Rie Aleksandra - DPO Hub (Page 7)

EDPB meeting minutes 16 jan 2025

members – 1 min read

Anonymisation Guidelines coming (no date yet), Revised DPO Guidelines due Q2 2026, IAB Europe TC String 🇧🇪 national ruling due 19 March, New Support Pool of Experts report: AI bias and data subjects’ rights.

Feb 18, 2025

EDPB meeting minutes 17 Dec 2024

members – 1 min read

No big news - summary of their AI models Opinion discussion (where, interestingly, one EU member voted against adoption). You can safely skip this update.

Feb 18, 2025

Sweden DPA: DPIA practical guidance

members – 1 min read

IMY has shared a DPIA guide, primarily for those with little or no experience. It sets out a clear 10-step process for conducting an "acceptable" DPIA, to be used alone or with their templates. Grab the documents here (Swedish and DeepL translation).

Feb 17, 2025

EDPB press release: AI enforcement task force, age assurance and WADA recommendations

members – 1 min read

EDPB sets up an AI enforcement task force with a "quick response team" and adopts recommendations for WADA's 2027 World Anti-Doping Code, along with a statement on age assurance.

Feb 13, 2025

Commission to withdraw proposed ePrivacy Regulation

members – 1 min read

According to Euractiv and MLaw, the Commission’s updated draft work programme confirms the ePrivacy Regulation proposal is withdrawed. There are no offical confirmations yet, so stay tuned.

Feb 10, 2025

EDPB meeting minutes 2-3 Dec 2024

members – 1 min read

💡 EDPB members intervene to block new social media guidelines, arguing they interpret joint controllership too broadly and overlook practical consequences and balance against other fundamental rights. Little other news.

Feb 8, 2025

CJEU C-492/23 Russmedia Digital and Inform Media Press 6 Feb 2025 AG Opinion

members – 1 min read

AG Szpunar: Marketplace operators are processors for ad data (must protect it) and controllers for advertisers' data (must verify identity). Liability applies if you actively manage, modify or promote content.

Feb 6, 2025

DPO Hub 2024 CJEU GDPR-related rulings

members – 1 min read

A list of all GDPR-related (plus one) CJEU rulings from 2024 with titles, dates, DPO Hub snippets, tags and CJEU keywords (with key Articles etc.).

Feb 4, 2025

CJEU GC T-70/23 Data Protection Commission v European Data Protection Board 29 Jan 2025

members – 2 min read

The General Court dismissed DPC's actions against the EDPB and ordered them to pay the costs, meaning they must conduct new investigations and issue new Art. 60(3) draft decisions for the three 2022 Art. 65 Binding Decisions in cases against Meta (Facebook, Instagram, WhatsApp).

Jan 31, 2025

EDPB Opinion 28/2024: AI models

members – 4 min read

UPDATED 27 Jan. A must-read if the subject matter is relevant. Yes, legitimate interest can apply in the context of AI models—but your documentation needs to be thorough. And don’t forget to involve your DPO.

Jan 27, 2025

🇮🇪 DPC fines LinkedIn €310m for illegal behavioural analysis and targeted advertising ('BA & TA')

members – 7 min read

Key takaways: Lack of lawful basis = loss of control = 'significant damage', lawful bases are notoriously tricky to get right, and most have lots to gain in improving information and transparency. Full decision = a key lesson on legitimate interest and LIAs.

Jan 22, 2025

EDPB press release: Right of access CEF 2024 report

members – 1 min read

30 DPAs participated in EDPB's 2024 CEF action on the Right of access, involving 1185 controllers. 7 identified challenges like lack of documented procedures and requesting excessive ID docs. And more awareness is needed.

Jan 20, 2025