CJEU C-541/24 Naltov 5 Jun 2025 (dismissed)
members
–
The CJEU dismissed the case because the referring court's questions didn't relate to a real legal dispute. Listing it here for completeness.
CJEU C-769/22 Commission v Hungary (Values of the EU) 5 Jun 2025 AG Opinion
members
–
1 min read
AG Ćapeta: Hungary violated EU law by introducing national legislation restricting or prohibiting access to LGBTI content – and the Court should also find a stand-alone breach of Article 2 TEU, which sets out the EU’s fundamental values. A case relevant for policymakers and Member States.
CJEU C-604/22 IAB Europe TC String 7 Mar 2024
members
–
7 min read
[Final 🇧🇪 ruling, articles] GDPR definitions are broad: information = personal data if someone can be identified using third-party data. Joint controllership doesn’t automatically cover further processing, but you are one if you set binding rules and jointly decide purposes and means.
The Grindr NOK 65m fine case in Norway
members
–
2 min read
[Added news article mentioning the upcoming appeal] The Oslo District Court ruled in favour of the state on all points, after Grindr sued the authorities after the Privacy Appeals Board fully upheld the DPA's decision, including the NOK 65m (~€5.6m) record fine. Preliminary win but expect an appeal.
CJEU C-209/23 RRC Sports 15 May 2025 AG Opinion
members
–
2 min read
AG Emiliou: FIFA’s new Football Agent Regulations don’t automatically violate Article 6 GDPR, but must meet certain conditions – there must be a legitimate interest, the data must be strictly necessary, and the rules must not place an unreasonable burden on people’s privacy or finances.
Data breaches
members
–
2 min read
Latest: Started to add DPA resources, including France with new practical guides for the education sector and Denmark with finalised guide. Upcoming topic page for breaches, prompted by EDPB's recent summary document.
Norway DPA shares education sector audit findings
members
–
2 min read
Datatilsynet completed their large-scale audit examining how 50 municipalities safeguard privacy and data protection when using digital learning tools for educational purposes. Read their request for information letter here + watch the recording of their final report presentation.
CJEU C-698/23 P EDPS v Parliament and Council 8 May 2025 AG Opinion
members
–
1 min read
An Advocate General Opinion on a case about Europol and regulators – safe to skip for most!
The DPO role: Article 37(1)(b)
members
–
5 min read
Breaking down Article 37(1)(b) key terms: 'core activities', 'regular', 'systematic', 'monitoring' and 'large scale'. And what should you do if you're still unsure whether you need to appoint a DPO? Appoint one voluntarily?
EDPB meeting minutes 8 Apr 2025
members
–
1 min read
🇪🇺 Commission gave an update on the EU-US DPF: EO 14086 is still "fully in place" and they'll only continue to "monitor the situation" for now | Little else particularly newsworthy so feel free to skip this read if you already read the agenda
🚨 EDPB & EDPS joint letter to the Commission on proposal to simplify ROPA requirements
members
–
EDPB & EDPS jointly – positively – responded to the European Commission’s letter proposing to simplify the Article 30 ROPA requirement for SMCs and non-profits with fewer than 500 employees and a “certain annual turnover”, deleting certain references and adding in 'high' risk.
CJEU C-313/23 Inspektorat kam Visshia sadeben savet 30 Apr 2025
members
–
3 min read
That a court authorises personal data disclosure to another judicial body qualifies as processing under the GDPR – but it doesn’t make the court a controller or a DPA, and it’s not required to ensure compliance unless an Article 79(1) action is brought before it.