Rie Aleksandra - DPO Hub (Page 3)

CJEU C-621/22 KNLTB (legitimate interests) 4 Oct 2024

members – 3 min read

Under Article 6(1)(f) you can disclose personal data for a commercial interest if the processing is strictly necessary and not outweighed by the data subjects' interests, rights or freedoms. The interest doesn't have to be determined by law, but it must be lawful. And CJEU nudges consent again.

Jan 19, 2026

Norway DPA orders Helseplattformen to rectify shortcomings

members – 3 min read

Weird DPA conclusion on controller's responsibility 🤔, will wait for the final decision | 🇳🇴 Datatilsynet notifies Helseplattformen of their intent to order fixes to serious organisational and (less serious) technical deficiencies.

Jan 14, 2026

Best of 2025 and what's coming in 2026

members – 3 min read

Enjoy the quiet period ahead to catch up on must-reads from 2025 and prepare for 2026. Check out who won the 🏆 DPO Hub Community Member of the Year Award and don't miss your special Founding rate if you decide to keep your DPO Hub access from 1 April. 💰

Jan 8, 2026

New SCCs on public consultation (delayed again)

members – 1 min read

Latest: The consultations for new SCCs (third-country importers directly subject to the GDPR) announced in Sep 2024, are now delayed to Q1 2026. 🧐

Jan 7, 2026

CJEU C-422/24 Storstockholms Lokaltrafik 18 Dec 2025

members – 3 min read

If public transport ticket inspectors process personal data using body cams, they must inform data subjects under Article 13 – not Article 14 – because the data's collected directly from the data subject.

Dec 18, 2025

EDPB meeting minutes 16 Oct and 4 Nov 2025

members – 2 min read

2 x meeting minutes today! 🚨 Guidelines: Joint AI Act ↔ EU data protection law interplay; Political advertisements; Web scraping in the context of generative AI | 🚨 Irish, French & Dutch DPAs investigate data brokers | 🇧🇷 & 🇬🇧 adequacy decisions

Dec 12, 2025

CJEU C-492/23 Russmedia Digital and Inform Media Press 2 Dec 2025

members – 5 min read

🧨 CJEU rules contrary to the AG: marketplace operators are *controllers* for ads data instead. This has major implications for marketplaces. (And what about DSA?) Also check out CJEU's recorded debrief with President Lenaerts.

Dec 10, 2025

'Pay or OK' – 'Consent or Pay' resources

members – 5 min read

Meta to launch new model in Jan | ICO shares guidance for the public

Dec 8, 2025

Your OSS for the EDPB

members – 3 min read

Overview page for all things EDPB: Guidelines, Opinions, Recommendations, Members, Meetings, Strategy & Work Programs, CEF, SPE, OSS, Art. 65 Decisions, WP29, CSC

Dec 4, 2025

Norway DPA fines Grindr NOK 65 million for invalid consent

members – 3 min read

🔥 25 Nov: Grindr won't appeal after the Borgarting Court of Appeal upheld the record NOK 65m (~€5.5m) fine against them for disclosing users' special category personal data to third parties for behavioural advertising without a valid consent.

Nov 25, 2025

The European Data Protection Supervisor – EDPS

members – 2 min read

New TechSonar report out – trends 2025/2026: Agentic AI, AI companions, Automated proctoring, AI-driven personlised learning, Coding assistants, Confidential computing. Overview page for all things EDPS.

Nov 25, 2025

CJEU C-654/23 Inteligo Media 13 Nov 2025

members – 7 min read

If a user creates a free account and gets access to articles, newsletters and the option to pay for further content, this falls under Art. 13(1) and (2) ePD as 'sale of a service' and 'direct marketing', and you don't need a legal basis under Art. 6 GDPR, in line with Art. 95 GDPR.

Nov 13, 2025