CJEU - DPO Hub (Page 5)

CJEU C-487/21 Österreichische Datenschutzbehörde v CRIF (right to copy) 4 May 2023

members – 5 min read

You have the right to a faithful, intelligible copy of all your personal data, including full documents or extracts from documents or databases, if crucial for your rights and while respecting others' rights and freedoms.

Jun 14, 2024

CJEU C-579/21 Pankki S 22 Jun 2023

members – 4 min read

You have the right of access processed before the GDPR took effect if you requested it after that date, and to know when and why it was accessed – but not by whom, unless crucial for your rights and while respecting others' rights and freedoms.

May 27, 2024

CJEU C-115/22 NADA and Others 7 May 2024

members – 3 min read

Controversial AG Opinion concluding that sports are outside GDPR's scope, with odd logic on Art. 9, stays unclear as the CJEU finds the referring body lacks the needed independence to be a 'court or tribunal', making their preliminary ruling request inadmissible.

May 10, 2024

CJEU ePD LED GDPR C-470/21 La Quadrature du Net and Others (Personal data and action to combat counterfeiting) 20 Apr 2024

members – 1 min read

Member States may require internet access providers to retain IP addresses in a general and indiscriminate manner to combat criminal offences, provided this retention doesn’t reveal precise details about the private life of the person concerned.

Apr 30, 2024

CJEU (EIO) C-670/22 EncroChat & CJEU (ePD) C-178/22 Bolzano 30 Apr 2024

members – 1 min read

CJEU on access to phone records related to serious crime and clarifies conditions for transmitting and using evidence in criminal cases with a cross-border dimension.

Apr 30, 2024

CJEU C-129/21 Proximus (subscribers' consent) 27 Oct 2022

members – 3 min read

Consent is required to list subscribers' details in publicly available directories. If obtained, including on behalf of other controllers, a data subject can withdraw it (= an erasure request) from any of them, and each controller may need to inform the others.

Apr 28, 2024

CJEU C‑741/21 juris 11 Apr 2024

members – 5 min read

Breaching GDPR rights doesn't automatically result in non-material damage, and controllers can't (ever?) escape liability simply because someone under their authority didn't follow instructions.

Apr 26, 2024

New CJEU ruling + AG opinion DPAs might dread (C-768/21 Land Hessen)

members – 1 min read

Breaching GDPR rights doesn't automatically result in non-material damage, and controllers can't (ever?) escape liability simply because someone under their authority didn't follow instructions, and an AG Opinion may disrupt DPAs workload. 😬

Apr 11, 2024

CJEU C-101/01 Bodil Lindqvist 6 Nov 2003

members – 4 min read

A key (Directive 95/46/EC) ruling broadly interpreting key definitions (personal and health data, processing) and narrowly applied exceptions, but found that simply putting a website online doesn't necessarily result in transfers.

Apr 9, 2024

CJEU C-46/23 Ujpesti Polgarmesteri Hivatal 14 Mar 2023

members – 1 min read

DPAs can order controllers to delete unlawfully processed data without a prior request from a data subject, and regardless of where the data came from (the data subject or elsewhere).

Mar 26, 2024

CJEU C-740/22 Endemol Shine Finland 7 Mar 2024

members – 3 min read

Orally disclosing personal data = 'processing' and potentially subject to the GDPR, and sharing criminal data orally (or in writing) isn't allowed to fulfill a public access request.

Mar 26, 2024

4 new CJEU rulings

members – 1 min read

Two rulings on the concept of personal data, one stating that oral data = processing, and last one pertains to the Europol regulation. DPO Hub writeups coming!

Mar 11, 2024