EDPB subgroups and taskforces
members
–
4 min read
Guidance, opinions, decisions, statements and letters are prepared in subgroups or taskforces. Here's the overview!
CJEU C-710/23 Ministerstvo zdravotnictvi (Data concerning the representative of a legal person) 3 Apr 2025
members
–
3 min read
GDPR still applies when acting on behalf of a legal person. Plus, major implications for 🇨🇿 Czech – and potentially other – public bodies handling FOI requests: you may need to consult data subjects before disclosure, and even if that's impossible, you must still balance FOI with data protection.
Norway DPA with new cookie ePrivacy guidance
members
–
1 min read
If you're based in Norway, this is a must-read!
UK ICO Anonymisation and pseudonymisation guidance
members
–
2 min read
The 🇬🇧 ICO has published its updated anonymisation and pseudonymisation guidance – grab the PDF here. And please tell them we want the RSS feeds back.
EDPB Support Pool of Experts (SPE)
members
–
6 min read
Latest: EDPB shares their 2nd SPE report and this time, I'm not even reading it... About SPE: What is it, what have they spent (and spend) time and resources on, is it justified based on the current results, and should you apply? (Likely not.) Should you even spend time reading this post?
Luxembourg Court upholds major €746m fine to Amazon
members
–
2 min read
Just added the ruling. Fine and daily penalty upheld for Articles 6, 12-17, and 21 violations related to interest-based ads, but since an appeal is inevitable, this isn’t final yet. In the meantime, Amazon doesn’t have to pay or take any action.
Binding Corporate Rules (BCRs)
members
–
1 min read
The EDPB has updated the cooperation procedure for BCR approvals, detailing the roles of lead DPAs, review phases and the EDPB’s opinion process. 💡 This document replaces WP263rev.01.
CJEU GC EUDPR T‑354/22 Bindl v Commission 8 Jan 2025
members
–
2 min read
[19 March: The case is appealed.] The CJEU's General Court orders the European Commission to pay €400 in non-material damages for US transfers made in March 2022, when no adequacy decision or alternative safeguard was in place.
Lawfulness: Consent
members
–
6 min read
Latest update: Luxembourg DPA with updated guidance. Start here for all things consent: when to rely on and not, practical tips and key resources (GDPR, DPD, CFR, OECD, CJEU rulings and EDPB guidance).
CJEU C-247/23 Deldits 13 Mar 2025
members
–
2 min read
A Member State can't, under any circumstances, require a data subject to provide proof of gender reassignment surgery to exercise their right to rectification. However, they may need to provide relevant and sufficient evidence reasonably needed to show that the data is inaccurate.
CJEU C‑829/24 Commission v Hungary 12 Feb 2025 Order
members
–
1 min read
The CJEU fast-tracks a case against Hungary where the European Commission claims violations of multiple EU laws, including the GDPR Articles 5, 6, 9 and 10.
CJEU C-203/22 Dun & Bradstreet Austria 27 Feb 2025
members
–
4 min read
You must clearly explain actual procedures and principles applied in ADM and if you claim information contains protected data or trade secrets, you must provide it to the DPA or court, which'll balance rights and interests and determine the extent of a DSAR.