Rie Aleksandra - DPO Hub (Page 2)

Privacy, data protection & security legal landscape

members – 6 min read

ePrivacy rumors discussed in Politico article | 12 Sep: Data Act applies | 'Age Verification Blueprint' testing in 🇩🇰🇫🇷🇬🇷🇮🇹🇪🇸 | Digital Fairness Act public consultation till 9 Oct

Sep 25, 2025

Your OSS for the EU-US DPF

public – 7 min read

EDPS opines on EU-US data exchanges for security screenings and identity verifications | The General Court dismissed Latombe's action for annulment – and the EU-US DPF is safe for now.

Sep 23, 2025

16 Sep: Republic of Korea EU adequacy decision | 5 Sep: Commission with 🇧🇷 Brazil draft adequacy decision – Up next: EDPB Opinion, Member States reps approval and EP "right of scrutiny" | 22 July: Commission deems 🇬🇧 UK DUAA adequate.

Sep 23, 2025

CJEU C-199/24 Legal Newsdesk Sweden 4 Sep 2025 AG Opinion

members – 3 min read

AG Szpunar: National law can’t make defamation the only remedy if criminal conviction data are published online for payment. Publishing conviction records online for payment, without any processing or editing, isn’t processing for journalistic purposes.

Sep 16, 2025

GDPR 2.0?

members – 6 min read

Commission outlines digital simplification plans at LIBE meeting | Have your say on the upcoming Digital Omnibus (deadline 14 Oct.) | Commission proposes to simplify the European Single Market, including the GDPR Articles 4, 30, 40 and 42.

Sep 16, 2025

CJEU C-655/23 Quirin Privatbank 4 Sep 2025

members – 3 min read

GDPR offers no judicial remedy outside erasure requests to stop future unlawful processing, but Member States may. Non-material damage covers negative feelings – if proven. A controller’s fault doesn’t affect compensation, and a court order banning repeat GDPR violations can’t reduce or replace it.

Sep 7, 2025

CJEU C-413/23 P EDPS v SRB (Concept of personal data) 4 Sep 2025

members – 3 min read

CJEU on General Court: 1) ❌ Someone's comment = their personal data, no need to examine further 2) ✅ Pseudonymised data isn’t always personal data for everyone, in every case 3) ❌ Identifiability must be assessed when data is collected and from the controller’s perspective; Deloitte's not relevant.

Sep 7, 2025

CJEU C-383/23 ILVA (GDPR fine) 13 Feb 2025

members – 4 min read

2 Sep: 💸 ILVA fined €201k | When fining a controller in a corporate group, DPAs must base the maximum fine on the *group’s* total worldwide turnover from the prior business year. A crucial ruling for anyone in a company group – here's also text you can copy for an email to your Management/Board.

Sep 2, 2025

Welcome! Start here 👇

members – 2 min read

Bumping this as reminder – to make the most out of your subscription, read through this post: How to use DPO Hub effectively and find your way around.

Aug 30, 2025

10x CJEU in Sep + Community Learning Seasons: risks, DPIAs

members – 3 min read

🚨 Two key CJEU rulings: EDPS v SRB on personal data & pseudonymisation (3 Sep.) and Latombe v Commission on the EU-US DPF (4 Sep.), plus one more ruling and seven Advocate General opinions. Buckle up!

Aug 29, 2025

The DPO role: Key resources

members – 3 min read

Latest: 🇳🇴 New DPO podcast series | Key DPO role resources: CJEU, EDPB, DPAs, EDPS, GDPR commentaries and more

Aug 25, 2025

The UK Data (Use and Access) Act (DUAA) 2025

members – 9 min read

ICO launches consultations for amendments | Get quickly up to speed on the new UK Data (Use and Access) Act. 💬 "there is no need to panic. Many of the changes empower rather than require, and even if embraced could be done so incrementally."

Aug 25, 2025