Judgments on the GDPR and national data protection law
Courts in the EU, and in particular the CJEU, repeatedly issue landmark judgments on the European General Data Protection Regulation (GDPR) and data protection law. We analyse these rulings and explain what they mean in practice.
Group turnover as a benchmark for GDPR fines
How are GDPR fines calculated when companies within a group violate data protection regulations – and how can corporations reduce their risks in this regard?
CJEU: non-material damage, injunctive relief, assessment of damages
A ruling that is highly relevant in practice concerning the de minimis threshold for non-material damage, injunctive relief claims based on the GDPR, and the assessment of damages.
Does the host-provider privilege apply to data protection violations?
The CJEU had to examine whether providers of online platforms are responsible and liable for the (unlawful) processing of personal data in user-generated content.
Is it always permissible to ask for gender?
The CJEU rules on the conditions under which gender or title may be requested in online forms.
Information obligations even for pseudonymised data?
The ECJ rules on whether recipients must also be named if they only receive pseudonymised personal data. The ruling is likely to spark considerable debate.
General Court reviews EU-U.S. Data Privacy Framework
The General Court of the European Union rules on the validity of the EU-U.S. Data Privacy Framework, providing legal certainty for data transfers to the United States, at least in the short term.
CJEU ruling on compensation following a hacker attack
The CJEU rules on the conditions under which data subjects affected by a data protection breach or hacker attack can claim damages.
Is Art. 9 GDPR an independent legal basis?
What is the relationship between Art. 6(1) GDPR and Art. 9(2) GDPR – and is it sufficient to fulfil the latter in order to be allowed to process special categories of personal data?
Can a verbal disclosure constitute processing within the meaning of the GDPR?
The CJEU rules on the concept of processing and the objectives of the GDPR.
Can competitors issue warnings for GDPR violations?
The CJEU rules on whether the GDPR has a blocking effect vis-à-vis national competition law. The consequences could be expensive for some companies – but are not the end of the world.