GDPR on Digitaliziran si

EU Court Ruling Forces Marketplaces to Verify User Data Before Publishing: Is Your Platform Compliant?

Tue, 02 Dec 2025 17:11:12 +0000

Does your online marketplace publish user-generated listings without verifying the personal data they contain? A landmark ruling from the Court of Justice of the European Union in Russmedia Digital (C-492/23) just fundamentally changed how platforms must handle personal data - and the compliance burden is substantial.

Marketplaces Are Now Data Controllers

The Court ruled that marketplace operators qualify as data controllers under the General Data Protection Regulation (GDPR) for personal data contained in user-posted listings - even when platforms neither create the content nor know the advertiser’s identity. The rationale? By deciding to make listings public and exploiting them commercially, platforms exercise control over personal data processing.

EU Digital Omnibus Drops: Is Your Compliance Strategy About to Become Obsolete?

Tue, 25 Nov 2025 12:30:55 +0000

Are you still building your compliance framework around the current GDPR, AI Act, and Data Act requirements? The European Commission just published the most sweeping reform of EU digital laws since 2018 - and everything you thought you knew about data protection compliance might be about to change.

The Regulatory Earthquake You Can’t Ignore

On 19 November 2025, the European Commission released two proposed regulations that will fundamentally reshape how businesses handle data, AI, and cybersecurity in Europe. The Digital Omnibus (2025/0360) and Digital Omnibus on AI (2025/0359) aren’t minor tweaks - they’re a complete rethinking of the EU’s approach to digital regulation.

Hamburg's €492,000 Fine Signals New Era of AI Transparency Enforcement: Are You Ready?

Thu, 09 Oct 2025 08:15:00 +0000

Is your organization using automated decision-making systems without fully understanding the transparency requirements? The Hamburg Commissioner for Data Protection’s recent €492,000 fine against a financial services provider should serve as your wake-up call.

The Case That Changes Everything

The Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI) imposed this substantial penalty on a financial company for failing to provide adequate transparency in automated credit card application decisions. The violation? The company couldn’t explain to customers why their applications were rejected by their algorithmic systems.

CJEU Ruling Redefines Personal Data: Is Your Pseudonymisation Strategy Still Compliant?

Wed, 24 Sep 2025 10:25:00 +0000

Are you certain your pseudonymised data transfers comply with GDPR? A significant ruling from the Court of Justice of the European Union (CJEU) on September 4, 2025, has provided important clarification on when pseudonymised data qualifies as personal data - and the implications could refine your data management strategy.

The Ruling That Provides Clarity

In the case of European Data Protection Supervisor (EDPS) v Single Resolution Board (SRB) (C-413/23), the CJEU confirmed that personal data is a relative concept. This means data can be pseudonymous in one party’s hands while being effectively anonymous for another recipient.

EU Court Ruling Redefines Pseudonymized Data: Is Your Company's Privacy Strategy Still Valid?

Mon, 08 Sep 2025 07:05:25 +0000

Are you confident that your pseudonymized data transfers comply with GDPR? A significant ruling from the Court of Justice of the European Union (CJEU) on September 4, 2025, has provided welcome clarity for how organizations handle supposedly “anonymized” information.

The Ruling That Clarifies Data Privacy

The CJEU’s latest decision in the case of European Data Protection Supervisor (EDPS) v Single Resolution Board (SRB) (C-413/23 P) addresses a critical question that has puzzled data protection officers for years: when does pseudonymized data still count as personal data under GDPR?

Microsoft Admits It Cannot Guarantee EU Data Sovereignty: Is Your Organization at Risk?

Wed, 30 Jul 2025 14:34:11 +0000

Are you confident your European data is truly protected from foreign surveillance? Microsoft’s recent admission under oath has raised important questions about data sovereignty, but the full picture is more nuanced than initial headlines suggest.

The Uncomfortable Truth - And Microsoft’s Response

Microsoft has publicly acknowledged that it cannot guarantee data sovereignty for customers in France and, by extension, the wider European Union. This admission came during legal proceedings where Microsoft France’s General Counsel, Anton Carniaux, confirmed the company’s inability to resist US government data requests under the US CLOUD Act.

Your Work Emails Are Personal Data: The GDPR Ruling That Changes Everything

Thu, 26 Jun 2025 14:36:00 +0000

Do you think your professional emails belong to your employer? Think again. A recent legal clarification has confirmed that professional emails can contain personal data under the General Data Protection Regulation (GDPR) - but the reality is more nuanced than many headlines suggest, and this ruling could fundamentally change how your workplace handles your communications.

The Ruling That Matters - With Important Caveats

According to Appleby Global’s recent analysis, professional emails can fall under GDPR protection as personal data. However, it’s crucial to understand that not all professional emails automatically qualify as personal data.

EDPB Guidelines Expose Blockchain's GDPR Nightmare: Is BitTorrent the Unexpected Solution?

Tue, 24 Jun 2025 08:32:04 +0000

Are you building on blockchain technology without considering the privacy compliance minefield you’re walking into? The European Data Protection Board’s (EDPB) latest guidelines reveal a fundamental incompatibility between blockchain’s core features and GDPR requirements that could derail your digital transformation plans.

The Immutability Problem

Blockchain’s greatest strength - its immutable ledger - has become its GDPR Achilles’ heel. According to new EDPB guidelines, the technology’s inability to modify or delete records directly conflicts with data subjects’ rights to erasure and rectification under GDPR Articles 17 and 16.

Are You Unknowingly Using What Congress Might Soon Classify as the "Dark Web"?

Thu, 12 Jun 2025 15:56:48 +0000

Are you unknowingly using what Congress might soon classify as the “dark web”? A new Senate bill targeting opioid trafficking contains a definition so broad it could sweep up everything from your private WhatsApp conversations to your company’s VPN access.

The Definitional Disaster

Senate Bill 1975, the Dark Web Interdiction Act of 2025, aims to prohibit opioid delivery through dark web channels. While the intent is commendable, the bill’s definition of “dark web” is alarmingly overbroad, requiring only that content be (A) not indexed by search engines AND (B) require specific software or configurations that conceal user identities.

Localhost tracking

Thu, 12 Jun 2025 10:38:00 +0000

Are your privacy tools actually protecting you? A shocking new investigation reveals that Meta has been using a sophisticated “localhost tracking” technique that can link your web browsing to your real identity - even when you’re using VPNs, incognito mode, or have deleted all your cookies.

The Hidden Tracking Method

Researchers discovered that Meta’s Facebook and Instagram apps have been secretly communicating with web browsers through hidden localhost connections since September 2024. This technique allows Meta to bypass Android’s built-in security protections and create detailed profiles of your online activity without your knowledge or consent.