Data Protection Insider Blog

Data Protection Insider

Welcome to Data Protection Insider, your biweekly digest of the latest developments in EU data protection law. Each issue brings you insightful analysis of recent court rulings, legislative updates and regulatory changes that impact data protection across the European Union. Stay informed and deepen your understanding of the evolving data protection legal landscape with our biweekly updates.

Subscribe now!

Data Protection Insider, Issue 108

– CJEU: Court on Personal Data and Controllership in Online Advertising – On 7th March, the CJEU ruled in the case of IAB Europe v Gegevensbeschermingsautoriteit. In terms of the facts, the case concerned IAB Europe’s Transparency & Consent Framework (TCF). The TCF provides a set of rules and technical specifications aimed at allowing online advertisers to process users’ personal data […]

Data Protection Insider, Issue 107

– ECtHR Rules on Publication and Destruction of Information Obtained via Covert Surveillance – On 22nd February, the ECtHR ruled in the case of Kaczmarek v. Poland. In terms of the facts, the applicant is the wife of a Polish politician. In 2007, an anti-corruption investigation was launched in relation to the Ministry of Agriculture. The investigation failed, and the […]

Data Protection Insider, Issue 106

– CJEU: Parliamentary Committees Supervising National Security Authorities Are Subject to the GDPR – On 16th January, the CJEU ruled in Österrreichische Datenschutzbehörde v WK that parliamentary committees which supervise national security authorities should comply with the GDPR. As to the facts of the case, the applicant in the main proceedings, WK, was heard as a witness by a Parliamentary Committee […]

Data Protection Insider, Issue 105

– CJEU: Official Journal Acts as a Controller When Publishing Data – On 11th January, the CJEU ruled that the Belgian Official Journal should bear the responsibilities of a controller when publishing personal data, as the data processing is regulated by Belgian law in Etat belge v Autorite de protection des donnees. As to the facts of the case, the Belgian […]

Data Protection Insider, Issue 104

– CJEU: Credit Scoring Constitutes Automated Decision-Making – On 7th December, the CJEU ruled that credit scoring constitutes automated decision-making in the sense of Article 22 (1) GDPR in OQ v Land Hessen. As to the facts of the case, the applicant in the main proceedings, OQ, was refused a loan by a credit institute because of a negative credit rating […]

Data Protection Insider, Issue 103

– Council Adopts Data Act – On 27th November, the Council announced it had ‘adopted a new Regulation on harmonised rules on fair access to and use of data (Data Act)’. According to the Council, the law aims to establish ‘new rules on who can access and use data generated in the EU across all economic sectors’. More specifically, amongst […]

Data Protection Insider, Issue 102

– CJEU Strengthens the Role of DPAs in ‘Indirect Access’ Cases under the LED – On 16th November, the CJEU delivered its judgment in Ligue des droits humains ASBL, BA v Organe de contrôle de l’information policière, in which it boosted the decision-making powers of DPAs when evoked to exercise the rights of the data subjects against law enforcement authorities […]

Data Protection Insider, Issue 101

– CJEU Gives a Broad Reading on the Right to Copy of One’s Data – On 26th October, the CJEU delivered a judgment in FT v DW, clarifying that the right to access one’s personal data under Article 15 GDPR may be exercised when access is sought beyond the purpose of verifying the accuracy of the data, and that the […]

Data Protection Insider, Issue 100

– EDPB-EDPS Joint Opinion on Digital Euro Proposal – On 17th October, the EDPB and EDPS adopted their ‘Joint Opinion 02/2023 on the Proposal for a Regulation of the European Parliament and of the Council on the establishment of the digital euro’. In the next few months, the European Parliament and the Council will consider the Commission’s proposal for a […]

Data Protection Insider, Issue 99

– CJEU: Verification of COVID-19 Certificates is Personal Data Processing – On 5th October, the CJEU ruled that the notion of personal data processing under the GDPR includes the verification of COVID-19 certificates, as operated by Member State COVID-19 apps. As to the facts of the case, in January 2022, the applicant in the main proceedings (RT) challenged the validity […]
DPI Editorial Team

Dara Hallinan, Editor: Legal academic working at FIZ Karlsruhe. His specific focus is on the interaction between law, new technologies – particularly ICT and biotech – and society. He studied law in the UK and Germany, completed a Master’s in Human Rights and Democracy in Italy and Estonia and wrote his PhD at the Vrije Universiteit Brussel on the better regulation of genetic privacy in biobanks and genomic research through data protection law. He is also programme director for the annual Computers, Privacy and Data Protection conference.

Diana Dimitrova, Editor: Researcher at FIZ Karlsruhe. Focus on privacy and data protection, especially on rights of data subjects in the Area of Freedom, Security and Justice. Completed her PhD at the VUB on the topic of ‘Data Subject Rights: The rights of access and rectification in the AFSJ’. Previously, legal researcher at KU Leuven and trainee at EDPS. Holds LL.M. in European Law from Leiden University.

Subscribe to our newsletter for updates on legal developments, upcoming conferences, workshops, and publications in your areas of interest.

Stay up to date: Newsletter Subscription