On November 18, 2024, the German Federal Court of Justice (Bundesgerichtshof – “BGH”) made a (to date unpublished) judgment under the case number VI ZR 10/24 regarding claims for non-material damages pursuant to Art. 82 GDPR, due to the loss of control over personal data.

The judgment is based on a personal

Continue Reading Germany: Judgment on Non-Material Damages for Loss of Control over Personal Data

October has already been a busy month for the Court of Justice of the European Union (“CJEU”), which has published a number of judgments on the interpretation and application of the GDPR, including five important decisions, all issued by the CJEU on one day – 4 October 2024. 

This article provides an overview

Continue Reading EU: CJEU Insight 

Summary

In its judgement of 11 July 2024 (C-757/22), the European Court of Justice (‘ECJ’) ruled that the violation of a controller’s information obligations under Art. 12 and 13 GDPR, can be subject to a representative action under Article 80(2) GDPR.

Facts of the case

Meta Platforms Ireland Limited (“

Continue Reading Europe/Germany:  Right to bring collective action for violations of information obligations under GDPR

The European Data Protection Board (“EDPB”) has adopted an Opinion (“EDPB Opinion”) on the validity of consent to process personal data for the purposes of behavioural advertising in the context of ‘consent or pay’ models deployed by large online platforms. The EDPB concludes that “in most cases”, the requirements of

Continue Reading Europe: EDPB issues Opinion on ‘consent or pay’ models deployed by large online platforms

2023 was a busy year for the Court of Justice of the European Union (CJEU), with the issuance of a number of far-reaching judgments on the interpretation and application of the GDPR.

In December 2023, the CJEU delivered two important decisions which supplement a growing body of jurisprudence on the issuance of administrative fines and

Continue Reading CJEU Insight

Summary

A UK court has reversed a fine imposed on the provider of a facial image database service, Clearview AI, on the basis that the (UK) GDPR did not apply to the processing of personal data by the company. In so doing, the court has provided helpful judicial interpretation of both the territorial and material scope

Continue Reading Clearview AI -v- Information Commissioner

Authors: Verena Grentzenberg, Andreas Rüdiger, Ludwig Lauer

In his Opinion of 27.04.2023 (C 340/21), the Advocate General of the European Court of Justice (“ECJ”) commented on the interpretation of the civil non-material right to damages pursuant to Article 82 (1) GDPR as well as on the requirements and the duty of
Continue Reading Europe: Opinion of the Advocate General on presumed fault of the controller in case of unlawful third-party access to personal data

On 27 July 2022, the highest administrative court in the Netherlands, published its highly anticipated judgment involving the Dutch Data Protection Authority’s assessment of “legitimate interest” under Article 6(1)(f) GDPR.

It was expected that the court would provide some clarification on whether “purely commercial interests” can qualify as legitimate interests within the meaning
Continue Reading NETHERLANDS: Highest court side-steps determining whether legitimate interests may be purely commercial

Authors: Zoltán Kozma, Mark Almasy

The Hungarian Data Protection Authority (Nemzeti Adatvédelmi és Információszabadság Hatóság, NAIH) has recently published its annual report in which it presented a case where the Authority imposed the highest fine to date of ca. EUR 670,000 (HUF 250 million).

The case involved the personal data processing


Continue Reading Hungary: Record GDPR fine by the Hungarian Data Protection Authority for the unlawful use of artificial intelligence