ENG

CJEU stresses data minimisation in Schrems III case

Published

Nov 04 2024

Written By

hertta hytinantti Module
Hertta Hytinantti

Associate
Finland

I am an associate in our Privacy & Data Protection group and Commercial group in Helsinki, where I advise our domestic and international clients with data protection, other data regulation, and cyber security regulation.

Related

Practices

Sectors

Legal questions

The Court of Justice of the European Union (CJEU) issued a judgment on 4 October 2024 in the case of Schrems v Meta Platforms Ireland Ltd (Meta) where it stressed the importance of the data minimisation and purpose limitation principles under the GDPR when it comes to targeted online advertising.

In its judgment, the CJEU analysed two matters:

  1. the processing of all personal data for an unlimited time for advertising purposes, and
  2. the processing of information that has been made “manifestly public”.

Regarding the second question, the CJEU stated that the use of personal data made manifestly public should be limited only to the originally intended purposes for publication.

For more information, please contact Hertta Hytinantti.

The full article was published in the Connected newsletter.

To sign-up to receive future newsletters for the latest Regulatory & Public Affairs news and updates, see below:

TO SUBSCRIBE TO OUR CONNECTED NEWSLETTER CLICK HERE

Latest insights

More Insights
Curiosity line pink background

China Cybersecurity and Data Protection: Monthly Update - February 2025 Issue

Feb 21 2025

Read More
city building security cameras

AI and Other Technological Advancements in the Defence Sector

Feb 20 2025

Read More
books

An “AI Playbook for the UK Government” has been released by the UK Government Digital Service – 5 key questions answered

Feb 14 2025

Read More
More Insights