Judgments on the GDPR and national data protection law
Courts in the EU, and in particular the CJEU, repeatedly issue landmark judgments on the European General Data Protection Regulation (GDPR) and data protection law. We analyse these rulings and explain what they mean in practice.
The Federal Cartel Office may also find GDPR violations at Meta
The CJEU has cast doubt on the voluntary nature of consent on Facebook, allowing national competition regulators to investigate data protection breaches in certain circumstances.
CJEU rules on damages under Art. 82 GDPR
Non-material damages, damages, and the materiality threshold – the CJEU issues a long-awaited ruling. But the legal certainty now provided could lead to large waves of lawsuits.
CJEU declares parts of Germany´s BDSG invalid in terms of data protection for employees
In future, employers in Germany must use a legal basis directly from the GDPR to process their employees’ personal data.
CJEU on the right of access to data recipients
Controllers must name the specific recipients of personal data when answering right to access requests – unless one of the few exceptions applies.
Consumer associations can bring GDPR cases to court without demonstrating a specific violation of individual rights
The CJEU confirmed that national law may allow consumer associations to bring GDPR claims to court, even if they are not mandated by the data subjects and without demonstrating a specific violation of data subjects’ rights.
Compensation based on a wrongful transfer of data within a group of companies
A German Higher Labour Court confirms claim for damages of EUR 2,000, due to prohibited transfer of personal data within the group of companies.
The transfer of the IP address via Google Fonts when visiting a website is unlawful
A website user receives EUR 100 in damages from a website operator for unlawful linking to #Google Fonts. Find out why this is a violation of the #GDPR provisions in our discussion of the ruling.
Upcoming CJEU rulings on data protection matters
Recently, a number of important questions regarding the GDPR have been referred to the CJEU. We will give you an overview on the proceedings and their relevance for data protection practice.
CJEU strikes down EU-U.S. Privacy Shield while SCCs remain valid
What the verdict means for European companies, which alternatives are available and why it does not only affect data transfers to the U.S.
Meaning of the CJEU judgment on Standard Contractual Clauses
The legality of SCCs, the expected judgment of the CJEU and the impact on companies that process data in third countries.
