In today’s interconnected world, businesses increasingly depend on email marketing to effectively expand and engage their international customer base. However, when sending unsolicited emails internationally, balancing data protection obligations and the requirements of local laws is crucial for maintaining compliance. This article delves into best practices, outlines the most appropriate legal bases, and examines the […]
legal basis
Legitimate Interest: new CJEU ruling challenges Dutch Authority’s strict interpretation
On October 4, 2024, the Court of Justice of the European Union (CJEU) issued a ruling in the case C-621/22, addressing whether purely commercial interests can qualify as a legitimate interest for processing personal data under Article 6 para. 1 lit. f of the General Data Protection Regulation (GDPR). This decision challenges the strict stance […]
Can Legitimate Interest Be Used to Train an AI Model? noyb Disagrees
In August 2024, the European Center for Digital Rights (noyb), co-founded by privacy advocate Max Schrems, filed a series of complaints against X (formerly Twitter), the social media platform owned by Elon Musk. The nine complaints, lodged in nine different countries, focus on X’s use of personal data to train its Artificial Intelligence (AI) technologies. […]
Unlawful use of a GPS tracking tool installed in company cars was found by the Austrian DPA
The installation of a GPS tracking tool on the company fleet cars has always been a pretty delicate and sometimes controversial topic, on which data protection implications have a critical role when deciding the way it is implemented, in accordance with the principles of privacy by design and by default. The case of the Austrian […]
The Magic of Christmas…I mean Consent!
Every child wakes up with an extra little twinkle in their eye on Christmas morning. Whether that twinkle comes on the 24th of December when the Christ Child visits in Southern Germany or on the 25th when Santa leaves goodies for all the good girls and boys throughout the US. The magic of Christmas is […]
Access to employee emails: A delicate balance between business needs and privacy rights
In the landscape of corporate operations, accessing employee emails may sometimes feel like a necessity for companies. Whether to investigate suspected misconduct of current employees, facilitate operational management during an employee’s prolonged absence, or streamline the transition after an employee departs, the reasons can be varied. However, this task is not straightforward as there are […]
Meta’s Court Defeat in Norway and the Europe-wide Repercussions
An exciting case was decided in Oslo at the beginning of September. In July, the Norwegian Data Protection Authority Datatilsynet had banned Meta Ireland and Facebook Norway (hereinafter referred to as Meta) from displaying personalised advertising via its platforms in Norway. Meta had appealed against this and as a result lost before an Oslo district […]
WhatsApp switches its legal basis to „Legitimate Interest“ due to severe sanctions
It is by far not the first time that Meta and its platforms had to face scrutiny in terms of their privacy policy. This time around, the Irish Data Protection Commission (DPC) sanctioned WhatsApp with a fine of 5.5 million Euros due to the lack of a legitimate legal basis for processing personal data in […]