PrivacyPod

In this episode, our experts Hannes Saarinen and Pilvi Alopaeus take a closer look at one of the largest data breaches in Finland, where an attacker gained access to the City of Helsinki’s network drive—compromising the personal data of around 300,000 people living in or, for example, attending school in Helsinki. To help us unpack the case and the newly published investigation report, we’re joined by Mikael Hitruhin, Data Protection Lawyer at the City of Helsinki, who has been part of the city’s investigative team. What went wrong? How could this have happened—and what does it have...

PrivacyPod

We are back from summer break with a bunch of positive energy (that lasted through about the first two cases). This episode was recorded by Hannes, Jyri, and Pilvi on the historical day of data transfer anticlimax, despite all the LinkedIn posts preparing to sell you more legal advice. So, in this episode, we cover: The Latombe I that was not meant to be (insert violins and a slow dramatic tear). The court said nothing to see here, move on. Nevertheless, we have opinions. Austria’s Data Protection Authority took five and a half years to order YouTube to give people access to their...

PrivacyPod

This PrivacyPod special episode was recorded on the very day the Latombe decision (T-553/23) was made, capturing the immediacy and raw analysis of a pivotal moment in EU–US data privacy law. Host Joost Gerritsen, together Prof. Dr. Gloria González Fuster (VUB, LSTS Director) and Pablo Trigo Kramcsák (PhD researcher, LSTS) delves into the EU General Court’s ruling and its implications for the EU–US Data Privacy Framework. With the judgment only hours old, the discussion is lively and unfiltered, blending critical legal insight with candid questions from the privacy community. Gloria...

PrivacyPod

In this episode, Jyri and Pilvi have been fished out from the pool and summer vacays to discuss privacy–and they desperately try to be optimistic, it’s summer, after all. Whippii. In this episode, we wallow in the following cases: TikTok Class Action in Germany (2000€ for the innocence of a child? How does that work? ) What is happening in the USA… (DOGE access to personal data, Palantir, migrant children’s data collected in data banks…Privacy and Liberties Oversight Board (PCLOB) in crisis?) …and should folks in the EU be taking steps to prepare for the fall of DPF and...

PrivacyPod

In this Joost’s Case Corner episode Joost, Pilvi and Jyri discuss running and privacy. In fact, the cases on our chopping block today highlights that no matter how complex privacy is, it always comes back to the basic simple questions—that are anything but simple.   The chopping block serves you today the following cases: Meta v EDPB [T-319/24, 29 April 2025] → Meta challenged the EDPB’s opinion about consent or pay and asked some dough for it as well–did they really think they would get some cash out of it? And how legally binding are these opinions? CJEU Inspektorat...

PrivacyPod

In this Joost’s Case Corner episode Joost, Jyri, and Pilvi discuss why Netherlands you should go to Netherlands as well as some of the latest CJEU cases. On our chopping block today, are: CJEU Deldits [C-247/23] aka. Hungary v. GDPR and LGBTQ+ rights: GDPR and transgender identity: the rectification of data relating to gender identity cannot be made conditional upon proof of surgery. Spoiler alerts: we are still proud to be Europeans as the GDPR stood for the side of the good. CJEU Dun & Bradstreet Austria [C-203/22] Automated credit assessment: the data subject is entitled to...

PrivacyPod

In this episode Jyri and Pilvi try to overcome their urge to discuss anything else but privacy and just be negative and tired of how the world is going, and after a while they actually somewhat succeed in that–or perhaps succeed is a bit of a strong word.  In any case, we discuss the current world politics situation and how it might affect the DPF and data transfers to China, not to mention that Latombe I had its day in court. The political situation might also affect the coming GDPR revamp, but in which way? We also discuss the following cases: Meta’s and X’s decisions to teach...

PrivacyPod

Once again, Pilvi and Jyri are joined by the legendary Joost, in another episode of Joost Case Corner and the magic of European Court of Justice (and Court of First Instance) case law!   In this episode, Pilvi and Jyri (with some connection issues but not to worry Phil and all Jyri fans–he’s there!) discuss the following cases with Joost Gerritsen: Case T-354/22: Judgment of the General Court in Bindl v. Institutions, commission (Can an unlawful data transfer to the USA be annulled? Also, 400€ damages for an unlawful transfer of IP Address via Facebook by the EU. A case that...

PrivacyPod

It’s 2025 and the world is a little crazier… and more orange. So the tea is hot in the global privacy scene indeed, and Jyri and Pilvi are totally here for it.  Not to worry, we don’t want to cause extra heartbeats this early in the year by speculating if the DPF will stand through this new orange era of madn…interesting times, but it is absolutely the right time to take a look at China.  We start with discussing the drama regarding TikTok and where we are with that and continue with the news that shook the markets and tech world: DeepSeek. Both cases are closely related to...

PrivacyPod

Today’s episode is perfect for the holiday season - or maybe you don’t want to think about work stuff during holidays? Oh well, you are very welcome to join the ride with Laura and Pilvi when they discuss consent or pay -models with Filip Sedefov.  What is the topic really about? Are we regulating/focusing on the right things? Is personal data a tradable commodity that you can exchange for free services? What has all this to do with the values we wish we had and what we actually live by? Is the pay or consent just about making money while stomping on people’s rights or can it...