CJEU C-698/23 P EDPS v Parliament and Council 8 May 2025 AG Opinion
members
–
1 min read
An Advocate General Opinion on a case about Europol and regulators – safe to skip for most!
The DPO role: Article 37(1)(b)
members
–
5 min read
Breaking down Article 37(1)(b) key terms: 'core activities', 'regular', 'systematic', 'monitoring' and 'large scale'. And what should you do if you're still unsure whether you need to appoint a DPO? Appoint one voluntarily?
EDPB meeting minutes 8 Apr 2025
members
–
1 min read
🇪🇺 Commission gave an update on the EU-US DPF: EO 14086 is still "fully in place" and they'll only continue to "monitor the situation" for now | Little else particularly newsworthy so feel free to skip this read if you already read the agenda
🚨 EDPB & EDPS joint letter to the Commission on proposal to simplify ROPA requirements
members
–
EDPB & EDPS jointly – positively – responded to the European Commission’s letter proposing to simplify the Article 30 ROPA requirement for SMCs and non-profits with fewer than 500 employees and a “certain annual turnover”, deleting certain references and adding in 'high' risk.
CJEU C-313/23 Inspektorat kam Visshia sadeben savet 30 Apr 2025
members
–
3 min read
That a court authorises personal data disclosure to another judicial body qualifies as processing under the GDPR – but it doesn’t make the court a controller or a DPA, and it’s not required to ensure compliance unless an Article 79(1) action is brought before it.
'Pay or OK' – 'Consent or Pay' resources
members
–
2 min read
Updated this post to gather some of the Consent or Pay resources while we wait for the EDPB's Guidelines!
EDPB meeting minutes 13 Mar 2025
members
–
2 min read
Upcoming guidelines: political advertising Regulation | 🇺🇸 MoU on "Defending American Companies ... Overseas Extortion and Unfair Fines" (confidential discussion) | SoMe platforms disinformation & halted fact-checking | CJEU Russmedia + Dun & Bradstreet | Generative AI Enforcement taskforce
EDPB Guidelines 2/2025 Blockchain (public consultation)
members
–
1 min read
New EDPB Guidelines are now open for public consultation (until 9 June) on processing of personal data through blockchain technologies.
EDPB meeting minutes 11 Feb 2025
members
–
2 min read
Skip reading this if you already read the 12 Feb press release. Commission’s watching EU-US DPF “with interest” (but no more info). ChatGPT taskforce now “Generative AI Enforcement”, will cover DeepSeek. Second LED report due May 2026. Three new CSC databases.
EDPB subgroups and taskforces
members
–
4 min read
Guidance, opinions, decisions, statements and letters are prepared in subgroups or taskforces. Here's the overview!
CJEU C-710/23 Ministerstvo zdravotnictvi 3 Apr 2025
members
–
3 min read
GDPR still applies when acting on behalf of a legal person. Plus, major implications for 🇨🇿 Czech – and potentially other – public bodies handling FOI requests: you may need to consult data subjects before disclosure, and even if that's impossible, you must still balance FOI with data protection.
Norway DPA with new cookie ePrivacy guidance
members
–
1 min read
If you're based in Norway, this is a must-read!