What happened
TheCourt of Justice of the European Union (CJEU) has issued five significant new rulings on 4 October 2024, shaping the interpretation of GDPR across various areas. Here’s a brief overview:
– C-21/23, Lindenapotheke: The court ruled that GDPR violations can be treated as unfair commercial practices, enabling legal action under national unfair competition laws.
– C-621/22, KNLT: The CJEU confirmed that marketing interests can be a legitimate interest under GDPR, but data processing must be strictly necessary and balanced with individual rights.
– C-446/21, Schrems vs Facebook: Meta and other companies must minimise personal data usage for advertising, limiting how long and how much data they can store and use.
– C-200/23: The court determined that a handwritten signature qualifies as personal data, and non-material damages don’t require tangible harm to claim compensation.
– C-507/23: The ruling established that an apology can count as compensation for non-material damages, with no regard for the controller’s intent or attitude.
Why it matters
Each decision is pushing businesses to rethink their practices in different areas of GDPR compliance, from data processing for advertising to liability for non-material damages.
Look out for the next edition of Privacy Navigator Resources, where we’ll dive deeper into each case and its implications for privacy professionals.