2023 was a busy year for the Court of Justice of the European Union (CJEU), with the issuance of a number of far-reaching judgments on the interpretation and application of the GDPR.

In December 2023, the CJEU delivered two important decisions which supplement a growing body of jurisprudence on the issuance of administrative fines and

Continue Reading CJEU Insight


A UK court has reversed a fine imposed on the provider of a facial image database service, Clearview AI, on the basis that the (UK) GDPR did not apply to the processing of personal data by the company. In so doing, the court has provided helpful judicial interpretation of both the territorial and material scope

Continue Reading Clearview AI -v- Information Commissioner

Authors: Verena Grentzenberg, Andreas Rüdiger, Ludwig Lauer

In his Opinion of 27.04.2023 (C 340/21), the Advocate General of the European Court of Justice (“ECJ”) commented on the interpretation of the civil non-material right to damages pursuant to Article 82 (1) GDPR as well as on the requirements and the duty of
Continue Reading Europe: Opinion of the Advocate General on presumed fault of the controller in case of unlawful third-party access to personal data

On 27 July 2022, the highest administrative court in the Netherlands, published its highly anticipated judgment involving the Dutch Data Protection Authority’s assessment of “legitimate interest” under Article 6(1)(f) GDPR.

It was expected that the court would provide some clarification on whether “purely commercial interests” can qualify as legitimate interests within the meaning
Continue Reading NETHERLANDS: Highest court side-steps determining whether legitimate interests may be purely commercial

Authors: Zoltán Kozma, Mark Almasy

The Hungarian Data Protection Authority (Nemzeti Adatvédelmi és Információszabadság Hatóság, NAIH) has recently published its annual report in which it presented a case where the Authority imposed the highest fine to date of ca. EUR 670,000 (HUF 250 million).

The case involved the personal data processing

Continue Reading Hungary: Record GDPR fine by the Hungarian Data Protection Authority for the unlawful use of artificial intelligence