big Tech and the adtech industry in the EU"? 🤔 Controversial Opinion just published!
EDPB Annual report 2023
members
–
1 min read
Today, the EDPB shared their 2023 annual report. Read the press release directly here and grab both the report and its Executive Summary.
Denmark DPA changes data processing agreement SCCs
members
–
1 min read
🇩🇰 DPA changes sub-processor third-party beneficiary clause in their SCCs for data processing agreements as per Article 28(8). Agreements signed before this are still valid.
New CJEU ruling + AG opinion DPAs might dread (C-768/21 Land Hessen)
members
–
1 min read
Breaching GDPR rights doesn't automatically result in non-material damage, and controllers can't (ever?) escape liability simply because someone under their authority didn't follow instructions, and an AG Opinion may disrupt DPAs workload. 😬
CJEU C-101/01 Bodil Lindqvist 6 Nov 2003
members
–
4 min read
A key (Directive 95/46/EC) ruling broadly interpreting key definitions (personal and health data, processing) and narrowly applied exceptions, but found that simply putting a website online doesn't necessarily result in transfers.
CJEU C-46/23 Ujpesti Polgarmesteri Hivatal 14 Mar 2023
members
–
1 min read
DPAs can order controllers to delete unlawfully processed data without a prior request from a data subject, and regardless of where the data came from (the data subject or elsewhere).
CJEU C-740/22 Endemol Shine Finland 7 Mar 2024
members
–
3 min read
Orally disclosing personal data = 'processing' and potentially subject to the GDPR, and sharing criminal data orally (or in writing) isn't allowed to fulfill a public access request.
Denmark DPA says cookie walls are legal - and not
members
–
2 min read
Update 26 Mar 2024: the DPA rejects reopening the cases, upholding that analytics/statistics aren't a necessary part of the alternative to paid access.
France DPA fines Amazon €32m for invasive employee monitoring
members
–
3 min read
[22 March update: Amazon has appealed] The 🇫🇷 CNIL fined Amazon for excessively intrusive monitoring, using several illegal indicators and unsecure video surveillance software, without sufficiently informing employees and visitors.