Advocate General: Legal recognition of gender identity must not be conditioned on surgery
EU law may bar national rules requiring surgery to change gender markers in civil documents, protecting free movement, privacy and accurate identity data.
EU law may bar national rules requiring surgery to change gender markers in civil documents, protecting free movement, privacy and accurate identity data.
Meta appeals the General Court’s dismissal of its challenge to EDPB Opinion 08/2024, arguing procedural and legal errors on reviewability, liability, judicial protection, and reasoning.
Eu court dismissed Latombe’s annulment of the EU‑US Data Privacy Framework, allowing data transfers to continue while advocates signal likely further legal challenges.
The CNIL fined Google (€325M) and SHEIN (€150M) for cookie and ad consent breaches, stressing free, informed consent and sanctioning covert tracking and cookie-wall practices.
AEPD fines Iberostar unit €70,000 for requiring full ID copies at booking; authority stresses GDPR data minimisation and that copies are unnecessary and risky for guest registration.
IMY reprimanded Flightradar24 for GDPR breaches after routinely demanding aircraft registration certificates, requiring improved erasure procedures and proportional identity verification.
New DPC Adult Safeguarding Toolkit guides organisations on GDPR-compliant collection, storage and sharing of vulnerable adults’ personal data with practical templates and sector collaboration.
German high court restricts law enforcement use of spyware to cases with at least a three-year maximum sentence, citing severe interference with fundamental rights.
EDPB will publish an EU-wide GDPR breach notification template to standardize reporting, aid cross-border compliance, and support accompanying guidance and tools.
The Cologne court partially overturned the BfDI ban on the German Federal Government’s Facebook fan page, clarifying GDPR responsibilities for public authorities and Meta.
The European Commission is accused of rigging the selection process for the European Data Protection Supervisor, compromising independence and transparency.
Microsoft France admits it cannot guarantee French citizen data in EU datacenters is fully protected from U.S. government access, highlighting digital sovereignty challenges.