Rie Aleksandra - DPO Hub (Page 2)

DPO Hub 2.0 from 1 April

members – 3 min read

NB! If you'd like to keep access and get the 💰 Founding rate from 1 April, reply to my email. You can still purchase access later, though at a different rate. DPO Hub runs as normal until 31 March and then your subscription ends automatically. If you pre-paid for longer, you'll be refunded pro rata.

Jan 19, 2026

CJEU C-621/22 KNLTB (legitimate interests) 4 Oct 2024

members – 3 min read

Under Article 6(1)(f) you can disclose personal data for a commercial interest if the processing is strictly necessary and not outweighed by the data subjects' interests, rights or freedoms. The interest doesn't have to be determined by law, but it must be lawful. And CJEU nudges consent again.

Jan 19, 2026

Norway DPA orders Helseplattformen to rectify shortcomings

members – 3 min read

Weird DPA conclusion on controller's responsibility 🤔, will wait for the final decision | 🇳🇴 Datatilsynet notifies Helseplattformen of their intent to order fixes to serious organisational and (less serious) technical deficiencies.

Jan 14, 2026

Data breaches

members – 3 min read

❌ Norwegian DPA with incorrect breach "requirement" | 🇳🇴 DPA with significant breach page change | Upcoming topic page for breaches, prompted by EDPB's summary document. Links so far: Denmark, Finland, France, Greece, Ireland, Italy, Norway, Spain, Sweden, ICO, EDPB, EDPS, EC.

Jan 14, 2026

Best of 2025 and what's coming in 2026

members – 3 min read

Enjoy the quiet period ahead to catch up on must-reads from 2025 and prepare for 2026. Check out who won the 🏆 DPO Hub Community Member of the Year Award and don't miss your special Founding rate if you decide to keep your DPO Hub access from 1 April. 💰

Jan 8, 2026

New SCCs on public consultation (delayed again)

members – 1 min read

Latest: The consultations for new SCCs (third-country importers directly subject to the GDPR) announced in Sep 2024, are now delayed to Q1 2026. 🧐

Jan 7, 2026

CJEU C-422/24 Storstockholms Lokaltrafik 18 Dec 2025

members – 3 min read

If public transport ticket inspectors process personal data using body cams, they must inform data subjects under Article 13 – not Article 14 – because the data's collected directly from the data subject.

Dec 18, 2025

Privacy, data protection & security legal landscape

members – 8 min read

COM shares CRA FAQ 3 Dec | ✅ Procedural rules on GDPR enforcement Regulation effective 12 Dec | COM fines X €120m under DSA | Political ads Regulation Article 13(6) public consultation planned Q2 2026 | CSAM Regulation: Council agrees position – next is negotiations with Parliament.

Dec 12, 2025

EDPB meeting minutes 16 Oct and 4 Nov 2025

members – 2 min read

2 x meeting minutes today! 🚨 Guidelines: Joint AI Act ↔ EU data protection law interplay; Political advertisements; Web scraping in the context of generative AI | 🚨 Irish, French & Dutch DPAs investigate data brokers | 🇧🇷 & 🇬🇧 adequacy decisions

Dec 12, 2025

CJEU C-492/23 Russmedia Digital and Inform Media Press 2 Dec 2025

members – 5 min read

🧨 CJEU rules contrary to the AG: marketplace operators are *controllers* for ads data instead. This has major implications for marketplaces. (And what about DSA?) Also check out CJEU's recorded debrief with President Lenaerts.

Dec 10, 2025

'Pay or OK' – 'Consent or Pay' resources

members – 5 min read

Meta to launch new model in Jan | ICO shares guidance for the public

Dec 8, 2025

Your OSS for the EDPB

members – 3 min read

⏰ New consultation – requiring users to create accounts to shop online | EDPB wants input on templates (DPIAs, breaches WIP) | Overview page for all things EDPB: Guidelines, Opinions, Recommendations, Members, Meetings, Strategy & Work Programs, CEF, SPE, OSS, Art. 65 Decisions, WP29, CSC

Dec 4, 2025