Criteon Judgement – Amsterdam District Court In October 2023, the Amsterdam District Court ruled against the advertising service provider Criteon in an interim decision1 and ordered it to immediately comply with the deletion of tracking data requested by the plaintiff. Importance 5/5 Powerfulness 2/5 Accuracy 4/5 Legal standards Art 26 GDPR Data Privacy Pattern: Joint Controllership, Dataprivacy by Design Legal standards: Art 25 Data protection by design and by default, Art 26 GDPR Joint controllership Findings Joint controllership under the GDPR does not mean limited responsibility Willingness to fulfill data subject rights does not cure a legal basis that was lacking from the outset Legal protection does not replace a lack of “privacy by default” and “privacy by design”2 Introduction In October 2023, the Amsterdam District Court ruled in an interim decision1 against the advertising service provider Criteon and ordered it to immediately comply with the deletion of tracking data requested by the plaintiff.

Hard to believe: Austrian law provides for jurisdiction only in case of death. Three simple measures to quickly remedy the situation.

Seven years ago, Max Schrems insisted and filed a complaint with the Irish Data Protection Commissioner about the handling of his complaint against the transfer of personal data from Facebook Ireland to its parent company Facebook USA. Seven years (!) later, after Facebook and Max Schrems himself had invested several million Euros (!) in the legal prosecution of their illegal practice, his lawsuit is still not fully settled (!). A class action brought by him in 2014, which was joined by 25.

How justice arguments towards its self-dissolution