Rie Aleksandra - DPO Hub (Page 7)

CJEU C-413/23 P EDPS v Single Resolution Board 6 Feb 2025 AG Opinion

members – 1 min read

A much-anticipated case on the concept of personal data, but the AG only advices the CJEU to set aside the General Court’s ruling and send the case back to decide on the second plea (breach of good administration and fair procedure). We're still in the dark on several aspects.

Feb 6, 2025

CJEU C-492/23 Russmedia Digital and Inform Media Press 6 Feb 2025 AG Opinion

members – 1 min read

AG Szpunar: Marketplace operators are processors for ad data (must protect it) and controllers for advertisers' data (must verify identity). Liability applies if you actively manage, modify or promote content.

Feb 6, 2025

DPO Hub 2024 CJEU GDPR-related rulings

members – 1 min read

A list of all GDPR-related (plus one) CJEU rulings from 2024 with titles, dates, DPO Hub snippets, tags and CJEU keywords (with key Articles etc.).

Feb 4, 2025

CJEU GC T-70/23 Data Protection Commission v European Data Protection Board 29 Jan 2025

members – 2 min read

The General Court dismissed DPC's actions against the EDPB and ordered them to pay the costs, meaning they must conduct new investigations and issue new Art. 60(3) draft decisions for the three 2022 Art. 65 Binding Decisions in cases against Meta (Facebook, Instagram, WhatsApp).

Jan 31, 2025

EDPB Opinion 28/2024: AI models

members – 4 min read

UPDATED 27 Jan. A must-read if the subject matter is relevant. Yes, legitimate interest can apply in the context of AI models—but your documentation needs to be thorough. And don’t forget to involve your DPO.

Jan 27, 2025

🇮🇪 DPC fines LinkedIn €310m for illegal behavioural analysis and targeted advertising ('BA & TA')

members – 7 min read

Key takaways: Lack of lawful basis = loss of control = 'significant damage', lawful bases are notoriously tricky to get right, and most have lots to gain in improving information and transparency. Full decision = a key lesson on legitimate interest and LIAs.

Jan 22, 2025

EDPB press release: Right of access CEF 2024 report

members – 1 min read

30 DPAs participated in EDPB's 2024 CEF action on the Right of access, involving 1185 controllers. 7 identified challenges like lack of documented procedures and requesting excessive ID docs. And more awareness is needed.

Jan 20, 2025

EDPB press release: 🚨 Pseudonymisation guidelines + working with competition authorities

members – 1 min read

Pseudonymisation guidelines on public consultation until 28 Feb! Plus, the EDPB suggest how they can cooperate with competition authorities.

Jan 17, 2025

CJEU C-416/23 Österreichische Datenschutzbehörde (Excessive requests) 9 Jan 2025

members – 4 min read

Art. 57(4) 'requests' include 'complaints' in 57(1)(f) and 77(1) and aren't 'excessive' due to volume alone; DPAs must show abuse, and can then charge a reasonable fee or refuse to act after considering all circumstances and ensuring their choice is justified.

Jan 14, 2025

CJEU C-394/23 Mousse 9 Jan 2025

members – 5 min read

Processing customers' titles to personalise communication based on gender isn’t essential for performing a contract; nor is it for a legitimate interest if they weren't informed beforehand, the processing isn't strictly necessary, or the balancing test goes in their favor.

Jan 13, 2025

CJEU C-21/23 Lindenapotheke 4 Oct 2024

members – 5 min read

NB! Updated re: explicit consent. Competitors can take legal action against your GDPR violations if considered an illegal unfair commercial practice. Special category personal data threshold is lowered: ordering pharmacy-only medicinal products online is considered sharing health data.

Jan 12, 2025

🇮🇪 DPC fines Meta €91m for failing to safeguard passwords and notify breaches

members – 1 min read

UPDATE 1 Jan: Summary + full decision published! The DPC fines Meta for failing to safeguard users' passwords (storing them in plaintext!) and for notifying the breach too late.

Dec 30, 2024