CJEU - DPO Hub (Page 4)

CJEU C-621/22 KNLTB (legitimate interests) 4 Oct 2024

members – 3 min read

Article 6(1)(f) allows disclosure for a commercial interest if the processing is *strictly* necessary and not outweighed by the interests, rights or freedoms of the data subjects. The interest doesn't have to be determined by law, but it must be lawful. And CJEU nudges consent again.

Oct 29, 2024

CJEU C-634/21 SCHUFA Holding (Scoring) 7 Dec 2023

members – 4 min read

Credit scoring = Art. 22(1) 'automated individual decision-making' when a third party heavily relies on a probability value to form or end a contract with a data subject. A ruling of "ground-breaking importance for AI-based decisions" according to the Hamburg DPA!

Oct 20, 2024

CJEU LED ePD C-548/21 Bezirkshauptmannschaft Landeck (Attempt to access personal data stored on a mobile phone) 4 Oct 2024

members – 1 min read

A case relating to the ePrivacy and Law Enforcement Directives, concluding that police access to phones isn't limited to the fight against serious crime.

Oct 4, 2024

Interesting non-GDPR CJEU case on gender change (C-4/23 Mirin)

members – 1 min read

💡 (Non-GDPR/ePrivacy) CJEU ruling stating that Member States can't refuse to recognise changed name and gender approved in another Member State.

Oct 4, 2024

CJEU C-154/21 RW v Österreichische Post (Information on recipients of personal data) 12 Jan 2023

members – 3 min read

You have the right to know the actual identities of the recipients your personal data has been shared with.

Aug 16, 2024

CJEU C-757/22 Meta Platforms Ireland (Representative action) 11 Jul 2024

members – 2 min read

Consumer protection groups can take legal action against controllers they believe violate data subjects' rights, including the right to information. With C-319/20, this ruling *could* be a bit of a bombshell! #classaction

Jul 14, 2024

CJEU C-461/22 MK (Professional guardian) 11 Jul 2024

members – 1 min read

A former legal guardian who acted in a professional capacity is a controller and must comply with the GDPR, including the right of access.

Jul 14, 2024

CJEU C-590/22 PS (Incorrect address) and C-182/22 Scalable Capital 20 Jun 2024

members – 5 min read

⚖️ 9 points interpreting Art. 82(1), including: its aim is to compensate for damage, not to punish or deter GDPR violations; fear alone or stolen personal data can trigger claims if proven; and national courts can grant minimal compensation for minor damage.

Jun 25, 2024

CJEU ePD C-229/23 HYA and Others II 13 Jun 2024

members – 1 min read

Article 15(1) of the ePD allows Member State law to require that judges' decisions authorising wiretaps must include their own written reasons, even if the police's applications already provide detailed justifications.

Jun 18, 2024

CJEU C-487/21 Österreichische Datenschutzbehörde v CRIF (right to copy) 4 May 2023

members – 5 min read

You have the right to a faithful, intelligible copy of all your personal data, including full documents or extracts from documents or databases, if crucial for your rights and while respecting others' rights and freedoms.

Jun 14, 2024

CJEU C-579/21 Pankki S 22 Jun 2023

members – 4 min read

You have the right of access processed before the GDPR took effect if you requested it after that date, and to know when and why it was accessed – but not by whom, unless crucial for your rights and while respecting others' rights and freedoms.

May 27, 2024

CJEU C-115/22 NADA and Others 7 May 2024

members – 3 min read

Controversial AG Opinion concluding that sports are outside GDPR's scope, with odd logic on Art. 9, stays unclear as the CJEU finds the referring body lacks the needed independence to be a 'court or tribunal', making their preliminary ruling request inadmissible.

May 10, 2024