Rie Aleksandra - DPO Hub (Page 3)

EDPB Helsinki Statement 2 Jul 2025

members – 2 min read

In a "landmark statement", the EDPB announces ready-to-use templates, a harmonised breach notification form, practical checklists and case law-style publications, plus more agile guidance updates and cross-regulatory cooperation to simplify GDPR compliance – especially for SMEs!

Jul 4, 2025

EDPB Guidelines 2/2024 Article 48

members – 5 min read

Update 4 Jul: EDPB shared high-res diagram! Earlier: I've reviewed the final version – mostly clarifications and my annotations on the public consultation one are still valid | EDPB Guidelines on Article 48 covering official requests from third country public authorities for personal data transfers.

Jul 4, 2025

EDPB meeting minutes 5 May 2025

members – 3 min read

No major news, though lots going on in 🇧🇪 (interesting FATCA decision, "abuse of law by NOYB" and mass rejection of NOYB complaints) | Approved 🇬🇧 GDPR & LED adequacy decisions extensions | Interesting 🇫🇷 case the CNIL will "propose a collective and coordinated action" for.

Jun 30, 2025

CJEU C-40/17 Fashion ID 29 Jul 2019

members – 4 min read

You’re a (joint) controller if you use third-party tools on your website that share personal data with the provider – but only for parts where you (jointly) determine purposes and means. If you collect the data, you must inform and get consent, and each controller must pursue a legitimate interest.

Jun 17, 2025

EDPB Support Pool of Experts (SPE) projects

members – 5 min read

An overview of SPE projects. Latest: AI and Data Protection Training curriculum (Jun) | AI Privacy Risks and Mitigations LLMs (Apr) | AI: Complex Algorithms and effective Data Protection Supervision + OSS Case Digest: Right of access (Jan)

Jun 8, 2025

EDPB Annual report 2024

members – 4 min read

EDPB Chair Anu Talus is proud of their 2024 achievements, including the "significantly increased number of consistency opinions adopted under Art. 64(2)". They've also launched a new strategy 2024-2027. But should you read either? (Added link to EDPS' annual report too.)

Jun 8, 2025

CJEU C-541/24 Naltov 5 Jun 2025 (dismissed)

members –

The CJEU dismissed the case because the referring court's questions didn't relate to a real legal dispute. Listing it here for completeness.

Jun 8, 2025

CJEU C-769/22 Commission v Hungary (Values of the EU) 5 Jun 2025 AG Opinion

members – 1 min read

AG Ćapeta: Hungary violated EU law by introducing national legislation restricting or prohibiting access to LGBTI content – and the Court should also find a stand-alone breach of Article 2 TEU, which sets out the EU’s fundamental values. A case relevant for policymakers and Member States.

Jun 8, 2025

CJEU C-604/22 IAB Europe TC String 7 Mar 2024

members – 7 min read

[Final 🇧🇪 ruling, articles] GDPR definitions are broad: information = personal data if someone can be identified using third-party data. Joint controllership doesn’t automatically cover further processing, but you are one if you set binding rules and jointly decide purposes and means.

May 25, 2025

The Grindr NOK 65m fine case in Norway

members – 2 min read

[Added news article mentioning the upcoming appeal] The Oslo District Court ruled in favour of the state on all points, after Grindr sued the authorities after the Privacy Appeals Board fully upheld the DPA's decision, including the NOK 65m (~€5.6m) record fine. Preliminary win but expect an appeal.

May 25, 2025

CJEU C-209/23 RRC Sports 15 May 2025 AG Opinion

members – 2 min read

AG Emiliou: FIFA’s new Football Agent Regulations don’t automatically violate Article 6 GDPR, but must meet certain conditions – there must be a legitimate interest, the data must be strictly necessary, and the rules must not place an unreasonable burden on people’s privacy or finances.

May 21, 2025

Data breaches

members – 2 min read

Latest: Started to add DPA resources, including France with new practical guides for the education sector and Denmark with finalised guide. Upcoming topic page for breaches, prompted by EDPB's recent summary document.

May 20, 2025