erasure - DPO Hub

EDPB Support Pool of Experts (SPE) projects

members – 6 min read

Latest: The Digital Euro and its token-based offline modality (Oct) | AI and Data Protection Training curriculum (Jun) | An overview of SPE projects.

Oct 21, 2025

CJEU C-655/23 Quirin Privatbank 4 Sep 2025

members – 3 min read

GDPR offers no judicial remedy outside erasure requests to stop future unlawful processing, but Member States may. Non-material damage covers negative feelings – if proven. A controller’s fault doesn’t affect compensation, and a court order banning repeat GDPR violations can’t reduce or replace it.

Sep 7, 2025

Luxembourg Court upholds major €746m fine to Amazon

members – 2 min read

Just added the ruling. Fine and daily penalty upheld for Articles 6, 12-17, and 21 violations related to interest-based ads, but since an appeal is inevitable, this isn’t final yet. In the meantime, Amazon doesn’t have to pay or take any action.

Mar 20, 2025

EDPB CEF 2025: Right to erasure (right to be forgotten)

members – 2 min read

15 Oct 2025: Final report due in "the coming months" | The right to erasure is one of the most frequently exercised GDPR rights and a major source of DPA complaints. This CEF action aims to assess how controllers have implemented it in practice.

Mar 5, 2025

CJEU C-200/23 Agentsia po vpisvaniyata 4 Oct 2024

members – 6 min read

Tag, you're it! Got personal data --> you're a controller and can't shift accountability to the data subject. Temporary loss of control (e.g. public disclosure) can lead to damage, but harm must be proven. Handwritten signatures = personal data.

Dec 28, 2024

Right to object and right to erasure: insights from OSS decisions

members – 2 min read

EDPB SPE project: Article 60 One-Stop-Shop thematic case digest analysing Articles 17 and 21. Key takeaway: Create, document, implement and control policies and procedures, including complaints management. PS: The 'data subject journey' is your secret weapon!

Jul 9, 2024

CJEU C-129/21 Proximus (subscribers' consent) 27 Oct 2022

members – 3 min read

Consent is required to list subscribers' details in publicly available directories. If obtained, including on behalf of other controllers, a data subject can withdraw it (= an erasure request) from any of them, and each controller may need to inform the others.

Apr 28, 2024

CJEU C-46/23 Ujpesti Polgarmesteri Hivatal 14 Mar 2023

members – 1 min read

DPAs can order controllers to delete unlawfully processed data without a prior request from a data subject, and regardless of where the data came from (the data subject or elsewhere).

Mar 26, 2024

CJEU LED C-118/22 Natsionalna politsia 30 Jan 2024

members – 1 min read

Law Enforcement Directive: Police must regularly review if they can justify continue storing biometric and genetic data and, if this isn't the case, grant erasure requests.

Jan 31, 2024