CJEU T-553/23 Latombe v Commission 3 Sep 2025
members
–
3 min read
[🇬🇧 version finally available!] "The General Court dismisses the action for annulment" and the EU-US DPF remains valid.
Your OSS for the EU-US DPF
public
–
7 min read
EDPS opines on EU-US data exchanges for security screenings and identity verifications | The General Court dismissed Latombe's action for annulment – and the EU-US DPF is safe for now.
Adequacy decisions
members
–
3 min read
16 Sep: Republic of Korea EU adequacy decision | 5 Sep: Commission with 🇧🇷 Brazil draft adequacy decision – Up next: EDPB Opinion, Member States reps approval and EP "right of scrutiny" | 22 July: Commission deems 🇬🇧 UK DUAA adequate.
EDPS audit of the Commission's MS365 use
members
–
11 min read
28 July: EDPS closes its investigation into the European Commission’s use of Microsoft 365, now deeming it compliant after previously finding serious EUDPR violations, notably on purpose limitation and international transfers.
🇮🇪 DPC fines TikTok €530m for China transfers
members
–
3 min read
10 July: DPC launches new investigation into China transfers. Earlier: transparency breach by failing to disclose the third countries involved and didn't explain the nature of the transfers in its privacy policy --> get compliant in six months or stop the transfers (but order paused until Oct).
CNIL shares transfer impact assessment (TIA) practical template
members
–
2 min read
NB: On 9 July, CNIL appears to have updated the webpage with that date, though there don’t seem to be any actual changes – and the PDFs are still from January. Either way, here’s a quick reminder! 💬 "CNIL TIA template is one of the best templates available to the public!"
EDPB Guidelines 2/2024 Article 48
members
–
5 min read
Update 4 Jul: EDPB shared high-res diagram! Earlier: I've reviewed the final version – mostly clarifications and my annotations on the public consultation one are still valid | EDPB Guidelines on Article 48 covering official requests from third country public authorities for personal data transfers.
Binding Corporate Rules (BCRs)
members
–
1 min read
The EDPB has updated the cooperation procedure for BCR approvals, detailing the roles of lead DPAs, review phases and the EDPB’s opinion process. 💡 This document replaces WP263rev.01.
CJEU GC EUDPR T‑354/22 Bindl v Commission 8 Jan 2025
members
–
2 min read
[19 March: The case is appealed.] The CJEU's General Court orders the European Commission to pay €400 in non-material damages for US transfers made in March 2022, when no adequacy decision or alternative safeguard was in place.
New SCCs on public consultation
members
–
1 min read
Latest: The public consultations for new SCCs (third-country importers directly subject to the GDPR), announced in Sep 2024, are delayed from Q2 to Q3 2025. 🤔
EDPB letter to the Commission on its review of 11 DPD adequacy decisions
members
–
1 min read
EDPB Chair Anu Talus writes the Commissioner for Justice on the Commission's review of 11 adequacy decisions adopted under Directive 95/46/EC for: Andorra, Argentina, Canada, Faroe Islands, Guernsey, the Isle of Man, Israel, Jersey, New Zealand, Switzerland, and Uruguay. And isn't entirely happy.
Denmark Google Workspace for Education Chromebook case (Helsingørgate)
members
–
9 min read
[15 July: Municipalities complies with Jan order + 🚨 DPA asks for EDPB opinion on the scope of a controller's documentation obligations regarding a processor's use of sub-processors] The Danish DPA's landmark decision of 2022 to ban certain use of Google products and US transfers, is still ongoing.