🚨 My final writeup of the EDPB's CEF DPO report, which you shouldn't spend time on unless you have time to spare or are simply burning with curiosity! PS: We just released our Grumpy GDPR episode on this.
This case is not only a goldmine for DPOs in the Swedish healthcare sector (although particularly so), but DPOs in general, for assessing roles, legal bases and processor liability.
🇸🇪 MedHelp must pay SEK 11,3 million (~$1m) for leaking 2,7 million health-related conversations (of 170 000 hours) online for several years and no legal basis for forwarding call to Thailand.
In a case on copyright infringement, the CJEU stated that IP addresses are protected personal data because they allow data subjects to be precisely identified.
Police must regularly review if they can justify to continue storing biometric and genetic data and, if this isn't the case, grant erasure requests. This ruling applies to Directive (EU) 2016/680 (LED).