Advocate General: Legal recognition of gender identity must not be conditioned on surgery
EU law may bar national rules requiring surgery to change gender markers in civil documents, protecting free movement, privacy and accurate identity data.
GDPR News
CJEU clarifies GDPR remedies and compensation for moral harm
The CJEU ruled GDPR does not create a mandatory right to a preventive injunction but allows compensation for moral harm even for non‑serious distress, and injunctions cannot replace damages.
Court of Justice clarifies identifiability under GDPR
Court of Justice rules SRB should have informed Banco Popular claimants before sharing their comments, clarifies assessment of pseudonymisation and controller-focused identifiability under EU data law.
Meta asks CJEU to reinstate challenge to EDPB Opinion on valid consent
Meta appeals the General Court’s dismissal of its challenge to EDPB Opinion 08/2024, arguing procedural and legal errors on reviewability, liability, judicial protection, and reasoning.
EU General Court Upholds EU‑US Data Privacy Framework
Eu court dismissed Latombe’s annulment of the EU‑US Data Privacy Framework, allowing data transfers to continue while advocates signal likely further legal challenges.
EU starts GDPR adequacy process with Brazil to enable secure cross-border data flows
The EU has started the process for a GDPR adequacy decision with Brazil, enabling secure cross-border data flows if safeguards, oversight and remedies meet EU standards.
CNIL fines Google €325 million and SHEIN €150 million for cookie non-compliance
The CNIL fined Google (€325M) and SHEIN (€150M) for cookie and ad consent breaches, stressing free, informed consent and sanctioning covert tracking and cookie-wall practices.
Hundreds of thousands of Grok chats found in search results
Searchable links to Grok chat transcripts have exposed hundreds of thousands of user conversations, raising serious GDPR and privacy concerns about shared AI chats.
Austrian court: Der Standard broke GDPR with pay-or-consent model
The Austrian Federal Administrative Court confirmed that newspaper Der Standard breached the EU’s data protection rules by using a “pay […]
EU Ombudsman Receives Complaints over EDPS Selection Process
Ombudsman complaints and a Parliament–Council split have prolonged the appointment of the next EDPS, centering on independence concerns over a Commission insider versus continuity with the incumbent.
AI browsers leak personal data
Study finds major AI browser assistants transmit sensitive personal data, likely breaching GDPR and requiring stronger consent, transparency, and technical safeguards.
Spains DPA fines hotels over scanning guest identity documents
AEPD fines Iberostar unit €70,000 for requiring full ID copies at booking; authority stresses GDPR data minimisation and that copies are unnecessary and risky for guest registration.