CJEU Case Law: Insights for DPOs

*This training is in English

Overview of historical and current case law for optimal GDPR compliance

This course provides an extensive overview of the most important rulings of the Court of Justice of the European Union (CJEU), which are crucial for companies’ data protection policies. From historical cases to current ones, we analyze the impact of these rulings on GDPR compliance.

We will cover landmark cases such as the Bodil Lindqvist ruling (2003), the first case where the CJEU ruled on the application of data protection laws to a personal website, defining the boundaries between personal and public information. Other significant rulings will also be discussed, such as the Google Spain case (2014), which introduced the “right to be forgotten,” allowing individuals to have outdated or irrelevant personal information removed. These cases form the foundation for understanding the application of the GDPR today.

We will also dive into more recent cases, like the IAB Europe case (2022), where the Transparency and Consent Framework (TCF) for online advertising technology was criticized for failing to comply with the GDPR, and Endemol Shine Finland Oy, which examined the processing of personal data in reality shows. We’ll also explore the Schufa cases, which add an important element by addressing the processing of creditworthiness data and protecting the rights of individuals in economic contexts.

The course follows a logical structure. We do not treat the cases sequentially, but thematically. We start with concrete and pressing questions, and through the case law, we seek solutions.

This course is essential for Data Protection Officers (DPOs) and privacy professionals who want to help their organizations navigate the complex legal landscape, where the role of the DPO is becoming increasingly important in ensuring compliance and safeguarding personal data.

Why take this course

The CJEU has delivered various rulings over the years that have significantly changed GDPR compliance. As a DPO or privacy professional, it’s crucial to be fully aware of these developments to effectively support companies in implementing compliant data protection policies. This course offers both a look back at historical decisions and a deep dive into the most recent cases, which is invaluable for any professional working with data protection.

Target audience

This course is aimed at:

• Data Protection Officers (DPOs)
• Privacy professionals
• Lawyers specializing in data protection
• Anyone involved in GDPR compliance within an organization

Learning objectives

After completing this course, participants will:

• Have an in-depth understanding of key CJEU rulings related to the GDPR.
• Be able to interpret and apply the impact of historical and recent case law on data protection policies.
• Understand the relationship between these rulings and recent guidelines and recommendations from Data Protection Authorities.
• Gain practical tools to better guide organizations in implementing GDPR-compliant policies.
• Have a clearer understanding of the role and responsibility of the DPO within the context of legal changes.

Teaching approach

The course is led by Prof. Dr. Jos Dumortier, an internationally recognized expert in ICT and data protection law. A moderator will accompany the course, encouraging interaction with the participants and ensuring the session runs smoothly. The session combines theoretical explanation with practical applications of the case law discussed.

Final product

Participants will receive a certificate of attendance. This certificate confirms the knowledge gained and may contribute to meeting certification requirements for privacy professionals.

How to prepare

No specific preparation is required for this course. However, it is recommended that participants have basic knowledge of the GDPR and the role of the DPO to better follow the cases and legal concepts discussed.

Instructor

The course is taught by Prof. Dr. Jos Dumortier, a leading expert with over 30 years of experience in ICT and data protection law. He has advised numerous European governments and has in-depth knowledge of the legal frameworks that guide GDPR compliance. His experience and expertise make him the ideal instructor to make this complex subject accessible and relevant to DPOs and privacy professionals.

Bart van Buitenen will serve as the session’s moderator.