📢 EDPB Adopts Guidelines on Art. 65(1)(a) of GDPR 📚

Great news for privacy enthusiasts. The European Data Protection Board (EDPB) has recently adopted the final version of the Guidelines on the application of Art. 65(1)(a) of the GDPR. These guidelines are designed to provide clarity on the various stages of the Art. 65 procedure and shed light on the EDPB’s authority when issuing legally binding decisions based on Art. 65(1)(a) of the GDPR.


📌 Exciting News: UK and US Commit to Data Bridge, but Details Remain Scarce 🔔

🛡 The UK and US have committed in principle to establish a data bridge, extending the Data Privacy Framework. Although details are limited, this move is seen as an attempt to substantiate the Prime Minister’s visit to the US. The data bridge has the potential to encompass sectors like pharmaceuticals and financial services, which are currently not covered by the Privacy Shield but pose data sensitivity challenges. The extension of the data transfer regime through certification and accountability mechanisms is a positive step, pending further details.


Private or public, does it matter?

Data protection is becoming increasingly complex in the education sector. New laws entering into force and additional guidelines make it difficult to keep up with the constant changes. An additional layer of complexity comes with the range of organisations funded in differing ways, from private companies to charitable organisations and publicly funded institutions. Learn more about the extraterritorial scope of privacy laws and the need for education providers to appoint a representative.

Women called Charlotte in a pantsuit.

Andreas Maetzler, Charlotte Mason


🔔 EDPB adopts final version of Guidelines on facial recognition technology in the area of law enforcement 📣

The European Data Protection Board (#EDPB) has just released the final version of the Guidelines on facial recognition technology in the area of law enforcement. The guidelines provide guidance to EU and national lawmakers, as well as to law enforcement authorities, on implementing and using facial recognition technology systems.


🚨 CASE LAW UPDATE ⚖️ Case T‑557/20 European General Court (EGC) can be a true landmark decision on the question what qualifies as personal data and on the concept of pseudonymisation.

Since the decision Breyer (C-582/14) in 2016 it was common practice to consider indirect identifiable data always as personal data, because there is someone who may hold the key for the identification. In Case T-557/20, Single Resolution Board (SRB) v European Data Protection Supervisor (EDPS) - Case T‑557/20 the EGC now came to the conclusion that transferring pseudonymised data may lead to anonymisation. Key question is, if the reidentification is reasonably possible for the recipient.