🇬🇧 ICO Gameforge audit report
members
–
3 min read
The ICO conducted a 'consentual audit' of Gameforge’s processing of UK children’s personal data under the AADC and data protection legislation.
CJEU C-582/14 Breyer (dynamic IP addresses) 19 Oct 2016
members
–
2 min read
The CJEU held that not only static IP addresses (ref. Scarlet) are protected personal data under data protection law, but also dynamic ones, and that national laws can't restrict interest which are legitimate under EU law.
CJEU C-70/10 Scarlet Extended (static IP addresses) 24 Nov 2011
members
–
1 min read
In a case on copyright infringement, the CJEU stated that IP addresses are protected personal data because they allow data subjects to be precisely identified.
Denmark DPA reports controller to police and suggests DKK 1,5 m fine
members
–
2 min read
💸 DKK 1,5m and reported to the police for not auditing their processors for 𝒚𝒆𝒂𝒓𝒔, violating the accountability principle.
CJEU LED C-118/22 Natsionalna politsia 30 Jan 2024
members
–
1 min read
Law Enforcement Directive: Police must regularly review if they can justify continue storing biometric and genetic data and, if this isn't the case, grant erasure requests.
Denmark DPA orders municipalities to ensure Google-sharing compliance
members
–
1 min read
🔥 Danish DPA with new decision in their Helsingørgate/Chromebook case!
EDPB publishes CEF DPO documents
members
–
2 min read
📝 See post from 29 February for all the gory details!
EDPB Members and country codes
members
–
1 min read
A list of all EDPB member countries, flags and country codes for easier reading of EDPB reports!
European Commission upholds adequacy decisions for 11 third countries and territories
members
–
1 min read
Great news for those who aren't fans of TIAs: the EUC upholds adequacy for Andorra, Argentina, Canada, Faroe Islands, Guernsey, the Isle of Man, Israel, Jersey, New Zealand, Switzerland and Uruguay. ✅
CJEU C-231/22 Belgian State (Data processed by an official journal) 11 Jan 2024
members
–
3 min read
National law can implicitly determine controllership, including for an official journal that only publishes data it receives, even when it doesn't have a legal personality on its own. (But note my comment on this.)
CJEU C-340/21 Natsionalna agentsia za prihodite (cybercrime) 14 Dec 2023
members
–
7 min read
Unauthorised disclosure or access doesn't equate to inadequate measures, but must be proven to prevent damages claims. National courts must assess your case concretely and cannot systematically rely on expert reports. Mere fear = non-material damages (but must be proven by the data subject).