Rie Aleksandra - DPO Hub (Page 2)

EDPB Support Pool of Experts (SPE) projects

members – 5 min read

An overview of SPE projects. Latest: AI and Data Protection Training curriculum (Jun) | AI Privacy Risks and Mitigations LLMs (Apr) | AI: Complex Algorithms and effective Data Protection Supervision + OSS Case Digest: Right of access (Jan)

Jun 8, 2025

EDPB Annual report 2024

members – 4 min read

EDPB Chair Anu Talus is proud of their 2024 achievements, including the "significantly increased number of consistency opinions adopted under Art. 64(2)". They've also launched a new strategy 2024-2027. But should you read either? (Added link to EDPS' annual report too.)

Jun 8, 2025

CJEU C-541/24 Naltov 5 Jun 2025 (dismissed)

members –

The CJEU dismissed the case because the referring court's questions didn't relate to a real legal dispute. Listing it here for completeness.

Jun 8, 2025

CJEU C-769/22 Commission v Hungary (Values of the EU) 5 Jun 2025 AG Opinion

members – 1 min read

AG Ćapeta: Hungary violated EU law by introducing national legislation restricting or prohibiting access to LGBTI content – and the Court should also find a stand-alone breach of Article 2 TEU, which sets out the EU’s fundamental values. A case relevant for policymakers and Member States.

Jun 8, 2025

EDPB meeting agendas and minutes

members – 5 min read

🚨 2-3 Jun agenda: Scientific research Guidelines | Request for joint EDPB-EDPS opinion on EC's proposal to simplify ROPA req. (confirmed 5 Jun – due end of July) | Request for mandates: 1) Art. 75 Anti Money Laundering Regulation, 2) EU Digital Rulebook mapping exercise | Strategic Cases: Smart TVs

Jun 5, 2025

CJEU C-604/22 IAB Europe TC String 7 Mar 2024

members – 7 min read

[Final 🇧🇪 ruling, articles] GDPR definitions are broad: information = personal data if someone can be identified using third-party data. Joint controllership doesn’t automatically cover further processing, but you are one if you set binding rules and jointly decide purposes and means.

May 25, 2025

The Grindr NOK 65m fine case in Norway

members – 2 min read

[Added news article mentioning the upcoming appeal] The Oslo District Court ruled in favour of the state on all points, after Grindr sued the authorities after the Privacy Appeals Board fully upheld the DPA's decision, including the NOK 65m (~€5.6m) record fine. Preliminary win but expect an appeal.

May 25, 2025

GDPR 2.0?

members – 4 min read

The Commission is proposing to simplify the European Single Market, including the GDPR Articles 4, 30, 40 and 42. Skip the full 46-page PDF and read the relevant parts and get the latest updates here – including 🇵🇱 DPA and EDRi weighing in.

May 21, 2025

CJEU C-209/23 RRC Sports 15 May 2025 AG Opinion

members – 2 min read

AG Emiliou: FIFA’s new Football Agent Regulations don’t automatically violate Article 6 GDPR, but must meet certain conditions – there must be a legitimate interest, the data must be strictly necessary, and the rules must not place an unreasonable burden on people’s privacy or finances.

May 21, 2025

Data breaches

members – 2 min read

Latest: Started to add DPA resources, including France with new practical guides for the education sector and Denmark with finalised guide. Upcoming topic page for breaches, prompted by EDPB's recent summary document.

May 20, 2025

Norway DPA shares education sector audit findings

members – 2 min read

Datatilsynet completed their large-scale audit examining how 50 municipalities safeguard privacy and data protection when using digital learning tools for educational purposes. Read their request for information letter here + watch the recording of their final report presentation.

May 15, 2025

CJEU C-698/23 P EDPS v Parliament and Council 8 May 2025 AG Opinion

members – 1 min read

An Advocate General Opinion on a case about Europol and regulators – safe to skip for most!

May 11, 2025