'Pay or OK' – 'Consent or Pay' resources
members
–
2 min read
Updated this post to gather some of the Consent or Pay resources while we wait for the EDPB's Guidelines!
EDPB meeting minutes 13 Mar 2025
members
–
2 min read
Upcoming guidelines: political advertising Regulation | 🇺🇸 MoU on "Defending American Companies ... Overseas Extortion and Unfair Fines" (confidential discussion) | SoMe platforms disinformation & halted fact-checking | CJEU Russmedia + Dun & Bradstreet | Generative AI Enforcement taskforce
EDPB Guidelines 2/2025 Blockchain (public consultation)
members
–
1 min read
New EDPB Guidelines are now open for public consultation (until 9 June) on processing of personal data through blockchain technologies.
EDPB meeting minutes 11 Feb 2025
members
–
2 min read
Skip reading this if you already read the 12 Feb press release. Commission’s watching EU-US DPF “with interest” (but no more info). ChatGPT taskforce now “Generative AI Enforcement”, will cover DeepSeek. Second LED report due May 2026. Three new CSC databases.
EDPB subgroups and taskforces
members
–
4 min read
Guidance, opinions, decisions, statements and letters are prepared in subgroups or taskforces. Here's the overview!
CJEU C-710/23 Ministerstvo zdravotnictvi 3 Apr 2025
members
–
3 min read
GDPR still applies when acting on behalf of a legal person. Plus, major implications for 🇨🇿 Czech – and potentially other – public bodies handling FOI requests: you may need to consult data subjects before disclosure, and even if that's impossible, you must still balance FOI with data protection.
Norway DPA with new cookie ePrivacy guidance
members
–
1 min read
If you're based in Norway, this is a must-read!
ICO Anonymisation and pseudonymisation guidance
members
–
2 min read
The UK ICO has published its updated anonymisation and pseudonymisation guidance – grab the PDF here. And please tell them we want the RSS feeds back.
CJEU C-654/23 Inteligo Media 27 Mar 2025 AG Opinion
members
–
2 min read
AG Szpunar: If someone creates an online account that includes access to your email newsletters, sending them qualifies as 'direct marketing’ under the ePrivacy Directive Article 13 and is covered by the exception in point 2. Under Article 95 GDPR, a lawful basis under Article 6 isn’t needed.
Norway DPA with record NOK 4 million DPO fine to Telenor
members
–
8 min read
After initially flagging a potential NOK 99m (~€8.3m) fine, Datatilsynet fined Telenor ASA NOK 4m (~€351,000) for failing to properly assess and document the DPO role – particularly around independence, potential conflicts of interest and a direct reporting line to top management.
EDPB Support Pool of Experts (SPE)
members
–
6 min read
Latest: EDPB shares their 2nd SPE report and this time, I'm not even reading it... About SPE: What is it, what have they spent (and spend) time and resources on, is it justified based on the current results, and should you apply? (Likely not.) Should you even spend time reading this post?
Luxembourg Court upholds major €746m fine to Amazon
members
–
2 min read
Just added the ruling. Fine and daily penalty upheld for Articles 6, 12-17, and 21 violations related to interest-based ads, but since an appeal is inevitable, this isn’t final yet. In the meantime, Amazon doesn’t have to pay or take any action.