Your data, my dilemma, our decision (object by 9 Aug)!
members
–
2 min read
Moving to US, object if you don't want to come
EDPB meeting minutes 18-19 June 2024
members
–
2 min read
Noteworthy points on involving others (earlier) in their work, opinions vs. guidelines, the political ads Regulation, and 🇸🇪 Supreme Admin. Court CJEU request regarding Art. 13-14 and camera surveillance.
EDPB Guidelines 1/2022 Right of access
members
–
3 min read
A snapshot of the EDPB Guidelines dealing with DSARs: Brief overview, key points, and some advice for data protection pros.
Examples: DSARs - access requests
members
–
40 min read
Right of access examples from the EDPB and ICO.
EDPB press release: DPAs AI Act role, EU-US DPF FAQs, new European Data Protection Seal
members
–
1 min read
EDPB opines that DPAs should be designated AI Act MSAs, adopted 🇪🇺-🇺🇸 DPF FAQs for individuals and businesses, and an opinion approving the EuroPriSe Criteria Catalogue for certifying processors' processing activities, resulting in a European Data Protection Seal.
Denmark Google Workspace for Education Chromebook case (Helsingørgate)
members
–
9 min read
[15 July: Municipalities complies with Jan order + 🚨 DPA asks for EDPB opinion on the scope of a controller's documentation obligations regarding a processor's use of sub-processors] The Danish DPA's landmark decision of 2022 to ban certain use of Google products and US transfers, is still ongoing.
EDPS: the European Commission's use of MS365 is non-compliant
members
–
10 min read
[15 July: Both parties seek annulment] After the EDPS' second investigation into the European Commission's use of Microsoft 365, they found (again) several serious EUDPR violations, notably related to purpose limitation and transfers, which are still ongoing.
CJEU C-757/22 Meta Platforms Ireland (representative action)
members
–
2 min read
Consumer protection groups can take legal action against controllers they believe violate data subjects' rights, including the right to information. With C-319/20, this ruling *could* be a bit of a bombshell! #classaction
CJEU C-461/22 MK (legal guardian)
members
–
1 min read
A former legal guardian who acted in a professional capacity is a controller and must comply with the GDPR, including the right of access.
Right to object and right to erasure: insights from OSS decisions
members
–
2 min read
EDPB SPE project: Article 60 One-Stop-Shop thematic case digest analysing Articles 17 and 21. Key takeaway: Create, document, implement and control policies and procedures, including complaints management. PS: The 'data subject journey' is your secret weapon!
EDPB Support Pool of Experts (SPE) projects
members
–
3 min read
An overview of SPE project so far. Which ones (if any) should you spend time on? (Maybe the OSS case digests.)