CJEU Meta v Bundeskartellamt competition authorities ruling press release

Jul 4, 2023 — 1 min read

CJEU C-526/24 Brillen Rottler 19 Mar 2026

members – 1 min read

If a DSAR is made solely to engineer a compensation claim rather than to verify lawful processing, it can be refused as abusive – even if it's the first request.

Mar 19, 2026

CJEU C-413/23 P EDPS v SRB (Concept of personal data) 4 Sep 2025 – Case closed!

members – 6 min read

Pseudonymised data isn’t always personal in every case to everyone – but measures must be effective. Comments are personal by nature – no need to assess content, purpose or effects. Whether a person can be identified must be assessed from the controller’s perspective, when collecting the data.

Jan 26, 2026

CJEU C-604/22 IAB Europe TC String 7 Mar 2024

members – 6 min read

[9 Jan: DPA must reassess] GDPR definitions are broad: information = personal data if someone can be identified using third-party data. Joint controllership doesn’t automatically cover further processing, but you are one if you set binding rules and jointly decide purposes and means.

Jan 23, 2026

CJEU Meta v Bundeskartellamt competition authorities ruling press release

Read the full story

CJEU C-526/24 Brillen Rottler 19 Mar 2026

CJEU C-413/23 P EDPS v SRB (Concept of personal data) 4 Sep 2025 – Case closed!

CJEU C-604/22 IAB Europe TC String 7 Mar 2024