DPO Hub
  • Home
  • Topics
  • Filter
  • EDPB
  • CJEU
  • Bookmarks
  • Community ↗️
Sign in Sign up
Sign up Sign in
  • Home
  • Topics
  • Filter
  • EDPB
  • CJEU
  • Bookmarks
  • Community ↗️
  • Terms
  • Privacy
  • Archive (all posts)
  • GDPR.Fan ↗️
  • Manage subscription
Unlock full access to see the entire library by subscribing to a paid plan.
Sign up
Bookmarks

consent

18 posts
CJEU C-40/17 Fashion ID 29 Jul 2019
CJEU key definitions controller

CJEU C-40/17 Fashion ID 29 Jul 2019

members – 4 min read
You’re a (joint) controller if you use third-party tools on your website that share personal data with the provider – but only for parts where you (jointly) determine purposes and means. If you collect the data, you must inform and get consent, and each controller must pursue a legitimate interest.
Jun 17, 2025
Rie Aleksandra Rie Aleksandra
The Grindr NOK 65m fine case in Norway
consent personalised ads fine

The Grindr NOK 65m fine case in Norway

members – 2 min read
[Added news article mentioning the upcoming appeal] The Oslo District Court ruled in favour of the state on all points, after Grindr sued the authorities after the Privacy Appeals Board fully upheld the DPA's decision, including the NOK 65m (~€5.6m) record fine. Preliminary win but expect an appeal.
May 25, 2025
Rie Aleksandra Rie Aleksandra
'Pay or OK' – 'Consent or Pay' resources
EDPB personalised ads marketing

'Pay or OK' – 'Consent or Pay' resources

members – 2 min read
Updated this post to gather some of the Consent or Pay resources while we wait for the EDPB's Guidelines!
Apr 30, 2025
Rie Aleksandra Rie Aleksandra
CJEU C-654/23 Inteligo Media 27 Mar 2025 AG Opinion
CJEU ePrivacy marketing

CJEU C-654/23 Inteligo Media 27 Mar 2025 AG Opinion

members – 2 min read
AG Szpunar: If someone creates an online account that includes access to your email newsletters, sending them qualifies as 'direct marketing’ under the ePrivacy Directive Article 13 and is covered by the exception in point 2. Under Article 95 GDPR, a lawful basis under Article 6 isn’t needed.
Mar 27, 2025
Rie Aleksandra Rie Aleksandra
Lawfulness: Consent
topic resource lawfulness

Lawfulness: Consent

members – 6 min read
Latest update: Luxembourg DPA with updated guidance. Start here for all things consent: when to rely on and not, practical tips and key resources (GDPR, DPD, CFR, OECD, CJEU rulings and EDPB guidance).
Mar 17, 2025
Rie Aleksandra Rie Aleksandra
Meta personalised ads consent

My Meta Pay or Okay experience - now they're cutting the price with 40%

members – 5 min read
Latest: Meta reduces sub prices and offers new free choice with less personalised ads, claiming it "goes beyond what is required in the law". 💸 And gets huge fines: €797.72m from the 🇪🇺 EC for antitrust violations and $25.4m from 🇮🇳 India's competition authority for 2021 privacy notice failures.
Nov 15, 2024
Rie Aleksandra Rie Aleksandra
CJEU C-252/21 Meta Platforms and Others (General terms of use of a social network) 'Bundeskartellamt' 4 Jul 2023
CJEU Meta personalised ads

CJEU C-252/21 Meta Platforms and Others (General terms of use of a social network) 'Bundeskartellamt' 4 Jul 2023

members – 6 min read
The 'Bundeskartellamt' ruling, where the CJEU applies 'strictly' to the legal bases necessity test for the first time. 🔥 You might rely on legitimate interest for direct marketing, network security or product improvement, but the processing must now meet this higher threshold.
Nov 13, 2024
Rie Aleksandra Rie Aleksandra
Dutch DPA on education sector social media marketing
marketing guidance DPIA

Dutch DPA on education sector social media marketing

members – 4 min read
The DPA stresses that their advice applies generally to all social media and "of great importance" to all educational institutions and similar organisations in 🇳🇱.
Jun 17, 2024
Rie Aleksandra Rie Aleksandra
CJEU C-129/21 Proximus (subscribers' consent) 27 Oct 2022
CJEU consent ePrivacy

CJEU C-129/21 Proximus (subscribers' consent) 27 Oct 2022

members – 3 min read
Consent is required to list subscribers' details in publicly available directories. If obtained, including on behalf of other controllers, a data subject can withdraw it (= an erasure request) from any of them, and each controller may need to inform the others.
Apr 28, 2024
Rie Aleksandra Rie Aleksandra
EDPB's controversial ‘Consent or Pay’ Opinion is here
EDPB consent personalised ads

EDPB's controversial ‘Consent or Pay’ Opinion is here

members – 2 min read
[Updated 24 April with highlighted file + 🎙️] Is the EDPB trying to "rewrite the entire economic model of Big Tech and the adtech industry in the EU"? 🤔 Controversial Opinion just published!
Apr 24, 2024
Rie Aleksandra Rie Aleksandra
DPA decision ePrivacy lawfulness

Denmark DPA says cookie walls are legal - and not

members – 2 min read
Update 26 Mar 2024: the DPA rejects reopening the cases, upholding that analytics/statistics aren't a necessary part of the alternative to paid access.
Mar 26, 2024
Rie Aleksandra Rie Aleksandra
EDPB Guidelines 5/2020 on consent
EDPB guidance lawfulness

EDPB Guidelines 5/2020 on consent

members – 6 min read
A 1-page summary of the EDPB's Guidelines: structure of valid consent, when is it invalid, what to do when it's withdrawn, key highlights and resources.
Dec 20, 2023
Rie Aleksandra Rie Aleksandra
Ready to get started now?
Subscribe to get access to premium content or contact us if you have any questions.
Subscribe Contact us
DPO Hub
☕️ Where GDPR pros come to save time and sanity
Navigation
  • Home
  • Topics
  • Filter
  • EDPB
  • CJEU
  • Bookmarks
  • Community ↗️
Quick links
  • Terms
  • Privacy
  • Archive (all posts)
  • GDPR.Fan ↗️
  • Manage subscription
Tags
CJEU DPA decision EDPB fine lawfulness
©2025 DPO Hub - Made with 💛 in 🇳🇴
Great! Next, complete checkout for full access to DPO Hub.
Welcome back! You've successfully signed in.
You've successfully subscribed to DPO Hub.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.