CJEU - DPO Hub (Page 4)

CJEU C‑741/21 juris 11 Apr 2024

members – 5 min read

Breaching GDPR rights doesn't automatically result in non-material damage, and controllers can't (ever?) escape liability simply because someone under their authority didn't follow instructions.

Apr 26, 2024

New CJEU ruling + AG opinion DPAs might dread (C-768/21 Land Hessen)

members – 1 min read

Breaching GDPR rights doesn't automatically result in non-material damage, and controllers can't (ever?) escape liability simply because someone under their authority didn't follow instructions, and an AG Opinion may disrupt DPAs workload. 😬

Apr 11, 2024

CJEU C-101/01 Bodil Lindqvist 6 Nov 2003

members – 4 min read

A key (Directive 95/46/EC) ruling broadly interpreting key definitions (personal and health data, processing) and narrowly applied exceptions, but found that simply putting a website online doesn't necessarily result in transfers.

Apr 9, 2024

CJEU C-46/23 Ujpesti Polgarmesteri Hivatal 14 Mar 2023

members – 1 min read

DPAs can order controllers to delete unlawfully processed data without a prior request from a data subject, and regardless of where the data came from (the data subject or elsewhere).

Mar 26, 2024

CJEU C-740/22 Endemol Shine Finland 7 Mar 2024

members – 3 min read

Orally disclosing personal data = 'processing' and potentially subject to the GDPR, and sharing criminal data orally (or in writing) isn't allowed to fulfill a public access request.

Mar 26, 2024

CJEU C-479/22 P OC v Commission 7 Mar 2024

members – 3 min read

The CJEU returned a case to the General Court as they disagreed on the latter's interpretation of the concept of personal data, which is to be interpreted broadly, such as a press release with several data points that could identify someone.

Mar 21, 2024

CJEU C-604/22 IAB Europe TC String 7 Mar 2024

members – 6 min read

GDPR definitions are broad; information = personal data if, with third-party data, someone can be identified. Joint controllership doesn’t automatically extend to further processing, but you’re one if you set binding rules on processing and jointly determine purposes and means.

Mar 18, 2024

4 new CJEU rulings

members – 1 min read

Two rulings on the concept of personal data, one stating that oral data = processing, and last one pertains to the Europol regulation. DPO Hub writeups coming!

Mar 11, 2024

🚨 CJEU confirms TC String as personal data and IAB Europe as joint controller

members – 1 min read

DPO Hub writeup coming soon!

Mar 7, 2024

CJEU C-582/14 Breyer (dynamic IP addresses) 19 Oct 2016

members – 2 min read

The CJEU held that not only static IP addresses (ref. Scarlet) are protected personal data under data protection law, but also dynamic ones, and that national laws can't restrict interest which are legitimate under EU law.

Feb 11, 2024

CJEU C-70/10 Scarlet Extended (static IP addresses) 24 Nov 2011

members – 1 min read

In a case on copyright infringement, the CJEU stated that IP addresses are protected personal data because they allow data subjects to be precisely identified.

Feb 8, 2024

CJEU LED C-118/22 Natsionalna politsia 30 Jan 2024

members – 1 min read

Law Enforcement Directive: Police must regularly review if they can justify continue storing biometric and genetic data and, if this isn't the case, grant erasure requests.

Jan 31, 2024