CJEU C-698/23 P EDPS v Parliament and Council 8 May 2025 AG Opinion
members
–
1 min read
An Advocate General Opinion on a case about Europol and regulators – safe to skip for most!
CJEU C-313/23 Inspektorat kam Visshia sadeben savet 30 Apr 2025
members
–
3 min read
That a court authorises personal data disclosure to another judicial body qualifies as processing under the GDPR – but it doesn’t make the court a controller or a DPA, and it’s not required to ensure compliance unless an Article 79(1) action is brought before it.
CJEU C-710/23 Ministerstvo zdravotnictvi 3 Apr 2025
members
–
3 min read
GDPR still applies when acting on behalf of a legal person. Plus, major implications for 🇨🇿 Czech – and potentially other – public bodies handling FOI requests: you may need to consult data subjects before disclosure, and even if that's impossible, you must still balance FOI with data protection.
Record GDPR fine from Norway (NAV)
members
–
6 min read
🔥 On 17 Dec, the Privacy Appeals Board overturned substantial parts of the DPA's decision against the Labour and Welfare Administration (NAV), including the record NOK 20 million fine.
CJEU C-740/22 Endemol Shine Finland 7 Mar 2024
members
–
3 min read
Orally disclosing personal data = 'processing' and potentially subject to the GDPR, and sharing criminal data orally (or in writing) isn't allowed to fulfill a public access request.
🔥 Swedish Tax Agency greenlights (?) US cloud services
members
–
2 min read
Following the EU-US DPF, the 🇸🇪 Tax Agency approves using Microsoft Office 365 and Teams. Despite emphasising that everyone must do their own assessments, I'd say this could strengthen your own cloud services assessments.
Sweden MedHelp 1177 case
members
–
8 min read
This case is not only a goldmine for DPOs in the Swedish healthcare sector (although particularly so), but DPOs in general, for assessing roles, legal bases and processor liability.
EDPB meeting: Cookie Banner Task Force and cloud services public sector report
members
–
2 min read
…