Rie Aleksandra - DPO Hub (Page 2)

EDPB Support Pool of Experts (SPE) projects

members – 4 min read

An overview of SPE projects. Latest: AI Privacy Risks and Mitigations LLMs (Apr) | AI: Complex Algorithms and effective Data Protection Supervision + OSS Case Digest: Right of access (Jan)

Apr 14, 2025

AI (Act) resources

members – 12 min read

Apr 14, 2025

EDPB meeting minutes 11 Feb 2025

members – 2 min read

Skip reading this if you already read the 12 Feb press release. Commission’s watching EU-US DPF “with interest” (but no more info). ChatGPT taskforce now “Generative AI Enforcement”, will cover DeepSeek. Second LED report due May 2026. Three new CSC databases.

Apr 11, 2025

EDPB subgroups and taskforces

members – 4 min read

Guidance, opinions, decisions, statements and letters are prepared in subgroups or taskforces. Here's the overview!

Apr 11, 2025

CJEU C-710/23 Ministerstvo zdravotnictvi 3 Apr 2025

members – 3 min read

GDPR still applies when acting on behalf of a legal person. Plus, major implications for 🇨🇿 Czech – and potentially other – public bodies handling FOI requests: you may need to consult data subjects before disclosure, and even if that's impossible, you must still balance FOI with data protection.

Apr 11, 2025

Norway DPA with new cookie ePrivacy guidance

members – 1 min read

If you're based in Norway, this is a must-read!

Apr 3, 2025

ICO Anonymisation and pseudonymisation guidance

members – 2 min read

The UK ICO has published its updated anonymisation and pseudonymisation guidance – grab the PDF here. And please tell them we want the RSS feeds back.

Mar 30, 2025

CJEU C-654/23 Inteligo Media 27 Mar 2025 AG Opinion

members – 2 min read

AG Szpunar: If someone creates an online account that includes access to your email newsletters, sending them qualifies as 'direct marketing’ under the ePrivacy Directive Article 13 and is covered by the exception in point 2. Under Article 95 GDPR, a lawful basis under Article 6 isn’t needed.

Mar 27, 2025

Norway DPA with record NOK 4 million DPO fine

members – 8 min read

BIG share: the DPA’s advance notification flagged a potential NOK 99m (~€8.3m) fine! Datatilsynet fined Telenor ASA for failing to properly assess and document the DPO role, including independence, potential conflicts of interest, and a direct reporting line to top management.

Mar 26, 2025

EDPB Support Pool of Experts (SPE)

members – 6 min read

Latest: EDPB shares their 2nd SPE report and this time, I'm not even reading it... About SPE: What is it, what have they spent (and spend) time and resources on, is it justified based on the current results, and should you apply? (Likely not.) Should you even spend time reading this post?

Mar 20, 2025

Luxembourg Court upholds major €746m fine to Amazon

members – 2 min read

Just added the ruling. Fine and daily penalty upheld for Articles 6, 12-17, and 21 violations related to interest-based ads, but since an appeal is inevitable, this isn’t final yet. In the meantime, Amazon doesn’t have to pay or take any action.

Mar 20, 2025

Binding Corporate Rules (BCRs)

members – 1 min read

The EDPB has updated the cooperation procedure for BCR approvals, detailing the roles of lead DPAs, review phases and the EDPB’s opinion process. 💡 This document replaces WP263rev.01.

Mar 20, 2025