Rie Aleksandra - DPO Hub (Page 6)

Takeaways from EDPB's AI models stakeholder event 5 Nov

members – 1 min read

The EDPB has now held their stakeholder event and the Opinion is due by the end of the year. Check out these LinkedIn posts (and comments) to hear how it went!

Nov 6, 2024

CJEU C-621/22 KNLTB (legitimate interests) 4 Oct 2024

members – 3 min read

Article 6(1)(f) allows disclosure for a commercial interest if the processing is *strictly* necessary and not outweighed by the interests, rights or freedoms of the data subjects. The interest doesn't have to be determined by law, but it must be lawful. And CJEU nudges consent again.

Oct 29, 2024

EDPB Guidelines 1/2024 Legitimate interests (public consultation)

members – 4 min read

The EDPB's recent new legitimate interest guidelines are on public consultation until 20 Nov 2024. Initial analysis: 📝 Document, document, document.

Oct 28, 2024

EDPB Opinion 22/2024: obligations when relying on (sub-)processors

members – 8 min read

📚 You must list all (sub-sub-sub-sub...)processors (name, address, contact person, processing activity, roles & responsibilities) and always verify they've provided 'sufficient guarantees'—though the extent might vary based on risk—also for onwards transfers.

Oct 22, 2024

CJEU C-634/21 SCHUFA Holding (Scoring) 7 Dec 2023

members – 4 min read

Credit scoring = Art. 22(1) 'automated individual decision-making' when a third party heavily relies on a probability value to form or end a contract with a data subject. A ruling of "ground-breaking importance for AI-based decisions" according to the Hamburg DPA!

Oct 20, 2024

EDPB Guidelines 2/2023 Technical Scope of Art. 5(3) ePrivacy Directive

members – 1 min read

Likely one of the EDPB’s most controversial documents to date, though the sub-processor Opinion will definitely give it strong competition for first place!

Oct 16, 2024

EDPB meeting minutes 17 Sep 2024

members – 1 min read

New 💸 fines guidelines coming at the end of 2025. Plus, an exciting Support Pool of Experts legal report on 'the extra-territorial enforcement of the GDPR' is coming soon.

Oct 15, 2024

EDPB CEF: Coordinated Enforcement Framework

members – 1 min read

The EDPB created the Coordinated Enforcement Framework (CEF) under its 2021-2023 Strategy to enhance enforcement and strengthen cooperation among DPAs. Each year, DPAs collectively choose a priority enforcement topic for coordinated action. 2025 topic: ❌ right to erasure.

Oct 14, 2024

EDPB Strategy 2024-2027 and Work Programmes

members – 3 min read

New comparison table for their three Work Programmes. Check out which documents have just disappeared! 🧐

Oct 11, 2024

EDPB CEF 2025 topic: right to erasure (right to be forgotten)

members – 1 min read

🧐 A key aim is to assess how you've implemented the right in practice. The EDPB also mentions that the 2024 CEF action on the right to access report will be adopted in early 2025.

Oct 10, 2024

🚨 EDPB: (sub-)processor Opinion, legitimate interest Guidelines, draft enforcement regulation Statement, 2024-2025 work programme

members – 1 min read

Controllers should keep identity of *all* processors and sub-processors "readily available at all times" and their obligation to verify (sub-)processors' ‘sufficient guarantees’ should apply regardless of the risk. The EDPB also shares legitimate interest Guidelines for public consultation and more.

Oct 9, 2024

CJEU LED ePD C-548/21 Bezirkshauptmannschaft Landeck (Attempt to access personal data stored on a mobile phone) 4 Oct 2024

members – 1 min read

A case relating to the ePrivacy and Law Enforcement Directives, concluding that police access to phones isn't limited to the fight against serious crime.

Oct 4, 2024