Welcome to

The
PrivacyCraft
Blog

Latest Posts

The Spanish data protection authority (AEPD) published a blog post discussing the shift from viewing identity as a fundamental right to treating it as a service. This shift can undermine personal control over data, impacting rights, social inclusion, and privacy. The post highlights the risks of commodifying identity, emphasizing that identity should not be a service controlled by governments or companies. It cites examples like the Aadhaar system in India, where exclusion from services has severe consequences, arguing for identity management that respects privacy and autonomy.
AEPDEU lawGDPR
Spain’s AEPD Explores Identity as Service vs. Fundamental Right
The Spanish data protection authority (AEPD) published a blog post discussing the shift from viewing...
Read More
The Court of Justice of the European Union (CJEU) ruled in Case C-590/22 PS, determining that mere infringement of GDPR is insufficient for compensation under Article 82(1). Claimants must demonstrate actual non-material damage, though it need not reach a specific severity. Fear of data disclosure can justify compensation if proven. The criteria for fines in Article 83 do not apply to damage awards, and compensation does not need to consider national law breaches not specifying GDPR rules.
CJEUEnforcementEU lawGDPR
CJEU Ruling on Compensation for Non-Material Damages based on fear [Case C-590/22 PS]
The Court of Justice of the European Union (CJEU) ruled in Case C-590/22 PS, determining that mere infringement...
Read More
The Court of Justice of the European Union ruled in merged cases C-182/22 and C-189/22 Scalable Capital, addressing compensation for non-material damage under GDPR Article 82(1) due to theft of personal data. The court clarified that compensation to individuals is purely compensatory, not punitive, and the severity of GDPR infringements by controllers is irrelevant for compensation purposes. The court emphasized that data breaches causing non-material damage are significant and may warrant minimal compensation even if not serious, provided they fully address the harm suffered.
CJEUEnforcementEU lawGDPR
CJEU Ruling on Compensation for Data Breach [C-182/22 and C-189/22 Scalable Capital]
The Court of Justice of the European Union ruled in merged cases C-182/22 and C-189/22 Scalable Capital,...
Read More
On 18 June 2024, the Norwegian Data Protection Board ruled that the Norwegian Data Protection Authority (DPA) cannot impose daily fines on Meta for not complying with a ban on behavioral marketing on Facebook and Instagram. This decision challenges the DPA's authority under Norwegian law, which allows daily fines. The Board determined that such fines could only apply to Norwegian companies, not international ones. The ban on behavioral advertising remains, but the ruling raises concerns about enforcement disparities between domestic and international businesses.
EnforcementEU lawFacebookGDPRMetaNorway
The Norwegian Data Protection Authority cannot impose daily fines in cross-border cases
The European Data Protection Board published its final Guidelines on Article 37 of the Law Enforcement...
Read More
The European Data Protection Board published its final Guidelines on Article 37 of the Law Enforcement Directive (LED). These guidelines establish standards for appropriate safeguards in data transfers by competent authorities, focusing on legally binding instruments with third countries. Key points include selecting transfer mechanisms, evaluating transfer risks to data subjects, and maintaining enhanced accountability. The guidelines emphasize legal certainty and the necessity of ensuring equivalent data protection levels when personal data is transferred outside the EU.
EDPBGuideline
EDPB Finalizes Guidelines on Law Enforcement Data Transfers
The European Data Protection Board published its final Guidelines on Article 37 of the Law Enforcement...
Read More
The OECD published a report titled "Towards Digital Safety by Design for Children." This report highlights the importance of integrating safety features into digital environments tailored to children. It discusses international guidelines and emphasizes proactive measures such as age assurance and child-centered design. The report also stresses the need for transparency, accountability, and ongoing risk management to protect children's privacy and ensure a safe digital experience.
childrenOECD
OECD Releases Report on Digital Safety for Children
The OECD published a report titled "Towards Digital Safety by Design for Children." This report highlights...
Read More

Subscribe to my updates

Get all posts delivered to you, so you don’t need to remember to check my blog.

You can unsubscribe at any time.

My newsletter can also include occasional marketing, such as information on my product launches and discounts.

Emails are sent through a processor located in the United States. Read more in the Privacy Notice.

Marketing by
Scroll to Top