CJEU C‑741/21 juris

Breaching GDPR rights doesn't automatically result in non-material damage, and controllers can't (ever?) escape liability simply because someone under their authority didn't follow instructions.

Apr 26, 2024 — 5 min read

Read the full story

Already have an account? Sign in

CJEU C-21/23 Lindenapotheke 4 Oct 2024

members – 5 min read

UPDATED: Competitors can take legal action against your GDPR violations if considered an illegal unfair commercial practice. And 'special category personal data' threshold is now lower—ordering pharmacy-only medicinal products online is considered sharing health data, requiring explicit consent.

Nov 22, 2024

CJEU C-252/21 Meta Platforms and Others (General terms of use of a social network) 4 July 2023

members – 6 min read

Legal bases are interpreted stricter and while you might rely on legitimate interest for direct marketing, network security or product improvement, processing personal data must be *strictly* necessary (but is it correctly applied? 🤔)

Nov 13, 2024

CJEU C-621/22 KNLTB (legitimate interests)

members – 3 min read

UPDATED: Article 6(1)(f) allows personal data to be disclosed for a commercial interest if the processing is strictly necessary and not outweighed by the interests, rights or freedoms of the data subjects. The interest doesn't have to be determined by law, but it must be lawful.

Oct 29, 2024