SypherPrivacyTalks - March 2025 - Week 11
by Sypher | Published in News - March 10, 2025
EDPB launches coordinated enforcement on the right to erasure
insideprivacy.com • 2 min read
📜 The European Data Protection Board will target the right to erasure (Art. 17 GDPR) for its 2025 coordinated enforcement action across the EU. This follows their 2024 focus on the right of access, for which a summary report was published in January 2025. ... read more
View the 2024 EDPB report here.
Voss and Schrems team up to propose three-layered GDPR revision
🗣️ German MEP Axel Voss and privacy activist Max Schrems have proposed a targeted three-tiered GDPR revision to better differentiate requirements between large and small organisations. Despite their typically opposing viewpoints, both support this approach. However, concerns persist that revising the regulation could undermine its achievements, with many fearing that reopening the GDPR debate might create more problems than solutions… read more
Largest fines issued for GDPR violations as of February 2025
💶 An overview of the largest fines issued since the GDPR came into force in May 2018. Meta Platforms, Inc. has received the largest penalty to date—a staggering 1.2 billion euros fine imposed in May 2023. This unprecedented sanction was issued for transferring personal data to the United States without adequate compliance with EU regulations. The largest GDPR fines were issued between 2021 and 2024 … read more
2024 privacy review – the most important ECJ privacy rulings
osborneclarke.com • 10 min read
🧑⚖️ The European Court of Justice continued to shape GDPR jurisprudence, delivering six key judgments in 2024 that further clarified the regulation's fundamental concepts. These landmark decisions addressed key areas such as the definition of personal data, special categories of processing, the principles of purpose limitation and data minimisation, the legal bases for processing, the powers of supervisory authorities and compensation for breaches of data subjects' rights. This is an analysis of the judgments, providing essential guidance for organisations navigating the compliance requirements... read more
Romanian online company fined €2,000 after data deletion request not honoured
🚨 A Romanian data protection investigation has resulted in a fine of 9,949.8 lei (equivalent to €2,000) for the company behind depozit - online . ro. The National Supervisory Authority for Personal Data Processing concluded its investigation in January 2025, following a complaint from an individual. The company not only failed to comply with the user deletion request, but also ignored official requests from the supervisory authority, which led to the fine … read more
