Rie Aleksandra - DPO Hub (Page 4)

EDPB Annual report 2024

members – 4 min read

EDPB Chair Anu Talus is proud of their 2024 achievements, including the "significantly increased number of consistency opinions adopted under Art. 64(2)". They've also launched a new strategy 2024-2027. But should you read either? (Added link to EDPS' annual report too.)

Jun 8, 2025

CJEU C-541/24 Naltov 5 Jun 2025 (dismissed)

members –

The CJEU dismissed the case because the referring court's questions didn't relate to a real legal dispute. Listing it here for completeness.

Jun 8, 2025

CJEU C-769/22 Commission v Hungary (Values of the EU) 5 Jun 2025 AG Opinion

members – 1 min read

AG Ćapeta: Hungary violated EU law by introducing national legislation restricting or prohibiting access to LGBTI content – and the Court should also find a stand-alone breach of Article 2 TEU, which sets out the EU’s fundamental values. A case relevant for policymakers and Member States.

Jun 8, 2025

CJEU C-604/22 IAB Europe TC String 7 Mar 2024

members – 7 min read

[Final 🇧🇪 ruling, articles] GDPR definitions are broad: information = personal data if someone can be identified using third-party data. Joint controllership doesn’t automatically cover further processing, but you are one if you set binding rules and jointly decide purposes and means.

May 25, 2025

The Grindr NOK 65m fine case in Norway

members – 2 min read

[Added news article mentioning the upcoming appeal] The Oslo District Court ruled in favour of the state on all points, after Grindr sued the authorities after the Privacy Appeals Board fully upheld the DPA's decision, including the NOK 65m (~€5.6m) record fine. Preliminary win but expect an appeal.

May 25, 2025

CJEU C-209/23 RRC Sports 15 May 2025 AG Opinion

members – 2 min read

AG Emiliou: FIFA’s new Football Agent Regulations don’t automatically violate Article 6 GDPR, but must meet certain conditions – there must be a legitimate interest, the data must be strictly necessary, and the rules must not place an unreasonable burden on people’s privacy or finances.

May 21, 2025

Data breaches

members – 2 min read

Latest: Started to add DPA resources, including France with new practical guides for the education sector and Denmark with finalised guide. Upcoming topic page for breaches, prompted by EDPB's recent summary document.

May 20, 2025

Norway DPA shares education sector audit findings

members – 2 min read

Datatilsynet completed their large-scale audit examining how 50 municipalities safeguard privacy and data protection when using digital learning tools for educational purposes. Read their request for information letter here + watch the recording of their final report presentation.

May 15, 2025

CJEU C-698/23 P EDPS v Parliament and Council 8 May 2025 AG Opinion

members – 1 min read

An Advocate General Opinion on a case about Europol and regulators – safe to skip for most!

May 11, 2025

EDPB meeting minutes 8 Apr 2025

members – 1 min read

🇪🇺 Commission gave an update on the EU-US DPF: EO 14086 is still "fully in place" and they'll only continue to "monitor the situation" for now | Little else particularly newsworthy so feel free to skip this read if you already read the agenda

May 9, 2025

🚨 EDPB & EDPS joint letter to the Commission on proposal to simplify ROPA requirements

members –

EDPB & EDPS jointly – positively – responded to the European Commission’s letter proposing to simplify the Article 30 ROPA requirement for SMCs and non-profits with fewer than 500 employees and a “certain annual turnover”, deleting certain references and adding in 'high' risk.

May 8, 2025

CJEU C-313/23 Inspektorat kam Visshia sadeben savet 30 Apr 2025

members – 3 min read

That a court authorises personal data disclosure to another judicial body qualifies as processing under the GDPR – but it doesn’t make the court a controller or a DPA, and it’s not required to ensure compliance unless an Article 79(1) action is brought before it.

May 6, 2025