DPO Hub
  • Home
  • Topics
  • Filter
  • EDPB
  • CJEU
  • MM
  • Bookmarks
  • Community ↗️
Sign in Sign up
Sign up Sign in
  • Home
  • Topics
  • Filter
  • EDPB
  • CJEU
  • MM
  • Bookmarks
  • Community ↗️
  • Terms
  • Privacy
  • Archive (all posts)
  • GDPR.Fan ↗️
Unlock full access to see the entire library by subscribing to a paid plan.
Sign up
Bookmarks

CJEU

65 posts
CJEU C-231/22 Belgian State (Data processed by an official journal) 11 Jan 2024
CJEU key definitions principles

CJEU C-231/22 Belgian State (Data processed by an official journal) 11 Jan 2024

members – 3 min read
National law can implicitly determine controllership, including for an official journal that only publishes data it receives, even when it doesn't have a legal personality on its own. (But note my comment on this.)
Jan 16, 2024
Rie Aleksandra Rie Aleksandra
CJEU C-340/21 Natsionalna agentsia za prihodite (cybercrime) 14 Dec 2023
CJEU principles accountability

CJEU C-340/21 Natsionalna agentsia za prihodite (cybercrime) 14 Dec 2023

members – 7 min read
Unauthorised disclosure or access doesn't equate to inadequate measures, but must be proven to prevent damages claims. National courts must assess your case concretely and cannot systematically rely on expert reports. Mere fear = non-material damages (but must be proven by the data subject).
Jan 8, 2024
Rie Aleksandra Rie Aleksandra
CJEU C‑683/21 Nacionalinis visuomenės sveikatos centras 5 Dec 2023
CJEU key definitions roles

CJEU C‑683/21 Nacionalinis visuomenės sveikatos centras 5 Dec 2023

members – 4 min read
The definition of 'controller' is broad and you're liable for all processing, done directly or by others on your behalf, including processors. Joint controllership is determined by facts, not contracts. Know your role(s)!
Jan 6, 2024
Rie Aleksandra Rie Aleksandra
CJEU C-807/21 Deutsche Wohnen 5 Dec 2023
CJEU key definitions controller

CJEU C-807/21 Deutsche Wohnen 5 Dec 2023

members – 3 min read
The definition of 'controller' is broad and includes legal persons, who are liable for any violations committed by any person in their business who act on their behalf. DPAs must demonstrate that you acted with intent or neglect to fine you and must base the max amount on the group's total revenue.
Jan 5, 2024
Rie Aleksandra Rie Aleksandra
CJEU C-456/22 Gemeinde Ummendorf 14 Dec 2023
CJEU

CJEU C-456/22 Gemeinde Ummendorf 14 Dec 2023

members – 1 min read
No national de minimis threshold and data subjects must prove damage. NB: This is another CJEU ruling from today, also related to Article 82.
Dec 14, 2023
Rie Aleksandra Rie Aleksandra
CJEU: Data breach ≠ poor measures (but you must prove it) and fear only can constitute non-material damage
CJEU

CJEU: Data breach ≠ poor measures (but you must prove it) and fear only can constitute non-material damage

members – 1 min read
How not to get sued by data subjects (se full write-up of case in C-340/21 post)
Dec 14, 2023
Rie Aleksandra Rie Aleksandra
CJEU (SCHUFA): On credit scoring, automated decision-making and courts' review of DPA decisions
CJEU

CJEU (SCHUFA): On credit scoring, automated decision-making and courts' review of DPA decisions

members – 2 min read
Two CJEU rulings on SCHUFA Holding: Credit scoring = ADM when decisive for granting credit + national courts can fully review legally binding DPA decisions.
Dec 7, 2023
Rie Aleksandra Rie Aleksandra
CJEU: Fines can only be imposed where there was intent or negligence
CJEU fine

CJEU: Fines can only be imposed where there was intent or negligence

members – 1 min read
...and fines MUST be calculated on the *group's* total worldwide annual turnover!
Dec 5, 2023
Rie Aleksandra Rie Aleksandra
CJEU C-319/22 Gesamtverband Autoteile-Handel (Access to vehicle information) (VIN, Scania) 9 Nov 2023
CJEU key definitions personal data

CJEU C-319/22 Gesamtverband Autoteile-Handel (Access to vehicle information) (VIN, Scania) 9 Nov 2023

members – 3 min read
A vehicle identification number (VIN) is not personal data in nature, but may be(come) so depending on the context, even if you cannot identify someone directly yourself from it.
Nov 16, 2023
Rie Aleksandra Rie Aleksandra
CJEU C-307/22 Copies du dossier médical (Copies of medical records) 26 Oct 2023
CJEU rights DSAR

CJEU C-307/22 Copies du dossier médical (Copies of medical records) 26 Oct 2023

members – 1 min read
You have the right to a full copy of your medical journal, free of charge!
Nov 6, 2023
Rie Aleksandra Rie Aleksandra
CJEU

CJEU ruling on processing and trust no expert

members – 1 min read
…
Oct 10, 2023
Rie Aleksandra Rie Aleksandra
CJEU

Controversial CJEU AG Opinion: Doping case not in GDPR scope

members – 1 min read
…
Sep 13, 2023
Rie Aleksandra Rie Aleksandra
Ready to get started now?
Subscribe to get access to premium content or contact us if you have any questions.
Subscribe Contact us
DPO Hub
☕️ Where GDPR pros come to save time and sanity
Navigation
  • Home
  • Topics
  • Filter
  • EDPB
  • CJEU
  • MM
  • Bookmarks
  • Community ↗️
Quick links
  • Terms
  • Privacy
  • Archive (all posts)
  • GDPR.Fan ↗️
Tags
DPA decision CJEU EDPB fine lawfulness
©2025 DPO Hub - Made with 💛 in 🇳🇴
Great! Next, complete checkout for full access to DPO Hub.
Welcome back! You've successfully signed in.
You've successfully subscribed to DPO Hub.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.