🚨 CASE LAW UPDATE ⚖️ Case T‑557/20 European General Court (EGC) can be a true landmark decision on the question what qualifies as personal data and on the concept of pseudonymisation.
Since the decision Breyer (C-582/14) in 2016 it was common practice to consider indirect identifiable data always as personal data, because there is someone who may hold the key for the identification. In Case T-557/20, Single Resolution Board (SRB) v European Data Protection Supervisor (EDPS) - Case T‑557/20 the EGC now came to the conclusion that transferring pseudonymised data may lead to anonymisation. Key question is, if the reidentification is reasonably possible for the recipient.
💬 EDPB Launches Data Protection Guide for small business ❗
The European Data Protection Board (EDPB) has recently launched a Data Protection Guide, designed to assist small and medium-sized enterprises (SMEs) in achieving compliance with the General Data Protection Regulation (GDPR). This helpful manual offers a variety of practical tools and real-world examples, covering crucial GDPR compliance topics like the fundamentals of data protection, data subject rights, data breaches, and more. The EDPB has incorporated various materials such as videos, infographics, and interactive flowcharts, aiming to provide SMEs with user-friendly and easily accessible information.
Exciting announcement! 📢 EDPB Releases Final Guidelines on Data Subject Rights - Right of Access
he European Data Protection Board (#EDPB) has just released the final version of the Guidelines on data subject rights - Right of access, following extensive public consultation.
🛡 EDPB Resolves Meta Dispute and Creates Chat GPT Task Force 💡
Based on Article 65 of the GDPR, the European Data Protection Board (EDPB) has settled a dispute regarding Meta Platforms Ireland Limited’s (Meta IE) data transfers to the US for its Facebook service. The decision answers crucial legal queries from the Irish Data Protection Authority (DPA) and guarantees that national DPAs will apply the GDPR consistently.
⚖ CASE LAW Update: The Court of Justice of the EU Clarifies Controller Obligations in GDPR
👨⚖️ CJEU has just delivered its ruling in Case C-60/22 on GDPR compliance. The court clarified that a breach by a controller of the obligations laid down in Articles 26 and 30 GDPR does not in itself confer on the data subject a right to erasure or to restriction of processing.