Rie Aleksandra - DPO Hub (Page 3)

CJEU C-252/21 Meta Platforms and Others (General terms of use of a social network)

members – 6 min read

The 'Meta Bundeskartellamt' ruling: Legal bases are interpreted stricter and while you might rely on legitimate interest for direct marketing, network security or product improvement, processing personal data must be *strictly* necessary (but is it correctly applied? 🤔)

Nov 13, 2024

Rights: Access (DSAR)

members – 3 min read

Added: From 🇩🇪 Berlin DPA's 2023 annual report: DSARs should include "TIA summary or result". Also see 🇩🇰 DPA: no fees allowed, and 🇫🇮 DPA: using a proxy is fine. Got a DSAR? Start here for all things right of access: Article 15 elements table, access request flowchart and key CJEU rulings!

Nov 9, 2024

EDPB meeting minutes 7-8 Oct 2024

members – 2 min read

Must-read update! Will we get PCs for Art. 64(2) Opinions? Strategic case coming to an end. Updates on recent Opinions and Guidelines + DPA news: New 🇦🇹 DPA for the legislative sector, 🇸🇪 new Director, 🇪🇸 Director leaving, 🇽🇰 becomes observer, new tools from 🇱🇹&🇭🇷 + lots of DPA networking.

Nov 8, 2024

Takeaways from EDPB's AI models stakeholder event 5 Nov

members – 1 min read

The EDPB has now held their stakeholder event and the Opinion is due by the end of the year. Check out these LinkedIn posts (and comments) to hear how it went!

Nov 6, 2024

Your OSS for the EU-US DPF

public – 4 min read

5 Nov: EDPB adopts first review report 9 Oct: EC publishes first review report, concluding the DPF 'functions effectively'. New review in 3 years. Older: Interesting read by C. Kuner on 'Strengthening the EU Legal Edifice for Data Transfers'.

Nov 6, 2024

CJEU C-621/22 KNLTB (legitimate interests)

members – 3 min read

UPDATED: Article 6(1)(f) allows personal data to be disclosed for a commercial interest if the processing is strictly necessary and not outweighed by the interests, rights or freedoms of the data subjects. The interest doesn't have to be determined by law, but it must be lawful.

Oct 29, 2024

EDPB Guidelines 1/2024 Legitimate interests (public consultation)

members – 4 min read

The EDPB's recent new legitimate interest guidelines are on public consultation until 20 Nov 2024. Initial analysis: 📝 Document, document, document.

Oct 28, 2024

EDPB Opinion 22/2024: obligations when relying on (sub-)processors

members – 8 min read

📚 You must list all (sub-sub-sub-sub...)processors (name, address, contact person, processing activity, roles & responsibilities) and always verify they've provided 'sufficient guarantees'—though the extent might vary based on risk—also for onwards transfers.

Oct 22, 2024

CJEU C-634/21 SCHUFA Holding (scoring)

members – 4 min read

Credit scoring = Art. 22(1) 'automated individual decision-making' when a third party heavily relies on a probability value to form or end a contract with a data subject. 🚨 A ruling of "ground-breaking importance for AI-based decisions" according to the Hamburg DPA!

Oct 20, 2024

EDPB Guidelines 2/2023 Technical Scope of Art. 5(3) ePrivacy Directive

members – 1 min read

Likely one of the EDPB’s most controversial documents to date, though the sub-processor Opinion will definitely give it strong competition for first place!

Oct 16, 2024

EDPB meeting minutes 17 Sep 2024

members – 1 min read

New 💸 fines guidelines coming at the end of 2025. Plus, an exciting Support Pool of Experts legal report on 'the extra-territorial enforcement of the GDPR' is coming soon.

Oct 15, 2024

EDPB CEF: Coordinated Enforcement Framework

members – 1 min read

The EDPB created the Coordinated Enforcement Framework (CEF) under its 2021-2023 Strategy to enhance enforcement and strengthen cooperation among DPAs. Each year, DPAs collectively choose a priority enforcement topic for coordinated action. 2025 topic: ❌ right to erasure.

Oct 14, 2024