Rie Aleksandra - DPO Hub (Page 3)

CJEU C-17/22 HTB Neunte Immobilien Portfolio

members – 2 min read

A ruling on Article 6(1)(b), (c) and (f) and disclosing personal data not part of a contract (on the contrary; it's prohibited by it). Grab Rie's highlighted file and diagram here.

Sep 15, 2024

Norway DPA fines university for insufficient access control in MS Teams

members – 4 min read

The 🇳🇴 University of Agder was fined €12,500 (NOK 150k) for failing to secure personal data on Teams/SharePoint and insufficient internal controls. Short decision, several takeaways for everyone!

Sep 12, 2024

⏰ First come-first serve to EDPB's Consent or Pay stakeholder event 18 Nov

members – 1 min read

If you want to attend this one, run and sign up! There are only 200 spots available (and they even reserve the right to cherry-pick participants).

Sep 12, 2024

Major news: 🇪🇺 EUC launched new SCCs public consultation

members – 1 min read

At last, the moment we've been dreading and waiting for: the European Commission has taken a step towards new SCCs for transfers where the importer is in a third country and directly subject to the GDPR. Planned for Q2 2025.

Sep 12, 2024

Dutch DPA fines Clearview AI €30.5m, warns personal liability and says use also illegal

members – 4 min read

[📝 NB! Massive post update 11 Sep] The 🇳🇱 DPA fines Clearview €30.5m, imposes four orders and warns of non-compliance penalties of €5.1m. Using Clearview is illegal and the DPA investigates if company directors can be held personally liable for the violations. Numerous questions on this decision!

Sep 11, 2024

AG Tour on DPA complaints (C-416/23 Österreichische Datenschutzbehörde - excessive requests)

members – 2 min read

Advocate General Opinion: The Art. 57(4) concept of 'requests' covers 'complaint' in 57(1)(f) and 77(1) and aren't 'excessive' just because there are many in a certain period; the DPA must show abusive intent, and can then charge a fee or refuse to act.

Sep 6, 2024

DPA priorities and annual reports

members – 1 min read

6 Sep: Added 🇱🇹, 🇱🇻, 🇪🇪 & 🇩🇰 links (thanks for sending!). Spot your country? Please send me 🔗! An overview of DPAs' 2023 annual reports, 2024 priorities (audit focus areas or strategies) and strategies.

Sep 6, 2024

Member memos

members – 28 min read

Last update 2 Sep: 💛 First in-person meetup 30 Sep. in Stockholm! And mark the 5th, 12th and 26th in your calendar 🗓️ #CJEUbonanza

Sep 2, 2024

Italy: bank fined €1m and rental company €250k for unclear DPAg and no legal basis

members – 4 min read

The 🇮🇹 Garante fined a bank €1 million for anti-fraud checks as a processor on behalf of a group company without a legal basis, breaching both Articles 28(3) and 5(1)(a). The rental company was separately fined €250,000, also for an insufficient privacy notice. Here are your key takeaways! 💡

Aug 21, 2024

Right of access topic page

members – 2 min read

Latest update 16 Aug: C-154/21 Österreichische Post (recipients) ✅

Aug 16, 2024

CJEU C-154/21 RW v Österreichische Post (recipients)

members – 3 min read

You have the right to know to whom your personal data have been disclosed, with the actual identity of the recipients. (2023 ruling added to Right of access Topic page.)

Aug 16, 2024

AG Szpunar (C-394/23 Mousse)

members – 2 min read

Advocate General Opinion: On the principles of data minimisation and lawfulness of processing—where the 🇫🇷 CNIL made a somewhat startling decision on what's 'necessary for the performance of a contract'! + remember to spell out your legitimate interest when you collect the data!

Aug 9, 2024