The CJEU rules on the liability of controllers
Contacts
Partner
UK
I am based in London and co-head Bird & Bird's International Privacy and Data Protection Group. I enjoy providing practical advice and solutions to complex legal issues.
Senior Associate
UK
I am an associate in our London Privacy and Data Protection Group, advising organisations on UK and EU data protection law, including GDPR and ePrivacy rules.
Ruth Boardman and Katerina Tassi have written an insightful article for the International Association of Privacy Professionals (IAPP) covering the Court of Justice of the European Union’s interpretation of EU General Data Protection Regulation provisions in recent cases. In the article they delve into a recent case, C-683/21, where the court held a controller can be liable for processing carried out by its processor.
Latest insights
More Insights
China Cybersecurity and Data Protection: Monthly Update – December 2025 Issue
22 minutes Jan 06 2026
Regulating the UAE’s Virtual Playground: New Child Digital Safety Law
4 minutes Jan 05 2026
Women in Tech: At the forefront of innovation - Key takeaways from Lina Al-Hashemi & Ruxandra Cojocaru
3 minutes Dec 30 2025